prep 9.10.8

See merge request !470

prep 9.10.8rc2

See merge request !452

Fix handling of large journal entries.

See merge request !447

(cherry picked from commit 2aee33f4)
(cherry picked from commit 470b8612)

(cherry picked from commit 65bf99c8)

Witold Krecicki authored Jun 27, 2018 and Evan Hunt committed Jun 27, 2018

(cherry picked from commit b1254430)
(cherry picked from commit e92d5421)

Witold Krecicki authored Jun 26, 2018 and Evan Hunt committed Jun 27, 2018

(cherry picked from commit 0db7130f)
(cherry picked from commit 1919f5c9)

Resolve "Missing dereference in REQUIRE statement?"

See merge request !442

(cherry picked from commit f1ee5e4a)

Resolve "Intermittent recursive resolver issues [socket.c:2135]"

See merge request !431

(cherry picked from commit 49f90025)
(cherry picked from commit 4007a9d0)

(cherry picked from commit d79be7dd)
(cherry picked from commit da63e956)

Merge branch '288-named-checkconf-does-not-recognize-errors-related-to-in-view-zones-v9_10' into 'v9_10'

Resolve "named-checkconf does not recognize errors related to in-view zones"

See merge request !426

Mark Andrews authored May 25, 2018 and Evan Hunt committed Jun 26, 2018

(cherry picked from commit f7d34635)

Mark Andrews authored May 25, 2018 and Evan Hunt committed Jun 26, 2018

(cherry picked from commit e01a4bcb)

[v9_10] Only request permitted capabilities in non-libcap builds

See merge request !419

4979.	[bug]		Non-libcap builds were not checking whether all
			requested capabilities are present in the permitted
			capability set. [GL #321]

(cherry picked from commit 731b0038)

While libcap-enabled builds check whether any capability named requests
is within the permitted capability set, non-libcap builds just try
requesting them, which potentially causes a misleading error message to
be output ("Operation not permitted: please ensure that the capset
kernel module is loaded").  Ensure non-libcap builds also check whether
any requested capability is within the permitted capability set.

(cherry picked from commit 8c66f32e)

Resolve "Log the remaining -V info at startup"

Closes #247

See merge request !249

Resolve "casecompare of NINFO, TKEY, TXT have wrong return type"

See merge request !406

(cherry picked from commit 3ba1d1e4)

Merge branch '356-client-cookie-is-being-hashed-twice-when-computing-the-dns-server-cookie-v9_10' into 'v9_10'

Resolve "Client cookie is being hashed twice when computing the DNS server cookie."

See merge request !403

                        not match the method described in RFC 7873. [GL #356]

(cherry picked from commit 8755a249)

(cherry picked from commit 4795f0ca)

Merge 9.10.8rc1 release into v9_10 branch

See merge request !397

[v9_10] constify dns_rdata_tostruct

See merge request !382

Mark Andrews authored Jun 15, 2018 and Michał Kępień committed Jun 15, 2018

(cherry picked from commit abb2fd10)

Resolve "Recursion improperly allowed by default"

See merge request !375

[v9_10] Fix DNAME handling in DNSSEC tools

See merge request !365

4971.	[bug]		dnssec-signzone and dnssec-verify did not treat records
			below a DNAME as out-of-zone data. [GL #298]

(cherry picked from commit 28b8ab88)

Mark Andrews authored Jun 13, 2018 and Michał Kępień committed Jun 13, 2018

(cherry picked from commit 0c3ddaaf)

DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains.  Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records.  Check that DNAME-obscured
records are not signed.

(cherry picked from commit 6d8a514e)

(cherry picked from commit 74c3b9d3)