1. 24 Jan, 2019 1 commit
  2. 06 Dec, 2018 1 commit
    • Evan Hunt's avatar
      add a parser to filter-aaaa.so and pass in the parameters · 9911c835
      Evan Hunt authored
      - make some cfg-parsing functions global so they can be run
        from filter-aaaa.so
      - add filter-aaaa options to the hook module's parser
      - mark filter-aaaa options in named.conf as obsolete, remove
        from named and checkconf, and update the filter-aaaa test not to
        use checkconf anymore
      - remove filter-aaaa-related struct members from dns_view
  3. 14 Nov, 2018 1 commit
  4. 08 Nov, 2018 1 commit
  5. 24 Oct, 2018 2 commits
    • Michał Kępień's avatar
      Define a default master server list for the root zone · 2c69734b
      Michał Kępień authored
      To minimize the effort required to set up IANA root zone mirroring,
      define a default master server list for the root zone and use it when
      that zone is to be mirrored and no master server list was explicitly
      specified.  Contents of that list are taken from RFC 7706 and are
      subject to change in future releases.
      Since the static get_masters_def() function in bin/named/config.c does
      exactly what named_zone_configure() in bin/named/zoneconf.c needs to do,
      make the former non-static and use it in the latter to prevent code
    • Michał Kępień's avatar
      Define a separate dns_zonetype_t for mirror zones · e1bb8de6
      Michał Kępień authored
      Rather than overloading dns_zone_slave and discerning between a slave
      zone and a mirror zone using a zone option, define a separate enum
      value, dns_zone_mirror, to be used exclusively by mirror zones.  Update
      code handling slave zones to ensure it also handles mirror zones where
  6. 08 Aug, 2018 1 commit
  7. 19 Jul, 2018 1 commit
  8. 26 Jun, 2018 1 commit
  9. 19 Jun, 2018 1 commit
  10. 12 Jun, 2018 3 commits
  11. 08 Jun, 2018 2 commits
  12. 31 May, 2018 1 commit
    • Evan Hunt's avatar
      Set "dnssec-validation auto" by default · bef18eca
      Evan Hunt authored
      - the default setting for dnssec-validation is now "auto", which
        activates DNSSEC validation using the IANA root key.  The old behavior
        can be restored by explicitly setting "dnssec-validation yes", which
        "yes", which activates DNSSEC validation only if keys are explicitly
        configured in named.conf.
      - the ARM has been updated to describe the new behavior
  13. 16 May, 2018 1 commit
    • Ondřej Surý's avatar
      Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. · 3a4f820d
      Ondřej Surý authored
      The three functions has been modeled after the arc4random family of
      functions, and they will always return random bytes.
      The isc_random family of functions internally use these CSPRNG (if available):
      1. getrandom() libc call (might be available on Linux and Solaris)
      2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
      3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
      4. crypto library function:
      4a. RAND_bytes in case OpenSSL
      4b. pkcs_C_GenerateRandom() in case PKCS#11 library
  14. 03 May, 2018 1 commit
  15. 20 Apr, 2018 1 commit
  16. 18 Apr, 2018 1 commit
  17. 23 Feb, 2018 1 commit
  18. 15 Dec, 2017 1 commit
  19. 25 Oct, 2017 1 commit
  20. 03 Oct, 2017 1 commit
    • Evan Hunt's avatar
      [master] de-DLV · f2935929
      Evan Hunt authored
      4749.	[func]		The ISC DLV service has been shut down, and all
      			DLV records have been removed from dlv.isc.org.
      			- Removed references to ISC DLV in documentation
      			- Removed DLV key from bind.keys
      			- No longer use ISC DLV by default in delv
      			[RT #46155]
  21. 28 Sep, 2017 1 commit
    • Evan Hunt's avatar
      [master] completed and corrected the crypto-random change · 24172bd2
      Evan Hunt authored
      4724.	[func]		By default, BIND now uses the random number
      			functions provided by the crypto library (i.e.,
      			OpenSSL or a PKCS#11 provider) as a source of
      			randomness rather than /dev/random.  This is
      			suitable for virtual machine environments
      			which have limited entropy pools and lack
      			hardware random number generators.
      			This can be overridden by specifying another
      			entropy source via the "random-device" option
      			in named.conf, or via the -r command line option;
      			however, for functions requiring full cryptographic
      			strength, such as DNSSEC key generation, this
      			cannot be overridden. In particular, the -r
      			command line option no longer has any effect on
      			This can be disabled by building with
      			"configure --disable-crypto-rand".
      			[RT #31459] [RT #46047]
  22. 19 Sep, 2017 1 commit
  23. 08 Sep, 2017 1 commit
    • Evan Hunt's avatar
      [master] add libns and remove liblwres · 8eb88aaf
      Evan Hunt authored
      4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                              are no longer supported. [RT #45186]
      4707.	[func]		The lightweight resolver daemon and library (lwresd
      			and liblwres) have been removed. [RT #45186]
      4706.	[func]		Code implementing name server query processing has
      			been moved from bin/named to a new library "libns".
      			Functions remaining in bin/named are now prefixed
      			with "named_" rather than "ns_".  This will make it
      			easier to write unit tests for name server code, or
      			link name server functionality into new tools.
      			[RT #45186]
  24. 05 Sep, 2017 1 commit
  25. 30 Aug, 2017 1 commit
  26. 10 Aug, 2017 1 commit
  27. 28 Jul, 2017 2 commits
  28. 21 Jul, 2017 1 commit
  29. 02 May, 2017 1 commit
    • Evan Hunt's avatar
      [master] automatically tune max-journal-size · d39ab744
      Evan Hunt authored
      4613.	[func]		By default, the maximum size of a zone journal file
      			is now twice the size of the zone's contents (there
      			is little benefit to a journal larger than this).
      			This can be overridden by setting "max-journal-size"
      			to "unlimited" or to an explicit value up to 2G.
      			Thanks to Tony Finch. [RT #38324]
  30. 26 Apr, 2017 1 commit
  31. 22 Apr, 2017 1 commit
  32. 05 Jan, 2017 1 commit
  33. 04 Jan, 2017 1 commit
    • Evan Hunt's avatar
      [master] EDNS padding and keepalive support · 58043325
      Evan Hunt authored
      4549.	[func]		Added support for the EDNS TCP Keepalive option
      			(RFC 7828). [RT #42126]
      4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
      			[RT #42094]
  34. 30 Dec, 2016 1 commit
  35. 02 Nov, 2016 1 commit