1. 23 Jun, 2014 1 commit
  2. 18 Jun, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete NTA work · b8a96323
      Evan Hunt authored
      3882.	[func]		By default, negative trust anchors will be tested
      			periodically to see whether data below them can be
      			validated, and if so, they will be allowed to
      			expire early. The "rndc nta -force" option
      			overrides this behvaior.  The default NTA lifetime
      			and the recheck frequency can be configured by the
      			"nta-lifetime" and "nta-recheck" options. [RT #36146]
      b8a96323
  3. 04 Jun, 2014 1 commit
  4. 30 May, 2014 1 commit
    • Evan Hunt's avatar
      [master] rndc nta · 0cfb2473
      Evan Hunt authored
      3867.	[func]		"rndc nta" can now be used to set a temporary
      			negative trust anchor, which disables DNSSEC
      			validation below a specified name for a specified
      			period of time (not exceeding 24 hours).  This
      			can be used when validation for a domain is known
      			to be failing due to a configuration error on
      			the part of the domain owner rather than a
      			spoofing attack. [RT #29358]
      0cfb2473
  5. 22 May, 2014 2 commits
  6. 21 May, 2014 2 commits
  7. 30 Apr, 2014 1 commit
  8. 17 Apr, 2014 1 commit
  9. 25 Mar, 2014 1 commit
  10. 19 Mar, 2014 3 commits
  11. 04 Mar, 2014 2 commits
  12. 24 Feb, 2014 1 commit
  13. 23 Feb, 2014 1 commit
  14. 20 Feb, 2014 4 commits
  15. 19 Feb, 2014 4 commits
    • Francis Dupont's avatar
      WIN32 master fixes · f1a6c8e7
      Francis Dupont authored
      f1a6c8e7
    • Evan Hunt's avatar
      [master] fix dns_resolver_destroyfetch race · 7f5bdf7f
      Evan Hunt authored
      3747.	[bug]		A race condition could lead to a core dump when
      			destroying a resolver fetch object. [RT #35385]
      7f5bdf7f
    • Evan Hunt's avatar
      [master] add "--with-tuning=large" option · 6a3fa181
      Evan Hunt authored
      3745.	[func]		"configure --with-tuning=large" adjusts various
      			compiled-in constants and default settings to
      			values suited to large servers with abundant
      			memory. [RT #29538]
      6a3fa181
    • Mark Andrews's avatar
      3744. [experimental] SIT: send and process Source Identity Tokens · b5f6271f
      Mark Andrews authored
                              (which are similar to DNS Cookies by Donald Eastlake)
                              and are designed to help clients detect off path
                              spoofed responses and for servers to detect legitimate
                              clients.
      
                              SIT use a experimental EDNS option code (65001).
      
                              SIT can be enabled via --enable-developer or
                              --enable-sit.  It is on by default in Windows.
      
                              RRL processing as been updated to know about SIT with
                              legitimate clients not being rate limited. [RT #35389]
      b5f6271f
  16. 16 Feb, 2014 1 commit
    • Evan Hunt's avatar
      [master] delve · 1d761cb4
      Evan Hunt authored
      3741.	[func]		"delve" (domain entity lookup and validation engine):
      			A new tool with dig-like semantics for performing DNS
      			lookups, with internal DNSSEC validation, using the
      			same resolver and validator logic as named. This
      			allows easy validation of DNSSEC data in environments
      			with untrustworthy resolvers, and assists with
      			troubleshooting of DNSSEC problems. (Note: not yet
      			available on win32.) [RT #32406]
      1d761cb4
  17. 12 Jan, 2014 3 commits
  18. 09 Jan, 2014 2 commits
  19. 13 Dec, 2013 1 commit
  20. 04 Dec, 2013 1 commit
  21. 21 Oct, 2013 1 commit
  22. 26 Jul, 2013 1 commit
  23. 01 Jul, 2013 1 commit
    • Evan Hunt's avatar
      [master] "flushtree -all" no longer optional · 9d4ec6d2
      Evan Hunt authored
      Updated CHANGES note:
      3606.	[func]		"rndc flushtree" now flushes matching
      			records in the address database and bad cache
                              as well as the DNS cache. (Previously only the
                              DNS cache was flushed.) [RT #33970]
      9d4ec6d2
  24. 26 Jun, 2013 1 commit
    • Evan Hunt's avatar
      [master] "rndc flushtree -all <name>" · 9fa5a723
      Evan Hunt authored
      3606.	[func]		"rndc flushtree -all" flushes matching
      			records in the ADB and bad cache as well as
      			the DNS cache.  (Without the "-all" option,
      			flushtree will still only flush records from
      			the DNS cache.) [RT #33970]
      9fa5a723
  25. 12 Jun, 2013 2 commits