New Features
Adds a new configuration option, "check-spf"; valid values are
"warn" (default) and "ignore". When set to "warn", checks SPF
and TXT records in spf format, warning if either resource record
type occurs without a corresponding record of the other resource
record type. [RT #33355]
Adds support for Uniform Resource Identifier (URI) resource
records. [RT #23386]
Adds support for the EUI48 and EUI64 RR types. [RT #33082]
Adds support for the RFC 6742 ILNP record types (NID, LP, L32,
and L64). [RT #31836]
Feature Changes
Changes timing of when slave zones send NOTIFY messages after
loading a new copy of the zone. They now send the NOTIFY before
writing the zone data to disk. This will result in quicker
propagation of updates in multi-level server structures. [RT #27242]
"named -V" can now report a source ID string. (This is will be
of most interest to developers and troubleshooters). The source
ID for ISC's production versions of BIND is defined in the "srcid"
file in the build tree and is normally set to the most recent
git hash. [RT #31494]
Response Policy Zone performance enhancements. New "response-policy"
option "min-ns-dots". "nsip" and "nsdname" now enabled by default
with RPZ. [RT #32251]
Approved by: delphij (mentor)
Sponsored by: DK Hostmaster A/S
string by undefining __DATE__, since (unlike gcc) clang doesn't allow us
to do that. Instead, define NO_VERSION_DATE, which was helpfully added
to the named source code for exactly this purpose.
This includes a structural change regarding atomic ops. Previously they
were enabled on all platforms unless we had knowledge that they did not
work. However both work performed by marius@ on sparc64 and the fact that
the 9.8.x branch is fussier in this area has demonstrated that this is
not a safe approach. So I've modified a patch provided by marius to
enable them for i386, amd64, and ia64 only.
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
/usr/sbin/{named, lwresd}. Note that POSIX / C99 doesn't technically
allow __DATE__ to be (un|re)defined, but gcc does what we mean anyway.
Approved by: dougb
MFC after: 1 month
with this configuration, but Ruslan tells me that I was probably mistaken,
and on retest the .5 pages are being installed just fine.
Therefore reverse the MAN[58] change in favor of the more modern syntax.
Submitted by: ru
1. Install man files and links for the lwres library.
2. Fix the path in various files to say /etc/namedb/ instead of just /etc.
3. Correctly install the conf file man pages for named and rndc.
but have a knob (WANT_BIND_LIBS) to build and install them in /usr/lib
and /usr/include. Rumors are that this may be useful at a later point,
let's see.
What this really means is that all BIND libraries are now internal to
buildworld (by default, unless WANT_BIND_LIBS is defined), and linked
statically into various BIND executables.
While here, removed redundant -I's from CFLAGS in lib/bind makefiles.
Sponsored by: des
OK'ed by: dougb
POSIX threads libraries are not available. Add crypto support if
the crypto libraries are available. Build dnssec-{keygen,signzone}
if crypto is available.
Submitted by: (in part) dougb@
LDADD is not wrong, but the simple substitution in `make checkdpadd'
doesn't work if foo.a is not an installed library, so we use the full
path to foo.a in both DPADD and LDADD for non-installed libraries.
rendering of the man pages (turns some sequences of two blank lines
into a single blank line), and eliminates 306 errors generated while
formatting named.conf.5 .
for glue records and forces the glue record to be reloaded from the real NS.
The 5% ttl reduction can cause the glue IN A to timeout before the NS
record in certain situations, such as when the domain owner does not match
up NS records with the NIC. This behavior by domain owners is becoming
more common as primary zone serving iterates through another glue level
(i.e. exodus hosts the master NS's but the customer then redirects the
NS's to the real DNS servers). The result is that named would appear to
work properly for about 40 minutes, and then unexpectedly fail for that
zone. This causes named to behave very inconsistently and a google search
shows that it has obviously frustrated many, many people. So until the bind
guys make named behave consistently (either fail instantly or accomodate the
case), we need to set this option to accomodate the case. The result
will be much more consistent behavior and fewer head-scratching failures.
MFC after: 3 days
now depends. This keeps named the same as before the import, that is: only
linking against libc dynamically, at a little space increase, which might
be due to the source code changes anyway. Very neglectable space
difference.
Some people might dub it a hack. It will do for now at least.
files. Mostly -I${.CURDIR} was needed -- especially for YACC generated
files as the new cpp does not look in the ultimate source file
(ie, the .y file)'s directory as told by the "#line" directive. Some were
misspellings of "-I${.CURDIR}" as "-I.".
libraries, so that `ld -f' in can create correct dependencies for
yet-to-be-built libraries.
Use `DIR!= cd ...libbind; make -V .OBJDIR' to find libbind's object dir
if it doesn't seem to be in its usual place relative to ${.OBJDIR}.
This fixes `cd /usr/src/usr.sbin/nslookup; mkdir obj; make'.
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.