Evan Hunt [Thu, 28 Feb 2013 18:03:35 +0000 (10:03 -0800)]
[v9_9] fix XSL glitch with empty query data
3507. [bug] Statistics channel XSL (when built with
--enable-newstats) had a glitch when attempting
to chart query data before any queries had been
received. [RT #32620]
Evan Hunt [Thu, 28 Feb 2013 17:36:50 +0000 (09:36 -0800)]
[v9_9] accept >4g max-{,a}cache-size
3505. [bug] When setting "max-cache-size" and "max-acache-size",
larger values than 4 gigabytes could not be set
explicitly, though larger sizes were available
when setting cache size to 0. This has been
corrected; the full range is now available.
[RT #32358]
(cherry picked from commit 2a184ff86544cc67c36e2ce6bb3ddb5ac44684b8)
Evan Hunt [Wed, 27 Feb 2013 20:03:29 +0000 (12:03 -0800)]
[v9_9] better zone-statistics syntax
3501. [func] zone-statistics now takes three options: full,
terse, and none. "yes" and "no" are retained as
synonyms for full and terse, respectively. [RT #29165]
(cherry picked from commit 40a7e85f3ee3bd66a8f87bf8af674e1e48b05396)
Evan Hunt [Mon, 25 Feb 2013 22:23:45 +0000 (14:23 -0800)]
[v9_9] RPZ speed up (phase 1, single RPZ)
3496. [func] Improvements to RPZ performance. The "response-policy"
syntax now includes a "min-ns-dots" clause, with
default 1, to exclude top-level domains from
NSIP and NSDNAME checking. --enable-rpz-nsip and
--enable-rpz-nsdname are now the default. [RT #32251]
Response policy (rpz) changes to
- add zone statistics
- speed up by adding min-ns-dots to the response-policy syntax
with a default of 1
- detect and reject policy zones with a database other than rbt
only rbtdb has rpz hooks
- allow empty response-policy{} statement
- make --enable-rpz-nsip and --enable-rpz-nsdname the default
Evan Hunt [Thu, 21 Feb 2013 05:40:25 +0000 (21:40 -0800)]
[v9_9] add zone memory context pools
3492. [bug] Fixed a regression in zone loading performance
due to lock contention. [RT #30399]
(cherry picked from commit df925e6c66d45d960fbac0383169763967d2111c)
Mark Andrews [Mon, 18 Feb 2013 20:28:24 +0000 (07:28 +1100)]
3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
dns_dlzcreate() failed to properly initialize
dlzdb.link. When cloning a rdataset do not copy
the link contents. [RT #32651]
Evan Hunt [Wed, 23 Jan 2013 23:39:38 +0000 (15:39 -0800)]
[v9_9] fix dns_request_createvia assert
3474. [bug] nsupdate could assert when the local and remote
address families didn't match. [RT #22897]
(cherry picked from commit ffff5d67926821d3db8df63bdd84a9cb1ce56739)
Evan Hunt [Wed, 23 Jan 2013 22:57:18 +0000 (14:57 -0800)]
[v9_9] fix incorrect nsec3 check
- check for NSEC3 in empty nodes when not due to optout delegations
- fixed typo in output ("Bad record NSEC record")
- incidentally fixed an error in signzone that caused an
incorrect warning about missing DNSKEYs when using -S
and -3 together
3473. [bug] dnssec-signzone/verify could incorrectly report
an error condition due to an empty node above an
opt-out delegation lacking an NSEC3. [RT #32072]
(cherry picked from commit 9a0dd99a757c469d9530acd5cb11789b3b0af5ce)
Evan Hunt [Wed, 23 Jan 2013 02:07:50 +0000 (18:07 -0800)]
[v9_9] default -U to ncpus, not to -n
3471. [bug] The number of UDP dispatches now defaults to
the number of CPUs even if -n has been set to
a higher value. [RT #30964]
(cherry picked from commit 2154c019124246199c7fe494b86860461c8a5f40)
Evan Hunt [Tue, 22 Jan 2013 23:50:48 +0000 (15:50 -0800)]
[v9_9] dump masterfile after successful xfrin
3470. [bug] Slave zones could fail to dump when successfully
refreshing after an initial failure. [RT #31276]
(cherry picked from commit 214836c18496e0d2630df1cda5eeee13c38b9068)
Evan Hunt [Thu, 17 Jan 2013 19:24:16 +0000 (11:24 -0800)]
[v9_9] fix DNS64 with RPZ-remapped A records
3468. [security] RPZ rules to generate A records (but not AAAA records)
could trigger an assertion failure when used in
conjunction with DNS64. [RT #32141]
(cherry picked from commit 71f8edccba553c4ed4988dd12ac877564e4987d1)
projects / thirdparty / bind9.git / log
