GitLab

                        on out of memory. [RT #39310]

                        method is now supported. [RT #37989]

4080.	[func]		Completed change #4022, adding a "lock-file" option
			to named.conf to override the default lock file,
			in addition to the "named -X <filename>" command
			line option.  Setting the lock file to "none"
			using either method disables the check completely.
			[RT #37908]

4041.	[func]		TCP sockets can now be shared while connecting.
			(This will be used to enable client-side support
			of pipelined queries.) [RT #38231]

4040.	[func]		Added server-side support for pipelined TCP
			queries. TCP connections are no longer closed after
			the first query received from a client. (The new
			"keep-response-order" option allows clients to be
			specified for which the old behavior will still be
			used.) [RT #37821]

4039.	[cleanup]	Cleaned up warnings from gcc -Wshadow. [RT #37381]

4030.	[func]		"rndc delzone" is now applicable to zones that were
			configured in named.conf, as well as zones that
			were added via "rndc addzone". (Note, however, that
			if named.conf is not also modified, the deleted zone
			will return when named is reloaded.) [RT #37887]

4029.	[func]		"rndc showzone" displays the current configuration
			of a specified zone. [RT #37887]

also fixes and documentation for max-recursion-depth

4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]

                        "buffered yes;" when defining a channel. [RT #26561]

                        startup-notify-rate instead of serial-query-rate.
                        [RT #24454]

3955.   [bug]           Notify messages due to changes are no longer queued
                        behind startup notify messages. [RT #24454]

                        EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
                        building).  Add support for limiting the EDNS version
                        advertised to servers: server { edns-version 0; };
                        Log the EDNS version received in the query log.
                        [RT #35864]

3947.	[cleanup]	Set the executable bit on libraries when using
			libtool. [RT #36786]

3943.	[func]		SERVFAIL responses can now be cached for a
			limited time (configured by "servfail-ttl",
			default 10 seconds, limit 30). This can reduce
			the frequency of retries when an authoritative
			server is known to be failing, e.g., due to
			ongoing DNSSEC validation problems. [RT #21347]

3936.	[func]		Added authoritative support for the EDNS Client
			Subnet (ECS) option.

			ACLs can now include "ecs" elements which specify
			an address or network prefix; if an ECS option is
			included in a DNS query, then the address encoded
			in the option will be matched against "ecs" ACL
			elements.

			Also, if an ECS address is included in a query,
			then it will be used instead of the client source
			address when matching "geoip" ACL elements.  This
			behavior can be overridden with "geoip-use-ecs no;".

			When "ecs" or "geoip" ACL elements are used to
			select a view for a query, the response will include
			an ECS option to indicate which client network the
			answer is valid for.

			(Thanks to Vincent Bernat.) [RT #36781]

3935.	[bug]		"geoip asnum" ACL elements would not match unless
			the full organization name was specified.  They
			can now match against the AS number alone (e.g.,
			AS1234). [RT #36945]

(cherry picked from commit 0a484c39)

                        acl count_acl_elements could have a short count leading
                        to a assertion failure.  Also zero out new acl elements
                        in dns_acl_merge.  [RT #36675]

3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]

3852.	[func]		Increase the default number of clients available
			for servicing lightweight resolver queries, and
			make them configurable via the "lwres-tasks" and
			"lwres-clients" options.  (Thanks to Tomas Hozza.)
			[RT #35857]

3835.	[bug]		Geoip ACL elements didn't work correctly when
                        referenced via named or nested ACLs. [RT #35879]

3814.	[func]		The "masterfile-style" zone option controls the
			formatting of dumped zone files. Options are
			"relative" (multiline format) and "full" (one
			record per line). The default is "relative".
			[RT #20798]

3811.	[func]		"serial-update-method date;" sets serial number
			on dynamic update to today's date in YYYYMMDDNN
			format. (Thanks to Bradley Forschinger.) [RT #24903]

3779.	[cleanup]	Clarify the error message when using an option
			that was not enabled at compile time. [RT #35504]