1. 22 Aug, 2014 1 commit
  2. 08 Jul, 2014 2 commits
  3. 07 Jul, 2014 1 commit
  4. 30 Jun, 2014 1 commit
  5. 27 Jun, 2014 1 commit
  6. 26 Jun, 2014 1 commit
  7. 24 Jun, 2014 1 commit
  8. 19 Jun, 2014 1 commit
  9. 18 Jun, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete NTA work · b8a96323
      Evan Hunt authored
      3882.	[func]		By default, negative trust anchors will be tested
      			periodically to see whether data below them can be
      			validated, and if so, they will be allowed to
      			expire early. The "rndc nta -force" option
      			overrides this behvaior.  The default NTA lifetime
      			and the recheck frequency can be configured by the
      			"nta-lifetime" and "nta-recheck" options. [RT #36146]
      b8a96323
  10. 17 Jun, 2014 1 commit
  11. 30 May, 2014 1 commit
    • Evan Hunt's avatar
      [master] rndc nta · 0cfb2473
      Evan Hunt authored
      3867.	[func]		"rndc nta" can now be used to set a temporary
      			negative trust anchor, which disables DNSSEC
      			validation below a specified name for a specified
      			period of time (not exceeding 24 hours).  This
      			can be used when validation for a domain is known
      			to be failing due to a configuration error on
      			the part of the domain owner rather than a
      			spoofing attack. [RT #29358]
      0cfb2473
  12. 07 May, 2014 1 commit
  13. 01 May, 2014 1 commit
  14. 30 Apr, 2014 1 commit
  15. 29 Apr, 2014 1 commit
  16. 23 Apr, 2014 1 commit
  17. 10 Apr, 2014 1 commit
  18. 07 Apr, 2014 2 commits
  19. 04 Apr, 2014 1 commit
  20. 12 Mar, 2014 1 commit
  21. 11 Mar, 2014 1 commit
    • Evan Hunt's avatar
      [master] auto-generate salt · 62258ada
      Evan Hunt authored
      3781.	[func]		Specifying "auto" as the salt when using
      			"rndc signing -nsec3param" causes named to
      			generate a 64-bit salt at random. [RT #35322]
      62258ada
  22. 06 Mar, 2014 1 commit
  23. 19 Feb, 2014 3 commits
    • Mark Andrews's avatar
    • Evan Hunt's avatar
      [master] max-zone-ttl · 35f6a21f
      Evan Hunt authored
      3746.	[func]		New "max-zone-ttl" option enforces maximum
      			TTLs for zones. If loading a zone containing a
      			higher TTL, the load fails. DDNS updates with
      			higher TTLs are accepted but the TTL is truncated.
      			(Note: Currently supported for master zones only;
      			inline-signing slaves will be added.) [RT #38405]
      35f6a21f
    • Mark Andrews's avatar
      3744. [experimental] SIT: send and process Source Identity Tokens · b5f6271f
      Mark Andrews authored
                              (which are similar to DNS Cookies by Donald Eastlake)
                              and are designed to help clients detect off path
                              spoofed responses and for servers to detect legitimate
                              clients.
      
                              SIT use a experimental EDNS option code (65001).
      
                              SIT can be enabled via --enable-developer or
                              --enable-sit.  It is on by default in Windows.
      
                              RRL processing as been updated to know about SIT with
                              legitimate clients not being rate limited. [RT #35389]
      b5f6271f
  24. 16 Feb, 2014 3 commits
  25. 21 Jan, 2014 2 commits
  26. 16 Jan, 2014 1 commit
  27. 14 Jan, 2014 3 commits
  28. 13 Dec, 2013 2 commits
  29. 11 Dec, 2013 2 commits
    • Evan Hunt's avatar
      typo · 4e1d84a3
      Evan Hunt authored
      4e1d84a3
    • Evan Hunt's avatar
      [master] dnssec-signzone -Q · 0bbe3273
      Evan Hunt authored
      3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
      			that are still published but no longer active.
      			[RT #34990]
      0bbe3273