3525. [func] Support for additional signing algorithms in rndc:
hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
The -A option to rndc-confgen can be used to
select the algorithm for the generated key.
(The default is still hmac-md5; this may
change in a future release.) [RT #20363]
3506. [func] When setting "max-cache-size" and "max-acache-size",
the keyword "unlimited" is no longer defined as equal
to 4 gigabytes (except on 32-bit platforms); it
means literally unlimited. [RT #32358]
3505. [bug] When setting "max-cache-size" and "max-acache-size",
larger values than 4 gigabytes could not be set
explicitly, though larger sizes were available
when setting cache size to 0. This has been
corrected; the full range is now available.
[RT #32358]
3504. [func] Add support for ACLs based on geographic location,
using MaxMind GeoIP databases. Based on code
contributed by Ken Brownfield <kb@slide.com>.
[RT #30681]
3501. [func] zone-statistics now takes three options: full,
terse, and none. "yes" and "no" are retained as
synonyms for full and terse, respectively. [RT #29165]
RRL system test seems to be highly dependent on system speed.
We are leaving it running and reporting results, but forcing it
to return PASS unless one or more of the servers crashed or could
not start.
report the files that were being used so they can
be cleaned up if desired. [RT #27899]
Squashed commit of the following:
commit 0e4e69d0c3153fe94aaa375b908cf7e3e45b5059
Author: Mark Andrews <marka@isc.org>
Date: Thu Feb 21 17:01:44 2013 +1100
report the zones to be removed rather than removing them
commit 5d247ac592eef64c4c467d99af4983b8c1ff998f
Author: Mark Andrews <marka@isc.org>
Date: Wed Feb 20 15:05:47 2013 +1100
remove slave/stub files when deleting a zone using delzone
place where the NOQNAME proof needed to be saved.
[RT #32629]
Squashed commit of the following:
commit cdef844f57bd3eb30b1f77135b89b6f9360e8bee
Author: Mark Andrews <marka@isc.org>
Date: Sat Feb 16 00:27:14 2013 +1100
whitespace
commit 60eb7e3f6cdd102d6aaf0fb4ada8c552576e4502
Author: Mark Andrews <marka@isc.org>
Date: Sat Feb 16 00:19:51 2013 +1100
return noqname proof with +cd and dlv
3486. [bug] named could crash when using TKEY-negotiated keys
that had been deleted and then recreated. [RT #32506]
commit 6a48b9999766d26cddc7cef275cd984b7d53c014
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 14:59:46 2013 -0800
[rt32506] don't dump key if dump is unimplemented
commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 14:42:25 2013 -0800
[rt32506] make sure LRU needs adjusting before adjusting it
commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 12:28:28 2013 -0800
[rt32506] demonstrate bugs in tkey test
- check for NSEC3 in empty nodes when not due to optout delegations
- fixed typo in output ("Bad record NSEC record")
- incidentally fixed an error in signzone that caused an
incorrect warning about missing DNSKEYs when using -S
and -3 together
3473. [bug] dnssec-signzone/verify could incorrectly report
an error condition due to an empty node above an
opt-out delegation lacking an NSEC3. [RT #32072]
- handle malformed answers from DLZ better:
- handle dlz_lookup errors better:
when the first lookup of a name returns an unexpected failure code,
we return it to the caller rather than continuing on to look up
the wildcard. we now only continue processing if the return from
the first lookup was either ISC_R_SUCCESS or ISC_R_NOTFOUND.
- improved backward-compatibility for dlz_version:
added a DLZ_DLOPEN_AGE value indicating how many versions
back from the current DLZ_DLOPEN_VERSION named will support
3468. [security] RPZ rules to generate A records (but not AAAA records)
could trigger an assertion failure when used in
conjunction with DNS64. [RT #32141]
