GitLab

 generated into builddir. If out-of-tree build is used, make unit
will always fail. Kyuafiles and testdata still have to be copied
manually into the builddir.

                        message sequences where not all the messages contain
                        TSIG records.  These may be used in AXFR and IXFR
                        responses.  [RT #45509]

                        address, which is insecure' [RT #43432]

4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]

4235.	[func]		Added support in named for "dnstap", a fast method of
			capturing and logging DNS traffic, and a new command
			"dnstap-read" to read a dnstap log file.  Use
			"configure --enable-dnstap" to enable this
			feature (note that this requires libprotobuf-c
			and libfstrm). See the ARM for configuration details.

			Thanks to Robert Edmonds of Farsight Security.
			[RT #40211]

3978.	[test]		Added a unit test for Diffie-Hellman key
			computation, completing change #3974. [RT #37477]

                        two name pointers were the same. [RT #37176]

                        [RT #36538]

3867.	[func]		"rndc nta" can now be used to set a temporary
			negative trust anchor, which disables DNSSEC
			validation below a specified name for a specified
			period of time (not exceeding 24 hours).  This
			can be used when validation for a domain is known
			to be failing due to a configuration error on
			the part of the domain owner rather than a
			spoofing attack. [RT #29358]

No CHANGES entry was added as this commit mainly adds tests related
code.

Squashed commit of the following:

commit d3d44508daa128fb8b60f64b3a8c81f80602273d
Author: Evan Hunt <each@isc.org>
Date:   Wed May 7 09:36:41 2014 -0700

    [rt35904] remove private non-static names from .def file

commit dbca45661c3939f21c3bb3f405d08cfe1b35d7aa
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 7 21:39:32 2014 +0530

    Remove test for shortcut findnode()

    The implementation was not included in this review branch, but the tests
    erroneously made it through.

    This functionality will be addressed in a different ticket (RT#35906).

commit 94ff14576ab3407f2612d34727b7eacfefc3668c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 7 21:36:50 2014 +0530

    Minor indent fix

commit 50972f17697bb222996e433faa8224843366f9b2
Author: Evan Hunt <each@isc.org>
Date:   Tue May 6 20:05:21 2014 -0700

    [rt35904] style

commit 5c4d5d41fcc5bfecdeebc008896974385c841b8d
Author: Mukund Sivaraman <muks@isc.org>
Date:   Sun May 4 19:19:36 2014 +0530

    RBT related updates

    * Add various RBT unit tests
    * Add some helper methods useful in unit testing RBT code
    * General cleanup

3735.	[cleanup]	Merged the libiscpk11 library into libisc
			to simplify dependencies. [RT #35205]

3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]

                        was no data at the node. [RT #35080]

3504.	[func]		Add support for ACLs based on geographic location,
			using MaxMind GeoIP databases. Based on code
			contributed by Ken Brownfield <kb@slide.com>.
			[RT #30681]

                        [RT #30416]

			approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]

Conflicts:
	.gitignore
	bin/named/zoneconf.c
	bin/tests/.gitignore
	bin/tests/system/autosign/tests.sh
	bin/tests/system/masterformat/clean.sh
	bin/tests/system/masterformat/ns1/compile.sh
	bin/tests/system/masterformat/tests.sh
	configure
	lib/dns/db.c
	lib/dns/include/dns/db.h
	lib/dns/include/dns/types.h
	lib/dns/master.c
	lib/dns/masterdump.c
	lib/dns/rbt.c
	lib/dns/rbtdb.c
	lib/dns/sdb.c
	lib/dns/sdlz.c
	lib/dns/tests/.cvsignore
	lib/dns/tests/Makefile.in
	lib/dns/win32/libdns.def
	lib/dns/xfrin.c
	lib/dns/zone.c
	lib/export/dns/Makefile.in
	lib/isc/include/isc/file.h
	lib/isc/unix/file.c
	lib/isc/win32/file.c
	lib/isccfg/namedconf.c

                        [RT #29514]

Added API to create a set of UDP dispatches which can be shared
round-robin style when making upstream queries for authoritative
data; this should reduce lock contention in the query source
dispatch.