mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity
43,735 Commits 660 Branches 820 Tags
888b5f55a88795d6020e96ae430d3f95f35fa964
Commit Graph

506 Commits

Author SHA1 Message Date
Mark Andrews
2847930722 2708. [func] Insecure to secure and NSEC3 parameter changes via 
update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.
 2009-10-08 23:13:07 +00:00
Evan Hunt
3a6b6f5b11 remove references to the "ddns-autoconf" option, which no longer exists 2009-09-02 16:10:03 +00:00
Evan Hunt
85be60e3c8 2665. [func] Clarify syntax for managed-keys {} statement, add 
ARM documentation about RFC 5011 support. [RT #19874]
 2009-09-01 07:14:26 +00:00
Evan Hunt
9069215eac 2641. [bug] Fixed an error in parsing update-policy syntax, 
added a regression test to check it. [RT #20007]
 2009-07-29 17:52:00 +00:00
Evan Hunt
08f860f800 2630. [func] Improved syntax for DDNS autoconfiguration: use 
"update-policy local;" to switch on local DDNS in a
			zone.  [RT #19875]
 2009-07-14 22:54:57 +00:00
Automatic Updater
b655c721b6 update copyright notice 2009-07-10 23:47:58 +00:00
Mark Andrews
98e8948bd7 2622. [bug] Printing of named.conf grammar was broken. [RT #19919] 2009-07-10 07:33:21 +00:00
Evan Hunt
cfb1587eb9 2619. [func] Add support for RFC 5011, automatic trust anchor 
maintenance.  The new "managed-keys" statement can
			be used in place of "trusted-keys" for zones which
			support this protocol.  (Note: this syntax is
			expected to change prior to 9.7.0 final.) [RT #19248]
 2009-06-30 02:53:46 +00:00
Automatic Updater
b6306ef56e update copyright notice 2009-06-10 23:47:47 +00:00
Evan Hunt
351b62535d 2609. [func] Simplify the configuration of dynamic zones: 
- add ddns-confgen command to generate
			  configuration text for named.conf
			- add zone option "ddns-autoconf yes;", which
			  causes named to generate a TSIG session key
			  and allow updates to the zone using that key
			- add '-l' (localhost) option to nsupdate, which
			  causes nsupdate to connect to a locally-running
			  named process using the session key generated
			  by named
			[RT #19284]
 2009-06-10 00:27:22 +00:00
Tatuya JINMEI 神明達哉
40d0f115a6 2604. [func] Add support for DNS rebinding attack prevention through 
new options, deny-answer-addresses and
			deny-answer-aliases.  Based on contributed code from
			JD Nurmi, Google. [RT #18192]
 2009-05-29 22:22:37 +00:00
Evan Hunt
3a30493983 2572. [func] Simplify DLV configuration, with a new option 
"dnssec-lookaside auto;"  This is the equivalent
			of "dnssec-lookaside . trust-anchor dlv.isc.org;"
			plus setting a trusted-key for dlv.isc.org.

			Note: The trusted key is hard-coded into named,
			but is also stored in (and can be overridden
			by) $sysconfdir/bind.keys.  As the ISC DLV key
			rolls over it can be kept up to date by replacing
			the bind.keys file with a key downloaded from
			https://www.isc.org/solutions/dlv. [RT #18685]
 2009-03-04 02:42:31 +00:00
Automatic Updater
9e0d0a279b update copyright notice 2009-01-09 23:47:46 +00:00
Tatuya JINMEI 神明達哉
7781f25078 2526. [func] New named option "attach-cache" that allows multiple 
views to share a single cache to save memory and
			improve lookup efficiency. [RT 18905]
 2009-01-09 22:24:37 +00:00
Tatuya JINMEI 神明達哉
2be6798f93 2457. [tuning] max-cache-size is reverted to 0, the previous 
default.  It should be safe because expired cache
			entries are also purged.
 2008-09-27 23:35:31 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
0eeaaaf0ae 2398. [bug] Improve file descriptor management. New, 
temporary, named.conf option reserved-sockets,
                        default 512. [RT #18344]
 2008-09-04 05:56:43 +00:00
Automatic Updater
2cf81a3d8a update copyright notice 2008-06-23 23:47:11 +00:00
Tatuya JINMEI 神明達哉
386d3a99c1 2375. [security] Fully randomize UDP query ports to improve 
forgery resilience. [RT #17949, #18098]
 2008-06-23 19:41:20 +00:00
Mark Andrews
db30f4bdcb 2353. [func] Add support for Name Server ID (RFC 5001). 
'dig +nsid' requests NSID from server.
                        'request-nsid yes;' causes recursive server to send
                        NSID requests to upstream servers.  Server responds
                        to NSID requests with the string configured by
                        'server-id' option.  [RT #17091]
 2008-04-03 02:01:08 +00:00
Mark Andrews
3f42cf2f3e 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]

back out incorrect branch rt1091 and apply correct branch rt1091a.
 2008-04-02 02:37:42 +00:00
Mark Andrews
7e26a2a646 2344. [bug] Improve "logging{ file ...; };" documentation. 
[RT #17888]
 2008-03-27 03:30:53 +00:00
Tatuya JINMEI 神明達哉
95c5f1d17b noticed the default max-cache-size [RT #17515] 2008-01-22 00:29:03 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Mark Andrews
b0b4ba7533 Fix documentation for: 
2294.   [func]          Allow the experimental statistics channels to have
                        multiple connections and ACL.
 2008-01-17 21:38:24 +00:00
Tatuya JINMEI 神明達哉
bfcc5ae79a 2294. [func] Allow the experimental statistics channels to have 
multiple connections and ACL.
			Note: the stats-server and stats-server-v6 options
			available in the previous beta releases are replaced
			with the generic statistics-channels statment.
 2008-01-17 00:15:14 +00:00
Automatic Updater
1da14e066c update copyright notice 2008-01-02 23:47:02 +00:00
Mark Andrews
92f60809e8 2286. [func] Allow a TCP connection to be used as a weak 
authentication method for reverse zones.
                        New update-policy methods tcp-self and 6to4-self.
                        [RT #17378]
 2008-01-02 05:13:42 +00:00
Mark Andrews
a1e2170ad5 2250. [func] New flag 'memstatistics' to state whether the 
memory statistics file should be written or not.
                        Additionally named's -m option will cause the
                        statistics file to be written. [RT #17113]
 2007-09-26 03:22:45 +00:00
Mark Andrews
ca84283333 2244. [func] Allow the check of nameserver names against the 
SOA MNAME field to be disabled by specifying
                        'notify-to-soa yes;'.  [RT #17073]
 2007-09-18 00:22:31 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
819b98479e 2165. [func] Allow the destination address of a query to determine 
if we will answer the query or recurse.
                        allow-query-on, allow-recursion-on and
                        allow-query-cache-on. [RT #16291]
 2007-03-29 06:36:31 +00:00
Mark Andrews
0b174d1243 update copyright notice 2007-02-06 00:01:23 +00:00
Mark Andrews
281bab0f36 2129. [func] Provide a pool of UDP sockets for queries to be 
made over. See use-queryport-pool, queryport-pool-ports
                        and queryport-pool-updateinterval.  [RT #16415]
 2007-02-02 02:18:06 +00:00
Mark Andrews
186e7f37c9 2122. [func] Experimental http server and statistics support 
for named via xml.
 2006-12-21 06:03:37 +00:00
Mark Andrews
289ae548d5 2105. [func] GSS-TSIG support (RFC 3645). 2006-12-04 01:54:53 +00:00
Mark Andrews
a45a6ea2b0 2035. [func] Make falling back to TCP on UDP refresh failure 
optional. Default "try-tcp-refresh yes;" for BIND 8
                        compatibility. [RT #16123]
 2006-06-04 23:17:07 +00:00
Mark Andrews
6412902ffc 2015. [cleanup] use-additional-cache is now acache-enable for 
consistancy.  Default acache-enable off in BIND 9.4
                        as it requires memory usage to be configured.
                        It may be enabled by default in BIND 9.5 once we
                        have more experience with it.
 2006-05-03 01:54:54 +00:00
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00
Mark Andrews
59d84d1b07 2001. [func] Check the KSK flag when updating a secure dynamic zone. 
New zone option "update-check-ksk yes;".  [RT #15817]
 2006-03-06 01:27:52 +00:00
Mark Andrews
45e1bd6358 1991. [cleanup] The configuration data, once read, should be treated 
as readonly.  Expand the use of const to enforce this
                        at compile time. [RT #15813]
 2006-02-28 02:39:52 +00:00
Mark Andrews
7d4a465de0 1597. [func] Allow notify-source and query-source to be specified 
on a per server basis similar to transfer-source.
 2006-02-17 00:24:21 +00:00
Mark Andrews
6e373c5025 1983. [func] Two new update policies. "selfsub" and "selfwild". 
[RT #12895]
 2006-02-16 01:34:24 +00:00
Mark Andrews
dc6da18ccb 1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723] 2006-01-05 23:45:34 +00:00
Mark Andrews
a1bc941093 1959. [func] Control the zeroing of the negative response TTL to 
a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]
 2006-01-05 02:19:02 +00:00
Mark Andrews
08c9026166 1953. [func] Named now falls back to advertising EDNS with a 
512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1952.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]
 2006-01-05 00:01:46 +00:00
Mark Andrews
acb4f52369 update copyright notice 2006-01-04 23:50:24 +00:00
Mark Andrews
fabf2ee6b0 1947. [func] It is now possible to configure named to accept 
expired RRSIGs.  Default "dnssec-accept-expired no;".
                        Setting "dnssec-accept-expired yes;" leaves named
                        vulnerable to replay attacks.  [RT #14685]
 2006-01-04 02:35:49 +00:00
Mark Andrews
1425217e5c spelling arguement vs arguments 2005-10-26 04:35:56 +00:00
Mark Andrews
03e200df5d 1913. [func] Integrate contibuted DLZ code into named. [RT #11382] 2005-09-05 00:12:29 +00:00