insensitive.
1599. [bug] Fix memory leak on error path when checking named.conf.
1598. [func] Specify that certain parts of the namespace must
be secure (dnssec-must-be-secure).
child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers.
[RT #6496]
implemented by marka, reviewed and documented by jinmei.
Notes:
lib/dns/zone.c had to be modified manually.
ARM html files were not regenerated (yet).
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE and MUSEUM) these can be excluded
from the checks buy using exclude.
root-delegation-only exclude { "DE"; "MUSEUM"; };
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
from BIND 8. See use-alt-transfer-source,
alt-transfer-source-v4 and alt-transfer-source-v6.
SECURITY: use-alt-transfer-source is ENABLED unless
you are using views. This may caues a security risk
resulting in accidental disclosure of wrong zone
content if the master supplying different source
content based on IP address. If you are not certian
ISC recommends setting use-alt-transfer-source no;
developer: marka
reviewer: explorer
dns_portlist_create(), dns_portlist_add(),
dns_portlist_remove(), dns_portlist_match(),
dns_portlist_attach() and dns_portlist_detach().
1441. [func] It is now possible to tell dig to bind to a specific
source port.
1440. [func] It is now possible to tell named to avoid using
certian source ports (avoid-v4-udp-ports,
avoid-v6-udp-ports).
developer: marka
reviewer: explorer
