4224. [func] Added support for "dyndb", a new interface for loading
zone data from an external database, developed by
Red Hat for the FreeIPA project.
DynDB drivers fully implement the BIND database
API, and are capable of significantly better
performance and functionality than DLZ drivers,
while taking advantage of advanced database
features not available in BIND such as multi-master
replication.
Thanks to Adam Tkac and Petr Spacek of Red Hat.
[RT #35271]
4152. [func] Implement DNS COOKIE option. This replaces the
experimental SIT option of BIND 9.10. The following
named.conf directives are available: send-cookie,
cookie-secret, cookie-algorithm, nocookie-udp-size
and require-server-cookie. The following dig options
are available: +[no]cookie[=value] and +[no]badcookie.
[RT #39928]
Squashed commit of the following:
commit 77f12b02cf4e81f13e10db3cfac90e9de0b53928
Author: Mukund Sivaraman <muks@isc.org>
Date: Mon Jul 13 05:28:13 2015 +0530
Some tweaks
commit 9c521020b03c2fe7293ec4c970225fff479efd40
Author: Tony Finch <dot@dotat.at>
Date: Thu Jul 9 15:36:15 2015 +0100
rndc addzone error reporting improvements
Clearer error messages from rndc addzone and modzone when the view is not
known or when allow-new-zones is off.
Also, remove a spurious newline from the delzone response.
3938. [func] Added quotas to be used in recursive resolvers
that are under high query load for names in zones
whose authoritative servers are nonresponsive or
are experiencing a denial of service attack.
- "fetches-per-server" limits the number of
simultaneous queries that can be sent to any
single authoritative server. The configured
value is a starting point; it is automatically
adjusted downward if the server is partially or
completely non-responsive. The algorithm used to
adjust the quota can be configured via the
"fetch-quota-params" option.
- "fetches-per-zone" limits the number of
simultaneous queries that can be sent for names
within a single domain. (Note: Unlike
"fetches-per-server", this value is not
self-tuning.)
- New stats counters have been added to count
queries spilled due to these quotas.
See the ARM for details of these options. [RT #37125]
4156. [func] Added statistics counters to track the sizes
of incoming queries and outgoing responses in
histogram buckets, as specified in RSSAC002.
[RT #39049]
experimental SIT option of BIND 9.10. The following
named.conf directives are avaliable: send-cookie,
cookie-secret, cookie-algorithm and nocookie-udp-size.
The following dig options are available:
+[no]cookie[=value] and +[no]badcookie. [RT #39928]
4124. [func] Log errors or warnings encountered when parsing the
internal default configuration. Clarify the logging
of errors and warnings encountered in rndc
addzone or modzone parameters. [RT #39440]
4120. [bug] A bug in RPZ could cause the server to crash if
policy zones were updated while recursion was
pending for RPZ processing of an active query.
[RT #39415]
4083. [cleanup] Print of the number of CPUs and UDP listeners
in the log and in "rndc status" output; indicate
whether threads are supported in "named -V" output.
[RT #38811]
4080. [func] Completed change #4022, adding a "lock-file" option
to named.conf to override the default lock file,
in addition to the "named -X <filename>" command
line option. Setting the lock file to "none"
using either method disables the check completely.
[RT #37908]
4056. [bug] Expanded automatic testing of trust anchor
management and fixed several small bugs including
a memory leak and a possible loss of key state
information. [RT #38458]
4055. [func] "rndc managed-keys" can be used to check status
of trust anchors or to force keys to be refreshed,
Also, the managed keys data file has easier-to-read
comments. [RT #38458]
4040. [func] Added server-side support for pipelined TCP
queries. TCP connections are no longer closed after
the first query received from a client. (The new
"keep-response-order" option allows clients to be
specified for which the old behavior will still be
used.) [RT #37821]
Based on a patch sent in by Tony Finch <dot@dotat.at>.
Also fix win32 implementation of isc_file_openunique() to use a random
filename instead of using the process id.
4034. [func] When added, negative trust anchors (NTA) are now
saved to files (viewname.nta), in order to
persist across restarts of the named server.
[RT #37087]
