upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-26 00:30:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
30021 commits 18 branches 854 tags 440 MiB
Commit graph

716 commits

Author SHA1 Message Date
Evan Hunt
b8a9632333 [master] complete NTA work 
3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]
 2014-06-18 16:50:38 -07:00
Mark Andrews
b925be3e54 attempt to silence leaked lock false positive 2014-06-04 14:07:16 +10:00
Evan Hunt
0cfb247368 [master] rndc nta 
3867.	[func]		"rndc nta" can now be used to set a temporary
			negative trust anchor, which disables DNSSEC
			validation below a specified name for a specified
			period of time (not exceeding 24 hours).  This
			can be used when validation for a domain is known
			to be failing due to a configuration error on
			the part of the domain owner rather than a
			spoofing attack. [RT #29358]
 2014-05-29 22:22:53 -07:00
Mark Andrews
35711d3c73 correct EDNSOK sense 2014-05-22 22:02:09 +10:00
Mark Andrews
ba586e9568 3857. [bug] Make it harder for a incorrect NOEDNS classification 
to be made. [RT #36020]
 2014-05-22 21:38:53 +10:00
Mark Andrews
8d56a8531d remove unused assignment 2014-05-22 00:58:43 +10:00
Mark Andrews
0fe0789181 3855. [bug] Limit smoothed round trip time aging to no more than 
once a second. [RT #32909]
 2014-05-21 10:08:52 +10:00
Evan Hunt
2b78610512 [master] reduce EDNS logging noise 
3831.	[cleanup]	Reduce logging noise when EDNS state changes occur.
			[RT #35843]
 2014-04-29 17:06:19 -07:00
Mark Andrews
469bbe0f97 3810. [bug] Work around broken nameservers that fail to ignore 
unknown EDNS options. [RT #35766]
 2014-04-17 15:43:38 +10:00
Mark Andrews
b4a819a44f othererror should not include badvers now that we have a badvers counter 2014-03-25 16:46:11 +11:00
Tinderbox User
9d7e943c3d update copyright notice 2014-03-19 23:46:06 +00:00
Mark Andrews
a78ffa0cc8 only set FCTX_ADDRINFO_NOSIT if we don't have a existing sit 2014-03-20 07:17:00 +11:00
Mark Andrews
09ab38c151 3790. [bug] Handle broken nameservers that send BADVERS in 
response to unknown EDNS options.  Maintain
                        statistics on BADVERS responses.
 2014-03-20 05:00:55 +11:00
Evan Hunt
f6d0284ec2 [master] fix memory leak 2014-03-04 08:56:09 -08:00
Evan Hunt
e69790ac00 [master] printable NSID logging 
3774.	[func]		When using "request-nsid", log the NSID value in
			printable form as well as hex. [RT #20864]
 2014-03-03 20:51:14 -08:00
Mark Andrews
53ebc0959b #ifdef notyet error handling for bad sit 2014-02-24 23:49:21 +11:00
Mark Andrews
9e39bafd2e adjust SIT computation 2014-02-24 09:29:49 +11:00
Evan Hunt
9576baafc0 [master] assert if sitok/sitbad are insane 2014-02-19 21:26:31 -08:00
Mark Andrews
d17d32a7bf set setok/sitbad 2014-02-20 16:16:53 +11:00
Mark Andrews
801b958a5c s/DNS_EDNSOPTIONS/DNS_EDNSOPTIONS/ 2014-02-20 14:00:54 +11:00
Mark Andrews
72ba6ba736 define DNS_OPT_EDNSOPTIONS 2014-02-20 13:55:21 +11:00
Francis Dupont
f1a6c8e78c WIN32 master fixes 2014-02-19 23:17:52 +01:00
Evan Hunt
7f5bdf7f40 [master] fix dns_resolver_destroyfetch race 
3747.	[bug]		A race condition could lead to a core dump when
			destroying a resolver fetch object. [RT #35385]
 2014-02-18 23:32:02 -08:00
Evan Hunt
6a3fa181d1 [master] add "--with-tuning=large" option 
3745.	[func]		"configure --with-tuning=large" adjusts various
			compiled-in constants and default settings to
			values suited to large servers with abundant
			memory. [RT #29538]
 2014-02-18 22:36:14 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Evan Hunt
1d761cb453 [master] delve 
3741.	[func]		"delve" (domain entity lookup and validation engine):
			A new tool with dig-like semantics for performing DNS
			lookups, with internal DNSSEC validation, using the
			same resolver and validator logic as named. This
			allows easy validation of DNSSEC data in environments
			with untrustworthy resolvers, and assists with
			troubleshooting of DNSSEC problems. (Note: not yet
			available on win32.) [RT #32406]
 2014-02-16 13:03:17 -08:00
Tinderbox User
2cf1d5b098 update copyright notice 2014-01-12 23:46:23 +00:00
Mark Andrews
c24b6b4a40 fix for pre C99 compiler 2014-01-13 09:29:25 +11:00
Mark Andrews
fb756ba304 3703. [func] Prefetch about to expire records if they are queried 
for, see prefetch option for details. [RT #35041]
 2014-01-12 21:29:15 +11:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Evan Hunt
9b895f30f1 [master] fix insecure delegation across static-stub zones 
3689.	[bug]		Fixed a bug causing an insecure delegation from one
			static-stub zone to another to fail with a broken
			trust chain. [RT #35081]
 2013-12-12 22:19:33 -08:00
Mark Andrews
c3c8823fed 3681. [port] Update the Windows build system to support feature 
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]
 2013-12-04 12:47:23 +11:00
Mark Andrews
0bfc15fe59 missing FCTXTRACE2 macro RT#34914 2013-10-21 15:51:43 +11:00
Mark Andrews
f45818b82a add comment 2013-07-26 10:25:45 +10:00
Evan Hunt
9d4ec6d2c5 [master] "flushtree -all" no longer optional 
Updated CHANGES note:
3606.	[func]		"rndc flushtree" now flushes matching
			records in the address database and bad cache
                        as well as the DNS cache. (Previously only the
                        DNS cache was flushed.) [RT #33970]
 2013-06-30 18:53:48 -07:00
Evan Hunt
9fa5a723e1 [master] "rndc flushtree -all <name>" 
3606.	[func]		"rndc flushtree -all" flushes matching
			records in the ADB and bad cache as well as
			the DNS cache.  (Without the "-all" option,
			flushtree will still only flush records from
			the DNS cache.) [RT #33970]
 2013-06-26 14:59:32 -07:00
Tinderbox User
8e9b13f510 update copyright notice 2013-06-12 23:46:16 +00:00
Mark Andrews
baa9d706bd move declaration to begining of block 2013-06-12 21:06:00 +10:00
Mark Andrews
8e15d5eb3a 3593. [func] Update EDNS processing to better track remote server 
capabilities. [RT #30655]
 2013-06-12 11:31:30 +10:00
Evan Hunt
276457f7a3 [master] assertion failure in resolver.c 
3584.	[security]	Caching data from an incompletely signed zone could
			trigger an assertion failure in resolver.c [RT #33690]
 2013-06-04 11:22:47 -07:00
Mark Andrews
b4914b3d69 3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686] 2013-04-19 12:36:02 +10:00
Evan Hunt
b99bfa184b [master] unify internal and export libraries 
3550.	[func]		Unified the internal and export versions of the
			BIND libraries, allowing external clients to use
			the same libraries as BIND. [RT #33131]
 2013-04-10 13:49:57 -07:00
Mark Andrews
4adf97c32f 3548. [bug] The NSID request code in resolver.c was broken 
resulting in invalid EDNS options being sent.
                        [RT #33153]
 2013-04-08 16:29:26 +10:00
Mark Andrews
8013077aa7 3541. [bug] The parts if libdns was not being properly initialized 
in when built in libexport mode. [RT #33028]
 2013-04-03 17:27:40 +11:00
Evan Hunt
67adc03ef8 [master] add DSCP support 
3535.	[func]		Add support for setting Differentiated Services Code
			Point (DSCP) values in named.  Most configuration
			options which take a "port" option (e.g.,
			listen-on, forwarders, also-notify, masters,
			notify-source, etc) can now also take a "dscp"
			option specifying a code point for use with
			outgoing traffic, if supported by the underlying
			OS. [RT #27596]
 2013-03-22 14:05:33 -07:00
Mark Andrews
c9297d3759 3487. [bug] Change 3444 was not complete. There was a additional 
place where the NOQNAME proof needed to be saved.
                        [RT #32629]

Squashed commit of the following:

commit cdef844f57bd3eb30b1f77135b89b6f9360e8bee
Author: Mark Andrews <marka@isc.org>
Date:   Sat Feb 16 00:27:14 2013 +1100

    whitespace

commit 60eb7e3f6cdd102d6aaf0fb4ada8c552576e4502
Author: Mark Andrews <marka@isc.org>
Date:   Sat Feb 16 00:19:51 2013 +1100

    return noqname proof with +cd and dlv
 2013-02-16 07:45:43 +11:00
Tinderbox User
5c6b95ba1b update copyright notice 2013-01-10 23:46:00 +00:00
Mark Andrews
4801931443 3461. [bug] Negative responses could incorrectly have AD=1 
set. [RT #32237]
 2013-01-10 23:09:08 +11:00
Mark Andrews
45d4341eed silence signed/unsigned warning; rename log -> fctx_log 2012-12-19 12:39:54 +11:00
Tinderbox User
b16174507d update copyright notice 2012-12-18 23:45:50 +00:00
Mark Andrews
8462dfb880 3443. [bug] The NOQNAME proof was not being returned from cached 
insecure responses. [RT #21409]
 2012-12-19 09:55:02 +11:00
Tinderbox User
7e75b6266d update copyright notice 2012-11-21 23:45:45 +00:00
ckb
2786b6c53f 3422. [bug] Added a clear error message for when the SOA does not 
match the referral. [RT #31281]
 2012-11-21 16:44:34 -06:00
Mark Andrews
71dfdcbfae 3392. [func] Keep statistics on REFUSED responses. [RT #31412] 2012-10-16 10:21:22 +11:00
Mark Andrews
dbf693fdfd 3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262] 2012-10-06 14:56:33 +10:00
Evan Hunt
41bbb34bc2 fix coverity issues 
3388.	[bug]		Fixed several Coverity warnings. [RT #30996]
 2012-10-02 23:44:03 -07:00
Mark Andrews
058e44186b 3387. [func] Support for a DS digest can be disabled at 
runtime with disable-ds-digests. [RT #21581]
 2012-10-03 12:38:43 +10:00
Mark Andrews
eed495737b 3376. [bug] Lack of EDNS support was being recorded without a 
successful response. [RT #30811]
 2012-09-14 11:01:06 +10:00
Evan Hunt
cdd271b14a fix bad-cache assert 
3346.	[security]	Bad-cache data could be used before it was
			initialized, causing an assert. [RT #30025]
 2012-07-02 10:01:48 -07:00
Mark Andrews
7310c0b1ee 3333. [bug] Setting resolver-query-timeout too low can cause 
named to not recover if it looses connectivity.
                        [RT #29623]
 2012-06-08 12:34:33 +10:00
Evan Hunt
dd2a0a6d2d Merge statistics code (ATT SoW, rt24117) 
This includes the following changes:

3326.	[func]		Added task list statistics: task model, worker
			threads, quantum, tasks running, tasks ready.
			[RT #27678]

3325.	[func]		Report cache statistics: memory use, number of
			nodes, number of hash buckets, hit and miss counts.
			[RT #27056]

3324.	[test]		Add better tests for ADB stats [RT #27057]

3323.	[func]		Report the number of buckets the resolver is using.
			[RT #27020]

3322.	[func]		Monitor the number of active TCP and UDP dispatches.
			[RT #27055]

3321.	[func]		Monitor the number of recursive fetches and the
			number of open sockets, and report these values in
			the statistics channel. [RT #27054]

3320.	[func]		Added support for monitoring of recursing client
			count. [RT #27009]

3319.	[func]		Added support for monitoring of ADB entry count and
			hash size. [RT #27057]
 2012-05-14 10:06:05 -07:00
Mark Andrews
c438f1beb9 3318. [tuning] Reduce the amount of work performed while holding a 
bucket lock when finshed with a fetch context.
                        [RT #29239]
 2012-05-10 08:28:32 +10:00
Evan Hunt
54489ba167 Improve locking performance in dispatch.c 
3316.	[tuning]	Improved locking performance when recursing.
			[RT #28836]

   - Use one lock per memory pool instead of associating
     them all with a single 'pool_lock' in the dispatch manager.
   - Reduce the critical sections for qid->lock in get_dispsocket(),
     deref_portentry() and dns_dispatch_addresponse2().
   - Added a memory pool for socket events in dns_dispatch_t.
   - Add an isc_socketevent_t member in the resquery_t object, and use
     it with isc_socket_sendto2() instead of using isc_socket_sendto()
   - Tuned the memory pools in dispatch.c for better performance
     under load
 2012-04-28 14:52:28 -07:00
Evan Hunt
4e8fe357a6 create and use multiple fetch dispatches 
Added API to create a set of UDP dispatches which can be shared
round-robin style when making upstream queries for authoritative
data; this should reduce lock contention in the query source
dispatch.
 2012-04-27 16:11:30 -07:00
Evan Hunt
20d441892d fctx_finddone: call fctx_destroy within the bucket lock 2012-04-24 14:56:38 -07:00
Mark Andrews
2669638693 set $Id$ 2012-03-07 22:13:11 +11:00
Mark Andrews
8a4689070a dns_message_logpacket 2012-02-22 05:03:39 +00:00
Automatic Updater
d03bc586b9 update copyright notice 2012-02-14 23:47:15 +00:00
Mark Andrews
c478bb4c46 extend: 
3282.   [bug]           Restrict the TTL of NS RRset to no more than that
                        of the old NS RRset when replacing it.
                        [RT #27792] [RT #27884]
 2012-02-14 00:22:54 +00:00
Mark Andrews
e4aac0596c 3241. [bug] Address race conditions in the resolver code. 
[RT #26889]
 2011-12-07 23:08:42 +00:00
Evan Hunt
56d7492b2c missed a line 2011-12-05 17:27:16 +00:00
Evan Hunt
4122abdc3c Back out changes #3182 and #3202 2011-12-05 17:10:51 +00:00
Evan Hunt
69feafa0af 3221. [bug] Fixed a potential coredump on shutdown due to 
referencing fetch context after it's been freed.
			[RT #26720]
 2011-11-23 22:53:53 +00:00
Mark Andrews
2256c13194 --- 9.9.0b2 released --- 
3219.   [bug]           Disable NOEDNS caching following a timeout.
 2011-11-16 22:18:53 +00:00
Evan Hunt
3ab9d6435a 3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478] 2011-11-15 21:44:53 +00:00
Automatic Updater
af42579df6 update copyright notice 2011-11-04 23:46:15 +00:00
Mark Andrews
a5166d5fce 3202. [bug] NOEDNS caching on timeout was too agressive. 
[RT #26416]
 2011-11-04 03:38:44 +00:00
Mark Andrews
146057d7e7 3192. [bug] A query structure could be used after being freed. 
[RT #22208]
 2011-11-02 23:42:33 +00:00
Automatic Updater
96f5a19c12 update copyright notice 2011-10-27 23:46:31 +00:00
Scott Mann
b91b288f92 fix edns0 retry issues (rt #23393/24964). 2011-10-27 20:18:42 +00:00
Mark Andrews
dc2e627239 3167. [bug] Negative answers from forwarders were not being 
correctly tagged making them appear to not be cached.
                        [RT #25380]
 2011-10-12 00:18:11 +00:00
Evan Hunt
6de9744cf9 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-08 22:13:51 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Michael Graff
b7f0ab323d catch two unused function params, followup to RT#23310 2011-02-18 23:39:55 +00:00
Michael Graff
52d44117c8 Remove RTT banding [RT 23310] 2011-02-18 22:55:31 +00:00
Automatic Updater
784a904bd0 update copyright notice 2011-02-03 12:18:12 +00:00
Mark Andrews
000a8970f8 3011. [func] Change the default query timeout from 30 seconds 
to 10.  Allow setting this in named.conf using the new
                        'resolver-query-timeout' option, which specifies a max
                        time in seconds.  0 means 'default' and anything longer
                        than 30 will be silently set to 30. [RT #22852]
 2011-02-03 05:41:55 +00:00
Automatic Updater
b720af4cd4 update copyright notice 2011-01-27 23:47:21 +00:00
Mark Andrews
1fba20bd0b 3009. [bug] clients-per-query code didn't work as expected with 
particular query patterns. [RT #22972]
 2011-01-27 02:24:49 +00:00
Mark Andrews
506a2177bf 2961. [bug] Be still more selective about the non-authoritative 
answers we apply change 2748 to. [RT #22074]
 2010-09-15 12:21:27 +00:00
Evan Hunt
86dcc40058 2930. [experimental] New "rndc addzone" and "rndc delzone" commads 
allow dynamic addition and deletion of zones.
			To enable this feature, specify a "new-zone-file"
			option at the view or options level in named.conf.
			Zone configuration information for the new zones
			will be written into that file.  To make the new
			zones persist after a restart, "include" the file
			into named.conf in the appropriate view.  (Note:
			This feature is not yet documented, and its syntax
			is expected to change.) [RT #19447]
 2010-07-11 00:12:57 +00:00
Mark Andrews
ff5864ef42 2928. [bug] Be more selective about the non-authoritative 
answer we apply change 2748 to. [RT #21594]
 2010-07-04 00:48:57 +00:00
Automatic Updater
b8d4e96e95 update copyright notice 2010-06-23 23:46:58 +00:00
Mark Andrews
4a8dc5f8ef 2921. [bug] The resolver could attempt to destroy a fetch context 
to soon.  [RT #19878]
 2010-06-23 01:31:43 +00:00
Automatic Updater
0a199807e7 update copyright notice 2010-04-20 23:51:12 +00:00
Mark Andrews
1e9848fb2b 2874. [bug] Cache lack of EDNS support only after the server 
successfully responds to the query using plain DNS.
                        [RT #20930]
 2010-04-20 07:28:52 +00:00
Mark Andrews
22c4126ba5 2958. [bug] When canceling validation it was possible to leak 
memory. [RT #20800]
 2010-03-04 22:25:31 +00:00
Mark Andrews
b1003ace6f 2957. [bug] RTT estimates were not being adjusted on ICMP errors. 
[RT #20772]
 2010-03-04 06:43:21 +00:00
Automatic Updater
bd2b08d5a3 update copyright notice 2010-02-25 05:08:01 +00:00
Mark Andrews
0cae66577c 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 04:39:13 +00:00
Automatic Updater
a30c7003af update copyright notice 2010-01-07 23:48:54 +00:00
Evan Hunt
597642c0ba 2831. [security] Do not attempt to validate or cache 
out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]
 2010-01-07 16:48:23 +00:00
Automatic Updater
fe2b9bf570 update copyright notice 2009-11-18 23:48:07 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00
Automatic Updater
e34e9a8d68 update copyright notice 2009-11-17 23:48:13 +00:00
Evan Hunt
44a3999cf4 2770. [cleanup] Add log messages to resolver.c to indicate events 
causing FORMERR responses. [RT #20526]
 2009-11-17 02:23:15 +00:00
Mark Andrews
0a30185f80 2748. [func] Identify bad answers from GTLD servers and treat them 
as referrals. [RT #18884]
 2009-11-04 02:15:30 +00:00
Evan Hunt
5cb44a38d9 back out change 2740 2009-10-28 18:04:29 +00:00
Mark Andrews
e9d45c0a04 2740. [func] Identify bad answers from GTLD servers and treat them 
as referrals. [RT #18884]
 2009-10-27 23:05:53 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust 
anchors for a view. [RT #20211]
 2009-10-27 22:46:13 +00:00
Tatuya JINMEI 神明達哉
307d208450 2660. [func] Add a new set of DNS libraries for non-BIND9 
applications.  See README.libdns. [RT #19369]
 2009-09-01 00:22:28 +00:00
Mark Andrews
bcd0cbfdae 2649. [bug] Set the domain for forward only zones. [RT #19944] 2009-08-13 04:33:51 +00:00
Mark Andrews
6d5852f318 2623. [bug] Named started seaches for DS non-optimally. [RT #19915] 2009-07-13 06:24:27 +00:00
Automatic Updater
dc0c165ce3 update copyright notice 2009-06-02 23:47:50 +00:00
Mark Andrews
5422cf284f 2605. [bug] Accept DS responses from delegation only zones. 
[RT # 19296]
 2009-06-02 05:51:44 +00:00
Automatic Updater
e6ada020f5 update copyright notice 2009-05-29 23:47:49 +00:00
Tatuya JINMEI 神明達哉
40d0f115a6 2604. [func] Add support for DNS rebinding attack prevention through 
new options, deny-answer-addresses and
			deny-answer-aliases.  Based on contributed code from
			JD Nurmi, Google. [RT #18192]
 2009-05-29 22:22:37 +00:00
Automatic Updater
cc5f9fe224 update copyright notice 2009-05-11 02:38:35 +00:00
Mark Andrews
8a805c9f41 spelling 2009-05-11 02:30:07 +00:00
Mark Andrews
4c2ed3d141 2599. [bug] Address rapid memory growth when validation fails. 
[RT #19654]
 2009-05-11 02:22:03 +00:00
Francis Dupont
ff380b05fe comment fixes (rt19624) 2009-05-07 09:41:23 +00:00
Evan Hunt
bfe0517fdc Clarify logged message when an insecure DNSSEC response arrives from a zone 
thought to be secure: "insecurity proof failed" instead of "not insecure".
[RT #19400]
 2009-03-01 02:45:38 +00:00
Mark Andrews
549e34bbf4 2564. [bug] Only take EDNS fallback steps when processing timeouts. 
[RT #19405]
 2009-02-27 23:01:48 +00:00
Mark Andrews
499fa72075 2564. [bug] 'named' was treating a TCP retry as a timeout when 
deciding whether to perform a EDNS fallback step.
                        [RT #19393]
 2009-02-25 22:46:05 +00:00
Mark Andrews
45c3c12ed3 2552. [bug] zero-no-soa-ttl-cache was not being honoured. 
[RT #19340]
 2009-02-15 23:13:32 +00:00
Tatuya JINMEI 神明達哉
d9059b0c38 2537. [func] Added more statistics counters including those on socket 
I/O events and query RTT histograms.  [RT #18802]
 2009-01-27 22:30:00 +00:00
Francis Dupont
bdfaef63f5 spelling 2009-01-17 14:59:03 +00:00
Automatic Updater
d7845fc5ba update copyright notice 2009-01-07 23:47:47 +00:00
Tatuya JINMEI 神明達哉
609f86163a 2525. [func] New logging category "query-errors" to provide detailed 
internal information about query failures, especially
			about server failures. [RT #19027]
 2009-01-07 01:46:40 +00:00
Automatic Updater
5569e7de51 update copyright notice 2009-01-05 23:47:54 +00:00
Tatuya JINMEI 神明達哉
3fb1637c92 trivial comment cleanups (RT#19118) 2009-01-05 23:20:22 +00:00
Mark Andrews
09b45f7b58 2487. [bug] Give TCP connections longer to complete. [RT #18675] 2008-11-07 00:52:34 +00:00
Mark Andrews
2cada19312 align comment w/ code [RT #18833] 2008-11-06 02:20:14 +00:00
Tatuya JINMEI 神明達哉
35378bcc6a 2468. [bug] Resolver could try unreachable servers multiple times. 
[RT #18739]
 2008-10-17 21:58:09 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
f5662f41e7 2433. [tuning] Set initial timeout to 800ms. 2008-09-04 04:23:43 +00:00
Automatic Updater
e6a6d0778c update copyright notice 2008-08-22 23:47:17 +00:00
Mark Andrews
a0fb749d0b adjust log message added by change 2409. [RT #18497] 2008-08-22 05:00:29 +00:00
Evan Hunt
a45f57a2d5 RTT banding. [rt18441] 2008-08-22 04:16:17 +00:00
Mark Andrews
4db36a15c5 2409. [func] Only log that we disabled EDNS processing if we were 
subsequently successful.  [RT #18029]
 2008-08-06 06:11:15 +00:00
Tatuya JINMEI 神明達哉
72e52e1a03 comment wording 2008-07-24 04:54:44 +00:00
Mark Andrews
9de0f9b0ae 2396. [bug] Don't set SO_REUSEADDR for randomized ports. 
[RT #18336]
 2008-07-22 03:43:04 +00:00
Tatuya JINMEI 神明達哉
386d3a99c1 2375. [security] Fully randomize UDP query ports to improve 
forgery resilience. [RT #17949, #18098]
 2008-06-23 19:41:20 +00:00
Tatuya JINMEI 神明達哉
0f39ff74a8 2383. [bug] named could double queries when they resulted in 
SERVFAIL due to overkilling EDNS0 failure detection.
 2008-06-17 22:35:08 +00:00
Mark Andrews
58253bddc4 2375. [bug] Change #2144 was not complete. 2008-05-29 04:46:32 +00:00
Evan Hunt
69ec1b7eb3 Improve counting of dns_resstatscounter_retry [rt18030] 2008-05-06 01:12:55 +00:00
Tatuya JINMEI 神明達哉
5c024f7877 cleanups for LRU-caching code [RT #18018] 2008-05-01 18:23:07 +00:00
Mark Andrews
ba5af4569a fix bad NSID/EDNS interaction [RT #17952] 2008-04-10 07:20:11 +00:00
Mark Andrews
375e2c913a 2359. [bug] Fix NSID bug. [RT #17942] 2008-04-07 05:32:52 +00:00
Tatuya JINMEI 神明達哉
eeb8892daa Global memory context had the wrong name (RT #17932) 2008-04-03 23:14:52 +00:00
Mark Andrews
8907d8fa04 2355. [func] Extend the number statistics counters available. 
[RT #17590]
 2008-04-03 05:55:52 +00:00
Mark Andrews
db30f4bdcb 2353. [func] Add support for Name Server ID (RFC 5001). 
'dig +nsid' requests NSID from server.
                        'request-nsid yes;' causes recursive server to send
                        NSID requests to upstream servers.  Server responds
                        to NSID requests with the string configured by
                        'server-id' option.  [RT #17091]
 2008-04-03 02:01:08 +00:00
Mark Andrews
07555e64d9 2350. [port] win32: IPv6 support. [RT #17797] 2008-04-02 02:56:23 +00:00
Mark Andrews
cffe96e267 2346. [func] Memory statistics now cover all active memory contexts 
in increased detail. [RT #17580]
 2008-03-31 05:00:30 +00:00
Automatic Updater
ec6e40f040 update copyright notice 2008-03-28 23:47:02 +00:00
Tatuya JINMEI 神明達哉
e0258ba438 don't use separate memory contexts for res buckets without threads 
Download because it doesn't have any benefit and requires more memory.
(RT #17898)
 2008-03-28 17:19:11 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Automatic Updater
2b0addd3ca update copyright notice 2008-01-15 23:46:59 +00:00
Mark Andrews
fcc2a57e13 2306. [bug] Remove potential race from lib/dns/resolver.c. 
[RT #17470]
 2008-01-15 12:12:19 +00:00
Mark Andrews
938b1008d9 remove test "#define inline" 2008-01-15 01:47:17 +00:00
Mark Andrews
23de6c3ccd whitespace 2007-12-02 21:17:03 +00:00
Shane Kerr
d55494b8e9 Fix logging when increasing client-per-query. 
See RT ticket #17236 for more.
 2007-11-01 13:00:17 +00:00
Michael Graff
b239c8294a commit lruttl to the mainline. A tag was set called skan_lruttl-mainline-base, and I will tag this as skan_lruttl-mainline-merge after this commit 2007-10-19 17:15:53 +00:00
Mark Andrews
e2c3f8059e 2238. [bug] It was possible to trigger a REQUIRE when a 
validation was cancelled. [RT #17106]
 2007-09-14 05:43:05 +00:00
Mark Andrews
adc3f2c0fd 2229. [bug] Null pointer dereference on dispatch pool creation 
failure. [RT #17133]
 2007-09-06 10:00:19 +00:00
Mark Andrews
f568dad6c7 2221. [bug] Set the event result code to reflect the actual 
record content when a cache update is rejected
                        due to a more credible answer existing. [RT #17017]
 2007-08-28 01:37:18 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
0cedbe4ab5 2197. [bug] Add INSIST to catch negative responses which are 
not setting the event result code appropriately.
                        [RT #16909]
 2007-06-18 02:34:21 +00:00
Mark Andrews
bc6af069c8 2190. [func] Make fallback to plain DNS from EDNS due to timeouts 
more visible.  New logging category "edns-disabled".
                        [RT #16871]
 2007-05-21 02:03:22 +00:00
Mark Andrews
6dfc78fab6 2163. [bug] If only one of query-source and query-source-v6 
specified a port the query pools code broke (change
                        2129).  [RT #16768]
 2007-03-29 04:13:22 +00:00
Mark Andrews
a56f5ada43 2157. [func] dns_db_transfernode() created. [RT #16685] 
2156.   [bug]           Fix node reference leaks in lookup.c:lookup_find(),
                        resolver.c:validated() and resolver.c:cache_name().
                        Fix a memory leak in rbtdb.c:free_noqname().
                        Make lookup.c:lookup_find() robust against
                        event leaks. [RT #16685]
 2007-03-06 00:38:58 +00:00
Mark Andrews
2e676167cc 2144. [cleanup] Suppress logging of SERVFAIL from forwarders. 
[RT #16619]
 2007-02-26 01:07:49 +00:00
Mark Andrews
10fc76d48a 2138. [bug] Lock order reversal in resolver.c. [RT #16653] 2007-02-14 23:40:01 +00:00
Mark Andrews
05c97640f6 uninitalised use 2007-02-07 04:49:18 +00:00
Mark Andrews
281bab0f36 2129. [func] Provide a pool of UDP sockets for queries to be 
made over. See use-queryport-pool, queryport-pool-ports
                        and queryport-pool-updateinterval.  [RT #16415]
 2007-02-02 02:18:06 +00:00
Mark Andrews
3052274767 2126. [bug] Serialise validation of type ANY responses. [RT #16555] 2007-01-08 01:13:38 +00:00
Mark Andrews
28b14c4e69 update copyright notice 2007-01-05 05:56:05 +00:00
Mark Andrews
e3f66e1617 2124. [bug] It was possible to dereference a freed fetch 
context. [RT #16584]
 2007-01-04 04:11:03 +00:00
Mark Andrews
1ea2595e1b 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records 
which could lead to validation failures.  named didn't
                        handle negative DS responses that were in the process
                        of being validated.  Check CNAME bit before accepting
                        NODATA proof. To be able to ignore a child NSEC there
                        must be SOA (and NS) set in the bitmap. [RT #16399]
 2006-12-07 06:47:36 +00:00
Mark Andrews
a473029e76 2097. [bug] named could reference a destroyed memory context 
after being reloaded / reconfigured. [RT #16428]
 2006-10-18 04:18:54 +00:00
Mark Andrews
f34249bb28 2066. [security] Handle SIG queries gracefully. [RT #16300] 2006-08-31 03:56:36 +00:00
Mark Andrews
2113dfd6e2 2079. [bug] The lame cache was not handling multiple types 
correctly. [RT #16361]
 2006-08-30 23:09:18 +00:00
Mark Andrews
22e5a52c3b 2075. [bug] The spillat timer event hander could leak memory. 
[RT #16357]
 2006-08-22 06:11:19 +00:00
Mark Andrews
84f5576c14 2058. [bug] Adjust how we calculate rtt estimates in the presence 
of authoritative servers that drop EDNS and CD
                        requests.  Also fallback to EDNS/512 and plain DNS
                        faster for zones with less than 3 servers.  [RT #16187]
 2006-07-22 01:18:35 +00:00
Mark Andrews
21b76ee598 2022. [bug] If dnssec validation is disabled only assert CD if 
CD was requested. [RT #16037]

2021.   [bug]           dnssec-enable no; triggered a REQUIRE. [RT #16037]
 2006-05-18 00:51:02 +00:00
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00
Mark Andrews
7d4a465de0 1597. [func] Allow notify-source and query-source to be specified 
on a per server basis similar to transfer-source.
 2006-02-17 00:24:21 +00:00
Mark Andrews
fde1a334ee 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739] 2006-01-06 01:05:46 +00:00
Mark Andrews
14c80ce1b2 1966. [bug] Don't set CD when we have fallen back to plain DNS. 
[RT #15727]
 2006-01-06 00:38:21 +00:00
Mark Andrews
a1bc941093 1959. [func] Control the zeroing of the negative response TTL to 
a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]
 2006-01-05 02:19:02 +00:00
Mark Andrews
08c9026166 1953. [func] Named now falls back to advertising EDNS with a 
512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1952.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]
 2006-01-05 00:01:46 +00:00
Mark Andrews
2b66a51a7d 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() 
a TCP socket. This prevents the source address being
                        set for TCP connections. [RT #15628]
 2006-01-04 04:15:55 +00:00
Mark Andrews
35da39a7f1 update copyright notice 2006-01-04 00:37:24 +00:00
Mark Andrews
1c91b0a651 1946. [bug] resume_dslookup() could trigger a REQUIRE failure 
when using forwarders. [RT #15549]
 2006-01-03 07:12:52 +00:00
Mark Andrews
00afe78ab2 1941. [bug] ncache_adderesult() should set eresult even if no 
rdataset is passed to it. [RT #15642]
 2005-11-30 22:51:58 +00:00
Mark Andrews
2674e1a455 1940. [bug] Fixed a number of error conditions reported by 
Coverity.
 2005-11-30 03:33:49 +00:00
Mark Andrews
60ab03125c 1939. [bug] The resolver could dereference a null pointer after 
validation if all the queries have timed out.
                        [RT #15528]

1938.   [bug]           The validator was not correctly handling unsecure
                        negative responses at or below a SEP. [RT #15528]
 2005-11-03 00:51:55 +00:00
Mark Andrews
216030f284 1930. [port] HPUX: ia64 support. [RT #15473] 
1929.   [port]          FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
 2005-10-14 01:18:47 +00:00
Mark Andrews
79d2e0b253 isc_mem_put not isc_mem_putanddetach 2005-09-18 07:04:41 +00:00
Mark Andrews
5be3685b0e 1919. [bug] dig's +sigchase code overhauled. [RT #14933] 
1918.   [bug]           The DLV code has been re-worked to make no longer
                        query order sensitive. [RT #14933]
 2005-08-25 00:56:08 +00:00
Mark Andrews
7216566bd5 1895. [bug] fctx_create() could return success even though it 
failed. [RT #14993]
 2005-07-04 22:52:34 +00:00
Mark Andrews
fd780f3d47 1891. [func] Limit the number of recursive clients that can be 
waiting for a single query (<qname,qtype,qclass>) to
                        resolve.  New options clients-per-query and
                        max-clients-per-query.
 2005-06-27 00:15:45 +00:00
Mark Andrews
8087418873 handle isc_mem_create() failure gracefully 2005-06-23 06:12:56 +00:00
Mark Andrews
bcf369e513 1889. [func] The lame cache is now done on a <qname,qclass,qtype> 
basis as some servers only appear to be lame for
                        certain query types.  [RT #14916]
 2005-06-23 04:22:02 +00:00
Mark Andrews
9b80f3a7c7 1887. [func] Detect duplicates of UDP queries we are recursing on 
and drop them.  New stats category "duplicates".
                        [RT #14892]
 2005-06-17 01:58:23 +00:00
Mark Andrews
1c153afce5 1868. [func] edns-udp-size can now be overridden on a per 
server basis. [RT #14851]
 2005-06-07 00:27:34 +00:00
Mark Andrews
1fc4793844 1879. [func] Added framework for handling multiple EDNS versions. 
1878.   [func]          dig can now specify the EDNS version when making
                        a query.
 2005-06-07 00:16:01 +00:00
Tatuya JINMEI 神明達哉
5597be9bb8 1813. [func] Restructured the data locking framework using 
architecture dependent atomic operations (when
			available), improving response performance on
			multi-processor machines significantly.
			x86, x86_64, alpha, and sparc64 are currently
			supported.

(RT #13505)
 2005-06-04 05:32:50 +00:00
Rob Austein
ab023a6556 1851. [doc] Doxygen comment markup. [RT #11398] 2005-04-27 04:57:32 +00:00
Mark Andrews
8a713ca49d 1807. [bug] When forwarding (forward only) set the active domain 
from the forward zone name. [RT #13526]
 2005-03-16 03:50:47 +00:00
Mark Andrews
8cd830d7c8 1802. [bug] Handle connection resets better. [RT #11280] 2005-03-15 01:41:28 +00:00
Mark Andrews
c941e32d22 1819. [bug] The validator needed to check both the algorithm and 
digest types of the DS to determine if it could be
                        used to introduce a secure zone. [RT #13593]
 2005-03-04 03:53:22 +00:00
Mark Andrews
0ad024cc42 1806. [bug] The resolver returned the wrong result when a CNAME / 
DNAME was encountered when fetching glue from a
                        secure namespace. [RT #13501]

1805.   [bug]           Pending status was not being cleared when DLV was
                        active. [RT #13501]
 2005-02-08 23:51:32 +00:00
Mark Andrews
4296c5480d 1801. [func] Report differences between hints and real NS rrset 
and associated address records.
 2005-02-07 00:53:29 +00:00
Mark Andrews
7fed21a109 update copyright notice 2005-01-20 00:01:46 +00:00
Mark Andrews
164e2a6f83 1800. [bug] Changes #1719 allowed a INSIST to be triggered. 
[RT #13428]
 2005-01-19 23:25:41 +00:00
Mark Andrews
c202b9f4dd 1773. [bug] Fast retry on host / net unreachable. [RT #13153] 2004-12-03 01:59:28 +00:00
Mark Andrews
e3d982f4a8 1754. [bug] We wern't always attempting to query the parent 
server for the DS records at the zone cut.
                        [RT #12774]
 2004-11-10 21:57:46 +00:00
Mark Andrews
71e7ac828e 1760. [bug] Host / net unreachable was not penalising rtt 
estimates. [RT #12970]
 2004-11-10 21:46:48 +00:00
Mark Andrews
21094b43a2 1749. [bug] 'check-names response ignore;' failed to ignore. 
[RT #12866]
 2004-10-21 01:53:44 +00:00
Mark Andrews
51f99a878d 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1 
negative response. [RT #12506]

1719.   [bug]           named was not correctly caching a RFC 2308 Type 1
                        negative response. [RT #12506]

1718.   [bug]           nsupdate was not handling RFC 2308 Type 3 negative
                        responses when looking for the zone / master server.
                        [RT #12506]
 2004-09-16 02:10:42 +00:00
Mark Andrews
16a68807e1 1704. [port] lwres needed a snprintf() implementation for 
platforms without snprintf().  Add missing
                        "#include <isc/print.h>". [RT #12321]
 2004-08-28 06:20:14 +00:00
Mark Andrews
7f2a6b0ef7 1695. [bug] DS records when forwarding require special handling. 
[RT #12133]
 2004-08-10 00:38:56 +00:00
Rob Austein
fbdadf789f 1684. [bug] Change #1679 loop tests weren't quite right. 2004-07-02 21:37:58 +00:00
Mark Andrews
a73a3b2a04 change #1679 still left case where address could not be tried. 
fix loop termination condition to ensure that all finds are tried.
 2004-06-27 01:21:41 +00:00
Mark Andrews
e30e7913c9 1679. [bug] When there was a single nameserver with multiple 
addresses for a zone not all addresses were tried.
                        [RT #11706]
 2004-06-25 04:39:19 +00:00
Mark Andrews
e5477896ce 1647. [bug] It was possible trigger a INSIST when chasing a DS 
record that required walking back over a empty node.
                        [RT #11445]
 2004-06-07 03:28:55 +00:00
Mark Andrews
6fac7ff1f9 1606. [bug] DVL insecurity proof was failing. 
1605.   [func]          New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
 2004-05-14 04:45:58 +00:00
Mark Andrews
2dc1141d73 silence compiler warning 2004-04-19 23:16:20 +00:00
Mark Andrews
8d414d1559 1600. [bug] Duplicate zone pre-load checks were not case 
insensitive.

1599.   [bug]           Fix memory leak on error path when checking named.conf.

1598.   [func]          Specify that certain parts of the namespace must
                        be secure (dnssec-must-be-secure).
 2004-04-15 23:40:27 +00:00
Mark Andrews
42b48d11ca hide ((isc_event_t **) (void *)) cast using a macro, ISC_EVENT_PTR. 2004-04-15 01:58:25 +00:00
Mark Andrews
28b863e609 pullup fixed from 9.3 2004-03-16 05:52:24 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
2047977ce2 1586. [func] "check-names" is now implemented. 2004-02-27 20:41:51 +00:00
Mark Andrews
22fa4e3206 1578. [bug] Don't use CLASS E IPv4 addresses when resolving. 
[RT #10346]
 2004-02-20 00:52:46 +00:00
Mark Andrews
daa73eae70 silence punned messages 2004-02-03 00:59:05 +00:00
Mark Andrews
e27d677170 #include <isc/string.h> 2004-02-02 04:37:39 +00:00
Mark Andrews
6bd3b1fdb3 1565. [bug] CD flag should be copied to outgoing queries unless the 
query is under a secure entry point in which case CD should
                        be set.
 2004-01-27 04:49:09 +00:00
Mark Andrews
78187348ca save bucketnum so that we can unlock the lock after the fctx is destroyed. 2004-01-20 12:49:45 +00:00
Mark Andrews
35541328a8 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.
 2004-01-14 02:06:51 +00:00
Mark Andrews
37225662b6 1534. [bug] Race condition when priming cache. [RT# 9940] 2004-01-05 07:45:34 +00:00
Mark Andrews
818c37e7ba removed unvariable 2004-01-05 05:44:25 +00:00
Mark Andrews
9f1bca36e4 1546. [bug] We were rejecting valid secure CNAME to negative 
answers.
reviewed: explorer
 2004-01-05 05:42:16 +00:00
Mark Andrews
b7e6fb4e84 whitespace 2003-10-26 21:33:47 +00:00
Tatuya JINMEI 神明達哉
e407562a75 1528. [cleanup] Simplify some dns_name_ functions based on the 
deprecation of bitstring labels.
 2003-10-25 00:31:12 +00:00
Mark Andrews
fcb54ce0a4 whitespace / layout 2003-10-17 03:46:46 +00:00
Mark Andrews
93d6dfaf66 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. 2003-09-30 06:00:40 +00:00
Mark Andrews
baee883e37 1511. [bug] delegation-only was generating false positives 
on negative answers from subzones.
 2003-09-21 13:05:16 +00:00
Mark Andrews
7999602b31 log more stuff to see if we can see why the are false positives w/ delegation 
only.
 2003-09-21 02:52:35 +00:00