1. 21 Apr, 2017 1 commit
  2. 05 Jan, 2017 1 commit
  3. 04 Jan, 2017 1 commit
    • Evan Hunt's avatar
      [master] EDNS padding and keepalive support · 58043325
      Evan Hunt authored
      4549.	[func]		Added support for the EDNS TCP Keepalive option
      			(RFC 7828). [RT #42126]
      
      4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
      			[RT #42094]
      58043325
  4. 28 Dec, 2016 1 commit
  5. 06 Dec, 2016 1 commit
  6. 28 Sep, 2016 1 commit
  7. 21 Jul, 2016 3 commits
  8. 13 Jul, 2016 1 commit
    • Evan Hunt's avatar
      [master] rndc dnstap -roll · ffa622d7
      Evan Hunt authored
      4411.	[func]		"rndc dnstap -roll" automatically rolls the
      			dnstap output file; the previous version is
      			saved with ".0" suffix, and earlier versions
      			with ".1" and so on. An optional numeric argument
      			indicates how many prior files to save. [RT #42830]
      ffa622d7
  9. 27 Jun, 2016 1 commit
  10. 24 Jun, 2016 1 commit
  11. 23 Jun, 2016 2 commits
  12. 22 Oct, 2015 1 commit
  13. 06 Oct, 2015 2 commits
  14. 10 Jul, 2015 1 commit
  15. 09 Jul, 2015 1 commit
    • Evan Hunt's avatar
      [master] DDoS mitigation features · 1479200a
      Evan Hunt authored
      3938.	[func]		Added quotas to be used in recursive resolvers
      			that are under high query load for names in zones
      			whose authoritative servers are nonresponsive or
      			are experiencing a denial of service attack.
      
      			- "fetches-per-server" limits the number of
      			  simultaneous queries that can be sent to any
      			  single authoritative server.  The configured
      			  value is a starting point; it is automatically
      			  adjusted downward if the server is partially or
      			  completely non-responsive. The algorithm used to
      			  adjust the quota can be configured via the
      			  "fetch-quota-params" option.
      			- "fetches-per-zone" limits the number of
      			  simultaneous queries that can be sent for names
      			  within a single domain.  (Note: Unlike
      			  "fetches-per-server", this value is not
      			  self-tuning.)
      			- New stats counters have been added to count
      			  queries spilled due to these quotas.
      
      			See the ARM for details of these options. [RT #37125]
      1479200a
  16. 05 May, 2015 1 commit
  17. 04 May, 2015 3 commits
  18. 13 Apr, 2015 2 commits
  19. 07 Feb, 2015 1 commit
  20. 06 Feb, 2015 1 commit
    • Evan Hunt's avatar
      [master] 5011 tests and fixes · 591389c7
      Evan Hunt authored
      4056.	[bug]		Expanded automatic testing of trust anchor
      			management and fixed several small bugs including
      			a memory leak and a possible loss of key state
      			information. [RT #38458]
      
      4055.	[func]		"rndc managed-keys" can be used to check status
      			of trust anchors or to force keys to be refreshed,
      			Also, the managed keys data file has easier-to-read
      			comments.  [RT #38458]
      591389c7
  21. 21 Jan, 2015 1 commit
    • Evan Hunt's avatar
      [master] "rndc modzone" · 2817aa56
      Evan Hunt authored
      4043.	[func]		"rndc modzone" can be used to modify the
      			configuration of an existing zone, using similar
      			syntax to "rndc addzone". [RT #37895]
      2817aa56
  22. 12 Jan, 2015 1 commit
    • Mukund Sivaraman's avatar
      Add NTA persistence (#37087) · a6f0e9c9
      Mukund Sivaraman authored
      4034.   [func]          When added, negative trust anchors (NTA) are now
                              saved to files (viewname.nta), in order to
                              persist across restarts of the named server.
                              [RT #37087]
      a6f0e9c9
  23. 07 Jan, 2015 2 commits
  24. 05 Nov, 2014 1 commit
    • Evan Hunt's avatar
      [master] new mkeys and nzf naming format · ce96d432
      Evan Hunt authored
      3999.	[func]		"mkeys" and "nzf" files are now named after
      			their corresponding views, unless the view name
      			contains characters that would be incompatible
      			with use in a filename (i.e., slash, backslash,
      			or capital letters). If a view name does contain
      			these characters, the files will still be named
      			using a cryptographic hash of the view name.
      			Regardless of this, if a file using the old name
      			format is found to exist, it will continue to be
      			used. [RT #37704]
      ce96d432
  25. 22 Oct, 2014 1 commit
  26. 21 Oct, 2014 1 commit
  27. 16 Oct, 2014 2 commits
  28. 04 Sep, 2014 2 commits
    • Evan Hunt's avatar
      [master] servfail cache · a8783019
      Evan Hunt authored
      3943.	[func]		SERVFAIL responses can now be cached for a
      			limited time (configured by "servfail-ttl",
      			default 10 seconds, limit 30). This can reduce
      			the frequency of retries when an authoritative
      			server is known to be failing, e.g., due to
      			ongoing DNSSEC validation problems. [RT #21347]
      a8783019
    • Evan Hunt's avatar
      [master] [rt37069] update NTA limit to a week · 3d066288
      Evan Hunt authored
      3940.	[func]		"rndc nta" now allows negative trust anchors to be
      			set for up to one week. [RT #37069]
      3d066288
  29. 15 Aug, 2014 1 commit
  30. 18 Jun, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete NTA work · b8a96323
      Evan Hunt authored
      3882.	[func]		By default, negative trust anchors will be tested
      			periodically to see whether data below them can be
      			validated, and if so, they will be allowed to
      			expire early. The "rndc nta -force" option
      			overrides this behvaior.  The default NTA lifetime
      			and the recheck frequency can be configured by the
      			"nta-lifetime" and "nta-recheck" options. [RT #36146]
      b8a96323