mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-27 12:38:24 +00:00
Code Issues Releases Wiki Activity
33,814 Commits 658 Branches 820 Tags
Commit Graph

317 Commits

Author SHA1 Message Date
Mark Andrews
48dfee7150 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively 
to IPv4 clients.  New acl 'filter-aaaa' (default any).
 2010-06-22 04:03:38 +00:00
Automatic Updater
4d42b714be update copyright notice 2010-03-04 23:50:34 +00:00
Mark Andrews
92348098eb 2956. [bug] named-checkconf did not fail on a bad trusted key. 
[RT #20705]
 2010-03-04 06:17:01 +00:00
Mark Andrews
3d17a3ba61 2801. [func] Detect and report records that are different according 
to DNSSEC but are sematically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};
 2009-12-04 21:09:34 +00:00
Evan Hunt
8e4f3f1cbc 2799. [cleanup] Changed the "secure-to-insecure" option to 
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
			to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
 2009-12-03 23:18:17 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Mark Andrews
2847930722 2708. [func] Insecure to secure and NSEC3 parameter changes via 
update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.
 2009-10-08 23:13:07 +00:00
Evan Hunt
3a6b6f5b11 remove references to the "ddns-autoconf" option, which no longer exists 2009-09-02 16:10:03 +00:00
Tatuya JINMEI 神明達哉
307d208450 2660. [func] Add a new set of DNS libraries for non-BIND9 
applications.  See README.libdns. [RT #19369]
 2009-09-01 00:22:28 +00:00
Francis Dupont
995f3bc4c4 indent 2009-08-23 11:44:44 +00:00
Automatic Updater
3e12c54de2 update copyright notice 2009-07-14 23:47:54 +00:00
Evan Hunt
08f860f800 2630. [func] Improved syntax for DDNS autoconfiguration: use 
"update-policy local;" to switch on local DDNS in a
			zone.  [RT #19875]
 2009-07-14 22:54:57 +00:00
Automatic Updater
b6306ef56e update copyright notice 2009-06-10 23:47:47 +00:00
Evan Hunt
351b62535d 2609. [func] Simplify the configuration of dynamic zones: 
- add ddns-confgen command to generate
			  configuration text for named.conf
			- add zone option "ddns-autoconf yes;", which
			  causes named to generate a TSIG session key
			  and allow updates to the zone using that key
			- add '-l' (localhost) option to nsupdate, which
			  causes nsupdate to connect to a locally-running
			  named process using the session key generated
			  by named
			[RT #19284]
 2009-06-10 00:27:22 +00:00
Mark Andrews
0bc3af9834 2606. [bug] "delegation-only" was not being accepted in 
delegation-only type zones. [RT #19717]
 2009-06-03 00:04:38 +00:00
Automatic Updater
e61db954bf update copyright notice 2009-03-04 23:48:02 +00:00
Evan Hunt
3a30493983 2572. [func] Simplify DLV configuration, with a new option 
"dnssec-lookaside auto;"  This is the equivalent
			of "dnssec-lookaside . trust-anchor dlv.isc.org;"
			plus setting a trusted-key for dlv.isc.org.

			Note: The trusted key is hard-coded into named,
			but is also stored in (and can be overridden
			by) $sysconfdir/bind.keys.  As the ISC DLV key
			rolls over it can be kept up to date by replacing
			the bind.keys file with a key downloaded from
			https://www.isc.org/solutions/dlv. [RT #18685]
 2009-03-04 02:42:31 +00:00
Mark Andrews
eab2fb739e silence compiler warnings [RT #17079] 2009-02-17 03:40:28 +00:00
Automatic Updater
d362465c77 update copyright notice 2009-01-17 23:47:43 +00:00
Francis Dupont
3678015d3f spelling 2009-01-17 11:57:25 +00:00
Mark Andrews
9f41ec8010 1204 -> 1024U 2008-11-19 05:38:49 +00:00
Mark Andrews
81e5de1741 2496. [bug] Add sanity length checks to NSID option. [RT #18813] 2008-11-16 20:57:55 +00:00
Evan Hunt
5ce9206eb9 2441. [bug] isc_radix_insert() could copy radix tree nodes 
incompletely. [RT #18573]

2440.   [bug]		named-checkconf used an incorrect test to determine
			if an ACL was set to none.
 2008-09-12 06:02:31 +00:00
Evan Hunt
2284b84d74 Make "rrset-order fixed" a compile-time option. settable by 
"./configure --enable-fixed-rrset". Disabled by default. [rt17977]
 2008-04-23 21:32:57 +00:00
Mark Andrews
3f42cf2f3e 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]

back out incorrect branch rt1091 and apply correct branch rt1091a.
 2008-04-02 02:37:42 +00:00
Mark Andrews
a76b380643 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]
 2008-04-01 01:37:25 +00:00
Automatic Updater
7405bdffd4 update copyright notice 2008-03-29 23:47:08 +00:00
Automatic Updater
ec6e40f040 update copyright notice 2008-03-28 23:47:02 +00:00
Mark Andrews
f703353673 2345. [bug] named-checkconf failed to detect when forwarders 
were set at both the options/view level and in
                        a root zone. [RT #17671]
 2008-03-28 03:26:39 +00:00
Mark Andrews
81d9d7a10e 2277. [bug] Empty zone names were not correctly being caught at 
in the post parse checks. [RT #17357]
 2007-12-14 01:27:12 +00:00
Mark Andrews
ddaeaddf2b 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names. 
[RT #17262]
 2007-12-02 21:58:23 +00:00
Mark Andrews
b3128b8b85 2262. [bug] Error status from all but the last view could be 
lost. [RT #17292]
 2007-11-26 01:51:32 +00:00
Evan Hunt
d468b1b7b2 Fix compiler warnings on SCO OSr5 2007-09-13 04:45:18 +00:00
Evan Hunt
c7e266b7e5 Add support for O(1) ACL processing, based on radix tree code originally 
written by kevin brintnall. [RT #16288]
 2007-09-12 01:09:08 +00:00
Mark Andrews
ee4bbc8454 2222. [func] named-checkconf now checks server key references. 
[RT #17097]
 2007-08-29 03:23:46 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
819b98479e 2165. [func] Allow the destination address of a query to determine 
if we will answer the query or recurse.
                        allow-query-on, allow-recursion-on and
                        allow-query-cache-on. [RT #16291]
 2007-03-29 06:36:31 +00:00
Automatic Updater
87bff9accd update copyright notice 2007-03-14 23:46:54 +00:00
Mark Andrews
65085946d4 2162. [func] Allow "rrset-order fixed" to be disabled at compile 
time. [RT #16665]
: ----------------------------------------------------------------------
 2007-03-14 05:57:10 +00:00
Mark Andrews
cdb674387c 2073. [bug] Incorrect semantics check for update policy "wildcard". 
[RT #16353]
 2006-08-21 00:11:43 +00:00
Mark Andrews
a45a6ea2b0 2035. [func] Make falling back to TCP on UDP refresh failure 
optional. Default "try-tcp-refresh yes;" for BIND 8
                        compatibility. [RT #16123]
 2006-06-04 23:17:07 +00:00
Mark Andrews
adc8179d40 const 2006-03-10 05:00:23 +00:00
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00
Mark Andrews
59d84d1b07 2001. [func] Check the KSK flag when updating a secure dynamic zone. 
New zone option "update-check-ksk yes;".  [RT #15817]
 2006-03-06 01:27:52 +00:00
Mark Andrews
d76ed813a5 1999. [func] Implement "rrset-order fixed". [RT #13662] 2006-03-03 00:43:35 +00:00
Mark Andrews
45e1bd6358 1991. [cleanup] The configuration data, once read, should be treated 
as readonly.  Expand the use of const to enforce this
                        at compile time. [RT #15813]
 2006-02-28 02:39:52 +00:00
Mark Andrews
7d4a465de0 1597. [func] Allow notify-source and query-source to be specified 
on a per server basis similar to transfer-source.
 2006-02-17 00:24:21 +00:00
Mark Andrews
c6d4f78152 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and 
HMACSHA512 support. [RT #13606]
 2006-01-27 02:35:15 +00:00