upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-11 10:40:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
26645 commits 18 branches 854 tags 440 MiB
Commit graph

10900 commits

Author SHA1 Message Date
Mark Andrews
a0e66ef6dd unconditionally typedef summarystat_t for coverity 2018-01-05 10:10:34 +11:00
Evan Hunt
053b51c4db [master] block validator deadlock and prevent use-after-free 
4859.	[bug]		A loop was possible when attempting to validate
			unsigned CNAME responses from secure zones;
			this caused a delay in returning SERVFAIL and
			also increased the chances of encountering
			CVE-2017-3145. [RT #46839]

4858.	[security]	Addresses could be referenced after being freed
			in resolver.c, causing an assertion failure.
			(CVE-2017-3145) [RT #46839]
 2018-01-03 19:11:18 -08:00
Mark Andrews
9e6b394410 use RESTORE rather than SAVE as is better describes the operation 2018-01-04 13:11:28 +11:00
Mark Andrews
eed2f6cef0 4857. [bug] Maintain attach/detach semantics for event->db, 
event->node, event->rdataset and event->sigrdataset
                        in query.c. [RT #46891]
 2018-01-04 10:48:18 +11:00
Tinderbox User
a280a7871d update copyright notice / whitespace 2018-01-03 23:45:29 +00:00
Mark Andrews
1e10ef06ce 4855. [bug] isc_time_formatshorttimestamp produced incorrect 
output. [RT #46938]
 2018-01-04 09:57:40 +11:00
Mark Andrews
7258b852cf missing newline in comment 2018-01-03 17:11:12 +11:00
Tinderbox User
7bba3a7c44 update copyright notice / whitespace 2018-01-02 23:45:28 +00:00
Mark Andrews
c9ee9718ae 4854. [bug] query_synthcnamewildcard should stop generating the 
response if query_synthwildcard fails. [RT #46939]
 2018-01-03 10:07:42 +11:00
Mark Andrews
0645f8f1ce 4853. [bug] Add REQUIRE's and INSIST's to isc_time_formatISO8601L 
and isc_time_formatISO8601Lms. [RT #46916]
 2018-01-02 10:57:31 +11:00
Mark Andrews
7770e0b069 4852. [bug] Handle strftime() failing in isc_time_formatISO8601ms. 
Add REQUIRE's and INSIST's to isc_time_formattimestamp,
                        isc_time_formathttptimestamp, isc_time_formatISO8601,
                        isc_time_formatISO8601ms. [RT #46892]
 2018-01-02 10:48:08 +11:00
Tinderbox User
903662d5c3 regen master 2017-12-29 01:44:18 +00:00
Tinderbox User
015c017dfa regen master 2017-12-29 01:04:39 +00:00
Mark Andrews
9f61f6b46b initalize sigsize to zero; ATF_CHECK_EQ(sigsize, tsig.siglen); 2017-12-22 08:58:20 +11:00
Evan Hunt
79c2400d91 [master] allow primary/secondary as synonyms for master/slave 
4848.	[func]		Zone types "primary" and "secondary" can now be used
			as synonyms for "master" and "slave" in named.conf.
			[RT #46713]
 2017-12-15 01:47:05 -08:00
Mark Andrews
4d1bbe308d 4847. [bug] dnssec-dnskey-kskonly was not being honoured for 
CDS and CDNSKEY. [RT #46755]
 2017-12-13 12:40:36 +11:00
Mark Andrews
cb8650d875 don't attempt to call isc_buffer_free(&buf) twice; don't attempt to call dns_message_destroy(&msg) twice; don't test for key != NULL 2017-12-12 13:20:56 +11:00
Mark Andrews
63459cdc05 4842. [bug] Conditionally compile opensslecdsa_link.c to avoid 
warnings about unused function. [RT #46790]
 2017-12-07 13:26:21 +11:00
Evan Hunt
c4f9d720eb [master] copyrights 2017-12-06 09:24:36 -08:00
Mark Andrews
9d5a0abe81 4841. [bug] Address -fsanitize=undefined warnings. [RT #46786] 2017-12-06 21:00:14 +11:00
Mark Andrews
00f5ea91cf 4839. [bug] zone.c:zone_sign was not properly determining 
if there were active KSK and ZSK keys for
                        a algorithm when update-check-ksk is true
                        (default) leaving records unsigned with one or
                        more DNSKEY algorithms. [RT #46774]
 2017-12-05 16:09:47 +11:00
Mark Andrews
6fa2a0691e 4838. [bug] zone.c:add_sigs was not properly determining 
if there were active KSK and ZSK keys for
                        a algorithm when update-check-ksk is true
                        (default) leaving records unsigned with one or
                        more DNSKEY algorithms. [RT #46754]
 2017-12-05 09:25:09 +11:00
Mark Andrews
196e01da5f 4837. [bug] dns_update_signatures{inc} (add_sigs) was not 
properly determining if there were active KSK and
                        ZSK keys for a algorithm when update-check-ksk is
                        true (default) leaving records unsigned. [RT #46743]
 2017-12-04 10:03:51 +11:00
Evan Hunt
61c843815e [master] copyrights/whitespace 2017-11-30 14:51:50 -08:00
Evan Hunt
2f855055ed [master] prep 9.12.0rc1 2017-11-30 14:39:16 -08:00
Evan Hunt
49a8cd6c01 [master] silence compiler warning 2017-11-30 13:55:34 -08:00
Ondřej Surý
a4a148cf9a [master] Type the shifted values to isc_uint32_t so the top bit is unsigned (found by UBSAN) [RT #46740] 2017-11-30 18:23:35 +01:00
Michał Kępień
2c20fc0d13 [master] Fix LMDB support on OpenBSD; clean up and refactor LMDB-related code 
4835.	[cleanup]	Clean up and refactor LMDB-related code. [RT #46718]

4834.	[port]		Fix LMDB support on OpenBSD. [RT #46718]
 2017-11-30 14:34:04 +01:00
Tinderbox User
dc66c4a49c update copyright notice / whitespace 2017-11-29 23:45:31 +00:00
Mark Andrews
9ddf7d6c4c 4833. [bug] isc_event_free should check that the event is not 
linked when called. [RT #46725]

4832.   [bug]           Events were not being removed from zone->rss_events.
                        [RT #46725]
 2017-11-30 10:31:44 +11:00
Mark Andrews
0579a11658 4831. [bug] Convert the RRSIG expirytime to 64 bits for 
comparisions in diff.c:resign. [RT #46710]
 2017-11-29 15:20:23 +11:00
Tinderbox User
34075107ba update copyright notice / whitespace 2017-11-28 23:45:35 +00:00
Mark Andrews
65a483106e 4829. [bug] isc_heap_delete did not zero the index value when 
the heap was created with a callback to do that.
                        [RT #46709]
 2017-11-28 18:49:52 +11:00
Mark Andrews
a8c1bfd673 map more entry points to <name>64 2017-11-28 14:08:14 +11:00
Mark Andrews
18c7fa2f93 #define update_recordsandbytes update_recordsandbytes64 2017-11-28 13:58:49 +11:00
Tinderbox User
393135d693 update copyright notice / whitespace 2017-11-27 23:46:24 +00:00
Mark Andrews
c22b540e4c restore setting header->heap_index to zero in setsigningtime 2017-11-28 06:46:33 +11:00
Michał Kępień
40a90fbf89 [master] Do not use thread-local storage for storing LMDB reader locktable slots 
4828.	[bug]		Do not use thread-local storage for storing LMDB reader
			locktable slots. [RT #46556]
 2017-11-27 09:48:10 +01:00
Mark Andrews
19f6a63184 More: 
4819.   [bug]           Fully backout the transaction when adding a RRset
                        to the resigning / removal heaps fails. [RT #46473]
 2017-11-27 15:15:41 +11:00
Mark Andrews
14e9925868 add missing entries to .def files [RT #46215] 2017-11-27 13:49:39 +11:00
Mark Andrews
1dc8208a89 silence %lu vs size_t warning by casting to (unsigned long) 2017-11-24 10:25:37 +11:00
Mark Andrews
6ead410268 in rdbdb.c:setsigningtime stop breaking heap invariant property unless we are going to restore the invariant property 2017-11-24 08:47:52 +11:00
Michał Kępień
165df18f75 [master] Prevent bogus warning from being logged 
4825.	[bug]		Prevent a bogus "error during managed-keys processing
			(no more)" warning from being logged. [RT #46645]
 2017-11-23 09:36:04 +01:00
Mark Andrews
9bb32395b2 silence compiler warning [RT #46471] 2017-11-23 17:01:40 +11:00
Mark Andrews
2f4e0e5a81 initalise serve_stale_ttl 2017-11-23 16:11:49 +11:00
Mark Andrews
78e1d7cdde style 2017-11-23 16:09:27 +11:00
Michał Kępień
6035d557c4 [master] Refactor reclimit system test 
4823.	[test]		Refactor reclimit system test to improve its
			reliability and speed. [RT #46632]
 2017-11-21 10:32:45 +01:00
Mark Andrews
900215654b #include <isc/util.h> [RT #46626] 2017-11-18 11:22:44 +11:00
Tinderbox User
445cabb392 update copyright notice / whitespace 2017-11-17 23:45:28 +00:00
Mark Andrews
a197094d76 remove out of date comment 2017-11-18 08:50:58 +11:00
Mark Andrews
656eed7c9b 4821. [bug] When resigning ensure that the SOA's expire time is 
always later that the resigning time of other records.
                        [RT #46473]

4820.   [bug]           dns_db_subtractrdataset should transfer the resigning
                        information to the new header. [RT #46473]

4819.   [bug]           Fully backout the transaction when adding a RRset
                        to the resigning / removal heaps fail. [RT #46473]
 2017-11-18 07:11:12 +11:00
Mark Andrews
bcce55197a whitespace 2017-11-14 14:48:41 +11:00
Tinderbox User
3bfc28a0d0 update copyright notice / whitespace 2017-11-13 23:45:33 +00:00
Mark Andrews
e2f9dcfd86 more DNS_NAME_INITABSOLUTE cases 2017-11-14 00:21:50 +11:00
Mark Andrews
31975d85de remove out of date comment 2017-11-14 00:18:20 +11:00
Mark Andrews
3d905e0533 4817. [cleanup] Use DNS_NAME_INITABSOLUTE and DNS_NAME_INITNONABSOLUTE. 
[RT #45433]
 2017-11-13 16:58:12 +11:00
Mark Andrews
04934b28ea 4815. [bug] rbt_test.c:insert_and_delete needed to call 
dns_rbt_addnode instead of dns_rbt_addname. [RT #46553]
 2017-11-13 15:26:35 +11:00
Mark Andrews
c0e3e1fe44 4813. [bug] Address potential read after free errors from 
query_synthnodata, query_synthwildcard and
                        query_synthnxdomain. [RT #46547]
 2017-11-10 13:33:18 +11:00
Michał Kępień
312c84c73a [master] Minor improvements to code handling managed keys 
4812.	[bug]		Minor improvements to stability and consistency of code
			handling managed keys. [RT #46468]
 2017-11-09 15:18:39 +01:00
Mark Andrews
b231ddc65d fix the IPv6 address length in compute_cookie. [RT #46538] 2017-11-09 23:59:20 +11:00
Mark Andrews
e03e455cd5 whitespace 2017-11-08 23:30:46 +11:00
Mark Andrews
a1a5145867 4811. [bug] Revert api changes to use <isc/buffer.h> inline 
macros.  Provide a alternative mechanism to turn
                        on the use of inline macros when building BIND.
                        [RT #46520]
 2017-11-08 23:28:10 +11:00
Michał Kępień
4034b098d8 [master] Prevent junk from being logged when using "also-notify { <ip> key <keyname>; };" 2017-11-08 09:21:23 +01:00
Tinderbox User
e6801bf89e update copyright notice / whitespace 2017-11-06 23:45:48 +00:00
Mukund Sivaraman
7e1df5182c [master] isc_rng_randombytes() 
4807.	[cleanup]	isc_rng_randombytes() returns a specified number of
			bytes from the PRNG; this is now used instead of
			calling isc_rng_random() multiple times. [RT #46230]
 2017-11-06 10:44:37 -08:00
Evan Hunt
8d23105547 [master] prep 9.12.0b2 2017-11-02 11:50:07 -07:00
Evan Hunt
9bb007fd2d [master] "zoneload" logging category 
4806.	[func]		Log messages related to loading of zones are now
			directed to the "zoneload" logging category.
			[RT #41640]
 2017-11-01 22:48:12 -07:00
Mark Andrews
92bbc9914c 4805. [bug] TCP4Active and TCP6Active weren't being updated 
correctly. [RT #46454]
 2017-11-02 10:42:42 +11:00
Mark Andrews
0698ad8503 don't use the ERR macro as GCC 7 only does a partial static analysis which generates false positives for fallthrough. [RT #46115] 2017-11-01 19:11:48 +11:00
Tinderbox User
db15f78ad7 update copyright notice / whitespace 2017-10-31 23:45:54 +00:00
Mark Andrews
ff30290b48 4804. [port] win32: access() does not work on directories as 
required by POSIX.  Supply a alternative in
                        isc_file_isdirwritable. [RT #46394]
 2017-11-01 09:29:24 +11:00
Mark Andrews
6e02359034 tmp should be a (struct in_addr) not (struct in_addr *) 2017-10-31 10:35:07 +11:00
Mark Andrews
f5e1b555c5 4801. [func] 'dnssec-lookaside auto;' and 'dnssec-lookaside . 
trust-anchor dlv.isc.org;' now elicit warnings rather
                        than being fatal configuration errors. [RT #46410]
 2017-10-30 07:40:59 +11:00
Michał Kępień
c6c1193e39 [master] Improve clarity of keytable unit tests 
4799.	[cleanup]	Improve clarity of keytable unit tests. [RT #46407]
 2017-10-28 19:59:40 +02:00
Evan Hunt
c9f8165a06 [master] tag initializing keys 
4798.	[func]		Keys specified in "managed-keys" statements
			are tagged as "initializing" until they have been
			updated by a key refresh query. If initialization
			fails it will be visible from "rndc secroots".
			[RT #46267]
 2017-10-27 15:49:44 -07:00
Evan Hunt
959d294067 [master] remove isc-hmac-fixup 
4797.	[func]		Removed "isc-hmac-fixup", as the versions of BIND that
			had the bug it worked around are long past end of
			life. [RT #46411]
 2017-10-27 09:56:11 -07:00
Evan Hunt
06049b1c6c [master] stats counter for priming queries 
4795.	[func]		A new statistics counter has been added to track
			priming queries. [RT #46313]
 2017-10-26 21:38:43 -07:00
Tinderbox User
08f18efba2 update copyright notice / whitespace 2017-10-26 23:45:58 +00:00
Mark Andrews
c341e524dc address resource leak [RT #46413] 2017-10-27 09:58:55 +11:00
Evan Hunt
5c76f3664c [master] enable ISC_BUFFER_USEINLINE to be overridden 2017-10-25 21:42:56 -07:00
Evan Hunt
5b69d3da83 [master] check file and tree headers when loading map files 
4792.	[bug]		Fix map file header correctness check. [RT #38418]
 2017-10-25 21:37:00 -07:00
Evan Hunt
89d1777560 [master] clean up DNS_MESSAGETEXTFLAG comments 2017-10-25 21:33:24 -07:00
Tinderbox User
8e2a8a3855 update copyright notice / whitespace 2017-10-25 23:47:47 +00:00
Evan Hunt
aebdc6cd7d [master] log when update-policy local gets a key match from a remote host 
4788.	[cleanup]	When using "update-policy local", log a warning
			when an update matching the session key is received
			from a remote host. [RT #46213]

- this completes change #4762.
 2017-10-25 00:58:11 -07:00
Michał Kępień
910a01550a [master] Rename nsec3param_salt_totext() to dns_nsec3param_salttotext(), make it public, add unit tests 
4786.	[cleanup]	Turn nsec3param_salt_totext() into a public function,
			dns_nsec3param_salttotext(), and add unit tests for it.
			[RT #46289]
 2017-10-25 09:46:18 +02:00
Evan Hunt
65314b0fd8 [master] "enable-filter-aaaa" no longer optional 
4786.	[func]		The "filter-aaaa-on-v4" and "filter-aaaa-on-v6"
			options are no longer conditionally compiled.
			[RT #46340]
 2017-10-25 00:33:51 -07:00
Michał Kępień
a94d68ce43 [master] Remove REQUIRE preventing change 4592 from working 
Change 4592 was supposed to replace a REQUIRE with a conditional return.
While the latter was added, the former was not removed.  Remove the
relevant REQUIRE to fix RT #43822 for good.
 2017-10-24 21:11:31 +02:00
Evan Hunt
7810817b71 [master] update B.ROOT-SERVERS.NET 2017-10-24 09:17:08 -07:00
Evan Hunt
0207f6ff9e [master] omit NS from authority section if it was in answer 
4780.	[bug]		When answering ANY queries, don't include the NS
			RRset in the authority section if it was already
			in the answer section. [RT #44543]
 2017-10-23 19:16:27 -07:00
Mark Andrews
c9438ee2e0 4779. [bug] Expire NTA at the start of the second. Don't update 
the expiry value if the record has already expired
                        after a successful check. [RT #46368]
 2017-10-24 09:54:25 +11:00
Mark Andrews
a59d687db4 4778. [test] Improve synth-from-dnssec testing. [RT #46352] 2017-10-24 09:49:07 +11:00
Michał Kępień
34ee1cdb56 [master] Extend hooks documentation 2017-10-23 14:17:44 +02:00
Michał Kępień
6853af8fc5 [master] Deconstify hook tables as replacing single entries is allowed 2017-10-23 14:17:07 +02:00
Evan Hunt
b284857f96 [master] mapapi should have been bumped when rbtdb changed 2017-10-20 09:39:55 -07:00
Mark Andrews
5ff48dca18 #include <inttypes.h> 2017-10-20 16:36:07 +11:00
Mark Andrews
66258ca349 4776. [bug] Improve portability of ht_test. [RT #46333] 2017-10-20 16:04:59 +11:00
Tinderbox User
429a43b720 update copyright notice / whitespace 2017-10-19 23:46:02 +00:00
Mark Andrews
0fab171196 s/REQUIRE/ISC_REQUIRE/; include <isc/assertions.h> if ISC_REQUIRE is used; include <isc/likely.h> if ISC_{UN}LIKELY is used 2017-10-19 16:39:53 +11:00
Mark Andrews
583e355951 4775. [bug] Address Coverity warnings in ht_test.c and mem_test.c 
[RT #46281]
 2017-10-19 13:08:31 +11:00
Mark Andrews
fe79e2efbf 4774. [bug] <isc/util.h> was incorrectly included in several 
header files. [RT #46311]
 2017-10-19 12:26:32 +11:00
Tinderbox User
6e87e723a4 update copyright notice / whitespace 2017-10-17 23:47:21 +00:00
Michał Kępień
2361003a88 [master] Doxygen fixes and cleanups 
4773.	[doc]		Fixed generating Doxygen documentation for functions
			annotated using certain macros.  Miscellaneous
			Doxygen-related cleanups. [RT #46276]
 2017-10-17 06:56:46 +02:00
Evan Hunt
838a7c6c6b [master] Revert "add dns_keynode_initial, dns_keynode_trust, and dns_keytable_add2" 
This reverts commit 8422d43dbc.
 2017-10-12 11:06:29 -07:00
Evan Hunt
3abcd7cd8a [master] Revert "[master] tag initializing keys so they can't be used for normal validation" 
This reverts commit 560d8b833e.

This change created a potential race between key refresh queries and
root zone priming queries which could leave the root name servers in
the bad-server cache.
 2017-10-12 10:53:35 -07:00
Mark Andrews
8422d43dbc add dns_keynode_initial, dns_keynode_trust, and dns_keytable_add2 2017-10-12 05:26:55 +00:00
Evan Hunt
d0c3272eaa [master] copyrights 2017-10-11 21:11:37 -07:00
Evan Hunt
99ab7127e1 [master] prep 9.12.0b1 2017-10-11 21:10:49 -07:00
Evan Hunt
560d8b833e [master] tag initializing keys so they can't be used for normal validation 
4773.	[bug]		Keys specified in "managed-keys" statements
			can now only be used when validating key refresh
			queries during initialization of RFC 5011 key
			maintenance. If initialization fails, DNSSEC
			validation of normal queries will also fail.
			Previously, validation of normal queries could
			succeed using the initializing key, potentially
			masking problems with managed-keys. [RT #46077]
 2017-10-11 21:01:13 -07:00
Tinderbox User
77c7d1c555 regen master 2017-10-12 01:08:20 +00:00
Mark Andrews
a9a983781e reserve subscription flags 2017-10-12 09:19:37 +11:00
Michał Kępień
defa292088 [master] expanded libns unit tests 
4772.	[test]		Expanded unit testing framework for libns, using
			hooks to interrupt query flow and inspect state
			at specified locations. [RT #46173]
 2017-10-11 15:02:50 -07:00
Evan Hunt
b2597ce86b [master] ignore cache when sending 5011 refresh queries 
4771.	[bug]		When sending RFC 5011 refresh queries, disregard
			cached DNSKEY rrsets. [RT #46251]
 2017-10-11 14:24:29 -07:00
Michał Kępień
0d61fe5dfd [master] Remove non-portable isc_buffer_printf() unit test 2017-10-11 09:30:48 +02:00
Ondřej Surý
5de02a075b [master] reduce unnecessary priming queries 
4770. [bug] Cache additional data from priming queries as glue.
Previously they were ignored as unsigned
non-answer data from a secure zone, and never
actually got added to the cache, causing hints
to be used frequently for root-server
addresses, which triggered re-priming. [RT #45241]
 2017-10-11 09:11:47 +02:00
Evan Hunt
16d6fab2e5 [master] make writable directory and managed-keys directory mandatory 
4769.   [bug]           The working directory and managed-keys directory has
                        to be writeable (and seekable). [RT #46077]
 2017-10-11 08:21:23 +02:00
Tinderbox User
5414e48606 update copyright notice / whitespace 2017-10-09 23:45:53 +00:00
Evan Hunt
4c368378fc [master] print.h; add missing win32 declaration 2017-10-09 15:01:46 -07:00
Evan Hunt
c89f1bf1b6 [master] turn off memory fill by default 
4768.	[func]		By default, memory is no longer filled with tag values
			when it is allocated or freed; this improves
			performance but makes debugging of certain memory
			issues more difficult. "named -M fill" turns memory
			filling back on. (Building "configure
			--enable-developer", turns memory fill on by
			default again; it can then be disabled with
			"named -M nofill".) [RT #45123]
 2017-10-09 09:55:37 -07:00
Michał Kępień
6cdff94830 [master] Remove unused variable "len" from buildfilename() 2017-10-09 13:53:02 +02:00
Michał Kępień
077f9626c2 [master] Add isc_buffer_printf() 
4767.	[func]		Add a new function, isc_buffer_printf(), which can be
			used to append a formatted string to the used region of
			a buffer. [RT #46201]
 2017-10-09 11:43:07 +02:00
Michał Kępień
c0f78692ee [master] Sync draft-durand-doa-over-dns snippet in lib/dns/tests/rdata_test.c with draft version -03 2017-10-09 10:52:50 +02:00
Mark Andrews
5df3f839b2 4766. [cleanup] Addresss Coverity warnings. [RT #46150] 
4765.   [bug]           Address potential INSIST in dnssec-cds. [RT #46150]
 2017-10-09 18:34:31 +11:00
Mark Andrews
e09b9e7a91 silence VC compiler warning 2017-10-07 14:04:23 +11:00
Evan Hunt
4c6df1653c [master] add missing names 2017-10-06 17:38:35 -07:00
Tinderbox User
6636beb00b update copyright notice / whitespace 2017-10-06 23:45:54 +00:00
Evan Hunt
995c41e8f0 [master] further restrict update-policy local 
4762.	[func]		"update-policy local" is now restricted to updates
			from local addresses. (Previously, other addresses
			were allowed so long as updates were signed by the
			local session key.) [RT #45492]
 2017-10-06 15:43:31 -07:00
Evan Hunt
7baa39fc96 [master] it's okay if dns_db_setgluecachestats() returns ISC_R_NOTIMPLEMENTED 2017-10-06 12:52:21 -07:00
Evan Hunt
4101e6d31d [master] incorrect goto label 2017-10-06 12:21:27 -07:00
Michał Kępień
417218837e [master] Add support for DOA 
4761.	[protocol]	Add support for DOA. [RT #45612]
 2017-10-06 12:22:08 +02:00
Mukund Sivaraman
a0c408c90d Add statistics for glue cache usage (#46028) 2017-10-06 15:44:37 +05:30
Mark Andrews
2833d094b3 remove unmatched 2017-10-06 17:23:54 +11:00
Mark Andrews
b41c1aacbc 4759. [func] Add logging channel "trust-anchor-telementry" to 
record trust-anchor-telementry in incoming requests.
                        Both _ta-XXXX.<anchor>/NULL and EDNS KEY-TAG options
                        are logged.  [RT #46124]
 2017-10-06 13:01:14 +11:00
Tinderbox User
ddcf6c7d2b update copyright notice / whitespace 2017-10-05 23:45:49 +00:00
Evan Hunt
c370305901 [master] 4754. [bug] dns_zone_setview needs a two stage commit to properly 
handle errors. [RT #45841]
 2017-10-04 23:44:15 -07:00
Tinderbox User
7ac51a8380 update copyright notice / whitespace 2017-10-04 23:45:46 +00:00
Mark Andrews
34efd9ad93 cast to unsigned int 2017-10-04 20:55:23 +11:00
Mark Andrews
e541ee4599 silence compiler warning 2017-10-04 18:07:01 +11:00
Mark Andrews
396125eefe #undef inet_ntop 2017-10-04 17:50:01 +11:00
Mark Andrews
5fcdb09126 4752. [test] Add unit test for isc_net_pton. [RT #46171] 2017-10-04 14:10:40 +11:00
Evan Hunt
0bb0890867 [master] missing declaration of INSIST 2017-10-03 20:02:38 -07:00
Tinderbox User
ca0ae70046 update copyright notice / whitespace 2017-10-03 23:45:48 +00:00
Evan Hunt
a5a60037e5 [master] fix out-of-order synchronization that affected the dnssec test 2017-10-03 14:07:08 -07:00
Evan Hunt
f29359299a [master] de-DLV 
4749.	[func]		The ISC DLV service has been shut down, and all
			DLV records have been removed from dlv.isc.org.
			- Removed references to ISC DLV in documentation
			- Removed DLV key from bind.keys
			- No longer use ISC DLV by default in delv
			[RT #46155]
 2017-10-03 00:41:57 -07:00
Mark Andrews
a009d03a1a 4748. [cleanup] Sprintf to snprintf coversions. [RT #46132] 2017-10-03 14:54:19 +11:00
Mark Andrews
c85b467dc0 4747. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 3 - synthesize NODATA responses. [RT #40138]
 2017-10-03 11:16:37 +11:00
Tinderbox User
791aa3e9be update copyright notice / whitespace 2017-09-28 23:45:49 +00:00
Evan Hunt
24172bd2ee [master] completed and corrected the crypto-random change 
4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]
 2017-09-28 10:09:22 -07:00
Mark Andrews
768f6c995f add dns_name_istat to lib/dns/win32/libdns.def.in 2017-09-28 17:52:09 +10:00
Mark Andrews
f735293431 4743. [func] Exclude trust-anchor-telementry queries from 
synth-from-dnssec processing. [RT #46123]
 2017-09-28 16:40:45 +10:00
Mark Andrews
e00fdad191 4742. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 2 - synthesis of records from wildcard data.
                        If the dns64 or filter-aaaa* is configured then the
                        involved lookups are currently excluded. [RT #40138]
 2017-09-28 15:16:26 +10:00
Tinderbox User
e880197f31 update copyright notice / whitespace 2017-09-27 23:45:52 +00:00
Mark Andrews
d386eb54c6 switch to using snprintf from sprintf 2017-09-28 07:15:46 +10:00
Mukund Sivaraman
abb8813a33 Make isc_refcount_current() atomically read the counter value (#46074) 2017-09-27 15:09:04 +05:30
Mark Andrews
2495de04a5 use %u and cast to unsigned int 2017-09-27 17:57:07 +10:00
Mark Andrews
42ee853c23 check for ISC_R_EOF 2017-09-27 16:19:07 +10:00
Mark Andrews
73074e954a 4740. [cleanup] Avoid triggering format-truncated warnings. [RT #46107] 2017-09-27 16:02:02 +10:00
Mark Andrews
b4c31c8795 tcp test got reversed 2017-09-27 15:19:34 +10:00
Mark Andrews
f9f3f20d2d 4739. [cleanup] Address clang static analysis warnings. [RT #45952] 2017-09-27 10:27:09 +10:00
Mark Andrews
08151d7fce 4737. [cleanup] Address Coverity warnings. [RT #46012] 2017-09-26 23:21:49 +10:00
Michał Kępień
acc3728c47 [master] Comment NSEC3-related code and fix a few minor issues 
4736.	[cleanup]	(a) Added comments to NSEC3-related functions in
			lib/dns/zone.c.  (b) Refactored NSEC3 salt formatting
			code.  (c) Minor tweaks to lock and result handling.
			[RT #46053]
 2017-09-26 11:28:28 +02:00
Mukund Sivaraman
fb9712f639 Use stdint.h only when stdatomic.h is in use (stdint.h isn't available everywhere) 2017-09-22 15:14:04 +05:30
Mark Andrews
6138c5a5e4 #include <isc/string.h> as it includes both <string.h> and <strings.h> if they both exist 2017-09-22 18:08:54 +10:00
Tinderbox User
8200eb4c60 update copyright notice / whitespace 2017-09-21 23:47:11 +00:00
Mark Andrews
af7ded82e0 alphabetise 2017-09-21 17:48:26 +10:00
Tinderbox User
243b3ec486 regen master 2017-09-21 07:23:48 +00:00
Mark Andrews
f8c82bbf39 #include <stdint.h> 2017-09-21 14:18:59 +10:00
Mark Andrews
e8703033c5 atomic_compare_exchange_strong_explicit's second argument should not be atomic_* 2017-09-21 13:41:22 +10:00
Mark Andrews
d17cf1cade explicitly list test programs 2017-09-21 12:56:33 +10:00
Evan Hunt
7a2112ff7d [master] fix memory growth problem 
4733.	[bug]		Change #4706 introduced a bug causing TCP clients
			not be reused correctly, leading to unconstrained
			memory growth. [RT #46029]
 2017-09-20 12:12:02 -07:00
Tinderbox User
ffbe6b9537 update copyright notice / whitespace 2017-09-19 23:46:23 +00:00
Mukund Sivaraman
32bcafc316 Change default minimal-responses setting to no-auth-recursive (#46016) 2017-09-19 19:49:02 +05:30
Mukund Sivaraman
98998f3ddd Fix out of bounds access in DHCID totext() method (#46001) 2017-09-19 19:30:28 +05:30
Mukund Sivaraman
d5707676e4 Don't use memset() to wipe memory (#45947) 2017-09-19 16:16:45 +05:30
Mukund Sivaraman
404c9b1c53 Use C11's stdatomic.h instead of isc_atomic where available 2017-09-19 15:43:45 +05:30
Tinderbox User
cb5bc50c91 update copyright notice / whitespace 2017-09-18 23:48:50 +00:00
Michał Kępień
f665c724e4 [master] Prevent possible infinite signing loop after retransferring an inline-signed slave using NSEC3 
4727.	[bug]		Retransferring an inline-signed slave using NSEC3
			around the time its NSEC3 salt was changed could result
			in an infinite signing loop. [RT #45080]
 2017-09-18 09:18:45 +02:00
Michał Kępień
c2179857de [master] Improve handling of TCP_FASTOPEN on FreeBSD 
4726.	[port]		Prevent setsockopt() errors related to TCP_FASTOPEN
			from being logged on FreeBSD if the kernel does not
			support it.  Notify the user when the kernel does
			support TCP_FASTOPEN, but it is disabled by sysctl.
			Add a new configure option, --disable-tcp-fastopen, to
			disable use of TCP_FASTOPEN altogether. [RT #44754]
 2017-09-18 08:34:41 +02:00
Francis Dupont
8a98277811 Made RAND_status check optional (broke --disable-crypto-rand) 2017-09-17 12:02:09 +02:00
Evan Hunt
6e5ae91479 [master] silence compiler warning 2017-09-16 21:01:06 -07:00
Tinderbox User
0b115f3b55 update copyright notice / whitespace 2017-09-16 23:46:04 +00:00
Francis Dupont
ad67f0bb42 Added isc_entropy_sethook in exported symbols 2017-09-16 15:57:06 +02:00
Francis Dupont
5fc7163211 Added isc_entropy_usehook in exported symbols 2017-09-16 15:56:13 +02:00
Francis Dupont
9c829f4f96 Merged rt31459d (openssl random) 2017-09-16 13:53:29 +02:00
Mark Andrews
dc71aa898a don't use strlcat with non NUL terminated strings rt45981_stage3 2017-09-15 13:14:16 +10:00
Tinderbox User
f54a365aeb update copyright notice / whitespace 2017-09-14 23:46:40 +00:00
Mark Andrews
c59bf663e8 silence warning 2017-09-14 19:02:27 +10:00
Mark Andrews
bace03316c #include <isc/string.h> 
(cherry picked from commit 7eb73f6288)
 2017-09-14 18:59:04 +10:00
Mark Andrews
5fb0c09a5e #include <isc/string.h> 2017-09-14 18:54:46 +10:00
Mark Andrews
cb629cdeda more str{n}{cat,cpy} corrections rt45981_stage2 2017-09-14 18:11:56 +10:00
Evan Hunt
077d9d2838 [master] cast char * 2017-09-13 22:03:56 -07:00
Evan Hunt
9b729a06b0 [master] clean up bufsize errors 2017-09-13 21:18:26 -07:00
Tinderbox User
33987cb5fd update copyright notice / whitespace 2017-09-13 23:48:32 +00:00
Evan Hunt
54c5723e31 [master] fix incorrect comment 2017-09-13 13:53:49 -07:00
Mukund Sivaraman
e5eca6eebb Fix output string size in GOST unittest 2017-09-14 01:36:08 +05:30
Mukund Sivaraman
93f7384928 Fix gost unittest failure 2017-09-14 00:29:04 +05:30
Mukund Sivaraman
188fa6ea68 Add missing <isc/print.h> 2017-09-13 19:44:47 +05:30
Mukund Sivaraman
8997fc0a3f Tweak hash_test.c further, passing sizeof(str) 2017-09-13 19:30:03 +05:30
Mukund Sivaraman
a2873eabf6 Tweak 2017-09-13 19:22:03 +05:30
Mukund Sivaraman
bc5e0a6868 Fix size of output string in hash tests 2017-09-13 19:21:08 +05:30
Mark Andrews
4c9ba9ded8 add #include <isc/string.h> 2017-09-13 23:43:43 +10:00