3745. [func] "configure --with-tuning=large" adjusts various
compiled-in constants and default settings to
values suited to large servers with abundant
memory. [RT #29538]
(which are similar to DNS Cookies by Donald Eastlake)
and are designed to help clients detect off path
spoofed responses and for servers to detect legitimate
clients.
SIT use a experimental EDNS option code (65001).
SIT can be enabled via --enable-developer or
--enable-sit. It is on by default in Windows.
RRL processing as been updated to know about SIT with
legitimate clients not being rate limited. [RT #35389]
3741. [func] "delve" (domain entity lookup and validation engine):
A new tool with dig-like semantics for performing DNS
lookups, with internal DNSSEC validation, using the
same resolver and validator logic as named. This
allows easy validation of DNSSEC data in environments
with untrustworthy resolvers, and assists with
troubleshooting of DNSSEC problems. (Note: not yet
available on win32.) [RT #32406]
Updated CHANGES note:
3606. [func] "rndc flushtree" now flushes matching
records in the address database and bad cache
as well as the DNS cache. (Previously only the
DNS cache was flushed.) [RT #33970]
3606. [func] "rndc flushtree -all" flushes matching
records in the ADB and bad cache as well as
the DNS cache. (Without the "-all" option,
flushtree will still only flush records from
the DNS cache.) [RT #33970]
3535. [func] Add support for setting Differentiated Services Code
Point (DSCP) values in named. Most configuration
options which take a "port" option (e.g.,
listen-on, forwarders, also-notify, masters,
notify-source, etc) can now also take a "dscp"
option specifying a code point for use with
outgoing traffic, if supported by the underlying
OS. [RT #27596]
place where the NOQNAME proof needed to be saved.
[RT #32629]
Squashed commit of the following:
commit cdef844f57bd3eb30b1f77135b89b6f9360e8bee
Author: Mark Andrews <marka@isc.org>
Date: Sat Feb 16 00:27:14 2013 +1100
whitespace
commit 60eb7e3f6cdd102d6aaf0fb4ada8c552576e4502
Author: Mark Andrews <marka@isc.org>
Date: Sat Feb 16 00:19:51 2013 +1100
return noqname proof with +cd and dlv
This includes the following changes:
3326. [func] Added task list statistics: task model, worker
threads, quantum, tasks running, tasks ready.
[RT #27678]
3325. [func] Report cache statistics: memory use, number of
nodes, number of hash buckets, hit and miss counts.
[RT #27056]
3324. [test] Add better tests for ADB stats [RT #27057]
3323. [func] Report the number of buckets the resolver is using.
[RT #27020]
3322. [func] Monitor the number of active TCP and UDP dispatches.
[RT #27055]
3321. [func] Monitor the number of recursive fetches and the
number of open sockets, and report these values in
the statistics channel. [RT #27054]
3320. [func] Added support for monitoring of recursing client
count. [RT #27009]
3319. [func] Added support for monitoring of ADB entry count and
hash size. [RT #27057]
3316. [tuning] Improved locking performance when recursing.
[RT #28836]
- Use one lock per memory pool instead of associating
them all with a single 'pool_lock' in the dispatch manager.
- Reduce the critical sections for qid->lock in get_dispsocket(),
deref_portentry() and dns_dispatch_addresponse2().
- Added a memory pool for socket events in dns_dispatch_t.
- Add an isc_socketevent_t member in the resquery_t object, and use
it with isc_socket_sendto2() instead of using isc_socket_sendto()
- Tuned the memory pools in dispatch.c for better performance
under load
Added API to create a set of UDP dispatches which can be shared
round-robin style when making upstream queries for authoritative
data; this should reduce lock contention in the query source
dispatch.
