1. 12 Mar, 2014 1 commit
  2. 11 Mar, 2014 1 commit
    • Evan Hunt's avatar
      [master] auto-generate salt · 62258ada
      Evan Hunt authored
      3781.	[func]		Specifying "auto" as the salt when using
      			"rndc signing -nsec3param" causes named to
      			generate a 64-bit salt at random. [RT #35322]
      62258ada
  3. 07 Mar, 2014 1 commit
  4. 01 Mar, 2014 1 commit
  5. 23 Feb, 2014 2 commits
  6. 19 Feb, 2014 2 commits
    • Evan Hunt's avatar
      [master] add "--with-tuning=large" option · 6a3fa181
      Evan Hunt authored
      3745.	[func]		"configure --with-tuning=large" adjusts various
      			compiled-in constants and default settings to
      			values suited to large servers with abundant
      			memory. [RT #29538]
      6a3fa181
    • Mark Andrews's avatar
      3744. [experimental] SIT: send and process Source Identity Tokens · b5f6271f
      Mark Andrews authored
                              (which are similar to DNS Cookies by Donald Eastlake)
                              and are designed to help clients detect off path
                              spoofed responses and for servers to detect legitimate
                              clients.
      
                              SIT use a experimental EDNS option code (65001).
      
                              SIT can be enabled via --enable-developer or
                              --enable-sit.  It is on by default in Windows.
      
                              RRL processing as been updated to know about SIT with
                              legitimate clients not being rate limited. [RT #35389]
      b5f6271f
  7. 17 Feb, 2014 1 commit
  8. 16 Feb, 2014 2 commits
    • Evan Hunt's avatar
      [master] delve · 1d761cb4
      Evan Hunt authored
      3741.	[func]		"delve" (domain entity lookup and validation engine):
      			A new tool with dig-like semantics for performing DNS
      			lookups, with internal DNSSEC validation, using the
      			same resolver and validator logic as named. This
      			allows easy validation of DNSSEC data in environments
      			with untrustworthy resolvers, and assists with
      			troubleshooting of DNSSEC problems. (Note: not yet
      			available on win32.) [RT #32406]
      1d761cb4
    • Francis Dupont's avatar
      spurious space · a3a74b30
      Francis Dupont authored
      a3a74b30
  9. 12 Feb, 2014 1 commit
  10. 07 Feb, 2014 3 commits
    • Mark Andrews's avatar
      fix typo in comment · 404d7c96
      Mark Andrews authored
      404d7c96
    • Mark Andrews's avatar
      3733. [func] Improve interface scanning support. Interface · 62ec9fd1
      Mark Andrews authored
                              information will be automatically updated if the
                              OS supports routing sockets.  Use
                              "automatic-interface-scan no;" to disable.
      
                              Add "rndc scan" to trigger a scan. [RT #23027]
      62ec9fd1
    • Evan Hunt's avatar
      [master] add no-case-compress · 166341d5
      Evan Hunt authored
      3731.	[func]		Added a "no-case-compress" ACL, which causes
      			named to use case-insensitive compression
      			(disabling change #3645) for specified
      			clients. (This is useful when dealing
      			with broken client implementations that
      			use case-sensitive name comparisons,
      			rejecting responses that fail to match the
      			capitalization of the query that was sent.)
      			[RT #35300]
      166341d5
  11. 06 Feb, 2014 1 commit
  12. 31 Jan, 2014 1 commit
  13. 16 Jan, 2014 1 commit
  14. 14 Jan, 2014 1 commit
    • Evan Hunt's avatar
      [master] native PKCS#11 support · ba751492
      Evan Hunt authored
      3705.	[func]		"configure --enable-native-pkcs11" enables BIND
      			to use the PKCS#11 API for all cryptographic
      			functions, so that it can drive a hardware service
      			module directly without the need to use a modified
      			OpenSSL as intermediary (so long as the HSM's vendor
      			provides a complete-enough implementation of the
      			PKCS#11 interface). This has been tested successfully
      			with the Thales nShield HSM and with SoftHSMv2 from
      			the OpenDNSSEC project. [RT #29031]
      ba751492
  15. 12 Jan, 2014 1 commit
  16. 10 Jan, 2014 1 commit
    • Evan Hunt's avatar
      [master] stats improvements · 789252d5
      Evan Hunt authored
      3700.	[func]		Allow access to subgroups of XML statistics via
      			special URLs http://<server>:<port>/xml/v3/server,
      			/zones, /net, /tasks, /mem, and /status.  [RT #35115]
      
      3699.	[bug]		Improvements to statistics channel XSL stylesheet:
      			the stylesheet can now be cached by the browser;
      			section headers are omitted from the stats display
      			when there is no data in those sections to be
      			displayed; counters are now right-justified for
      			easier readability. [RT #35117]
      789252d5
  17. 09 Jan, 2014 2 commits
  18. 11 Dec, 2013 1 commit
  19. 09 Dec, 2013 2 commits
  20. 04 Dec, 2013 4 commits
  21. 02 Dec, 2013 1 commit
  22. 14 Nov, 2013 1 commit
  23. 24 Sep, 2013 1 commit
  24. 19 Sep, 2013 2 commits
  25. 01 Sep, 2013 1 commit
  26. 19 Aug, 2013 1 commit
  27. 16 Aug, 2013 1 commit
  28. 15 Aug, 2013 1 commit
  29. 12 Jul, 2013 1 commit
    • Evan Hunt's avatar
      [master] rpz work · 421d4a06
      Evan Hunt authored
      3620.	[func]		Added "rpz-client-ip" policy triggers, enabling
      			RPZ responses to be configured on the basis of
      			the client IP address; this can be used, for
      			example, to blacklist misbehaving recursive
      			or stub resolvers. [RT #33605]
      
      3619.	[bug]		Fixed a bug in RPZ with "recursive-only no;"
      			[RT #33776]
      421d4a06