1. 04 Sep, 2014 1 commit
  2. 29 Aug, 2014 1 commit
    • Evan Hunt's avatar
      [master] ECS authoritative support · d46855ca
      Evan Hunt authored
      3936.	[func]		Added authoritative support for the EDNS Client
      			Subnet (ECS) option.
      			ACLs can now include "ecs" elements which specify
      			an address or network prefix; if an ECS option is
      			included in a DNS query, then the address encoded
      			in the option will be matched against "ecs" ACL
      			Also, if an ECS address is included in a query,
      			then it will be used instead of the client source
      			address when matching "geoip" ACL elements.  This
      			behavior can be overridden with "geoip-use-ecs no;".
      			When "ecs" or "geoip" ACL elements are used to
      			select a view for a query, the response will include
      			an ECS option to indicate which client network the
      			answer is valid for.
      			(Thanks to Vincent Bernat.) [RT #36781]
  3. 25 Jun, 2014 1 commit
  4. 18 Jun, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete NTA work · b8a96323
      Evan Hunt authored
      3882.	[func]		By default, negative trust anchors will be tested
      			periodically to see whether data below them can be
      			validated, and if so, they will be allowed to
      			expire early. The "rndc nta -force" option
      			overrides this behvaior.  The default NTA lifetime
      			and the recheck frequency can be configured by the
      			"nta-lifetime" and "nta-recheck" options. [RT #36146]
  5. 10 Jun, 2014 1 commit
    • Mukund Sivaraman's avatar
      [24702] Include key filename in logged message · aa232396
      Mukund Sivaraman authored
      Squashed commit of the following:
      commit 593e6bc7e29938ff5c2f7508bde303fb069a97a9
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 19:17:40 2014 +0530
          Increase size of filename buffers
      commit b8685678e026ba98b8833e26664193b6345eb00e
      Author: Evan Hunt <each@isc.org>
      Date:   Wed Jun 4 18:57:44 2014 -0700
          [rt24702] some tweaks during review
      commit adfbc8f808716c63e9e097d92beef104527e5c6f
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Wed Jun 4 18:18:35 2014 +0530
          [24702] Include key filename in logged message
      commit f1eff77e7e3704b145c3d65101a735467dd81dc3
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Wed Jun 4 18:12:43 2014 +0530
          Add dst_key_getfilename()
  6. 30 May, 2014 1 commit
    • Evan Hunt's avatar
      [master] rndc nta · 0cfb2473
      Evan Hunt authored
      3867.	[func]		"rndc nta" can now be used to set a temporary
      			negative trust anchor, which disables DNSSEC
      			validation below a specified name for a specified
      			period of time (not exceeding 24 hours).  This
      			can be used when validation for a domain is known
      			to be failing due to a configuration error on
      			the part of the domain owner rather than a
      			spoofing attack. [RT #29358]
  7. 29 May, 2014 1 commit
    • Mukund Sivaraman's avatar
      [35904] Add various RBT unit tests · ce376a81
      Mukund Sivaraman authored
      No CHANGES entry was added as this commit mainly adds tests related
      Squashed commit of the following:
      commit d3d44508daa128fb8b60f64b3a8c81f80602273d
      Author: Evan Hunt <each@isc.org>
      Date:   Wed May 7 09:36:41 2014 -0700
          [rt35904] remove private non-static names from .def file
      commit dbca45661c3939f21c3bb3f405d08cfe1b35d7aa
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Wed May 7 21:39:32 2014 +0530
          Remove test for shortcut findnode()
          The implementation was not included in this review branch, but the tests
          erroneously made it through.
          This functionality will be addressed in a different ticket (RT#35906).
      commit 94ff14576ab3407f2612d34727b7eacfefc3668c
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Wed May 7 21:36:50 2014 +0530
          Minor indent fix
      commit 50972f17697bb222996e433faa8224843366f9b2
      Author: Evan Hunt <each@isc.org>
      Date:   Tue May 6 20:05:21 2014 -0700
          [rt35904] style
      commit 5c4d5d41fcc5bfecdeebc008896974385c841b8d
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Sun May 4 19:19:36 2014 +0530
          RBT related updates
          * Add various RBT unit tests
          * Add some helper methods useful in unit testing RBT code
          * General cleanup
  8. 27 Feb, 2014 1 commit
    • Evan Hunt's avatar
      [master] merge several interdependent fixes · 98922b2b
      Evan Hunt authored
      3760.   [bug]           Improve SIT with native PKCS#11 and on Windows.
      			[RT #35433]
      3759.   [port]          Enable delve on Windows. [RT #35441]
      3758.   [port]          Enable export library APIs on windows. [RT #35382]
  9. 19 Feb, 2014 1 commit
  10. 14 Jan, 2014 1 commit
    • Evan Hunt's avatar
      [master] native PKCS#11 support · ba751492
      Evan Hunt authored
      3705.	[func]		"configure --enable-native-pkcs11" enables BIND
      			to use the PKCS#11 API for all cryptographic
      			functions, so that it can drive a hardware service
      			module directly without the need to use a modified
      			OpenSSL as intermediary (so long as the HSM's vendor
      			provides a complete-enough implementation of the
      			PKCS#11 interface). This has been tested successfully
      			with the Thales nShield HSM and with SoftHSMv2 from
      			the OpenDNSSEC project. [RT #29031]
  11. 11 Dec, 2013 1 commit
    • Evan Hunt's avatar
      [master] dnssec-signzone -Q · 0bbe3273
      Evan Hunt authored
      3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
      			that are still published but no longer active.
      			[RT #34990]
  12. 04 Dec, 2013 1 commit
  13. 05 Sep, 2013 2 commits
  14. 04 Sep, 2013 1 commit
  15. 15 Aug, 2013 1 commit
  16. 25 Jul, 2013 1 commit
  17. 04 Jul, 2013 1 commit
  18. 01 Jul, 2013 1 commit
  19. 26 Jun, 2013 1 commit
    • Evan Hunt's avatar
      [master] "rndc flushtree -all <name>" · 9fa5a723
      Evan Hunt authored
      3606.	[func]		"rndc flushtree -all" flushes matching
      			records in the ADB and bad cache as well as
      			the DNS cache.  (Without the "-all" option,
      			flushtree will still only flush records from
      			the DNS cache.) [RT #33970]
  20. 14 Jun, 2013 1 commit
  21. 12 Jun, 2013 1 commit
  22. 07 May, 2013 1 commit
  23. 27 Mar, 2013 1 commit
  24. 22 Mar, 2013 1 commit
    • Evan Hunt's avatar
      [master] add DSCP support · 67adc03e
      Evan Hunt authored
      3535.	[func]		Add support for setting Differentiated Services Code
      			Point (DSCP) values in named.  Most configuration
      			options which take a "port" option (e.g.,
      			listen-on, forwarders, also-notify, masters,
      			notify-source, etc) can now also take a "dscp"
      			option specifying a code point for use with
      			outgoing traffic, if supported by the underlying
      			OS. [RT #27596]
  25. 27 Feb, 2013 1 commit
    • Evan Hunt's avatar
      [master] better zone-statistics syntax · 40a7e85f
      Evan Hunt authored
      3501.	[func]		zone-statistics now takes three options: full,
      			terse, and none. "yes" and "no" are retained as
      			synonyms for full and terse, respectively. [RT #29165]
  26. 25 Feb, 2013 2 commits
    • Evan Hunt's avatar
      [master] RPZ speedup (phase 2, multiple RPZ's) · 94315060
      Evan Hunt authored
      3495.	[func]		Support multiple response-policy zones, while
      			improving RPZ performance. [RT #32476]
    • Evan Hunt's avatar
      [master] DNS RRL · 55e5c51e
      Evan Hunt authored
      3494.	[func]		DNS RRL: Blunt the impact of DNS reflection and
      			amplification attacks by rate-limiting substantially-
      			identical responses. [RT #28130]
  27. 21 Feb, 2013 1 commit
  28. 11 Jan, 2013 1 commit
  29. 06 Dec, 2012 1 commit
    • Evan Hunt's avatar
      [master] pass client info to DLZ findzone method · abff0f46
      Evan Hunt authored
      3434.   [bug]           Pass client info to the DLZ findzone() entry
                              point in addition to lookup().  This makes it
                              possible for a database to answer differently
                              whether it's authoritative for a name depending
                              on the address of the client.  [RT #31775]
  30. 03 Oct, 2012 1 commit
  31. 23 Aug, 2012 1 commit
  32. 20 Jul, 2012 1 commit
  33. 20 Jun, 2012 1 commit
    • Curtis Blackburn's avatar
      merging fast format zone files · 7829fad4
      Curtis Blackburn authored
  34. 14 May, 2012 1 commit
    • Evan Hunt's avatar
      Merge statistics code (ATT SoW, rt24117) · dd2a0a6d
      Evan Hunt authored
      This includes the following changes:
      3326.	[func]		Added task list statistics: task model, worker
      			threads, quantum, tasks running, tasks ready.
      			[RT #27678]
      3325.	[func]		Report cache statistics: memory use, number of
      			nodes, number of hash buckets, hit and miss counts.
      			[RT #27056]
      3324.	[test]		Add better tests for ADB stats [RT #27057]
      3323.	[func]		Report the number of buckets the resolver is using.
      			[RT #27020]
      3322.	[func]		Monitor the number of active TCP and UDP dispatches.
      			[RT #27055]
      3321.	[func]		Monitor the number of recursive fetches and the
      			number of open sockets, and report these values in
      			the statistics channel. [RT #27054]
      3320.	[func]		Added support for monitoring of recursing client
      			count. [RT #27009]
      3319.	[func]		Added support for monitoring of ADB entry count and
      			hash size. [RT #27057]
  35. 27 Apr, 2012 1 commit
    • Evan Hunt's avatar
      create and use multiple fetch dispatches · 4e8fe357
      Evan Hunt authored
      Added API to create a set of UDP dispatches which can be shared
      round-robin style when making upstream queries for authoritative
      data; this should reduce lock contention in the query source
  36. 23 Feb, 2012 1 commit
  37. 27 Jan, 2012 1 commit
  38. 22 Dec, 2011 1 commit