child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers.
[RT #6496]
implemented by marka, reviewed and documented by jinmei.
Notes:
lib/dns/zone.c had to be modified manually.
ARM html files were not regenerated (yet).
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE and MUSEUM) these can be excluded
from the checks buy using exclude.
root-delegation-only exclude { "DE"; "MUSEUM"; };
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
dns_portlist_create(), dns_portlist_add(),
dns_portlist_remove(), dns_portlist_match(),
dns_portlist_attach() and dns_portlist_detach().
1441. [func] It is now possible to tell dig to bind to a specific
source port.
1440. [func] It is now possible to tell named to avoid using
certian source ports (avoid-v4-udp-ports,
avoid-v6-udp-ports).
developer: marka
reviewer: explorer
stalled transfers.
1435. [bug] zmgr_resume_xfrs() was being called read locked
rather than write locked. zmgr_resume_xfrs()
was not being called if the zone was being
shutdown.
1434. [bug] "rndc reconfig" failed to initiate the initial
zone transfer of new slave zones.
developer: marka
reviewer: explorer
states.
1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
1377. [func] dns_zone_load{new}() now reports if the zone was
loaded, queued for loading to up to date.
1376. [func] New function dns_zone_logc() to log to specified
category.
reviewer: marka
1371 [bug] notify-source-v6, transfer-source-v6 and
query-source-v6 with explict addresses and using the
same ports as named was listening on could interfere
with nameds ability to answer queries sent to those
addresses.
[RT #2394]
Basically, "freeze" disables dynamic updates to a zone, syncs the journal
file into the master file, and removes the journal. This allows manual
edits of a dynamic zone file without stopping the server, since the
zone is temporarily considered non-dynamic. "unfreeze" re-enables dynamic
updates to a zone.
So, instead of the old:
rndc stop
edit master file
remove journal
restart server
you can now do:
rndc freeze zone
edit master file
rndc reload zone
rndc unfreeze zone
which doesn't require stopping the server.
About everyone here at the secure dynamic update workshop wanted this.
It will be documented soon.
