upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-11 10:40:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
26645 commits 18 branches 854 tags 440 MiB
Commit graph

10900 commits

Author SHA1 Message Date
Evan Hunt
114f95089c [master] cleanup strcat/strcpy 
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]
 2017-09-13 00:14:37 -07:00
Evan Hunt
e0fc12185d [rt31459d] silence compiler warning 2017-09-13 00:02:53 -07:00
Evan Hunt
20502f35dd [master] allow CDS/CDNSKEY records to be signed with only KSK 
4721.	[func]		'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
			options now apply to CDNSKEY and DS records as well
			as DNSKEY. Thanks to Tony Finch. [RT #45689]
 2017-09-12 23:09:48 -07:00
Evan Hunt
dcbe6a66d7 [rt31459d] setup entropy in dns_lib_init() 2017-09-12 23:03:49 -07:00
Evan Hunt
cc24a8725f [rt31459d] update the newer tools 2017-09-12 22:49:35 -07:00
Mark Andrews
84feab03a9 add dns_name_towire2 to lib/dns/win32/libdns.def.in 2017-09-13 12:10:24 +10:00
Evan Hunt
586e65ea5c [rt31459d] rebased rt31459c 2017-09-12 19:05:46 -07:00
Evan Hunt
30973087a0 [master] add prefetch stat counter 
4720.	[func]		Added a statistics counter to track prefetch
			queries. [RT #45847]
 2017-09-12 18:41:47 -07:00
Mark Andrews
34130ee25a 4719. [bug] Address PVS static analyzer warnings. [RT #45946] 2017-09-13 09:50:51 +10:00
Tinderbox User
1e33899f86 update copyright notice / whitespace 2017-09-12 23:46:14 +00:00
Mark Andrews
4a258c3c42 4718. [func] Avoid seaching for a owner name compression pointer 
more than once when writing out a RRset. [RT #45802]
 2017-09-13 09:24:34 +10:00
Evan Hunt
25b33bede4 [master] improve handling of qcount=0 replies 
4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
			FORMERR if TC=0, and log the error correctly.
			[RT #45836]
 2017-09-12 15:26:30 -07:00
Evan Hunt
d2d9f1e31e [master] move timermgr shutdown to prevent test crashes 2017-09-12 12:56:00 -07:00
Evan Hunt
7ffd6934ba [master] install include files 2017-09-12 10:38:22 -07:00
Evan Hunt
a9dfb7ef6e [master] update copyrights, bump release tag 2017-09-11 22:06:05 -07:00
Mark Andrews
0a1359034d 4715. [bug] TreeMemMax was mis-identified as a second HeapMemMax 
in the Json cache statistics. [RT #45980]
 2017-09-12 14:55:03 +10:00
Mark Andrews
c75e9c7630 4714. [port] openbsd/libressl: add support for building with 
--enable-openssl-hash. [RT #45982]
 2017-09-12 14:19:10 +10:00
Evan Hunt
fddd82bdb1 [master] add crypto libs 2017-09-11 17:49:58 -07:00
Evan Hunt
534c43860e [master] update copyrights 2017-09-11 17:47:12 -07:00
Evan Hunt
0c9683cff8 [master] prep 9.12.0a1 2017-09-11 17:30:39 -07:00
Tinderbox User
0d9572e437 update copyright notice / whitespace 2017-09-11 23:46:33 +00:00
Evan Hunt
de1591889a [master] fix memory leak in notify test 2017-09-11 16:10:49 -07:00
Evan Hunt
7fb611d331 [master] fix prototypes 2017-09-11 15:48:20 -07:00
Evan Hunt
b103b0c011 [master] remap getaddrinfo() to irs_getgetaddrinfo() 
The libirs version of getaddrinfo() cannot be called from within BIND9.
 2017-09-11 15:03:57 -07:00
Evan Hunt
3363f3147a [master] DNS Response Policy Service API 
4713.	[func]		Added support for the DNS Response Policy Service
			(DNSRPS) API, which allows named to use an external
			response policy daemon when built with
			"configure --enable-dnsrps".  Thanks to Vernon
			Schryver and Farsight Security. [RT #43376]
 2017-09-11 11:57:43 -07:00
Evan Hunt
3e66721b35 [master] add missing rrtypes to genzones 
4711.	[test]		Some RR types were missing from genzones.sh.
			[RT #45782]
 2017-09-11 09:34:41 -07:00
Tinderbox User
672586440b update copyright notice / whitespace 2017-09-09 23:46:01 +00:00
Mark Andrews
fc39a3b9b9 add @ISC_OPENSSL_LIBS@ 2017-09-09 20:40:05 +10:00
Francis Dupont
90f6140832 Finished merge of rt45019 (openssl hash default) 2017-09-09 10:30:16 +02:00
Evan Hunt
f13385770e [master] change hash function for RRL 
4709.	[cleanup]	Use dns_name_fullhash() to hash names for RRL.
			[RT #45435]
 2017-09-08 15:46:15 -07:00
Evan Hunt
8eb88aafee [master] add libns and remove liblwres 
4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                        are no longer supported. [RT #45186]

4707.	[func]		The lightweight resolver daemon and library (lwresd
			and liblwres) have been removed. [RT #45186]

4706.	[func]		Code implementing name server query processing has
			been moved from bin/named to a new library "libns".
			Functions remaining in bin/named are now prefixed
			with "named_" rather than "ns_".  This will make it
			easier to write unit tests for name server code, or
			link name server functionality into new tools.
			[RT #45186]
 2017-09-08 13:47:34 -07:00
Evan Hunt
509ba96497 [rt45019] separate DNS_CRYPTO_LIBS from ISC_OPENSSL_LIBS and use both 2017-09-07 22:05:20 -07:00
Evan Hunt
60387eb495 [master] windows can't cope with #ifdef in a macro expansion 2017-09-07 21:02:17 -07:00
Mark Andrews
b6b33d0f48 ISCLIBS should be after DNSLIBS 2017-09-08 12:52:48 +10:00
Tinderbox User
7bd8900aa8 update copyright notice / whitespace 2017-09-07 23:46:43 +00:00
Mark Andrews
e01d88e885 don't disturb search->chain when calling find_coveringnsec 2017-09-08 06:48:41 +10:00
Evan Hunt
1fd1c0b027 [rt45019] fix some library ordering problems 2017-09-06 23:01:54 -07:00
Mark Andrews
6adc40b3ce 4704. [cleanup] Silence Visual Studio compiler warnings. [RT #45898] 2017-09-07 12:57:55 +10:00
Mark Andrews
d1f34ef400 4702. [func] Update function declarations to use 
dns_masterstyle_flags_t for style flags. [RT #45924]
 2017-09-07 12:48:16 +10:00
Tinderbox User
40780aa36f update copyright notice / whitespace 2017-09-06 23:46:23 +00:00
Mark Andrews
86c86693e3 move declaration to start of block 2017-09-07 06:39:24 +10:00
Evan Hunt
e90926bb9e [master] refactor tsig.c 
4701.	[cleanup]	Refactored lib/dns/tsig.c to reduce code
			duplication and simplify the disabling of MD5.
			[RT #45490]
 2017-09-06 10:57:40 -07:00
Mark Andrews
09ccb70e11 add missing defines 2017-09-06 11:17:46 +10:00
Mark Andrews
45df736f88 add missing functions 2017-09-06 10:39:53 +10:00
Mark Andrews
df50751585 4700. [func] Serving of stale answers is now supported. This 
allows named to provide stale cached answers when
                        the authoritative server is under attack.
                        See max-stale-ttl, stale-answer-enable,
                        stale-answer-ttl. [RT #44790]
 2017-09-06 09:58:29 +10:00
Mark Andrews
e2a737bcb8 4699. [func] Multiple cookie-secret clauses can now be specified. 
The first one specified is used to generate new
                        server cookies.  [RT #45672]
 2017-09-05 09:19:45 +10:00
Mark Andrews
a322a0f31c silence converity warning [RT #45891] 2017-09-05 07:38:13 +10:00
Mark Andrews
10076239f6 missing (const) 2017-09-04 18:22:52 +10:00
Mukund Sivaraman
cdabd36dc7 Tweak code (reviewed by Mark) 2017-09-01 12:41:13 +05:30
Mark Andrews
5c269d84c2 remove development logging 2017-09-01 14:45:26 +10:00
Mark Andrews
a8a20462b5 4697. [bug] Restore workaround for Microsoft Windows TSIG hash 
computation bug. [RT #45854]
 2017-09-01 11:17:59 +10:00
Mark Andrews
2e743d9bdc Squashed commit of the following: 
commit 2a0e5695da2e0f701191e2783209ac05c9d01e6c
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 12:15:05 2017 +1000

    remove 'on' from error message

commit f18a8d699b69be35b938cfe2b30ebb30cd78e814
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 11:58:41 2017 +1000

    add more cookie-secret named-checkconf tests

commit ca8f5f5f57ccbeb970310866523a909eb411a554
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 11:31:57 2017 +1000

    properly check algorithm names
 2017-08-31 12:19:37 +10:00
Evan Hunt
5c8de9e2ae [master] fix uninitialized memory in mem_test.c 2017-08-30 19:02:52 -07:00
Evan Hunt
45afdb2672 [master] remove default algorithm in dnssec-keygen 
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
 2017-08-30 18:51:11 -07:00
Tinderbox User
587f005032 update copyright notice / whitespace 2017-08-30 23:46:18 +00:00
Mark Andrews
89d841c16f sort view_clauses 2017-08-31 08:40:33 +10:00
Mark Andrews
0aed466565 4693. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]
 2017-08-31 07:57:50 +10:00
Mark Andrews
c26370fc69 4692. [bug] Fix build failures with libressl introduced in 4676. 
[RT #45879]
 2017-08-30 17:11:20 +10:00
Tinderbox User
f562de3f71 update copyright notice / whitespace 2017-08-24 23:47:03 +00:00
Mark Andrews
07741d43c8 4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in 
messages. [RT #44804]
 2017-08-25 08:38:19 +10:00
Mukund Sivaraman
af4b4bef7a Refactor tracklines code (#45126) 2017-08-24 10:58:55 +05:30
Mark Andrews
615b961e02 4682. [bug] Don't report errors on records below a DNAME. 
[RT #44880]
 2017-08-17 15:49:59 +10:00
Mark Andrews
52fd57c989 4681. [bug] Log messages from the validator now include the 
associated view unless the view is "_default/IN"
                        or "_dnsclient/IN". [RT #45770]
 2017-08-16 09:29:20 +10:00
Mark Andrews
bf1ab06a48 request-nsid/request-sit out of order 2017-08-14 23:47:30 +10:00
Mark Andrews
60fd71ec66 alphabetize options_clauses 2017-08-14 07:22:20 +00:00
Mark Andrews
9697129ae2 tcp-only and tcp-keepalive where out of alphabetical order 2017-08-14 07:00:02 +00:00
Mark Andrews
fa7bacca7d sit-secret was out of alphabetical order 2017-08-14 06:50:24 +00:00
Mark Andrews
cc88df4f01 4678. [bug] geoip-use-ecs has the wrong type when geoip support 
is disabled at configure time. [RT #45763]
 2017-08-14 06:18:26 +00:00
Mark Andrews
5e9d9aa9d0 use isc_thread_self instead of pthread_self 2017-08-14 13:51:20 +10:00
Mark Andrews
cbc80a42d3 4676. [cleanup] Allow BIND to be built using OpenSSL 1.0.X with 
deprecated functions removed. [RT #45706]
 2017-08-10 10:16:26 +10:00
Tinderbox User
f4eb664ce3 update copyright notice / whitespace 2017-08-09 23:47:50 +00:00
Mark Andrews
ff8d856db0 4675. [cleanup] Don't use C++ keyword class. [RT #45726] 2017-08-10 08:42:04 +10:00
Evan Hunt
cdacec1dcb [master] silence gcc 7 warnings 
4673.	[port]		Silence GCC 7 warnings. [RT #45592]
 2017-08-09 00:17:44 -07:00
Mark Andrews
31605091b4 add comment 2017-08-09 08:42:10 +05:30
Evan Hunt
6bba066302 style 2017-08-09 08:41:51 +05:30
Mark Andrews
bcb2df226f style changes from [RT #45321] 2017-08-09 07:48:57 +10:00
Evan Hunt
2013c9751d [master] address coverity warning about uninitialized variable 2017-08-08 10:46:49 -07:00
Mukund Sivaraman
f2b6eef899 Fix tsig_test.c unittest (OK'd by Mark on Jabber) 2017-08-08 19:45:07 +05:30
Mukund Sivaraman
c88efb83b3 Fix a race in resume_dslookup() (#45168) 2017-08-08 12:20:48 +05:30
Evan Hunt
0ad72b96d2 [master] ensure verified_sig 
4670.	[cleanup]	Ensure that a request MAC is never sent back
			in an XFR response unless the signature was
                        verified. [RT #45494]
 2017-08-07 18:54:05 -07:00
Mark Andrews
d5cb164074 conditionally declare fctx 2017-08-08 00:51:37 +10:00
Mark Andrews
73cc289e79 remove unused variable 'fctx' from rctx_next 2017-08-05 12:31:45 +10:00
Evan Hunt
61367c604c [master] refactor resquery_response() and related functions 
4669.	[func]		Iterative query logic in resolver.c has been
			refactored into smaller functions and commented,
			for improved readability, maintainability and
			testability. [RT #45362]
 2017-08-04 16:08:11 -07:00
Tinderbox User
be33f4ead1 update copyright notice / whitespace 2017-08-03 23:46:14 +00:00
Mark Andrews
2019cf29e2 4668. [bug] Use localtime_r and gmtime_r for thread safety. 
[RT #45664]
 2017-08-03 08:42:27 +10:00
Tinderbox User
b74e1c3b50 update copyright notice / whitespace 2017-08-01 23:46:29 +00:00
Michał Kępień
712825d755 [master] Refactor RDATA unit tests 
4667.	[cleanup]	Refactor RDATA unit tests. [RT #45610]
 2017-08-01 12:15:21 +02:00
Francis Dupont
9b9182fe00 Added Ed25519 support (#44696) 2017-07-31 15:26:00 +02:00
Evan Hunt
268cea9c12 [master] glue-cache option 
4664.	[func]		Add a "glue-cache" option to enable or disable the
			glue cache. The default is "no" to reduce memory
			usage, but enabling this option will improve
			performance in delegation-heavy zones. [RT #45125]
 2017-07-28 12:57:50 -07:00
Evan Hunt
e924155211 [master] Maintain ZEROTTL cache entries at the tail of the LRU lists 
4662.	[performance]	Improve cache memory cleanup of zero TTL records
			by putting them at the tail of LRU header lists.
			[RT #45274]
 2017-07-28 00:13:05 -07:00
Evan Hunt
036305f00d [master] race condition when reloading while resigning 
4661.	[bug]		A race condition could occur if a zone was reloaded
			while resigning, triggering a crash in
			rbtdb.c:closeversion(). [RT #45276]
 2017-07-28 00:02:17 -07:00
Mark Andrews
5140501a0b 4660. [bug] Remove spurious "peer" from Windows socket log 
messages. [RT #45617]
 2017-07-28 16:06:51 +10:00
Tinderbox User
c03e9eb43d update copyright notice / whitespace 2017-07-27 23:48:36 +00:00
Evan Hunt
7ff9d3a962 [master] fix typo in BADCDS 2017-07-27 15:41:58 -07:00
Evan Hunt
bd5b0b39e6 [master] add print.h 2017-07-26 01:24:25 -07:00
Michał Kępień
383240d572 [master] Process "port" and "dscp" for "default-masters" 
4656.	[bug]		Apply "port" and "dscp" values specified in catalog
			zone's "default-masters" option to the generated
			configuration of its member zones. [RT #45545]
 2017-07-26 09:28:28 +02:00
Tinderbox User
9ab5ec1d72 update copyright notice / whitespace 2017-07-21 23:46:06 +00:00
Mark Andrews
4bf32aa587 4654. [cleanup] Don't use C++ keywords delete, new and namespace. 
[RT #45538]
 2017-07-21 11:52:24 +10:00
Tinderbox User
0297ebcc89 update copyright notice / whitespace 2017-07-20 23:45:27 +00:00
Mark Andrews
124712666e 4653. [bug] Reorder includes to move @DST_OPENSSL_INC@ and 
@ISC_OPENSSL_INC@ after shipped include directories.
                        [RT #45581]
 2017-07-20 11:52:03 +10:00
Mark Andrews
c0ac259940 4650. [test] Silence coverity warnings in tsig_test.c. [RT #45528] 2017-07-19 14:34:15 +10:00
Evan Hunt
4aafa833ec [master] update api ranges 2017-07-16 13:56:30 -07:00
Mark Andrews
df1297cd0c sort *_test@EXEEXT@ rule sets 2017-07-11 12:12:12 +10:00
Mark Andrews
abe5cf42b3 4649. [bug] The wrong zone was logged when a catalog zone is added. 
[RT #45520]
 2017-07-10 10:36:56 +10:00
Tinderbox User
7c655c5b24 update copyright notice / whitespace 2017-07-09 23:45:34 +00:00
Mark Andrews
1e9b39fe26 4648. [bug] "rndc reconfig" on a slave no longer causes all member 
zones of configured catalog zones to be removed from
                        configuration. [RT #45310]
 2017-07-10 09:06:13 +10:00
Tinderbox User
63582913c9 update copyright notice / whitespace 2017-07-07 23:45:38 +00:00
Mark Andrews
00a235c8e6 add #include <isc/print.h> 2017-07-08 00:47:59 +10:00
Mark Andrews
58f0fb325b 4647. [bug] Change 4643 broke verification of TSIG signed TCP 
message sequences where not all the messages contain
                        TSIG records.  These may be used in AXFR and IXFR
                        responses.  [RT #45509]
 2017-07-07 23:19:05 +10:00
Tinderbox User
67fa096a59 update copyright notice / whitespace 2017-06-30 23:45:35 +00:00
Evan Hunt
b05b3fab3c [master] fix RSA parsing when md5 disabled 
4645.	[bug]		Fix PKCS#11 RSA parsing when MD5 is disabled.
			[RT #45300]
 2017-06-29 15:53:35 -07:00
Evan Hunt
b2018b7cff [master] complete change #4643 2017-06-28 09:11:49 -07:00
Tinderbox User
b6a4f7937e update copyright notice / whitespace 2017-06-27 23:45:38 +00:00
Evan Hunt
2fe77b611a [master] fix API ranges (170-179 was used for two branches) 2017-06-27 12:18:33 -07:00
Evan Hunt
581c1526ab [master] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]
 2017-06-27 11:39:19 -07:00
Evan Hunt
0d90835d2a [master] enhanced rfc 5011 logging 
4642.	[cleanup]	Add more logging of RFC 5011 events affecting the
			status of managed keys: newly observed keys,
			deletion of revoked keys, etc. [RT #45354]
 2017-06-27 10:49:43 -07:00
Mark Andrews
eb346d7098 'name' should be on isc_thread_setname argument not isc_thread_create 
(cherry picked from commit 15471a63a2)
 2017-06-26 12:21:33 +10:00
Tinderbox User
f62eb5f112 update copyright notice / whitespace 2017-06-20 23:45:25 +00:00
Mark Andrews
da0df9367d fix attribute name in DNS_NAME_INITABSOLUTE [RT #45409] 2017-06-20 12:37:58 +10:00
Evan Hunt
bf05e66bb3 [master] prevent reload failure due to LMDB database perms 
4638.	[bug]		Reloading or reconfiguring named could fail on
			some platforms when LMDB was in use. [RT #45203]
 2017-06-13 10:15:34 -07:00
Mark Andrews
e85e95c19e 4636. [bug] Normalize rpz policy zone names when checking for 
existence. [RT #45358]
 2017-06-13 13:06:47 +10:00
Tinderbox User
8bd6a7a1a3 update copyright notice / whitespace 2017-06-02 23:45:20 +00:00
Mark Andrews
9c179a5607 4633. [maint] Updated AAAA (2001:500:200::b) for B.ROOT-SERVERS.NET. 2017-06-02 11:46:38 +10:00
Tinderbox User
bb01fced12 update copyright notice / whitespace 2017-05-30 23:45:32 +00:00
Mark Andrews
aa3a8979bc 4530. [bug] "dyndb" is dependent on dlopen existing / being 
enabled. [RT #45291]
 2017-05-30 11:34:37 +10:00
Mark Andrews
ae903759c2 4530. [bug] "dyndb" is dependent on dlopen existing / being 
enabled. [RT #45291]
 2017-05-30 11:31:34 +10:00
Mark Andrews
e51d62ecae 4629. [bug] dns_client_startupdate could not be called with a 
running client. [RT #45277]
 2017-05-30 09:47:41 +10:00
Tinderbox User
243cfadf06 update copyright notice / whitespace 2017-05-21 23:45:29 +00:00
Evan Hunt
9e44639ae0 [master] corrected a possible crash in isc_test_end() 2017-05-21 15:43:44 -07:00
Tinderbox User
dde6dc06b0 update copyright notice / whitespace 2017-05-11 23:45:33 +00:00
Mark Andrews
1611ceb8b2 4622. [bug] Remove unnecessary escaping of semicolon in CAA and 
URI records. [RT #45216]
 2017-05-11 10:54:52 +10:00
Tinderbox User
6c5c871053 update copyright notice / whitespace 2017-05-10 23:45:32 +00:00
Mark Andrews
2fb1a0bdef 4621. [port] Force alignment of oid arrays to silence loader 
warnings. [RT #45131]
 2017-05-11 09:24:36 +10:00
Mark Andrews
d352a9db95 4620. [port] Handle EPFNOSUPPORT being returned when probing 
to see if a socket type is supported. [RT #45214]
 2017-05-11 07:58:13 +10:00
Mark Andrews
d242bf393c 4618. [bug] Check isc_mem_strdup results in dns_view_setnewzones. 
Add logging for lmdb call failures. [RT #45204]
 2017-05-10 10:50:42 +10:00
Evan Hunt
9612549071 [master] change index to idx to avoid shadowed-variable warning 2017-05-04 09:34:10 -07:00
Evan Hunt
8b8c2650b8 [master] change 'index' to avoid shadowed variable warning 2017-05-03 12:36:54 -07:00
Tinderbox User
b168f3f805 update copyright notice / whitespace 2017-05-02 23:45:36 +00:00
Mark Andrews
33e94f501f 4615. [bug] AD could be set on truncated answer with no records 
present in the answer and authority sections.
                        [RT #45140]
 2017-05-03 07:51:41 +10:00
Evan Hunt
d73c32c17f [master] error in sockaddr unit test 
4614.	[test]		Fixed an error in the sockaddr unit test. [RT #45146]
 2017-05-02 13:40:49 -07:00
Evan Hunt
d39ab7440e [master] automatically tune max-journal-size 
4613.	[func]		By default, the maximum size of a zone journal file
			is now twice the size of the zone's contents (there
			is little benefit to a journal larger than this).
			This can be overridden by setting "max-journal-size"
			to "unlimited" or to an explicit value up to 2G.
			Thanks to Tony Finch. [RT #38324]
 2017-05-02 13:23:08 -07:00
Evan Hunt
4c97cb13bd [master] fix win32 build errors 2017-05-02 10:58:41 -07:00
Tinderbox User
1f1c7c3b0a update copyright notice / whitespace 2017-05-01 23:45:34 +00:00
Mark Andrews
b09eb48f8a 4612. [bug] Silence 'may be use uninitalised' warning and simplify 
the code in lwres/getaddinfo:process_answer.
                        [RT #45158]
 2017-05-02 09:23:49 +10:00
Evan Hunt
532a001001 [master] add util.h 2017-05-01 13:28:24 -07:00
Mark Andrews
d1554926d0 silence 'may be used uninitialized' warning. [RT #45139] 2017-04-28 11:01:23 +10:00
Mark Andrews
2e65a1905b add mark_stale_header and rbtdb_zero_header defines 2017-04-27 12:47:08 +10:00
Mark Andrews
cc3ebbfd91 silence unused-parameter warning 2017-04-27 09:48:29 +10:00
Tinderbox User
08e0f8fcfa update copyright notice / whitespace 2017-04-26 23:45:32 +00:00
Mukund Sivaraman
241b49e611 Set a LMDB mapsize and also provide a config option to control it (#44954) 2017-04-26 23:51:26 +05:30
Tinderbox User
18b7760b29 update copyright notice / whitespace 2017-04-24 23:45:33 +00:00
Mark Andrews
8296b23426 add dns_view_getnewzonedir, dns_view_setnewzonedir 2017-04-24 17:26:47 +10:00
Evan Hunt
2dfb992349 [master] new-zones-directory option 
4610.	[func]		The "new-zones-directory" option specifies the
			location of NZF or NZD files for storing
			configuration of zones added by "rndc addzone".
			Thanks to Petr Menšík. [RT #44853]
 2017-04-23 23:16:53 -07:00
Evan Hunt
67e1f8fa4e [master] allow parralel make 
4609.	[cleanup]	Rearrange makefiles to enable parallel execution
			(i.e. "make -j"). [RT #45078]
 2017-04-23 23:04:25 -07:00
Mark Andrews
8c6ed0fe5f 4607. [bug] The memory context's malloced and maxmalloced counters 
were being updated without the appropriate lock being
                        held.  [RT #44869]
 2017-04-24 11:33:30 +10:00
Evan Hunt
6ce8a05f6c [master] update copyrights that had been missed recently 2017-04-23 17:06:00 -07:00
Evan Hunt
5490188e22 [master] add allocate_version64 definition 2017-04-22 23:16:23 -07:00
Tinderbox User
1f6505a424 update copyright notice / whitespace 2017-04-22 23:45:41 +00:00
Mukund Sivaraman
b1568eeedc Add missing types for non-threaded build 2017-04-22 19:58:51 +05:30
Mukund Sivaraman
03be5a6b4e Improve performance for delegation heavy answers and also general query performance (#44029) 2017-04-22 09:22:44 +05:30
Evan Hunt
4c31eda5e1 [master] openssl backward compatibility fix 
4604.	[bug]		Don't use ERR_load_crypto_strings() when building
			with OpenSSL 1.1.0. [RT #45117]
 2017-04-21 18:56:00 -07:00
Evan Hunt
8ee6a6afd8 [master] fix portability issue 2017-04-21 18:16:00 -07:00
Tinderbox User
3618b965d1 update copyright notice / whitespace 2017-04-21 23:45:41 +00:00
Evan Hunt
d26ae7fc08 [master] give threads unique names to assist debugging 
4602.	[func]		Threads are now set to human-readable
			names to assist debugging, when supported by
			the OS. [RT #43234]
 2017-04-21 13:59:40 -07:00
Mukund Sivaraman
239e9dc81c Reject incorrect RSA key lengths during key generation and and sign/verify context creation (#45043) 2017-04-21 17:31:59 +05:30
Mukund Sivaraman
f23c10f925 Adjust RPZ trigger counts only when the entry being deleted exists (#43386) 2017-04-21 17:06:22 +05:30
Mukund Sivaraman
4176d278e2 Fix inconsistencies in inline signing time comparisons (#42112) 2017-04-21 16:43:58 +05:30
Mukund Sivaraman
5d01eab088 Ignore SHA-1 DS digest type when SHA-384 DS digest type is present (#45017) 2017-04-21 16:19:38 +05:30
Evan Hunt
019132b70c [master] fix dispatch.c shutdown race 
4952.	[bug]		A race condition on shutdown could trigger an
			assertion failure in dispatch.c. [RT #43822]
 2017-04-20 17:41:37 -07:00
Tinderbox User
3b443e87a0 update copyright notice / whitespace 2017-04-20 23:45:39 +00:00
Mark Andrews
600b027731 4587. [bug] named-checkzone failed to handle occulted data below 
DNAMEs correctly. [RT #44877]
 2017-04-20 13:28:48 +10:00
Mark Andrews
3742338a7b 4585. [port] win32: Set CompileAS value. [RT #42474] 2017-04-20 12:41:40 +10:00
Mark Andrews
ddac00e3e0 4584. [bug] A number of memory usage statistics were not properly 
reported when they exceeded 4G.  [RT #44750]
 2017-04-20 10:21:00 +10:00
Tinderbox User
a1d1a967da update copyright notice / whitespace 2017-04-17 23:45:35 +00:00
Evan Hunt
28cff4f924 [master] fix out of tree build error 2017-04-17 14:31:44 -07:00
Tinderbox User
5ea0584a94 update copyright notice / whitespace 2017-03-24 23:45:35 +00:00
Mark Andrews
8e8dfc5941 4582. [security] 'rndc ""' could trigger a assertion failure in named. 
(CVE-2017-3138) [RT #44924]
 2017-03-25 02:00:17 +11:00
Mark Andrews
638c7c635d 4580. [bug] 4578 introduced a regression when handling CNAME to 
referral below the current domain. [RT #44850]
 2017-03-14 15:07:00 +11:00
Tinderbox User
db1010fe82 update copyright notice / whitespace 2017-03-10 23:46:18 +00:00
Evan Hunt
ff711c866c [master] change strtoll() to isc_string_touint64() for portability 2017-03-09 15:17:10 -08:00
Evan Hunt
612b2e2c0d [master] timestamp suffixes for log files 
4579.	[func]		Logging channels and dnstap output files can now
			be configured with a "suffix" option, set to
			either "increment" or "timestamp", indicating
			whether to use incrementing numbers or timestamps
			as the file suffix when rolling over a log file.
			[RT #42838]
 2017-03-08 23:20:40 -08:00
Mark Andrews
f240f4a5de Reimplement: 
4578.   [security]      Some chaining (CNAME or DNAME) responses to upstream
                        queries could trigger assertion failures.
                        (CVE-2017-3137) [RT #44734]
 2017-03-01 12:01:16 +11:00
Evan Hunt
a1365a0042 [master] remove unnecessary INSIST 
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]
 2017-02-23 14:34:33 -08:00
Evan Hunt
18d49392fb [master] use isc_uint32_t instead of uint32_t 2017-02-21 10:45:02 -08:00
Witold Krecicki
0790f8a361 4577. [func] Make qtype of resolver fuzzing packet configurable via command line. [RT #43540] 2017-02-21 03:49:55 -08:00
Tinderbox User
e66aaccfd8 update copyright notice / whitespace 2017-02-20 23:45:32 +00:00
Witold Krecicki
fa9b4de716 4576. [func] The RPZ implementation has been substantially refactored for improved performance and reliability. [RT #43449] 2017-02-20 11:57:28 +01:00
Mark Andrews
87ff6241e4 dns_master_styleflags returns dns_masterstyle_flags_t 2017-02-20 17:39:20 +11:00
Mark Andrews
bd75947af7 reserve block for 9.12 2017-02-15 14:29:33 +11:00
Tinderbox User
f929677ed8 update copyright notice / whitespace 2017-02-08 23:45:32 +00:00
wpk
96912e44b0 4573. [func] Query logic has been substantially refactored (e.g. query_find function has been split into smaller functions) for improved readability, maintainability 2017-02-08 22:15:01 +01:00
Evan Hunt
d8339932af [master] fix memory leak from dnstap-output parsing 2017-02-06 22:13:51 -08:00
Mark Andrews
63f8c891d8 add dns_dt_setupfile 2017-02-07 13:21:20 +11:00
Evan Hunt
c4e4bd6a09 [master] dnstap size and versions options 
4572.	[func]		The "dnstap-output" option can now take "size" and
			"versions" parameters to indicate the maximum size
			a dnstap log file can grow before rolling to a new
			file, and how many old files to retain. [RT #44502]
 2017-02-06 16:34:58 -08:00
Evan Hunt
56cccde22b [master] fix build errors from inline macros (change 4565) 2017-02-06 10:41:45 -08:00
Tinderbox User
61f11922d3 update copyright notice / whitespace 2017-02-04 23:45:35 +00:00
Evan Hunt
650b5e7592 [master] store local and remote addresses in dnstap 
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]
 2017-02-03 17:05:58 -08:00
Tinderbox User
39f68aa480 update copyright notice / whitespace 2017-02-03 23:45:33 +00:00
Evan Hunt
f4d20b15a2 [master] silence "unused value" warning 2017-02-03 11:26:37 -08:00
Mark Andrews
c550e75ade 4567. [port] Call getprotobyname and getservbyname prior to calling 
chroot so that shared libraries get loaded. [RT #44537]
 2017-02-03 14:22:03 +11:00
Mark Andrews
4a85cab586 mem_put/mem_get were inconsistent in updating ctx->malloced if ISC_MEM_CHECKOVERRUN was defined 2017-02-03 12:39:35 +11:00
Tinderbox User
194f07c628 update copyright notice / whitespace 2017-02-02 23:45:47 +00:00
Evan Hunt
aace5d0fb3 [master] include ECS in query logging 
4566.	[func]		Query logging now includes the ECS option if one
			was included in the query. [RT #44476]
 2017-02-02 11:54:28 -08:00
Evan Hunt
7769c92946 [master] support autore in inline macro buffer functions 
4565.	[cleanup]	The inline macro versions of isc_buffer_put*()
			did not implement automatic buffer reallocation.
			[RT #44216]
 2017-02-02 11:32:39 -08:00
Mark Andrews
2f5444972a perform more testing on rndc <op> -redirect 2017-02-02 17:25:54 +11:00
Mark Andrews
dfe3068ef3 4563. [bug] Modified zones would occasionally fail to reload. 
[RT #39424]
 2017-02-02 17:11:15 +11:00
Mark Andrews
f783c2d579 4562. [func] Add additional memory statistics currently malloced 
and maxmalloced per memory context. [RT #43593]
 2017-02-02 15:36:38 +11:00
Evan Hunt
6cb5e36ca3 [master] Squashed commit of the following: 
4561.	[port]		Silence a warning in strict C99 compilers. [RT #44414]
 2017-02-01 17:31:11 -08:00
Tinderbox User
ed1f93cc24 update copyright notice / whitespace 2017-01-31 23:45:34 +00:00
Evan Hunt
a2bd99a959 [master] address portability issues 2017-01-30 16:52:18 -08:00
Mark Andrews
1d8995d226 add a REQUIRE to catch the NULL pointer dereference that triggered CVE-2017-3135 2017-01-31 11:20:03 +11:00
Evan Hunt
cd668ea57f [master] change 4558 was incomplete 2017-01-30 14:10:30 -08:00
Tinderbox User
b5808abc69 update copyright notice / whitespace 2017-01-24 23:45:30 +00:00
Mark Andrews
3e9f874e1f win32: add consts 2017-01-24 22:44:25 +11:00
Mark Andrews
25da687db7 4560. [bug] mdig: add -m option to enable memory debugging rather 
than have in on all the time. [RT #44509]

4559.   [bug]           Openssl_link.c didn't compile if ISC_MEM_TRACKLINES
                        was turned off.  [RT #44509]
 2017-01-24 17:48:31 +11:00
Mark Andrews
9f4bf43b79 4558. [bug] Synthesised CNAME before matching DNAME was still 
being cached when it should have been.  [RT #44318]
 2017-01-24 17:40:12 +11:00
Evan Hunt
4f744a027f [master] fix dig +ednsopt padding error 
4556.	[bug]		Sending an EDNS Padding option using "dig
			+ednsopt" could cause a crash in dig. [RT #44462]
 2017-01-19 23:52:41 -08:00
Tinderbox User
6084b738bc update copyright notice / whitespace 2017-01-14 23:45:36 +00:00
Mark Andrews
5dfa5221d5 4554. [bug] Remove double unlock in dns_dispatchmgr_setudp. 
[RT #44336]
 2017-01-14 13:12:00 +11:00
Tinderbox User
7b665158e9 update copyright notice / whitespace 2017-01-13 23:45:35 +00:00
Mark Andrews
b8eee0f48d make e's declaration unconditional. [RT #44324] 2017-01-13 16:10:25 +11:00
Tinderbox User
a9e8198788 update copyright notice / whitespace 2017-01-12 23:45:41 +00:00
Evan Hunt
364f064837 [master] fix function/prototype mismatch in dns_dt_send() 2017-01-12 09:22:53 -08:00
Mark Andrews
d2e1b47d4f 4553. [bug] Named could deadlock there were multiple changes to 
NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]
 2017-01-12 14:25:45 +11:00
Mark Andrews
7b9e28f1a5 4552. [bug] Named could trigger a assertion when sending notify 
messages. [RT #44019]
 2017-01-12 14:12:05 +11:00
Tinderbox User
052551c423 update copyright notice / whitespace 2017-01-10 23:45:34 +00:00
Evan Hunt
2e703d7b61 [master] expand the flags field in dns_master_style 
4550.	[cleanup]	Increased the number of available master file
			output style flags from 32 to 64. [RT #44043]
 2017-01-10 10:40:47 -08:00
Tinderbox User
9748633ce6 update copyright notice / whitespace 2017-01-06 23:45:26 +00:00
Mark Andrews
ea7d5332a6 address memory leak [RT #44072] 2017-01-06 18:48:37 +11:00
Tinderbox User
f557aeef7c update copyright notice / whitespace 2017-01-05 23:45:24 +00:00
Evan Hunt
6d25cd0502 [master] remove inline variable declaration (broke win32) 2017-01-04 11:17:06 -08:00
Evan Hunt
8dd5224034 [master] update libdns.def 2017-01-04 10:46:33 -08:00
Evan Hunt
5804332588 [master] EDNS padding and keepalive support 
4549.	[func]		Added support for the EDNS TCP Keepalive option
			(RFC 7828). [RT #42126]

4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
			[RT #42094]
 2017-01-04 09:16:30 -08:00
Evan Hunt
185d680e1a [master] add support for native pkcs11 on keyper 
4547.	[port]		Add support for --enable-native-pkcs11 on the AEP
			Keyper HSM. [RT #42463]
 2017-01-03 16:42:18 -08:00
Tinderbox User
ed07d7a8f5 update copyright notice / whitespace 2016-12-30 23:46:36 +00:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Evan Hunt
b3aebb5890 [master] silence warning 2016-12-28 17:54:16 -08:00
Mark Andrews
6adf421e7e 4510. [security] Named mishandled some responses where covering RRSIG 
records are returned without the requested data
                        resulting in a assertion failure. (CVE-2016-9147)
                        [RT #43548]
 2016-12-29 11:47:19 +11:00
Mark Andrews
2c1c4b99a1 4508. [security] Named incorrectly tried to cache TKEY records which 
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]
 2016-12-29 11:07:40 +11:00
Tinderbox User
4ef83f4333 update copyright notice / whitespace 2016-12-28 23:48:39 +00:00
Mark Andrews
f3bf3905c3 4517. [security] Named could mishandle authority sections that were 
missing RRSIGs triggering an assertion failure.
                        (CVE-2016-9444) [RT # 43632]

(cherry picked from commit 1df30cfd27c5a3c57fce357c54aaf6c702227d51)
 2016-12-29 10:39:51 +11:00
wpk
c4ecf87d21 [master] Remove spurious entry in lib/dns/win32/libdns.def.in 2016-12-28 19:21:36 +01:00
wpk
e910d18007 4545. [func] Make dnstap-read output more functionally usable. 
[RT #43642]

4544.	[func]		Add message/payload size to dnstap-read YAML output.
			[RT #43622]
 2016-12-28 11:57:28 +01:00
Mark Andrews
6f94747270 4543. [bug] dns_client_startupdate now delays sending the update 
request until isc_app_ctxrun has been called.
                        [RT #43976]
 2016-12-28 15:50:22 +11:00
Tinderbox User
c43f150d0a update copyright notice / whitespace 2016-12-26 23:46:20 +00:00
Mark Andrews
8e333f42ef 4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure. 
[RT #43601]
 2016-12-27 09:49:02 +11:00
Mark Andrews
762c4fc5a8 4539. [bug] Referencing a nonexistant zone with rpz could lead 
to a assertion failure when configuring. [RT #43787]
 2016-12-27 08:59:07 +11:00
Mark Andrews
aceabacdb8 4538. [bug] Call dns_client_startresolve from client->task. 
[RT #43896]
 2016-12-27 07:02:33 +11:00
Mark Andrews
e17d2f98be if gen fails remove the file [RT #43949] 2016-12-23 09:19:31 +11:00
Mark Andrews
c1870d0e44 freeaddrinfo is called too early. 2016-12-15 09:38:12 +11:00
Tinderbox User
29916e6d7c update copyright notice / whitespace 2016-12-13 23:46:28 +00:00
Mark Andrews
37a8db0ba4 4535. [bug] Address race condition in setting / testing of 
DNS_REQUEST_F_SENDING. [RT #43889]
 2016-12-14 10:31:26 +11:00
Mark Andrews
def6b33bad 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] 2016-12-13 16:27:18 +11:00
Mark Andrews
8ca45ba01a 4533. [bug] dns_client_update should terminate on prerequiste 
failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
                        and also on BADZONE.  [RT #43865]
 2016-12-13 15:47:03 +11:00
Mark Andrews
60cb462c56 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME 
in responses resulting in SERVFAIL being returned.
                        [RT #43779]
 2016-12-09 12:50:18 +11:00
Evan Hunt
f2c7ae114a [master] silence DSCP probing error 
4529.	[cleanup]	Silence noisy log warning when DSCP probe fails
			due to firewall rules. [RT #43847]
 2016-12-08 08:44:20 -08:00
Mark Andrews
c1619b8420 4528. [bug] Only set the flag bits for the i/o we are waiting 
for on EPOLLERR or EPOLLHUP. [RT #43617]
 2016-12-08 16:59:46 +11:00
Tinderbox User
16fde7f0b3 regen master 2016-12-07 01:05:34 +00:00
Mark Andrews
1b8ce3b330 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831] 2016-12-07 10:49:55 +11:00
Tinderbox User
8b22817d17 update copyright notice / whitespace 2016-12-05 23:46:20 +00:00
Mark Andrews
df372d967e 4524. [bug] The net zero test was broken causing IPv4 servers 
with addresses ending in .0 to be rejected. [RT #43776]
 2016-12-05 10:46:43 +11:00
Evan Hunt
b4d70a933c [master] expanded time unit test 2016-12-02 12:32:34 -08:00
Mukund Sivaraman
5c843b384d Add doc function for cfg_type_querysource4 and cfg_type_querysource6 (#43768) 2016-12-02 11:16:08 +05:30
Mark Andrews
cab871f1bc 4522. [bug] Handle big gaps in log file version numbers better. 
[RT #38688]
 2016-11-30 10:55:21 +11:00
Tinderbox User
1d7d7cdcda update copyright notice / whitespace 2016-11-29 23:46:09 +00:00
Mark Andrews
4352551d23 4520. [cleanup] Alphabetise more of the grammar when printing it 
out. Fix unbalanced indenting. [RT #43755]
 2016-11-29 15:28:28 +11:00
Mark Andrews
a611e44f9a 4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534] 2016-11-29 11:28:26 +11:00
Tinderbox User
ee47b6607a update copyright notice / whitespace 2016-11-23 23:46:11 +00:00
Evan Hunt
62c85a4a52 [master] allow different time formats: local, iso8601, iso8601-utc 
4518.	[func]		The "print-time" option in the logging configuration
			can now take arguments "local", "iso8601" or
			"iso8601-utc" to indicate the format in which the
			date and time should be logged. For backward
			compatibility, "yes" is a synonym for "local".
			[RT #42585]
 2016-11-22 23:34:47 -08:00
Mark Andrews
358c6ecd26 4516. [bug] isc_socketmgr_renderjson was missing from the 
windows build. [RT #43602]
 2016-11-22 12:07:42 +11:00
Mark Andrews
02c341f282 fix ISC_FORMAT_PRINTF paramaters for socket_log 2016-11-12 02:54:51 +11:00
Mark Andrews
e49d93c22d locks are only need in OpenSSL < 1.1 2016-11-09 10:05:50 +11:00
Mark Andrews
56c6fc0dac only call dns_test_begin once 
(cherry picked from commit f13c7b01746a07bef87a386ceff93ccb2a7488a9)
 2016-11-09 10:03:21 +11:00
Mark Andrews
fed2f7e4c1 remove spurious newline [RT #43585] 2016-11-09 08:26:39 +11:00
Evan Hunt
3ac0165723 [master] typo in comment 2016-11-08 09:06:23 -08:00
Mark Andrews
aa44b4682a copyrights/whitespace 2016-11-03 12:41:00 +11:00
Tinderbox User
e37bc34b31 update copyright notice / whitespace 2016-11-02 23:46:39 +00:00
Evan Hunt
c23255316e [master] typo 2016-11-02 09:43:11 -07:00
Francis Dupont
1c5861fa7b Fixed IP_PMTUDISC_OMIT typos 2016-11-02 09:18:14 +01:00
Mark Andrews
aee76db9e3 add dns_db_getsize, dns_rdataslab_count, dns_zone_getmaxrecords, dns_zone_setmaxrecords 2016-11-02 18:49:02 +11:00
Mark Andrews
a0caf66c97 remove review fprintf 2016-11-02 18:03:33 +11:00
Mark Andrews
2b2b85c897 4507. [bug] Name could incorrectly log 'allows updates by IP 
address, which is insecure' [RT #43432]
 2016-11-02 17:53:19 +11:00
Mark Andrews
a61f252391 4505. [port] Use IP_PMTUDISC_OMIT if available. [RT #35494] 2016-11-02 17:39:52 +11:00
Mark Andrews
5f8412a4cb 4504. [security] Allow the maximum number of records in a zone to 
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]
 2016-11-02 17:31:27 +11:00
Evan Hunt
1b2e798976 [master] restore dropped #else block 2016-11-01 22:34:33 -07:00
Evan Hunt
6087f87afb [master] make uninstall 
4503.	[cleanup]	"make uninstall" now removes file installed by
			BIND. (This currently excludes Python files
			due to lack of support in setup.py.) [RT #42912]
 2016-11-01 19:17:07 -07:00
Mark Andrews
89286906dc 4502. [func] Report multiple and experimental options when printing 
grammar. [RT #43134]
 2016-11-02 10:04:57 +11:00
Mark Andrews
e200da5044 4500. [bug] Support modifier I64 in isc__print_printf. [RT #43526] 2016-11-02 08:46:02 +11:00
Evan Hunt
3fb62a5a4e [master] use arc4random_stir() when available 
4499.	[port]		MacOSX: silence deprecated function warning
			by using arc4random_stir() when available
			instead of arc4random_addrandom(). [RT #43503]
 2016-11-01 14:00:46 -07:00
Mark Andrews
429b543086 add more LIBRESSL_VERSION_NUMBER checks 2016-11-01 12:36:38 +11:00
Mark Andrews
3d38cfaf8a add more LIBRESSL_VERSION_NUMBER checks 2016-11-01 12:24:22 +11:00
Mark Andrews
ace79092b3 update spelling in comment 2016-11-01 10:50:58 +11:00
Tinderbox User
3bd20c8dd4 update copyright notice / whitespace 2016-10-30 23:46:10 +00:00
Mark Andrews
1fce0951ed 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-10-31 10:04:37 +11:00
Mark Andrews
42470b0b87 4496. [func] dig: add +idnout to control whether labels are 
display in punycode or not.  Requires idn support
                        to be enabled at compile time. [RT #43398]
 2016-10-28 12:05:19 +11:00
Mark Andrews
49e94dc8d4 update copyrights 2016-10-28 11:27:49 +11:00
Mark Andrews
f21645e137 4495. [bug] A isc_mutex_init call was it being checked. [RT #43391] 2016-10-28 11:14:38 +11:00
Francis Dupont
13c1dd922d Merged rt43345 libisccfg spuriously depended on libisccc 2016-10-27 14:05:54 +02:00
Mark Andrews
55b78fff62 4492. [bug] irs_resconf_load failed to initialise sortlistnxt 
causing bad writes if resolv.conf contained a
                        sortlist directive. [RT #43459]
 2016-10-27 13:17:58 +11:00
Mark Andrews
8eaf918adf 4491. [bug] Improve message emitted when testing whether sendmsg 
works with TOS/TCLASS fails. [RT #43483]
 2016-10-27 09:02:06 +11:00
Mark Andrews
3b7cb2c5b1 4490. [maint] Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET. 2016-10-21 22:44:06 +11:00
Mark Andrews
bd6f27f5c3 4489. [security] It was possible to trigger assertions when processing 
a response. (CVE-2016-8864) [RT #43465]
 2016-10-21 14:55:10 +11:00
Witold Krecicki
358dfaee18 4487. [test] Make system tests work on Windows. [RT #42931] 2016-10-19 17:18:42 +02:00
Tinderbox User
0e2fe405f3 update copyright notice / whitespace 2016-10-11 23:46:16 +00:00
Mark Andrews
6bb84df34d fix typo 2016-10-11 17:05:36 +11:00
Mark Andrews
170ced60d8 don't require lctx to be non NULL 
(cherry picked from commit 3793d848bd)
 2016-10-11 17:03:28 +11:00
Mark Andrews
78aa92e5f5 use ISC_LOG_ERROR instead of ISC_LOG_WARNING for bad prefix 2016-10-11 15:06:15 +11:00
Mark Andrews
c5d4cfc8aa 4483. [func] Check prefixes in acls to make sure the address and 
prefix lengths are consistent.  Warn only in
                        BIND 9.11 and earlier. [RT #43367]
 2016-10-11 14:52:28 +11:00
Mark Andrews
61463ab7a4 4482. [bug] Address use before require check and remove extraneous 
dns_message_gettsigkey call in dns_tsig_sign.
                        [RT #43374]
 2016-10-11 14:40:29 +11:00
Evan Hunt
676ac3cc82 [master] add cfg_parse_buffer3() function with linenum parameter 
4482.	[cleanup]	Change #4455 was incomplete. [RT #43252]
 2016-10-10 17:11:21 -07:00
Tinderbox User
8657223ebc update copyright notice / whitespace 2016-10-05 23:45:39 +00:00
Mark Andrews
f77ee20a6c 4474. [bug] win32: call WSAStartup in fromtext_in_wks so that 
getprotobyname and getservbyname work.  [RT #43197]

(cherry picked from commit 82a50a619a)
 2016-10-05 12:29:23 +11:00
Mark Andrews
fe4d0fbc7c 4473. [bug] Only call fsync / _commit on regular files. [RT #43196] 2016-10-05 12:20:02 +11:00
Witold Krecicki
f78603b534 [master] Fix a minor bug in isc_netaddr_masktoprefixlen 2016-09-27 11:14:56 +02:00
Mark Andrews
b25638d9be sync with v9_11 for 9.11.0rc3 
(cherry picked from commit 47f8b47b8d)
 2016-09-26 18:49:24 +05:30
Mark Andrews
d9bc0a865e 4470. [bug] Reset message with intent parse before 
calling dns_dispatch_getnext. [RT #43229]
 2016-09-20 21:12:16 +10:00
Mark Andrews
4f713200f8 sync with 9.11.0rc2 2016-09-20 20:54:27 +10:00
Mark Andrews
df17290113 4468. [bug] Address ECS option handling issues. [RT #43191] 2016-09-14 08:22:15 +10:00
Mark Andrews
2bd0922cf9 4467. [security] It was possible to trigger a assertion when rendering 
a message. [RT #43139]
 2016-09-09 11:29:48 +10:00
Mark Andrews
61ca100b80 4466. [bug] Interface scanning didn't work on a Windows system 
without a non local IPv6 addresses. [RT #43130]
 2016-09-08 14:25:20 +10:00
Mark Andrews
58d622d96d 4462. [bug] Don't describe a returned EDNS COOKIE as "good" 
when there isn't a valid server cookie. [RT #43167]
 2016-09-08 11:34:19 +10:00
Mark Andrews
8eceb0bffe 4461. [bug] win32: not all external data was properly marked 
as external data for windows dll. [RT #43161]
 2016-09-07 14:12:11 +10:00
Mark Andrews
e7bb78349f sync w/ 9.11.0rc1 2016-08-31 12:15:55 +10:00
Mark Andrews
9d11e46714 silence unused variable 'pollstate' warning [RT #43109] 2016-08-30 14:25:41 +10:00
Mukund Sivaraman
becac651e8 Update assertions to be more correct, and also remove use of a reserved word (#43090) 
Note: this doesn't actually fix #43090.
 2016-08-29 18:52:55 +05:30
Mark Andrews
c55b572ccf 4457. [maint] Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET. 2016-08-29 10:15:12 +10:00
Mark Andrews
63fe88e8d8 4456. [doc] Add DOCTYPE and lang attribute to <html> tags. 
[RT #42587]
 2016-08-26 15:14:04 +10:00
Mark Andrews
8560e8486a add isc_lex_setsourceline 2016-08-26 03:15:32 +00:00
Evan Hunt
02fb764681 [master] pass source file and line to dyndb load function 
4455.	[cleanup]	Allow dyndb modules to correctly log the filename
			and line number when processing configuration text
			from named.conf. [RT #43050]
 2016-08-25 18:08:26 -07:00
Tinderbox User
fba207e51a update copyright notice / whitespace 2016-08-25 23:45:37 +00:00
Mark Andrews
7535dd93a1 rename ioqversion -> generation; move increment before fstrm_iothr_destroy 2016-08-24 22:06:00 -04:00
Mark Andrews
726cddb564 4454. [bug] 'rndc dnstap -reopen' had a race issue. [RT #43089] 2016-08-25 10:03:22 +10:00
Mark Andrews
f431bf02a6 4453. [bug] Prefetching of DS records failed to update their 
RRSIGs. [RT #42865]
 2016-08-25 09:51:31 +10:00
Mark Andrews
888dc0fb4f update copyrights / whitespace 2016-08-23 09:48:35 +10:00
Francis Dupont
76a3f42977 Added print.h include 2016-08-22 14:25:10 +02:00
Francis Dupont
fc41d120f0 Merged rt43077 (new RSA verify unit test) 2016-08-22 14:10:21 +02:00
Francis Dupont
2f08617da9 Merged rt43076 (log PKCS#11 provider load failure) 2016-08-22 13:59:53 +02:00
Tinderbox User
34da98377c update copyright notice / whitespace 2016-08-19 01:23:21 +00:00
Evan Hunt
6d2963e4d4 [master] clarify README.site 2016-08-18 17:52:49 -07:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
dec17fb662 install isc/errno.h 2016-08-18 22:12:14 +10:00
Mark Andrews
6e4788dd12 4448. [bug] win32: ::1 was not being found when iterating 
interfaces. [RT #42993]
 2016-08-18 21:58:13 +10:00
Mark Andrews
81ace51190 add dns_dt_getstats 2016-08-18 12:21:28 +10:00
Mark Andrews
934837913f 4447. [tuning] Allow the fstrm_iothr_init() options to be set using 
named.conf to control how dnstap manages the data
                        flow. [RT #42974]
 2016-08-18 11:16:06 +10:00
Evan Hunt
46e7763d19 [master] check for STALE rdatasets in cache search 
4446.	[bug]		The cache_find() and _findrdataset() functions
			could find rdatasets that had been marked stale.
			[RT #42853]
 2016-08-17 11:44:24 -07:00
Evan Hunt
3390d74e33 [master] fix dyndb issues; isc_errno_toresult() 
4445.	[cleanup]	isc_errno_toresult() can now be used to call the
			formerly private function isc__errno2result().
			[RT #43050]

4444.	[bug]		Fixed some issues related to dyndb: A bug caused
			braces to be omitted when passing configuration text
			from named.conf to a dyndb driver, and there was a
			use-after-free in the sample dyndb driver. [RT #43050]

Patch for dyndb driver submitted by Petr Spacek at Red Hat.
 2016-08-17 11:37:57 -07:00
Mark Andrews
4cb2ad343f use explict casts to silence truncation warnings 2016-08-16 12:29:09 +10:00
Mark Andrews
7872d4d1c0 4443. [func] Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on 
TCP sockets. [RT #42864]
 2016-08-16 07:42:25 +10:00
Mark Andrews
42a14518ac don't return void 2016-08-16 07:33:25 +10:00
Francis Dupont
fcb2309a9a Fixed trivial typo 2016-08-15 17:13:13 +02:00
Mukund Sivaraman
131307a70e Fix RPZ CIDR tree insertion bug (#43035) 2016-08-15 14:17:02 +05:30
Tinderbox User
2799701c32 update copyright notice / whitespace 2016-08-12 23:45:28 +00:00
Mark Andrews
a977bc4c8e 4440. [func] Enable TCP fast open support when available on the 
server side. [RT #42866]
 2016-08-12 15:31:33 +10:00
Mark Andrews
c7e021e2e6 4439. [bug] Address race conditions getting ownernames of nodes. 
[RT #43005]
 2016-08-12 14:08:48 +10:00
Mark Andrews
d260d5ef4c add isc_ratelimiter_setpushpop 2016-08-12 12:39:25 +10:00
Mark Andrews
5734cd3943 4438. [func] Use LIFO rather than FIFO when processing startup 
notify and refresh queries. [RT #42825]
 2016-08-12 11:33:48 +10:00
Mark Andrews
78e31dd187 4437. [func] Minimal-responses now has two additional modes 
no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]
 2016-08-12 10:48:51 +10:00
Mark Andrews
aaeed646fe Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2016-08-12 10:06:42 +10:00
Mark Andrews
bb900e62bf 4436. [func] Return TLSA records as additional data for MX and SRV 
lookups. [RT #42894]
 2016-08-12 10:03:23 +10:00
Tinderbox User
e29263c656 update copyright notice / whitespace 2016-08-11 23:45:29 +00:00
Mark Andrews
31ffec1541 4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message 
will not fit into a single IPv4 encapsulated IPv6
                        UDP packet when transmitted over a Ethernet link.
                        [RT #42871]
 2016-08-12 09:41:59 +10:00
Evan Hunt
d06aed77ff [master] remove spurious newline in EDNS EXPIRE logging 
Patch submitted by Tony Finch (dot@dotat.at).
 2016-08-10 09:25:48 -07:00
Mark Andrews
632e67baa6 4431. [bug] named-checkconf now checks the rate-limit clause. 
[RT #42970]
 2016-08-08 23:52:40 +10:00
Mark Andrews
c1915935cf 4429. [bug] Address potential use after free on fclose() error. 
[RT #42976]
 2016-08-08 09:50:34 +10:00
Mark Andrews
c4153b554d 4428. [bug] The "test dispatch getnext" unit test could fail 
in a threaded build. [RT #42979]
 2016-08-08 09:35:17 +10:00
Mark Andrews
969e4ba50c sync with 9.11.0.b3 2016-07-30 07:14:31 +10:00
Tinderbox User
3e6b0b4931 update copyright notice / whitespace 2016-07-22 23:46:17 +00:00
Mark Andrews
6655b7db13 add dns_keytable_forall 2016-07-22 20:33:51 +10:00
Mark Andrews
f20179857a 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries 
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]
 2016-07-22 20:02:17 +10:00
Evan Hunt
45cf2311b9 [master] add aaaa for b.root-servers.net 
4423.	[maint]		Added missing IPv6 address 2001:500:84::b for
			B.ROOT-SERVERS.NET. [RT #42898]

Patch submitted by Xoze Vazquez Perez (xose.vazquez@gmail.com).
 2016-07-21 20:01:23 -07:00
Tinderbox User
2bc4d454e1 update copyright notice / whitespace 2016-07-21 23:46:03 +00:00
Evan Hunt
eca74c52c1 [master] store "addzone" zone config in a NZD database 
4421.	[func]		When built with LMDB (Lightning Memory-mapped
			Database), named will now use a database to store
			the configuration for zones added by "rndc addzone"
			instead of using a flat NZF file. This improves
			performance of "rndc delzone" and "rndc modzone"
			significantly. Existing NZF files will
			automatically by converted to NZD databases.
			To view the contents of an NZD or to roll back to
			NZF format, use "named-nzd2nzf". To disable
                        this feature, use "configure --without-lmdb".
                        [RT #39837]
 2016-07-21 11:13:37 -07:00
Witold Krecicki
e4d4de075a 4419. [bug] Don't cause undefined result if the label of an 
entry in catalog zone is changed. [RT #42708]
 2016-07-21 13:08:50 +02:00
Witold Krecicki
2eff13a562 4418. [bug] Fix a compiler warning in GSSAPI code. [RT #42879] 2016-07-21 12:15:55 +02:00
Tinderbox User
2ac08fab22 regen master 2016-07-21 07:34:19 +00:00
Mark Andrews
30e4fbdfb5 consolidate copyrights 2016-07-21 17:24:07 +10:00
Tinderbox User
6807a2dc3c regen master 2016-07-21 07:11:01 +00:00
Mark Andrews
813e9f7ee2 copyright 2016-07-21 17:00:44 +10:00
Evan Hunt
ad2611f9af [master] fix isc_atomic_xadd() on MIPS 
4414.	[bug]		Corrected a bug in the MIPS implementation of
			isc_atomic_xadd(). [RT #41965]

Submitted by Lamont Jones (lamont@debian.org). Closes Debian issue #406409.
 2016-07-19 11:10:43 -07:00
Mark Andrews
203b6934f4 sync w/ 9.11.0b2 2016-07-14 15:13:57 +10:00
Mark Andrews
63e58ad048 4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED 
was returned. [RT #42733]
 2016-07-14 15:06:28 +10:00
Mark Andrews
fef0080f14 Windows doesn't like LLU use ULL instead 2016-07-14 11:15:46 +10:00
Mukund Sivaraman
e65cd99461 Some general cleanup (#42827) 2016-07-13 14:15:22 +05:30
Mukund Sivaraman
4116177ac4 Make fixes for GCC 6 (#42721) 2016-07-13 13:55:50 +05:30
Evan Hunt
ffa622d7a3 [master] rndc dnstap -roll 
4411.	[func]		"rndc dnstap -roll" automatically rolls the
			dnstap output file; the previous version is
			saved with ".0" suffix, and earlier versions
			with ".1" and so on. An optional numeric argument
			indicates how many prior files to save. [RT #42830]
 2016-07-13 01:12:47 -07:00
Mark Andrews
a2101037d9 4410. [bug] Address use after free and memory leak with dnstap. 
[RT #42746]
 2016-07-13 16:56:11 +10:00
Tinderbox User
3e0b34d0ac update copyright notice / whitespace 2016-07-11 23:46:33 +00:00
Mark Andrews
557c7221fd 4409. [bug] DNS64 should exlude mapped addresses by default when 
a exclude acl is not defined. [RT #42810]
 2016-07-11 14:11:34 +10:00
Mark Andrews
ec5e01747a 4408. [func] Continue waiting for expected response when we the 
response we get does not match the request. [RT #41026]
 2016-07-11 13:36:16 +10:00
Mukund Sivaraman
27038b159b Use GCC builtin for clz in RPZ lookup code (#42818) 2016-07-10 19:47:37 +05:30
Mark Andrews
d811a7d9ef 4405. [bug] Change 4342 introduced a regression where you could 
not remove a delegation in a NSEC3 signed zone using
                        OPTOUT via nsupdate. [RT #42702]
 2016-07-06 10:13:15 +10:00
Evan Hunt
44cb1a4859 [master] remove spurious license text 2016-07-05 15:41:09 -07:00
Evan Hunt
30ca620976 [master] clarify some comments 2016-07-05 10:54:56 -07:00
Mark Andrews
96987fd6f7 add 9.11.0b1 release marker to master 2016-07-05 08:19:59 +10:00
Mark Andrews
700e08fcc4 #include <stdlib.h> 2016-06-29 11:38:45 +10:00
Mark Andrews
ecfa005085 4403. [bug] Rename variables and arguments that shadow: basename, 
clone and gai_error.
 2016-06-28 21:25:30 -04:00
Tinderbox User
33d0a7767d regen master 2016-06-27 05:29:38 +00:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
980c504b30 fix null pointer comparisons 2016-06-26 17:23:58 +10:00
Mark Andrews
8927a982bd update copyrights / whitespace 2016-06-24 16:23:26 +10:00