upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-11 10:40:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
26645 commits 18 branches 854 tags 440 MiB
Commit graph

10900 commits

Author SHA1 Message Date
Mark Andrews
656eed7c9b 4821. [bug] When resigning ensure that the SOA's expire time is 
always later that the resigning time of other records.
                        [RT #46473]

4820.   [bug]           dns_db_subtractrdataset should transfer the resigning
                        information to the new header. [RT #46473]

4819.   [bug]           Fully backout the transaction when adding a RRset
                        to the resigning / removal heaps fail. [RT #46473]
 2017-11-18 07:11:12 +11:00
Mark Andrews
bcce55197a whitespace 2017-11-14 14:48:41 +11:00
Tinderbox User
3bfc28a0d0 update copyright notice / whitespace 2017-11-13 23:45:33 +00:00
Mark Andrews
e2f9dcfd86 more DNS_NAME_INITABSOLUTE cases 2017-11-14 00:21:50 +11:00
Mark Andrews
31975d85de remove out of date comment 2017-11-14 00:18:20 +11:00
Mark Andrews
3d905e0533 4817. [cleanup] Use DNS_NAME_INITABSOLUTE and DNS_NAME_INITNONABSOLUTE. 
[RT #45433]
 2017-11-13 16:58:12 +11:00
Mark Andrews
04934b28ea 4815. [bug] rbt_test.c:insert_and_delete needed to call 
dns_rbt_addnode instead of dns_rbt_addname. [RT #46553]
 2017-11-13 15:26:35 +11:00
Mark Andrews
c0e3e1fe44 4813. [bug] Address potential read after free errors from 
query_synthnodata, query_synthwildcard and
                        query_synthnxdomain. [RT #46547]
 2017-11-10 13:33:18 +11:00
Michał Kępień
312c84c73a [master] Minor improvements to code handling managed keys 
4812.	[bug]		Minor improvements to stability and consistency of code
			handling managed keys. [RT #46468]
 2017-11-09 15:18:39 +01:00
Mark Andrews
b231ddc65d fix the IPv6 address length in compute_cookie. [RT #46538] 2017-11-09 23:59:20 +11:00
Mark Andrews
e03e455cd5 whitespace 2017-11-08 23:30:46 +11:00
Mark Andrews
a1a5145867 4811. [bug] Revert api changes to use <isc/buffer.h> inline 
macros.  Provide a alternative mechanism to turn
                        on the use of inline macros when building BIND.
                        [RT #46520]
 2017-11-08 23:28:10 +11:00
Michał Kępień
4034b098d8 [master] Prevent junk from being logged when using "also-notify { <ip> key <keyname>; };" 2017-11-08 09:21:23 +01:00
Tinderbox User
e6801bf89e update copyright notice / whitespace 2017-11-06 23:45:48 +00:00
Mukund Sivaraman
7e1df5182c [master] isc_rng_randombytes() 
4807.	[cleanup]	isc_rng_randombytes() returns a specified number of
			bytes from the PRNG; this is now used instead of
			calling isc_rng_random() multiple times. [RT #46230]
 2017-11-06 10:44:37 -08:00
Evan Hunt
8d23105547 [master] prep 9.12.0b2 2017-11-02 11:50:07 -07:00
Evan Hunt
9bb007fd2d [master] "zoneload" logging category 
4806.	[func]		Log messages related to loading of zones are now
			directed to the "zoneload" logging category.
			[RT #41640]
 2017-11-01 22:48:12 -07:00
Mark Andrews
92bbc9914c 4805. [bug] TCP4Active and TCP6Active weren't being updated 
correctly. [RT #46454]
 2017-11-02 10:42:42 +11:00
Mark Andrews
0698ad8503 don't use the ERR macro as GCC 7 only does a partial static analysis which generates false positives for fallthrough. [RT #46115] 2017-11-01 19:11:48 +11:00
Tinderbox User
db15f78ad7 update copyright notice / whitespace 2017-10-31 23:45:54 +00:00
Mark Andrews
ff30290b48 4804. [port] win32: access() does not work on directories as 
required by POSIX.  Supply a alternative in
                        isc_file_isdirwritable. [RT #46394]
 2017-11-01 09:29:24 +11:00
Mark Andrews
6e02359034 tmp should be a (struct in_addr) not (struct in_addr *) 2017-10-31 10:35:07 +11:00
Mark Andrews
f5e1b555c5 4801. [func] 'dnssec-lookaside auto;' and 'dnssec-lookaside . 
trust-anchor dlv.isc.org;' now elicit warnings rather
                        than being fatal configuration errors. [RT #46410]
 2017-10-30 07:40:59 +11:00
Michał Kępień
c6c1193e39 [master] Improve clarity of keytable unit tests 
4799.	[cleanup]	Improve clarity of keytable unit tests. [RT #46407]
 2017-10-28 19:59:40 +02:00
Evan Hunt
c9f8165a06 [master] tag initializing keys 
4798.	[func]		Keys specified in "managed-keys" statements
			are tagged as "initializing" until they have been
			updated by a key refresh query. If initialization
			fails it will be visible from "rndc secroots".
			[RT #46267]
 2017-10-27 15:49:44 -07:00
Evan Hunt
959d294067 [master] remove isc-hmac-fixup 
4797.	[func]		Removed "isc-hmac-fixup", as the versions of BIND that
			had the bug it worked around are long past end of
			life. [RT #46411]
 2017-10-27 09:56:11 -07:00
Evan Hunt
06049b1c6c [master] stats counter for priming queries 
4795.	[func]		A new statistics counter has been added to track
			priming queries. [RT #46313]
 2017-10-26 21:38:43 -07:00
Tinderbox User
08f18efba2 update copyright notice / whitespace 2017-10-26 23:45:58 +00:00
Mark Andrews
c341e524dc address resource leak [RT #46413] 2017-10-27 09:58:55 +11:00
Evan Hunt
5c76f3664c [master] enable ISC_BUFFER_USEINLINE to be overridden 2017-10-25 21:42:56 -07:00
Evan Hunt
5b69d3da83 [master] check file and tree headers when loading map files 
4792.	[bug]		Fix map file header correctness check. [RT #38418]
 2017-10-25 21:37:00 -07:00
Evan Hunt
89d1777560 [master] clean up DNS_MESSAGETEXTFLAG comments 2017-10-25 21:33:24 -07:00
Tinderbox User
8e2a8a3855 update copyright notice / whitespace 2017-10-25 23:47:47 +00:00
Evan Hunt
aebdc6cd7d [master] log when update-policy local gets a key match from a remote host 
4788.	[cleanup]	When using "update-policy local", log a warning
			when an update matching the session key is received
			from a remote host. [RT #46213]

- this completes change #4762.
 2017-10-25 00:58:11 -07:00
Michał Kępień
910a01550a [master] Rename nsec3param_salt_totext() to dns_nsec3param_salttotext(), make it public, add unit tests 
4786.	[cleanup]	Turn nsec3param_salt_totext() into a public function,
			dns_nsec3param_salttotext(), and add unit tests for it.
			[RT #46289]
 2017-10-25 09:46:18 +02:00
Evan Hunt
65314b0fd8 [master] "enable-filter-aaaa" no longer optional 
4786.	[func]		The "filter-aaaa-on-v4" and "filter-aaaa-on-v6"
			options are no longer conditionally compiled.
			[RT #46340]
 2017-10-25 00:33:51 -07:00
Michał Kępień
a94d68ce43 [master] Remove REQUIRE preventing change 4592 from working 
Change 4592 was supposed to replace a REQUIRE with a conditional return.
While the latter was added, the former was not removed.  Remove the
relevant REQUIRE to fix RT #43822 for good.
 2017-10-24 21:11:31 +02:00
Evan Hunt
7810817b71 [master] update B.ROOT-SERVERS.NET 2017-10-24 09:17:08 -07:00
Evan Hunt
0207f6ff9e [master] omit NS from authority section if it was in answer 
4780.	[bug]		When answering ANY queries, don't include the NS
			RRset in the authority section if it was already
			in the answer section. [RT #44543]
 2017-10-23 19:16:27 -07:00
Mark Andrews
c9438ee2e0 4779. [bug] Expire NTA at the start of the second. Don't update 
the expiry value if the record has already expired
                        after a successful check. [RT #46368]
 2017-10-24 09:54:25 +11:00
Mark Andrews
a59d687db4 4778. [test] Improve synth-from-dnssec testing. [RT #46352] 2017-10-24 09:49:07 +11:00
Michał Kępień
34ee1cdb56 [master] Extend hooks documentation 2017-10-23 14:17:44 +02:00
Michał Kępień
6853af8fc5 [master] Deconstify hook tables as replacing single entries is allowed 2017-10-23 14:17:07 +02:00
Evan Hunt
b284857f96 [master] mapapi should have been bumped when rbtdb changed 2017-10-20 09:39:55 -07:00
Mark Andrews
5ff48dca18 #include <inttypes.h> 2017-10-20 16:36:07 +11:00
Mark Andrews
66258ca349 4776. [bug] Improve portability of ht_test. [RT #46333] 2017-10-20 16:04:59 +11:00
Tinderbox User
429a43b720 update copyright notice / whitespace 2017-10-19 23:46:02 +00:00
Mark Andrews
0fab171196 s/REQUIRE/ISC_REQUIRE/; include <isc/assertions.h> if ISC_REQUIRE is used; include <isc/likely.h> if ISC_{UN}LIKELY is used 2017-10-19 16:39:53 +11:00
Mark Andrews
583e355951 4775. [bug] Address Coverity warnings in ht_test.c and mem_test.c 
[RT #46281]
 2017-10-19 13:08:31 +11:00
Mark Andrews
fe79e2efbf 4774. [bug] <isc/util.h> was incorrectly included in several 
header files. [RT #46311]
 2017-10-19 12:26:32 +11:00
Tinderbox User
6e87e723a4 update copyright notice / whitespace 2017-10-17 23:47:21 +00:00
Michał Kępień
2361003a88 [master] Doxygen fixes and cleanups 
4773.	[doc]		Fixed generating Doxygen documentation for functions
			annotated using certain macros.  Miscellaneous
			Doxygen-related cleanups. [RT #46276]
 2017-10-17 06:56:46 +02:00
Evan Hunt
838a7c6c6b [master] Revert "add dns_keynode_initial, dns_keynode_trust, and dns_keytable_add2" 
This reverts commit 8422d43dbc.
 2017-10-12 11:06:29 -07:00
Evan Hunt
3abcd7cd8a [master] Revert "[master] tag initializing keys so they can't be used for normal validation" 
This reverts commit 560d8b833e.

This change created a potential race between key refresh queries and
root zone priming queries which could leave the root name servers in
the bad-server cache.
 2017-10-12 10:53:35 -07:00
Mark Andrews
8422d43dbc add dns_keynode_initial, dns_keynode_trust, and dns_keytable_add2 2017-10-12 05:26:55 +00:00
Evan Hunt
d0c3272eaa [master] copyrights 2017-10-11 21:11:37 -07:00
Evan Hunt
99ab7127e1 [master] prep 9.12.0b1 2017-10-11 21:10:49 -07:00
Evan Hunt
560d8b833e [master] tag initializing keys so they can't be used for normal validation 
4773.	[bug]		Keys specified in "managed-keys" statements
			can now only be used when validating key refresh
			queries during initialization of RFC 5011 key
			maintenance. If initialization fails, DNSSEC
			validation of normal queries will also fail.
			Previously, validation of normal queries could
			succeed using the initializing key, potentially
			masking problems with managed-keys. [RT #46077]
 2017-10-11 21:01:13 -07:00
Tinderbox User
77c7d1c555 regen master 2017-10-12 01:08:20 +00:00
Mark Andrews
a9a983781e reserve subscription flags 2017-10-12 09:19:37 +11:00
Michał Kępień
defa292088 [master] expanded libns unit tests 
4772.	[test]		Expanded unit testing framework for libns, using
			hooks to interrupt query flow and inspect state
			at specified locations. [RT #46173]
 2017-10-11 15:02:50 -07:00
Evan Hunt
b2597ce86b [master] ignore cache when sending 5011 refresh queries 
4771.	[bug]		When sending RFC 5011 refresh queries, disregard
			cached DNSKEY rrsets. [RT #46251]
 2017-10-11 14:24:29 -07:00
Michał Kępień
0d61fe5dfd [master] Remove non-portable isc_buffer_printf() unit test 2017-10-11 09:30:48 +02:00
Ondřej Surý
5de02a075b [master] reduce unnecessary priming queries 
4770. [bug] Cache additional data from priming queries as glue.
Previously they were ignored as unsigned
non-answer data from a secure zone, and never
actually got added to the cache, causing hints
to be used frequently for root-server
addresses, which triggered re-priming. [RT #45241]
 2017-10-11 09:11:47 +02:00
Evan Hunt
16d6fab2e5 [master] make writable directory and managed-keys directory mandatory 
4769.   [bug]           The working directory and managed-keys directory has
                        to be writeable (and seekable). [RT #46077]
 2017-10-11 08:21:23 +02:00
Tinderbox User
5414e48606 update copyright notice / whitespace 2017-10-09 23:45:53 +00:00
Evan Hunt
4c368378fc [master] print.h; add missing win32 declaration 2017-10-09 15:01:46 -07:00
Evan Hunt
c89f1bf1b6 [master] turn off memory fill by default 
4768.	[func]		By default, memory is no longer filled with tag values
			when it is allocated or freed; this improves
			performance but makes debugging of certain memory
			issues more difficult. "named -M fill" turns memory
			filling back on. (Building "configure
			--enable-developer", turns memory fill on by
			default again; it can then be disabled with
			"named -M nofill".) [RT #45123]
 2017-10-09 09:55:37 -07:00
Michał Kępień
6cdff94830 [master] Remove unused variable "len" from buildfilename() 2017-10-09 13:53:02 +02:00
Michał Kępień
077f9626c2 [master] Add isc_buffer_printf() 
4767.	[func]		Add a new function, isc_buffer_printf(), which can be
			used to append a formatted string to the used region of
			a buffer. [RT #46201]
 2017-10-09 11:43:07 +02:00
Michał Kępień
c0f78692ee [master] Sync draft-durand-doa-over-dns snippet in lib/dns/tests/rdata_test.c with draft version -03 2017-10-09 10:52:50 +02:00
Mark Andrews
5df3f839b2 4766. [cleanup] Addresss Coverity warnings. [RT #46150] 
4765.   [bug]           Address potential INSIST in dnssec-cds. [RT #46150]
 2017-10-09 18:34:31 +11:00
Mark Andrews
e09b9e7a91 silence VC compiler warning 2017-10-07 14:04:23 +11:00
Evan Hunt
4c6df1653c [master] add missing names 2017-10-06 17:38:35 -07:00
Tinderbox User
6636beb00b update copyright notice / whitespace 2017-10-06 23:45:54 +00:00
Evan Hunt
995c41e8f0 [master] further restrict update-policy local 
4762.	[func]		"update-policy local" is now restricted to updates
			from local addresses. (Previously, other addresses
			were allowed so long as updates were signed by the
			local session key.) [RT #45492]
 2017-10-06 15:43:31 -07:00
Evan Hunt
7baa39fc96 [master] it's okay if dns_db_setgluecachestats() returns ISC_R_NOTIMPLEMENTED 2017-10-06 12:52:21 -07:00
Evan Hunt
4101e6d31d [master] incorrect goto label 2017-10-06 12:21:27 -07:00
Michał Kępień
417218837e [master] Add support for DOA 
4761.	[protocol]	Add support for DOA. [RT #45612]
 2017-10-06 12:22:08 +02:00
Mukund Sivaraman
a0c408c90d Add statistics for glue cache usage (#46028) 2017-10-06 15:44:37 +05:30
Mark Andrews
2833d094b3 remove unmatched 2017-10-06 17:23:54 +11:00
Mark Andrews
b41c1aacbc 4759. [func] Add logging channel "trust-anchor-telementry" to 
record trust-anchor-telementry in incoming requests.
                        Both _ta-XXXX.<anchor>/NULL and EDNS KEY-TAG options
                        are logged.  [RT #46124]
 2017-10-06 13:01:14 +11:00
Tinderbox User
ddcf6c7d2b update copyright notice / whitespace 2017-10-05 23:45:49 +00:00
Evan Hunt
c370305901 [master] 4754. [bug] dns_zone_setview needs a two stage commit to properly 
handle errors. [RT #45841]
 2017-10-04 23:44:15 -07:00
Tinderbox User
7ac51a8380 update copyright notice / whitespace 2017-10-04 23:45:46 +00:00
Mark Andrews
34efd9ad93 cast to unsigned int 2017-10-04 20:55:23 +11:00
Mark Andrews
e541ee4599 silence compiler warning 2017-10-04 18:07:01 +11:00
Mark Andrews
396125eefe #undef inet_ntop 2017-10-04 17:50:01 +11:00
Mark Andrews
5fcdb09126 4752. [test] Add unit test for isc_net_pton. [RT #46171] 2017-10-04 14:10:40 +11:00
Evan Hunt
0bb0890867 [master] missing declaration of INSIST 2017-10-03 20:02:38 -07:00
Tinderbox User
ca0ae70046 update copyright notice / whitespace 2017-10-03 23:45:48 +00:00
Evan Hunt
a5a60037e5 [master] fix out-of-order synchronization that affected the dnssec test 2017-10-03 14:07:08 -07:00
Evan Hunt
f29359299a [master] de-DLV 
4749.	[func]		The ISC DLV service has been shut down, and all
			DLV records have been removed from dlv.isc.org.
			- Removed references to ISC DLV in documentation
			- Removed DLV key from bind.keys
			- No longer use ISC DLV by default in delv
			[RT #46155]
 2017-10-03 00:41:57 -07:00
Mark Andrews
a009d03a1a 4748. [cleanup] Sprintf to snprintf coversions. [RT #46132] 2017-10-03 14:54:19 +11:00
Mark Andrews
c85b467dc0 4747. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 3 - synthesize NODATA responses. [RT #40138]
 2017-10-03 11:16:37 +11:00
Tinderbox User
791aa3e9be update copyright notice / whitespace 2017-09-28 23:45:49 +00:00
Evan Hunt
24172bd2ee [master] completed and corrected the crypto-random change 
4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]
 2017-09-28 10:09:22 -07:00
Mark Andrews
768f6c995f add dns_name_istat to lib/dns/win32/libdns.def.in 2017-09-28 17:52:09 +10:00
Mark Andrews
f735293431 4743. [func] Exclude trust-anchor-telementry queries from 
synth-from-dnssec processing. [RT #46123]
 2017-09-28 16:40:45 +10:00
Mark Andrews
e00fdad191 4742. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 2 - synthesis of records from wildcard data.
                        If the dns64 or filter-aaaa* is configured then the
                        involved lookups are currently excluded. [RT #40138]
 2017-09-28 15:16:26 +10:00
Tinderbox User
e880197f31 update copyright notice / whitespace 2017-09-27 23:45:52 +00:00
Mark Andrews
d386eb54c6 switch to using snprintf from sprintf 2017-09-28 07:15:46 +10:00
Mukund Sivaraman
abb8813a33 Make isc_refcount_current() atomically read the counter value (#46074) 2017-09-27 15:09:04 +05:30
Mark Andrews
2495de04a5 use %u and cast to unsigned int 2017-09-27 17:57:07 +10:00
Mark Andrews
42ee853c23 check for ISC_R_EOF 2017-09-27 16:19:07 +10:00
Mark Andrews
73074e954a 4740. [cleanup] Avoid triggering format-truncated warnings. [RT #46107] 2017-09-27 16:02:02 +10:00
Mark Andrews
b4c31c8795 tcp test got reversed 2017-09-27 15:19:34 +10:00
Mark Andrews
f9f3f20d2d 4739. [cleanup] Address clang static analysis warnings. [RT #45952] 2017-09-27 10:27:09 +10:00
Mark Andrews
08151d7fce 4737. [cleanup] Address Coverity warnings. [RT #46012] 2017-09-26 23:21:49 +10:00
Michał Kępień
acc3728c47 [master] Comment NSEC3-related code and fix a few minor issues 
4736.	[cleanup]	(a) Added comments to NSEC3-related functions in
			lib/dns/zone.c.  (b) Refactored NSEC3 salt formatting
			code.  (c) Minor tweaks to lock and result handling.
			[RT #46053]
 2017-09-26 11:28:28 +02:00
Mukund Sivaraman
fb9712f639 Use stdint.h only when stdatomic.h is in use (stdint.h isn't available everywhere) 2017-09-22 15:14:04 +05:30
Mark Andrews
6138c5a5e4 #include <isc/string.h> as it includes both <string.h> and <strings.h> if they both exist 2017-09-22 18:08:54 +10:00
Tinderbox User
8200eb4c60 update copyright notice / whitespace 2017-09-21 23:47:11 +00:00
Mark Andrews
af7ded82e0 alphabetise 2017-09-21 17:48:26 +10:00
Tinderbox User
243b3ec486 regen master 2017-09-21 07:23:48 +00:00
Mark Andrews
f8c82bbf39 #include <stdint.h> 2017-09-21 14:18:59 +10:00
Mark Andrews
e8703033c5 atomic_compare_exchange_strong_explicit's second argument should not be atomic_* 2017-09-21 13:41:22 +10:00
Mark Andrews
d17cf1cade explicitly list test programs 2017-09-21 12:56:33 +10:00
Evan Hunt
7a2112ff7d [master] fix memory growth problem 
4733.	[bug]		Change #4706 introduced a bug causing TCP clients
			not be reused correctly, leading to unconstrained
			memory growth. [RT #46029]
 2017-09-20 12:12:02 -07:00
Tinderbox User
ffbe6b9537 update copyright notice / whitespace 2017-09-19 23:46:23 +00:00
Mukund Sivaraman
32bcafc316 Change default minimal-responses setting to no-auth-recursive (#46016) 2017-09-19 19:49:02 +05:30
Mukund Sivaraman
98998f3ddd Fix out of bounds access in DHCID totext() method (#46001) 2017-09-19 19:30:28 +05:30
Mukund Sivaraman
d5707676e4 Don't use memset() to wipe memory (#45947) 2017-09-19 16:16:45 +05:30
Mukund Sivaraman
404c9b1c53 Use C11's stdatomic.h instead of isc_atomic where available 2017-09-19 15:43:45 +05:30
Tinderbox User
cb5bc50c91 update copyright notice / whitespace 2017-09-18 23:48:50 +00:00
Michał Kępień
f665c724e4 [master] Prevent possible infinite signing loop after retransferring an inline-signed slave using NSEC3 
4727.	[bug]		Retransferring an inline-signed slave using NSEC3
			around the time its NSEC3 salt was changed could result
			in an infinite signing loop. [RT #45080]
 2017-09-18 09:18:45 +02:00
Michał Kępień
c2179857de [master] Improve handling of TCP_FASTOPEN on FreeBSD 
4726.	[port]		Prevent setsockopt() errors related to TCP_FASTOPEN
			from being logged on FreeBSD if the kernel does not
			support it.  Notify the user when the kernel does
			support TCP_FASTOPEN, but it is disabled by sysctl.
			Add a new configure option, --disable-tcp-fastopen, to
			disable use of TCP_FASTOPEN altogether. [RT #44754]
 2017-09-18 08:34:41 +02:00
Francis Dupont
8a98277811 Made RAND_status check optional (broke --disable-crypto-rand) 2017-09-17 12:02:09 +02:00
Evan Hunt
6e5ae91479 [master] silence compiler warning 2017-09-16 21:01:06 -07:00
Tinderbox User
0b115f3b55 update copyright notice / whitespace 2017-09-16 23:46:04 +00:00
Francis Dupont
ad67f0bb42 Added isc_entropy_sethook in exported symbols 2017-09-16 15:57:06 +02:00
Francis Dupont
5fc7163211 Added isc_entropy_usehook in exported symbols 2017-09-16 15:56:13 +02:00
Francis Dupont
9c829f4f96 Merged rt31459d (openssl random) 2017-09-16 13:53:29 +02:00
Mark Andrews
dc71aa898a don't use strlcat with non NUL terminated strings rt45981_stage3 2017-09-15 13:14:16 +10:00
Tinderbox User
f54a365aeb update copyright notice / whitespace 2017-09-14 23:46:40 +00:00
Mark Andrews
c59bf663e8 silence warning 2017-09-14 19:02:27 +10:00
Mark Andrews
bace03316c #include <isc/string.h> 
(cherry picked from commit 7eb73f6288)
 2017-09-14 18:59:04 +10:00
Mark Andrews
5fb0c09a5e #include <isc/string.h> 2017-09-14 18:54:46 +10:00
Mark Andrews
cb629cdeda more str{n}{cat,cpy} corrections rt45981_stage2 2017-09-14 18:11:56 +10:00
Evan Hunt
077d9d2838 [master] cast char * 2017-09-13 22:03:56 -07:00
Evan Hunt
9b729a06b0 [master] clean up bufsize errors 2017-09-13 21:18:26 -07:00
Tinderbox User
33987cb5fd update copyright notice / whitespace 2017-09-13 23:48:32 +00:00
Evan Hunt
54c5723e31 [master] fix incorrect comment 2017-09-13 13:53:49 -07:00
Mukund Sivaraman
e5eca6eebb Fix output string size in GOST unittest 2017-09-14 01:36:08 +05:30
Mukund Sivaraman
93f7384928 Fix gost unittest failure 2017-09-14 00:29:04 +05:30
Mukund Sivaraman
188fa6ea68 Add missing <isc/print.h> 2017-09-13 19:44:47 +05:30
Mukund Sivaraman
8997fc0a3f Tweak hash_test.c further, passing sizeof(str) 2017-09-13 19:30:03 +05:30
Mukund Sivaraman
a2873eabf6 Tweak 2017-09-13 19:22:03 +05:30
Mukund Sivaraman
bc5e0a6868 Fix size of output string in hash tests 2017-09-13 19:21:08 +05:30
Mark Andrews
4c9ba9ded8 add #include <isc/string.h> 2017-09-13 23:43:43 +10:00
Evan Hunt
114f95089c [master] cleanup strcat/strcpy 
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]
 2017-09-13 00:14:37 -07:00
Evan Hunt
e0fc12185d [rt31459d] silence compiler warning 2017-09-13 00:02:53 -07:00
Evan Hunt
20502f35dd [master] allow CDS/CDNSKEY records to be signed with only KSK 
4721.	[func]		'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
			options now apply to CDNSKEY and DS records as well
			as DNSKEY. Thanks to Tony Finch. [RT #45689]
 2017-09-12 23:09:48 -07:00
Evan Hunt
dcbe6a66d7 [rt31459d] setup entropy in dns_lib_init() 2017-09-12 23:03:49 -07:00
Evan Hunt
cc24a8725f [rt31459d] update the newer tools 2017-09-12 22:49:35 -07:00
Mark Andrews
84feab03a9 add dns_name_towire2 to lib/dns/win32/libdns.def.in 2017-09-13 12:10:24 +10:00
Evan Hunt
586e65ea5c [rt31459d] rebased rt31459c 2017-09-12 19:05:46 -07:00
Evan Hunt
30973087a0 [master] add prefetch stat counter 
4720.	[func]		Added a statistics counter to track prefetch
			queries. [RT #45847]
 2017-09-12 18:41:47 -07:00
Mark Andrews
34130ee25a 4719. [bug] Address PVS static analyzer warnings. [RT #45946] 2017-09-13 09:50:51 +10:00
Tinderbox User
1e33899f86 update copyright notice / whitespace 2017-09-12 23:46:14 +00:00
Mark Andrews
4a258c3c42 4718. [func] Avoid seaching for a owner name compression pointer 
more than once when writing out a RRset. [RT #45802]
 2017-09-13 09:24:34 +10:00
Evan Hunt
25b33bede4 [master] improve handling of qcount=0 replies 
4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
			FORMERR if TC=0, and log the error correctly.
			[RT #45836]
 2017-09-12 15:26:30 -07:00
Evan Hunt
d2d9f1e31e [master] move timermgr shutdown to prevent test crashes 2017-09-12 12:56:00 -07:00
Evan Hunt
7ffd6934ba [master] install include files 2017-09-12 10:38:22 -07:00
Evan Hunt
a9dfb7ef6e [master] update copyrights, bump release tag 2017-09-11 22:06:05 -07:00
Mark Andrews
0a1359034d 4715. [bug] TreeMemMax was mis-identified as a second HeapMemMax 
in the Json cache statistics. [RT #45980]
 2017-09-12 14:55:03 +10:00
Mark Andrews
c75e9c7630 4714. [port] openbsd/libressl: add support for building with 
--enable-openssl-hash. [RT #45982]
 2017-09-12 14:19:10 +10:00
Evan Hunt
fddd82bdb1 [master] add crypto libs 2017-09-11 17:49:58 -07:00
Evan Hunt
534c43860e [master] update copyrights 2017-09-11 17:47:12 -07:00
Evan Hunt
0c9683cff8 [master] prep 9.12.0a1 2017-09-11 17:30:39 -07:00
Tinderbox User
0d9572e437 update copyright notice / whitespace 2017-09-11 23:46:33 +00:00
Evan Hunt
de1591889a [master] fix memory leak in notify test 2017-09-11 16:10:49 -07:00
Evan Hunt
7fb611d331 [master] fix prototypes 2017-09-11 15:48:20 -07:00
Evan Hunt
b103b0c011 [master] remap getaddrinfo() to irs_getgetaddrinfo() 
The libirs version of getaddrinfo() cannot be called from within BIND9.
 2017-09-11 15:03:57 -07:00
Evan Hunt
3363f3147a [master] DNS Response Policy Service API 
4713.	[func]		Added support for the DNS Response Policy Service
			(DNSRPS) API, which allows named to use an external
			response policy daemon when built with
			"configure --enable-dnsrps".  Thanks to Vernon
			Schryver and Farsight Security. [RT #43376]
 2017-09-11 11:57:43 -07:00
Evan Hunt
3e66721b35 [master] add missing rrtypes to genzones 
4711.	[test]		Some RR types were missing from genzones.sh.
			[RT #45782]
 2017-09-11 09:34:41 -07:00
Tinderbox User
672586440b update copyright notice / whitespace 2017-09-09 23:46:01 +00:00
Mark Andrews
fc39a3b9b9 add @ISC_OPENSSL_LIBS@ 2017-09-09 20:40:05 +10:00
Francis Dupont
90f6140832 Finished merge of rt45019 (openssl hash default) 2017-09-09 10:30:16 +02:00
Evan Hunt
f13385770e [master] change hash function for RRL 
4709.	[cleanup]	Use dns_name_fullhash() to hash names for RRL.
			[RT #45435]
 2017-09-08 15:46:15 -07:00
Evan Hunt
8eb88aafee [master] add libns and remove liblwres 
4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                        are no longer supported. [RT #45186]

4707.	[func]		The lightweight resolver daemon and library (lwresd
			and liblwres) have been removed. [RT #45186]

4706.	[func]		Code implementing name server query processing has
			been moved from bin/named to a new library "libns".
			Functions remaining in bin/named are now prefixed
			with "named_" rather than "ns_".  This will make it
			easier to write unit tests for name server code, or
			link name server functionality into new tools.
			[RT #45186]
 2017-09-08 13:47:34 -07:00
Evan Hunt
509ba96497 [rt45019] separate DNS_CRYPTO_LIBS from ISC_OPENSSL_LIBS and use both 2017-09-07 22:05:20 -07:00
Evan Hunt
60387eb495 [master] windows can't cope with #ifdef in a macro expansion 2017-09-07 21:02:17 -07:00
Mark Andrews
b6b33d0f48 ISCLIBS should be after DNSLIBS 2017-09-08 12:52:48 +10:00
Tinderbox User
7bd8900aa8 update copyright notice / whitespace 2017-09-07 23:46:43 +00:00
Mark Andrews
e01d88e885 don't disturb search->chain when calling find_coveringnsec 2017-09-08 06:48:41 +10:00
Evan Hunt
1fd1c0b027 [rt45019] fix some library ordering problems 2017-09-06 23:01:54 -07:00
Mark Andrews
6adc40b3ce 4704. [cleanup] Silence Visual Studio compiler warnings. [RT #45898] 2017-09-07 12:57:55 +10:00
Mark Andrews
d1f34ef400 4702. [func] Update function declarations to use 
dns_masterstyle_flags_t for style flags. [RT #45924]
 2017-09-07 12:48:16 +10:00
Tinderbox User
40780aa36f update copyright notice / whitespace 2017-09-06 23:46:23 +00:00
Mark Andrews
86c86693e3 move declaration to start of block 2017-09-07 06:39:24 +10:00
Evan Hunt
e90926bb9e [master] refactor tsig.c 
4701.	[cleanup]	Refactored lib/dns/tsig.c to reduce code
			duplication and simplify the disabling of MD5.
			[RT #45490]
 2017-09-06 10:57:40 -07:00
Mark Andrews
09ccb70e11 add missing defines 2017-09-06 11:17:46 +10:00
Mark Andrews
45df736f88 add missing functions 2017-09-06 10:39:53 +10:00
Mark Andrews
df50751585 4700. [func] Serving of stale answers is now supported. This 
allows named to provide stale cached answers when
                        the authoritative server is under attack.
                        See max-stale-ttl, stale-answer-enable,
                        stale-answer-ttl. [RT #44790]
 2017-09-06 09:58:29 +10:00
Mark Andrews
e2a737bcb8 4699. [func] Multiple cookie-secret clauses can now be specified. 
The first one specified is used to generate new
                        server cookies.  [RT #45672]
 2017-09-05 09:19:45 +10:00
Mark Andrews
a322a0f31c silence converity warning [RT #45891] 2017-09-05 07:38:13 +10:00
Mark Andrews
10076239f6 missing (const) 2017-09-04 18:22:52 +10:00
Mukund Sivaraman
cdabd36dc7 Tweak code (reviewed by Mark) 2017-09-01 12:41:13 +05:30
Mark Andrews
5c269d84c2 remove development logging 2017-09-01 14:45:26 +10:00
Mark Andrews
a8a20462b5 4697. [bug] Restore workaround for Microsoft Windows TSIG hash 
computation bug. [RT #45854]
 2017-09-01 11:17:59 +10:00
Mark Andrews
2e743d9bdc Squashed commit of the following: 
commit 2a0e5695da2e0f701191e2783209ac05c9d01e6c
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 12:15:05 2017 +1000

    remove 'on' from error message

commit f18a8d699b69be35b938cfe2b30ebb30cd78e814
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 11:58:41 2017 +1000

    add more cookie-secret named-checkconf tests

commit ca8f5f5f57ccbeb970310866523a909eb411a554
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 11:31:57 2017 +1000

    properly check algorithm names
 2017-08-31 12:19:37 +10:00
Evan Hunt
5c8de9e2ae [master] fix uninitialized memory in mem_test.c 2017-08-30 19:02:52 -07:00
Evan Hunt
45afdb2672 [master] remove default algorithm in dnssec-keygen 
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
 2017-08-30 18:51:11 -07:00
Tinderbox User
587f005032 update copyright notice / whitespace 2017-08-30 23:46:18 +00:00
Mark Andrews
89d841c16f sort view_clauses 2017-08-31 08:40:33 +10:00
Mark Andrews
0aed466565 4693. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]
 2017-08-31 07:57:50 +10:00
Mark Andrews
c26370fc69 4692. [bug] Fix build failures with libressl introduced in 4676. 
[RT #45879]
 2017-08-30 17:11:20 +10:00
Tinderbox User
f562de3f71 update copyright notice / whitespace 2017-08-24 23:47:03 +00:00
Mark Andrews
07741d43c8 4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in 
messages. [RT #44804]
 2017-08-25 08:38:19 +10:00
Mukund Sivaraman
af4b4bef7a Refactor tracklines code (#45126) 2017-08-24 10:58:55 +05:30
Mark Andrews
615b961e02 4682. [bug] Don't report errors on records below a DNAME. 
[RT #44880]
 2017-08-17 15:49:59 +10:00
Mark Andrews
52fd57c989 4681. [bug] Log messages from the validator now include the 
associated view unless the view is "_default/IN"
                        or "_dnsclient/IN". [RT #45770]
 2017-08-16 09:29:20 +10:00
Mark Andrews
bf1ab06a48 request-nsid/request-sit out of order 2017-08-14 23:47:30 +10:00
Mark Andrews
60fd71ec66 alphabetize options_clauses 2017-08-14 07:22:20 +00:00
Mark Andrews
9697129ae2 tcp-only and tcp-keepalive where out of alphabetical order 2017-08-14 07:00:02 +00:00
Mark Andrews
fa7bacca7d sit-secret was out of alphabetical order 2017-08-14 06:50:24 +00:00
Mark Andrews
cc88df4f01 4678. [bug] geoip-use-ecs has the wrong type when geoip support 
is disabled at configure time. [RT #45763]
 2017-08-14 06:18:26 +00:00
Mark Andrews
5e9d9aa9d0 use isc_thread_self instead of pthread_self 2017-08-14 13:51:20 +10:00
Mark Andrews
cbc80a42d3 4676. [cleanup] Allow BIND to be built using OpenSSL 1.0.X with 
deprecated functions removed. [RT #45706]
 2017-08-10 10:16:26 +10:00
Tinderbox User
f4eb664ce3 update copyright notice / whitespace 2017-08-09 23:47:50 +00:00
Mark Andrews
ff8d856db0 4675. [cleanup] Don't use C++ keyword class. [RT #45726] 2017-08-10 08:42:04 +10:00
Evan Hunt
cdacec1dcb [master] silence gcc 7 warnings 
4673.	[port]		Silence GCC 7 warnings. [RT #45592]
 2017-08-09 00:17:44 -07:00
Mark Andrews
31605091b4 add comment 2017-08-09 08:42:10 +05:30
Evan Hunt
6bba066302 style 2017-08-09 08:41:51 +05:30
Mark Andrews
bcb2df226f style changes from [RT #45321] 2017-08-09 07:48:57 +10:00
Evan Hunt
2013c9751d [master] address coverity warning about uninitialized variable 2017-08-08 10:46:49 -07:00
Mukund Sivaraman
f2b6eef899 Fix tsig_test.c unittest (OK'd by Mark on Jabber) 2017-08-08 19:45:07 +05:30
Mukund Sivaraman
c88efb83b3 Fix a race in resume_dslookup() (#45168) 2017-08-08 12:20:48 +05:30
Evan Hunt
0ad72b96d2 [master] ensure verified_sig 
4670.	[cleanup]	Ensure that a request MAC is never sent back
			in an XFR response unless the signature was
                        verified. [RT #45494]
 2017-08-07 18:54:05 -07:00
Mark Andrews
d5cb164074 conditionally declare fctx 2017-08-08 00:51:37 +10:00
Mark Andrews
73cc289e79 remove unused variable 'fctx' from rctx_next 2017-08-05 12:31:45 +10:00
Evan Hunt
61367c604c [master] refactor resquery_response() and related functions 
4669.	[func]		Iterative query logic in resolver.c has been
			refactored into smaller functions and commented,
			for improved readability, maintainability and
			testability. [RT #45362]
 2017-08-04 16:08:11 -07:00
Tinderbox User
be33f4ead1 update copyright notice / whitespace 2017-08-03 23:46:14 +00:00
Mark Andrews
2019cf29e2 4668. [bug] Use localtime_r and gmtime_r for thread safety. 
[RT #45664]
 2017-08-03 08:42:27 +10:00
Tinderbox User
b74e1c3b50 update copyright notice / whitespace 2017-08-01 23:46:29 +00:00
Michał Kępień
712825d755 [master] Refactor RDATA unit tests 
4667.	[cleanup]	Refactor RDATA unit tests. [RT #45610]
 2017-08-01 12:15:21 +02:00
Francis Dupont
9b9182fe00 Added Ed25519 support (#44696) 2017-07-31 15:26:00 +02:00
Evan Hunt
268cea9c12 [master] glue-cache option 
4664.	[func]		Add a "glue-cache" option to enable or disable the
			glue cache. The default is "no" to reduce memory
			usage, but enabling this option will improve
			performance in delegation-heavy zones. [RT #45125]
 2017-07-28 12:57:50 -07:00
Evan Hunt
e924155211 [master] Maintain ZEROTTL cache entries at the tail of the LRU lists 
4662.	[performance]	Improve cache memory cleanup of zero TTL records
			by putting them at the tail of LRU header lists.
			[RT #45274]
 2017-07-28 00:13:05 -07:00
Evan Hunt
036305f00d [master] race condition when reloading while resigning 
4661.	[bug]		A race condition could occur if a zone was reloaded
			while resigning, triggering a crash in
			rbtdb.c:closeversion(). [RT #45276]
 2017-07-28 00:02:17 -07:00
Mark Andrews
5140501a0b 4660. [bug] Remove spurious "peer" from Windows socket log 
messages. [RT #45617]
 2017-07-28 16:06:51 +10:00
Tinderbox User
c03e9eb43d update copyright notice / whitespace 2017-07-27 23:48:36 +00:00
Evan Hunt
7ff9d3a962 [master] fix typo in BADCDS 2017-07-27 15:41:58 -07:00
Evan Hunt
bd5b0b39e6 [master] add print.h 2017-07-26 01:24:25 -07:00
Michał Kępień
383240d572 [master] Process "port" and "dscp" for "default-masters" 
4656.	[bug]		Apply "port" and "dscp" values specified in catalog
			zone's "default-masters" option to the generated
			configuration of its member zones. [RT #45545]
 2017-07-26 09:28:28 +02:00
Tinderbox User
9ab5ec1d72 update copyright notice / whitespace 2017-07-21 23:46:06 +00:00
Mark Andrews
4bf32aa587 4654. [cleanup] Don't use C++ keywords delete, new and namespace. 
[RT #45538]
 2017-07-21 11:52:24 +10:00
Tinderbox User
0297ebcc89 update copyright notice / whitespace 2017-07-20 23:45:27 +00:00
Mark Andrews
124712666e 4653. [bug] Reorder includes to move @DST_OPENSSL_INC@ and 
@ISC_OPENSSL_INC@ after shipped include directories.
                        [RT #45581]
 2017-07-20 11:52:03 +10:00