upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-28 17:46:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
27054 commits 18 branches 854 tags 440 MiB
Commit graph

27054 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mark Andrews
7be900a98f Pull out the saving of the zone cut into a separate function 2018-06-13 12:55:32 +02:00
Michał Kępień
75c0d85fc4 Treat records below a DNAME as out-of-zone data 
DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains.  Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records.  Check that DNAME-obscured
records are not signed.
 2018-06-13 12:19:54 +02:00
Ondřej Surý
cf9fd889a6 Merge branch '328-remove-openssl-patch' into 'master' 
Remove the OpenSSL PKCS#11 patches

See merge request isc-projects/bind9!362
 2018-06-13 05:01:49 -04:00
Ondřej Surý
c92d09320b Remove the OpenSSL PKCS#11 patches - not really needed now 2018-06-13 10:53:21 +02:00
Michał Kępień
337e37a6cf Merge branch '284-unify-keyfile-to-configuration-conversions-in-system-tests' into 'master' 
Unify keyfile-to-configuration conversions in system tests

Closes #284

See merge request isc-projects/bind9!312
 2018-06-13 02:06:15 -04:00
Michał Kępień
68f056b2a0 Add helper variables in mkeys system test 
The keyfile and key ID for the original managed key do not change
throughout the mkeys system test.  Keep them in helper variables to
prevent calling "cat" multiple times and improve code readability.
 2018-06-13 07:57:40 +02:00
Michał Kępień
120af964ce Replace duplicated code snippet with calls to helper functions 
Reduce code duplication by replacing a code snippet repeated throughout
system tests using "trusted-keys" and/or "managed-keys" configuration
sections with calls to keyfile_to_{managed,trusted}_keys() helper
functions.
 2018-06-13 07:57:40 +02:00
Michał Kępień
2392b8bc7d Add helper functions for converting keyfile data into configuration sections 
Add a set of helper functions for system test scripts which enable
converting key data from a set of keyfiles to either a "trusted-keys"
section or a "managed-keys" section suitable for including in a
resolver's configuration file.
 2018-06-13 07:57:40 +02:00
Witold Krecicki
7dc84eaa8e Merge branch '16-qname-minimization' into 'master' 
QNAME Minimization

See merge request isc-projects/bind9!253
 2018-06-12 07:44:36 -04:00
Witold Kręcicki
7ec88b384d Add qname-minimization off as an option; test fixes 2018-06-12 10:24:05 +02:00
Witold Kręcicki
dfa43e6dd5 CHANGES entry 2018-06-12 09:20:37 +02:00
Witold Kręcicki
1c36eed760 qname minimization: ARM entry 2018-06-12 09:20:13 +02:00
Evan Hunt
dde66b8012 nits 
- capitalize QNAME in the doc
- regenerate options/docbook
- whitespace
 2018-06-12 09:20:13 +02:00
Witold Kręcicki
265052df49 qname-minimization: Some post-review style/minor fixes 2018-06-12 09:20:12 +02:00
Mark Andrews
9cef87d835 update qname-minimization 2018-06-12 09:18:47 +02:00
Witold Kręcicki
1bf6b3ea65 +x permissions on bin/tests/system scripts 2018-06-12 09:18:47 +02:00
Witold Kręcicki
31b0dc1f20 Require python with dnspython module 2018-06-12 09:18:47 +02:00
Witold Kręcicki
058ce1e732 qname minimization: log how many qmin steps were taken 2018-06-12 09:18:47 +02:00
Witold Kręcicki
c04784c144 Disable qname minimization if we encounter a bad server 2018-06-12 09:18:47 +02:00
Evan Hunt
c8015eb33b style nits (mostly line length) 2018-06-12 09:18:47 +02:00
Evan Hunt
2ea47c7f34 rename test to qmin; add it to conf.sh.in and Makefile.in; fix copyrights 2018-06-12 09:18:47 +02:00
Witold Kręcicki
4f9c718803 qname minimization: fix tests 2018-06-12 09:18:47 +02:00
Witold Kręcicki
dd7bb617be - qname minimization: 
- make qname-minimization option tristate {strict,relaxed,disabled}
 - go straight for the record if we hit NXDOMAIN in relaxed mode
 - go straight for the record after 3 labels without new delegation or 7 labels total

- use start of fetch (and not time of response) as 'now' time for querying cache for
  zonecut when following delegation.
 2018-06-12 09:18:46 +02:00
Witold Kręcicki
0698158eb0 QNAME minimization 2018-06-12 09:18:46 +02:00
Michał Kępień
b7968f6c25 Merge branch '269-refactor-zone-logging-functions' into 'master' 
Refactor zone logging functions

Closes #269

See merge request isc-projects/bind9!295
 2018-06-11 07:04:39 -04:00
Michał Kępień
c8de677eae Add CHANGES entry 
4969.	[cleanup]	Refactor zone logging functions. [GL #269]
 2018-06-11 12:49:06 +02:00
Michał Kępień
5c03cd339e Reimplement all zone logging functions using dns_zone_logv() 
In order to decrease code duplication, express the logic contained in
all zone logging functions using dns_zone_logv() calls.
 2018-06-11 12:49:06 +02:00
Michał Kępień
bb2dfb3f49 Add dns_zone_logv() 
Add a new libdns function, dns_zone_logv(), which takes a single va_list
argument rather than a variable number of arguments and can be used as a
base for implementing more specific zone logging functions.
 2018-06-11 12:49:06 +02:00
Evan Hunt
b8fbe4aab4 Merge branch 'validate-glue' into 'master' 
ensure that we attempt to validate glue if it's signed

See merge request isc-projects/bind9!300
 2018-06-08 14:48:01 -04:00
Evan Hunt
bde9c2ec39 CHANGES 2018-06-08 11:39:39 -07:00
Evan Hunt
8d923a05a9 ensure that we attempt to validate glue if it's signed 
- incidentally fixed a bug in the dnssec system test where TTLs in the
  answer section rather than the additional section were being checked
 2018-06-08 11:39:25 -07:00
Evan Hunt
4aecd153de Merge branch '324-add-obsolete-answer-cookie-to-master' into 'master' 
Resolve "add obsolete answer-cookie to master."

Closes #324

See merge request isc-projects/bind9!352
 2018-06-08 14:30:13 -04:00
Mark Andrews
0e10223029 add answer-cookie as a obsolete option 2018-06-08 11:21:43 -07:00
Mark Andrews
2368c3d2de Merge branch '325-add-cfg_parse_buffer4' into 'master' 
Resolve "add cfg_parse_buffer4"

Closes #325

See merge request isc-projects/bind9!353
 2018-06-08 03:38:18 -04:00
Mark Andrews
b313084af2 add cfg_parse_buffer4 2018-06-08 17:37:14 +10:00
Mark Andrews
2a7025f962 Merge branch '322-add-support-for-marking-options-as-deprecated' into 'master' 
Resolve "add support for marking options as deprecated."

Closes #322

See merge request isc-projects/bind9!351
 2018-06-08 01:54:22 -04:00
Mark Andrews
befff9452c Add support for marking a option as deprecated. 2018-06-08 15:45:16 +10:00
Witold Krecicki
d70726b0d2 Merge branch 'XX-dont-fetch-keys-when-fuzzing' into 'master' 
Don't fetch DNSKEY when fuzzing resolver

See merge request isc-projects/bind9!347
 2018-06-06 09:25:20 -04:00
Witold Kręcicki
cb3208aa43 Don't fetch DNSKEY when fuzzing resolver 2018-06-06 15:06:23 +02:00
Ondřej Surý
5fc4bd3f76 Merge branch '313-fix-spurious-entropy.h-installation' into 'master' 
Resolve ""make install" error on master - missing `entropy.h`"

Closes #313

See merge request isc-projects/bind9!346
 2018-06-06 08:45:49 -04:00
Ondřej Surý
013a49474c fix whitespaces 2018-06-06 14:37:22 +02:00
Ondřej Surý
b4aa7a9d7e Remove entropy.h from Makefile.in 2018-06-06 14:36:33 +02:00
Ondřej Surý
e582a10133 Merge branch '307-add-VALIDATION_DEFAULT-to-win32/Configure' into 'master' 
VALIDATION_DEFAULT now comes from config.h.{in,win32}

Closes #307

See merge request isc-projects/bind9!344
 2018-06-06 08:22:07 -04:00
Ondřej Surý
82e68ffbf0 Add VALIDATION_DEFAULT to Windows Configure script 2018-06-06 14:03:16 +02:00
Mark Andrews
18c3a08471 Merge branch '240-multiple-rrsigs-on-some-records-in-signed-zone-even-though-only-one-key-is-ever-active-at-a-time' into 'master' 
Resolve "Multiple RRSIGs on some records in signed zone even though only one key is ever active at a time"

Closes #240

See merge request isc-projects/bind9!231
 2018-06-06 02:29:20 -04:00
Mark Andrews
ba7a343156 add CHANGES note 2018-06-06 15:59:23 +10:00
Mark Andrews
0db5b087ed add duplicate signature test 2018-06-06 15:58:49 +10:00
Mark Andrews
87a3dc8ab9 add support -T sigvalinsecs 2018-06-06 15:35:57 +10:00
Mark Andrews
0667bf7ae7 only sign with other keys when deleting a key if there are not already existing signature for the deleted algorithm 2018-06-06 15:33:41 +10:00
Evan Hunt
b8b731bd20 Merge branch '302-use-ip-for-ifconfig' into 'master' 
Resolve "ifconfig.sh doesn't work on centos7"

Closes #302

See merge request isc-projects/bind9!330
 2018-06-06 00:44:08 -04:00