mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity
20,269 Commits 659 Branches 820 Tags
Commit Graph

152 Commits

Author SHA1 Message Date
Evan Hunt
08f860f800 2630. [func] Improved syntax for DDNS autoconfiguration: use 
"update-policy local;" to switch on local DDNS in a
			zone.  [RT #19875]
 2009-07-14 22:54:57 +00:00
Automatic Updater
b655c721b6 update copyright notice 2009-07-10 23:47:58 +00:00
Mark Andrews
98e8948bd7 2622. [bug] Printing of named.conf grammar was broken. [RT #19919] 2009-07-10 07:33:21 +00:00
Evan Hunt
cfb1587eb9 2619. [func] Add support for RFC 5011, automatic trust anchor 
maintenance.  The new "managed-keys" statement can
			be used in place of "trusted-keys" for zones which
			support this protocol.  (Note: this syntax is
			expected to change prior to 9.7.0 final.) [RT #19248]
 2009-06-30 02:53:46 +00:00
Automatic Updater
b6306ef56e update copyright notice 2009-06-10 23:47:47 +00:00
Evan Hunt
351b62535d 2609. [func] Simplify the configuration of dynamic zones: 
- add ddns-confgen command to generate
			  configuration text for named.conf
			- add zone option "ddns-autoconf yes;", which
			  causes named to generate a TSIG session key
			  and allow updates to the zone using that key
			- add '-l' (localhost) option to nsupdate, which
			  causes nsupdate to connect to a locally-running
			  named process using the session key generated
			  by named
			[RT #19284]
 2009-06-10 00:27:22 +00:00
Tatuya JINMEI 神明達哉
40d0f115a6 2604. [func] Add support for DNS rebinding attack prevention through 
new options, deny-answer-addresses and
			deny-answer-aliases.  Based on contributed code from
			JD Nurmi, Google. [RT #18192]
 2009-05-29 22:22:37 +00:00
Evan Hunt
3a30493983 2572. [func] Simplify DLV configuration, with a new option 
"dnssec-lookaside auto;"  This is the equivalent
			of "dnssec-lookaside . trust-anchor dlv.isc.org;"
			plus setting a trusted-key for dlv.isc.org.

			Note: The trusted key is hard-coded into named,
			but is also stored in (and can be overridden
			by) $sysconfdir/bind.keys.  As the ISC DLV key
			rolls over it can be kept up to date by replacing
			the bind.keys file with a key downloaded from
			https://www.isc.org/solutions/dlv. [RT #18685]
 2009-03-04 02:42:31 +00:00
Automatic Updater
9e0d0a279b update copyright notice 2009-01-09 23:47:46 +00:00
Tatuya JINMEI 神明達哉
7781f25078 2526. [func] New named option "attach-cache" that allows multiple 
views to share a single cache to save memory and
			improve lookup efficiency. [RT 18905]
 2009-01-09 22:24:37 +00:00
Tatuya JINMEI 神明達哉
2be6798f93 2457. [tuning] max-cache-size is reverted to 0, the previous 
default.  It should be safe because expired cache
			entries are also purged.
 2008-09-27 23:35:31 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
0eeaaaf0ae 2398. [bug] Improve file descriptor management. New, 
temporary, named.conf option reserved-sockets,
                        default 512. [RT #18344]
 2008-09-04 05:56:43 +00:00
Automatic Updater
2cf81a3d8a update copyright notice 2008-06-23 23:47:11 +00:00
Tatuya JINMEI 神明達哉
386d3a99c1 2375. [security] Fully randomize UDP query ports to improve 
forgery resilience. [RT #17949, #18098]
 2008-06-23 19:41:20 +00:00
Mark Andrews
db30f4bdcb 2353. [func] Add support for Name Server ID (RFC 5001). 
'dig +nsid' requests NSID from server.
                        'request-nsid yes;' causes recursive server to send
                        NSID requests to upstream servers.  Server responds
                        to NSID requests with the string configured by
                        'server-id' option.  [RT #17091]
 2008-04-03 02:01:08 +00:00
Mark Andrews
3f42cf2f3e 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]

back out incorrect branch rt1091 and apply correct branch rt1091a.
 2008-04-02 02:37:42 +00:00
Mark Andrews
7e26a2a646 2344. [bug] Improve "logging{ file ...; };" documentation. 
[RT #17888]
 2008-03-27 03:30:53 +00:00
Tatuya JINMEI 神明達哉
95c5f1d17b noticed the default max-cache-size [RT #17515] 2008-01-22 00:29:03 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Mark Andrews
b0b4ba7533 Fix documentation for: 
2294.   [func]          Allow the experimental statistics channels to have
                        multiple connections and ACL.
 2008-01-17 21:38:24 +00:00
Tatuya JINMEI 神明達哉
bfcc5ae79a 2294. [func] Allow the experimental statistics channels to have 
multiple connections and ACL.
			Note: the stats-server and stats-server-v6 options
			available in the previous beta releases are replaced
			with the generic statistics-channels statment.
 2008-01-17 00:15:14 +00:00
Automatic Updater
1da14e066c update copyright notice 2008-01-02 23:47:02 +00:00
Mark Andrews
92f60809e8 2286. [func] Allow a TCP connection to be used as a weak 
authentication method for reverse zones.
                        New update-policy methods tcp-self and 6to4-self.
                        [RT #17378]
 2008-01-02 05:13:42 +00:00
Mark Andrews
a1e2170ad5 2250. [func] New flag 'memstatistics' to state whether the 
memory statistics file should be written or not.
                        Additionally named's -m option will cause the
                        statistics file to be written. [RT #17113]
 2007-09-26 03:22:45 +00:00
Mark Andrews
ca84283333 2244. [func] Allow the check of nameserver names against the 
SOA MNAME field to be disabled by specifying
                        'notify-to-soa yes;'.  [RT #17073]
 2007-09-18 00:22:31 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
819b98479e 2165. [func] Allow the destination address of a query to determine 
if we will answer the query or recurse.
                        allow-query-on, allow-recursion-on and
                        allow-query-cache-on. [RT #16291]
 2007-03-29 06:36:31 +00:00
Mark Andrews
0b174d1243 update copyright notice 2007-02-06 00:01:23 +00:00
Mark Andrews
281bab0f36 2129. [func] Provide a pool of UDP sockets for queries to be 
made over. See use-queryport-pool, queryport-pool-ports
                        and queryport-pool-updateinterval.  [RT #16415]
 2007-02-02 02:18:06 +00:00
Mark Andrews
186e7f37c9 2122. [func] Experimental http server and statistics support 
for named via xml.
 2006-12-21 06:03:37 +00:00
Mark Andrews
289ae548d5 2105. [func] GSS-TSIG support (RFC 3645). 2006-12-04 01:54:53 +00:00
Mark Andrews
a45a6ea2b0 2035. [func] Make falling back to TCP on UDP refresh failure 
optional. Default "try-tcp-refresh yes;" for BIND 8
                        compatibility. [RT #16123]
 2006-06-04 23:17:07 +00:00
Mark Andrews
6412902ffc 2015. [cleanup] use-additional-cache is now acache-enable for 
consistancy.  Default acache-enable off in BIND 9.4
                        as it requires memory usage to be configured.
                        It may be enabled by default in BIND 9.5 once we
                        have more experience with it.
 2006-05-03 01:54:54 +00:00
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00
Mark Andrews
59d84d1b07 2001. [func] Check the KSK flag when updating a secure dynamic zone. 
New zone option "update-check-ksk yes;".  [RT #15817]
 2006-03-06 01:27:52 +00:00
Mark Andrews
45e1bd6358 1991. [cleanup] The configuration data, once read, should be treated 
as readonly.  Expand the use of const to enforce this
                        at compile time. [RT #15813]
 2006-02-28 02:39:52 +00:00
Mark Andrews
7d4a465de0 1597. [func] Allow notify-source and query-source to be specified 
on a per server basis similar to transfer-source.
 2006-02-17 00:24:21 +00:00
Mark Andrews
6e373c5025 1983. [func] Two new update policies. "selfsub" and "selfwild". 
[RT #12895]
 2006-02-16 01:34:24 +00:00
Mark Andrews
dc6da18ccb 1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723] 2006-01-05 23:45:34 +00:00
Mark Andrews
a1bc941093 1959. [func] Control the zeroing of the negative response TTL to 
a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]
 2006-01-05 02:19:02 +00:00
Mark Andrews
08c9026166 1953. [func] Named now falls back to advertising EDNS with a 
512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1952.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]
 2006-01-05 00:01:46 +00:00
Mark Andrews
acb4f52369 update copyright notice 2006-01-04 23:50:24 +00:00
Mark Andrews
fabf2ee6b0 1947. [func] It is now possible to configure named to accept 
expired RRSIGs.  Default "dnssec-accept-expired no;".
                        Setting "dnssec-accept-expired yes;" leaves named
                        vulnerable to replay attacks.  [RT #14685]
 2006-01-04 02:35:49 +00:00
Mark Andrews
1425217e5c spelling arguement vs arguments 2005-10-26 04:35:56 +00:00
Mark Andrews
03e200df5d 1913. [func] Integrate contibuted DLZ code into named. [RT #11382] 2005-09-05 00:12:29 +00:00
Mark Andrews
2c15fcdeac seperate out sibling glue checks 2005-08-24 23:54:04 +00:00
Mark Andrews
6b79e960e6 1913. [func] Automatic empty zone creation for D.F.IP6.ARPA and 
friends.  Note: RFC 1918 zones are not yet covered by
                        this but are likely to be in a future release.

                        New options: empty-server, empty-contact,
                        empty-zones-enable and disable-empty-zone.
 2005-08-18 00:57:31 +00:00
Mark Andrews
fb827ed6df 9.4/HEAD sync 2005-07-18 06:03:01 +00:00
Mark Andrews
fd780f3d47 1891. [func] Limit the number of recursive clients that can be 
waiting for a single query (<qname,qtype,qclass>) to
                        resolve.  New options clients-per-query and
                        max-clients-per-query.
 2005-06-27 00:15:45 +00:00