Boost 1.76 containers: use standard exceptions.¶
References: #10329, pull request 10335
Fix wording in edns-padding-tag help.¶
References: #10318, pull request 10334
Improve packet cache size computation now that TCP answers are also cached.¶
References: #10312, pull request 10333
Print the covering NSEC in tracing log.¶
References: #10298, pull request 10307
Do not put results of DS query for auth or forward domains in negcache.¶
References: #10317, pull request 10320
Use the correct ECS address when proxy-protocol is enabled.¶
References: #10303, pull request 10319
Exception loading the RPZ seed file is not fatal.¶
References: #10291, pull request 10306
RPZ dumper: stop generating double zz labels on networks that start with zeroes.¶
References: #10286, pull request 10305
Log local IP in dnstap messages.¶
References: #10268, pull request 10280
Also disable PMTU for IPv6.¶
References: #10264, pull request 10279
Clear “from” in record cache if we don’t know where the update came from.¶
References: #10232, pull request 10278
Better handling of stranded DNSKeys.¶
References: #10223, pull request 10277
Support TCP FastOpen connect on outgoing connections.¶
References: #7982, pull request 9995
Implement EDNS0 padding (rfc7830) for outgoing responses.¶
References: pull request 8918
Get rid of early zone cut computation when doing DNSSEC validation.¶
References: pull request 10057
Insert hints as non-auth into cache.¶
References: #10177, pull request 10182
Don’t pick up random root NS records from AUTHORITY sections.¶
References: #10125, pull request 10178
Using DATA to report memory usage is unreliable, start using RES instead, as it seems reliable and relevant.¶
References: #7591, pull request 10161
Make sure we take the right minimum for the packet cache TTL data.¶
References: pull request 10185
Check sizeof(time_t) to be at least 8.¶
References: pull request 10010
Change dnssec default to process.¶
References: pull request 10118
Implement rfc 8198 - Aggressive Use of DNSSEC-Validated Cache.¶
References: pull request 10047
Be less verbose telling we are looking up CNAMEs or DNAMEs while tracing.¶
References: pull request 10112
Add validation state to protobuf message.¶
References: #8587, pull request 10113
Add Policy Kind / RPZ action to Protobuf messages.¶
References: #9653, #9654, pull request 10109
Count DNSSEC stats for given names in a different set of counters.¶
References: #10058, pull request 10089
Remember non-resolving nameservers.¶
References: pull request 10096
Pass an fd to dump to from rec_control to the recursor.¶
References: pull request 9468
Introduce settings to never cache EDNS Client (v4/v6) Subnet carrying replies.¶
References: pull request 10075
Change spoof-nearmiss-max default to 1.¶
References: #9845, pull request 10077
Add missing entries to Prometheus metrics.¶
References: #10021, pull request 10022
Also use packetcache for tcp queries.¶
References: pull request 9990
Document taskqueue metrics and add them to SNMP MIB.¶
References: #10009, pull request 10020
Treat the .localhost domain as special.¶
References: pull request 9996
Handle policy (if needed) after postresolve and document the hooks better.¶
References: #10080, pull request 10111
Return current rcode instead of 0 if there are no CNAME records to follow.¶
References: #9547, pull request 10064
Introduce “Refresh almost expired” a mechanism to keep the record cache warm.¶
References: #440, pull request 9699
Use protozero for Protocol Buffer operations in dnsdist, and dnstap/outgoing for the recursor.¶
References: #9780, #9781, pull request 9630, pull request 9843
Use a short-lived NSEC3 hashes cache for denial validation.¶
References: pull request 9856
Introduce synonyms for offensive language in settings and docs.¶
References: pull request 9670
Handle failure to start the web server more gracefully.¶
References: #9808, pull request 9812
Switch default TTL override to 1.¶
References: pull request 9720
Log the exact Bogus state when ‘dnssec-log-bogus’ is enabled.¶
References: pull request 9806 9828
Switch to TCP in case of spoofing (near-miss) attempts.¶
References: pull request 9744
Add support for rfc8914: Extended DNS Errors.¶
References: pull request 9673
Two OpenBSD improvements for UDP sockets: port randomization and EAGAIN errors.¶
References: pull request 9633
Cleanup of RPZ refresh handling.¶
References: pull request 9594
Refactor the percentage computation and use rounding.¶
References: pull request 9629
Throttle servers sending invalid data and rcodes.¶
References: pull request 9571
Terminate TCP connections instead of ‘ignoring’ errors.¶
References: pull request 9572
Don’t parse any config with –version.¶
References: pull request 9569
Expose typed cache flush via Web API.¶
References: pull request 9562
Remove query-local-address6.¶
References: pull request 9554
Lua: add backtraces to errors.¶
References: pull request 8942
Log the line received from rec_control.¶
References: pull request 9493
Shared and sharded neg cache.¶
References: pull request 9475
Lookup DS entries before CNAME entries.¶
References: #9621, pull request 9883
Fix the gathering of denial proof for wildcard-expanded answers.¶
References: pull request 9793
Actually discard invalid RRSIGs with too high labels count.¶
References: pull request 9789
x-our-latency is a gauge.¶
References: #9638, pull request 9686
Make parse ip:port a bit smarter.¶
References: #7743, pull request 9432
Fix wipe-cache-typed.¶
References: pull request 9515
Detach snmp thread to avoid trouble when trying to quit nicely.¶
References: pull request 9492