1. 02 Oct, 2015 1 commit
    • Evan Hunt's avatar
      [master] dnstap · b66b333f
      Evan Hunt authored
      4235.	[func]		Added support in named for "dnstap", a fast method of
      			capturing and logging DNS traffic, and a new command
      			"dnstap-read" to read a dnstap log file.  Use
      			"configure --enable-dnstap" to enable this
      			feature (note that this requires libprotobuf-c
      			and libfstrm). See the ARM for configuration details.
      
      			Thanks to Robert Edmonds of Farsight Security.
      			[RT #40211]
      b66b333f
  2. 05 Jul, 2015 1 commit
    • Mark Andrews's avatar
      4152. [func] Implement DNS COOKIE option. This replaces the · ce67023a
      Mark Andrews authored
                              experimental SIT option of BIND 9.10.  The following
                              named.conf directives are avaliable: send-cookie,
                              cookie-secret, cookie-algorithm and nocookie-udp-size.
                              The following dig options are available:
                              +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
      ce67023a
  3. 21 Jan, 2015 2 commits
  4. 05 Dec, 2014 1 commit
  5. 04 Sep, 2014 1 commit
    • Evan Hunt's avatar
      [master] servfail cache · a8783019
      Evan Hunt authored
      3943.	[func]		SERVFAIL responses can now be cached for a
      			limited time (configured by "servfail-ttl",
      			default 10 seconds, limit 30). This can reduce
      			the frequency of retries when an authoritative
      			server is known to be failing, e.g., due to
      			ongoing DNSSEC validation problems. [RT #21347]
      a8783019
  6. 29 Aug, 2014 1 commit
    • Evan Hunt's avatar
      [master] ECS authoritative support · d46855ca
      Evan Hunt authored
      3936.	[func]		Added authoritative support for the EDNS Client
      			Subnet (ECS) option.
      
      			ACLs can now include "ecs" elements which specify
      			an address or network prefix; if an ECS option is
      			included in a DNS query, then the address encoded
      			in the option will be matched against "ecs" ACL
      			elements.
      
      			Also, if an ECS address is included in a query,
      			then it will be used instead of the client source
      			address when matching "geoip" ACL elements.  This
      			behavior can be overridden with "geoip-use-ecs no;".
      
      			When "ecs" or "geoip" ACL elements are used to
      			select a view for a query, the response will include
      			an ECS option to indicate which client network the
      			answer is valid for.
      
      			(Thanks to Vincent Bernat.) [RT #36781]
      d46855ca
  7. 20 Feb, 2014 3 commits
  8. 19 Feb, 2014 2 commits
    • Mark Andrews's avatar
      update copyrights · e676a596
      Mark Andrews authored
      e676a596
    • Mark Andrews's avatar
      3744. [experimental] SIT: send and process Source Identity Tokens · b5f6271f
      Mark Andrews authored
                              (which are similar to DNS Cookies by Donald Eastlake)
                              and are designed to help clients detect off path
                              spoofed responses and for servers to detect legitimate
                              clients.
      
                              SIT use a experimental EDNS option code (65001).
      
                              SIT can be enabled via --enable-developer or
                              --enable-sit.  It is on by default in Windows.
      
                              RRL processing as been updated to know about SIT with
                              legitimate clients not being rate limited. [RT #35389]
      b5f6271f
  9. 23 Mar, 2013 1 commit
  10. 22 Mar, 2013 1 commit
    • Evan Hunt's avatar
      [master] add DSCP support · 67adc03e
      Evan Hunt authored
      3535.	[func]		Add support for setting Differentiated Services Code
      			Point (DSCP) values in named.  Most configuration
      			options which take a "port" option (e.g.,
      			listen-on, forwarders, also-notify, masters,
      			notify-source, etc) can now also take a "dscp"
      			option specifying a code point for use with
      			outgoing traffic, if supported by the underlying
      			OS. [RT #27596]
      67adc03e
  11. 29 Sep, 2012 1 commit
  12. 31 Aug, 2012 1 commit
  13. 14 May, 2012 1 commit
    • Evan Hunt's avatar
      merged filter-aaaa-on-v6 (ATT SoW) · d878b8d8
      Evan Hunt authored
      3327.	[func]		Added 'filter-aaaa-on-v6' option; this is similar
      			to 'filter-aaaa-on-v4' but applies to IPv6
      			connections.  (Use "configure --enable-filter-aaaa"
      			to enable this option.)  [RT #27308]
      d878b8d8
  14. 31 Jan, 2012 2 commits
  15. 11 Oct, 2011 2 commits
  16. 10 Oct, 2011 1 commit
  17. 26 Oct, 2009 1 commit
  18. 07 May, 2009 1 commit
  19. 03 Mar, 2009 1 commit
  20. 17 Jan, 2009 2 commits
  21. 03 Apr, 2008 1 commit
  22. 18 Jan, 2008 1 commit
  23. 02 Jan, 2008 2 commits
  24. 18 Jun, 2007 1 commit
  25. 29 Mar, 2007 2 commits
  26. 06 Jun, 2006 1 commit
  27. 04 Jun, 2006 1 commit
  28. 15 Aug, 2005 1 commit
  29. 27 Jul, 2005 1 commit
  30. 18 Jul, 2005 1 commit
  31. 07 Jun, 2005 1 commit