3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic
update and transaction support. Thanks to Marty
Lee for the contribution. [RT #35656]
3820. [func] The DLZ API doesn't pass the database version to
the lookup() function; this can cause DLZ modules
that allow dynamic updates to mishandle prerequisite
checks. This has been corrected by adding a
'dbversion' field to the dns_clientinfo_t
structure. [RT #35656]
3746. [func] New "max-zone-ttl" option enforces maximum
TTLs for zones. If loading a zone containing a
higher TTL, the load fails. DDNS updates with
higher TTLs are accepted but the TTL is truncated.
(Note: Currently supported for master zones only;
inline-signing slaves will be added.) [RT #38405]
Squashed commit of the following:
commit bce2efe66d69d60b746b85df49974ca341723169
Author: Mark Andrews <marka@isc.org>
Date: Mon Oct 29 12:59:25 2012 +1100
use 'static dns_rdata_xxxx_t xxxx'
commit 704d3c29acbf2dd350a26f2df82a57cb077ba72e
Author: Mark Andrews <marka@isc.org>
Date: Mon Oct 29 12:35:16 2012 +1100
return ISC_R_NOTFOUND if private record length does not make sense
commit 7596610c12c5685336fc0909860173d2fae359af
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 21:41:17 2012 +1100
check private->length == 5
commit 3836365a3e3e83b057bd940350f032279e080296
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 21:40:50 2012 +1100
properly set private->length
commit a295778ac53109d39ef3a8b233751100edae678b
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 21:13:30 2012 +1100
check dns_rdata_tostruct result
commit e33c37ca9112159e0b2363615bb018d27fa7d1a5
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 21:10:43 2012 +1100
check remove/fopen/chmod return values
commit 3a675e0666aae25d1c51f51ec7bd3fbe25545aae
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:59:10 2012 +1100
check isc_socket_accept result
commit 696923344f4b07ce0dba4cf2675b1cbb6eba7e8e
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:55:40 2012 +1100
change variable scopes
commit b9e9d9ad58270271003e463f10744e0ceaf9ad97
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:53:19 2012 +1100
check inet_pton return value
commit 70698e9589da77e3745efb6ea24b8830addd6ae4
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:52:40 2012 +1100
break -> /* NOTREACHED */
commit 88de9de2e8e201ab2fef16a868f241e8206ea826
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:52:06 2012 +1100
strcpy -> strlcpy
commit 6ba79c7cec0e48014cdfa76e8a9406b7a921556e
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:51:26 2012 +1100
check dns_rdata_tostruct return values
- 'rndc signing -list' displays the current
state of signing operations
- 'rndc signing -clear' clears the signing state
records for keys that have fully signed the zone
- 'rndc signing -nsec3param' sets the NSEC3
parameters for the zone
The 'rndc keydone' syntax is removed. [RT #23729]
auto-dnssec zone that has not been signed yet
will cause it to be signed with the specified NSEC3
parameters when keys are activated. The
NSEC3PARAM record will not appear in the zone until
it is signed, but the parameters will be stored.
[RT #23684]
stale due to an incorrect timer setting. [RT #23769]
3091. [bug] Fixed a bug in which zone keys that were published
and then subsequently activated could fail to trigger
automatic signing. [RT #22991]
by Andrew Tridgell of the Samba project.) [RT #22629]
2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
of external DLZ drivers that can be loaded as
shared objects at runtime rather than linked with
named. Currently this is switched on via a
compile-time option, "configure --with-dlz-dlopen".
Note: the syntax for configuring DLZ zones
is likely to be refined in future releases.
(Contributed by Andrew Tridgell of the Samba
project.) [RT #22629]
2987. [func] Improve ease of configuring TKEY/GSS updates by
adding a "tkey-gssapi-keytab" option. If set,
updates will be allowed with any key matching
a principal in the specified keytab file.
"tkey-gssapi-credential" is no longer required
and is expected to be deprecated. (Contributed
by Andrew Tridgell of the Samba project.)
[RT #22629]
to DNSSEC but are sematically equal according to plain
DNS. Apply plain DNS comparisons rather than DNSSEC
comparisons when processing UPDATE requests.
dnssec-signzone now removes such semantically duplicate
records prior to signing the RRset.
named-checkzone -r {ignore|warn|fail} (default warn)
named-compilezone -r {ignore|warn|fail} (default warn)
named.conf: check-dup-records {ignore|warn|fail};
CNAMEs, DNAMEs or don't have address record (class IN
only). Reject UPDATEs which would cause the zone
to fail the above checks if committed. [RT #20678]
activation date in all cases. [RT #20648]
2779. [bug] Dynamic key revokation could fail. [RT #20644]
2778. [bug] dnssec-signzone could fail when a key was revoked
without deleting the unrevoked version. [RT #20638]
update are now fully supported and no longer require
defines to enable. We now no longer overload the
NSEC3PARAM flag field, nor the NSEC OPT bit at the
apex. Secure to insecure changes are controlled by
by the named.conf option 'secure-to-insecure'.
Warning: If you had previously enabled support by
adding defines at compile time to BIND 9.6 you should
ensure that all changes that are in progress have
completed prior to upgrading to BIND 9.7. BIND 9.7
is not backwards compatible.
