From f03c34eb3044cd9d8696eebc5c176bec5fc6e7ba Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Thu, 23 May 2013 14:40:23 +0200 Subject: [PATCH] first stab at auth 3.3 docs --- pdns/docs/pdns.xml | 351 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 351 insertions(+) diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index 42ee10a78..3abb16064 100644 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -93,6 +93,357 @@ Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor are released separately. + PowerDNS Authoritative Server version 3.3 RC + + + Not yet released + + + Downloads: + + + + ... + + + + + + + This a stability, bugfix and conformity update to 3.2. It improves interoperability with various validators, + either through bugfixes or by catering to their needs beyond the specifications. + + + Changes since 3.2: + + + + g315dd2e: Simplify socket listening code, and make sure we always set the nonblocking flag correctly. Patch by Mark Zealey, closes t664. + + + + + gabc8f3f, G357f6a7: Implement the new any-to-tcp option that, when set, always replies with a truncated response (TC=1) to ANY queries, forcing them to use TCP. + + + + + g496073b: Since 3.0, pdnssec secure-zone has always generated 3 keys: one KSK and two ZSK, with one ZSK + active. For most, if not almost all, users, this inactive ZSK is never used. We now no longer generate + this useless ZSK. The resulting smaller DNSKEY RRset improves interoperability with certain validators. + Closes t824. + + + + + g830281f, Gaef7330: Accept chars >127 ('high ASCII') in TXT records, closing t541 and T723. + + + + + gb35da1b: if_ether.h is in netinet/ not net/ on OpenBSD, thanks Florian Obser. + + + + + g63347c6: Don't store edited soa serial for INCREMENT soa-edit kinds + + + + + g71301b6: Replicate gsql backend feature of having separate -auth queries for DNSSEC into oraclebackend. Also lets you disable dnssec if you are not ready for it. Closes t527. + + + + + g032e390: make pdnssec exit with 1 on some error conditions, closes t677 + + + + + g2125dac: drop unused ignore-rd-bit flag + + + + + g8c1a6d6: NSECx optimizations, thanks Kees Monshouwer. + + + + + g664716a: drop unused variables in lua backend (t653) + + + + + gd8ec70f: fix db2 backend includes (t653) + + + + + g6477102: add goracle schema + + + + + g9118638: make goraclebackend "at least work", closes t729 + + + + + ge0ad7bb: add DS digest type 4 to show-zone output; add algorithm names. Based on a patch by Aki Tuomi, + closes t744 + + + + + g61a7fac: enable AM_SILENT_RULES, closing t647 + + + + + g7796a3b: Merge support for include-dir directive, thanks Aki Tuomi! + + + + + g04576ee, gb0e15c8: Implement pdnssec increase-serial, thanks Ruben. + + + + + gcee857b: add supplementary groups support + + + + + gcc6bf4c: Merge branch 'nodnssecany' of github.com:mind04/pdns into mind04-nodnssecany + + + + + g837f4b4: do a better job at escaping TXT, fixes t795 + + + + + g6ca3fa7: add SOA-EDIT INCEPTION-INCREMENT mode, thanks stbuehler + + + + + g6159c49: Add connection info to sql-connect message + + + + + g9f62e34, g0fc965f, g2035112: Added EUI48 and EUI64 record types + + + + + gf9cf6d9: cut the number of database queries in half for AXFR-in + + + + + g04b4bf6: Merge support for not using opt-out with NSEC3. Many thanks to Kees Monshouwer. + + + + + gfeef1ec: fix missing NSEC3 for secure delegation, thanks Kees Monshouwer, closes t682 + + + + + g8db49a6: after a decade+.. finally try to stop notifying ourselves. In convoluted cases involving REUSE_PORT and binding to 0.0.0.0 and ::, it might be possible that we guess wrong, in which case we now provide & document the setting prevent-self-notification which you could then set to off. + + + + + gc87f987: add default for SOA contact e-mail + + + + + gbb4a573: move random backend to modules + + + + + g1071abd: restyle builtin webserver page + + + + + gb61e407: revert gd90efbf and add 7 days margin to inception + + + + + gcd5e158: correct bogus use of poll(2) related constants, improving non-Linux portability. Thanks Wouter de Jong + + + + + g27ff60a: make sure our NSEC(3)s for names with spaces in them are correct. Reported by Jimmy Bergman. Includes test. + + + + + g116e28a: reduce log level of successful gpgsql/gsqlite3 connection to Info + + + + + gdf55450: Don't add dnssec info, to any query results, for non validating resolvers. + + + + + gb23b90a: Metadata update is now in the same transaction as the AXFR. This improves slaving speed + tremendously, especially for SQLite users. + + + + + g4620e8a: Added zone2json + + + + + gff64750: make sure mixed-case queries get a correct apex NSEC3 type bitmap + + + + + g4b153d8: always lowercase next name in NSEC to avoid interop troubles with validators, thanks Marco Davids&Matthijs Mekking + + + + + gf0fa8b6: Fix remotebackend setdomainmetadata return value handling. Fix by Aki Tuomi, closes t740 + + + + + g80e82d6: log control listener abort even more explicitly + + + + + g7c0cb15, Ga718d74: support automake 1.12 + + + + + g3fe22eb, G6707cb1: update autoconf/automake preamble to non-deprecated variant, thanks Morten Stevens + + + + + g6c4e531: disarm dead code that causes gcc crashes on ARM, thanks Morten Stevens + + + + + g63e365d: don't mess up encoding when copying qname from question to answer in packetcache. Based on reports&debugging by Jimmy Bergman (sigint), Daniel Norman (Loopia) and the fine people at ISC + + + + + g36855b5: if we failed to make a new UDP socket, we'd report a confusing error about it + + + + + g1b8e5e6: autoconf support for oracle, thanks Aki Tuomi. Closes t726 + + + + + g8ac0c06: allow setting of some oracle env vars. Patch by Aki Tuomi, closes t725 + + + + + g45e845b: add example.rb sample script for remotebackend, thanks Aki + + + + + g950bddd: add pdnssec generate-zone-key command, thanks Aki. Closes t711 + + + + + g2c03cde: Replace select with waitForData in remotebackend. Patch by Aki Tuomi, closes t715 + + + + + g450292c: accept ANY responses during recursive forwarding, thanks Jan-Piet Mens + + + + + gd9dd76b: actually clean up unix domain sockets too after use + + + + + g36758d2: merge t476 by Aki Tuomi, providing default-ksk/zsk-algorithms/size configuration parameters for pdnssec. Also cleans up some duplicate code + + + + + g2f2b014: apply variant of code in t714 so we can lauch pipe backend scripts with parameters, plus add experimental code that if pipe-command is a unix domain socket, we use that. + + + + + g9566683: merge patch from ticket 712 addressing memory leak in remotebackend (thanks Aki for the fix!) + + + + + g3526186: fix backslash handling in TXT parser, includes test. Thanks jpmens + + + + + gfb6ed6f: explicitly set domain id during bindbackend superslave domain create, thanks Kees Monshouwer&Aki Tuomi + + + + + g69bae20: use private temp dir when running under systemd, thanks Morten Stevens&Ruben Kerkhof + + + + + gb26a48a: fix rapidjson usage in remotebackend, patch by Aki Tuomi. Closes t697 + + + + + gda8e6ae: also answer questions with : in them + + + + + gef1c4bf: also spot trailing dots on CNAME content, thanks jpmens and Ruben d'Arco + + + + + gfb31631: only setCloseOnExec on valid sockets + + + + + PowerDNS Recursor version 3.5.1 -- 2.50.1