1. 12 Aug, 2015 1 commit
    • Mark Andrews's avatar
      Updated CHANGES note to include require-server-cookie: · c631ff56
      Mark Andrews authored
      4152.   [func]          Implement DNS COOKIE option.  This replaces the
                              experimental SIT option of BIND 9.10.  The following
                              named.conf directives are available: send-cookie,
                              cookie-secret, cookie-algorithm, nocookie-udp-size
                              and require-server-cookie.  The following dig options
                              are available: +[no]cookie[=value] and +[no]badcookie.
                              [RT #39928]
      c631ff56
  2. 27 Jul, 2015 1 commit
  3. 08 Jul, 2015 1 commit
  4. 06 Jul, 2015 1 commit
  5. 05 Jul, 2015 2 commits
  6. 25 Jun, 2015 2 commits
  7. 10 Jun, 2015 1 commit
  8. 09 Jun, 2015 1 commit
  9. 04 Jun, 2015 1 commit
  10. 27 May, 2015 1 commit
  11. 21 May, 2015 1 commit
  12. 20 May, 2015 2 commits
  13. 19 May, 2015 1 commit
  14. 06 May, 2015 1 commit
  15. 23 Apr, 2015 2 commits
  16. 03 Mar, 2015 1 commit
  17. 27 Feb, 2015 1 commit
  18. 26 Feb, 2015 1 commit
  19. 03 Feb, 2015 1 commit
  20. 02 Feb, 2015 1 commit
  21. 20 Jan, 2015 2 commits
  22. 24 Nov, 2014 1 commit
  23. 20 Nov, 2014 1 commit
  24. 18 Nov, 2014 1 commit
    • Evan Hunt's avatar
      [master] limit recursion depth and iterative queries · 3230429e
      Evan Hunt authored
      4006.	[security]	A flaw in delegation handling could be exploited
      			to put named into an infinite loop.  This has
      			been addressed by placing limits on the number
      			of levels of recursion named will allow (default 7),
      			and the number of iterative queries that it will
      			send (default 50) before terminating a recursive
      			query (CVE-2014-8500).
      
      			The recursion depth limit is configured via the
      			"max-recursion-depth" option.  [RT #35780]
      3230429e
  25. 05 Nov, 2014 1 commit
  26. 15 Oct, 2014 1 commit
  27. 10 Sep, 2014 1 commit
  28. 05 Sep, 2014 1 commit
  29. 04 Sep, 2014 1 commit
    • Evan Hunt's avatar
      [master] servfail cache · a8783019
      Evan Hunt authored
      3943.	[func]		SERVFAIL responses can now be cached for a
      			limited time (configured by "servfail-ttl",
      			default 10 seconds, limit 30). This can reduce
      			the frequency of retries when an authoritative
      			server is known to be failing, e.g., due to
      			ongoing DNSSEC validation problems. [RT #21347]
      a8783019
  30. 29 Aug, 2014 2 commits
  31. 22 Aug, 2014 1 commit
  32. 31 Jul, 2014 2 commits
  33. 18 Jun, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete NTA work · b8a96323
      Evan Hunt authored
      3882.	[func]		By default, negative trust anchors will be tested
      			periodically to see whether data below them can be
      			validated, and if so, they will be allowed to
      			expire early. The "rndc nta -force" option
      			overrides this behvaior.  The default NTA lifetime
      			and the recheck frequency can be configured by the
      			"nta-lifetime" and "nta-recheck" options. [RT #36146]
      b8a96323