upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-14 06:32:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
25576 commits 18 branches 854 tags 440 MiB
Commit graph

3378 commits

Author SHA1 Message Date
Mukund Sivaraman
188fa6ea68 Add missing <isc/print.h> 2017-09-13 19:44:47 +05:30
Francis Dupont
804ca1d926 Added isc/string.h to shutdown_test which got strlcpy 2017-09-13 14:34:54 +02:00
Evan Hunt
114f95089c [master] cleanup strcat/strcpy 
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]
 2017-09-13 00:14:37 -07:00
Evan Hunt
20502f35dd [master] allow CDS/CDNSKEY records to be signed with only KSK 
4721.	[func]		'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
			options now apply to CDNSKEY and DS records as well
			as DNSKEY. Thanks to Tony Finch. [RT #45689]
 2017-09-12 23:09:48 -07:00
Mark Andrews
e930487ce7 give more time for the initial signing of bits in the inline signing test to complete 2017-09-13 12:18:59 +10:00
Tinderbox User
1e33899f86 update copyright notice / whitespace 2017-09-12 23:46:14 +00:00
Evan Hunt
25b33bede4 [master] improve handling of qcount=0 replies 
4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
			FORMERR if TC=0, and log the error correctly.
			[RT #45836]
 2017-09-12 15:26:30 -07:00
Evan Hunt
534c43860e [master] update copyrights 2017-09-11 17:47:12 -07:00
Evan Hunt
f3ce87e1a1 [master] copyrights 2017-09-11 17:01:09 -07:00
Tinderbox User
0d9572e437 update copyright notice / whitespace 2017-09-11 23:46:33 +00:00
Evan Hunt
b103b0c011 [master] remap getaddrinfo() to irs_getgetaddrinfo() 
The libirs version of getaddrinfo() cannot be called from within BIND9.
 2017-09-11 15:03:57 -07:00
Evan Hunt
2e0493c046 [master] add print.h 2017-09-11 12:37:58 -07:00
Evan Hunt
3363f3147a [master] DNS Response Policy Service API 
4713.	[func]		Added support for the DNS Response Policy Service
			(DNSRPS) API, which allows named to use an external
			response policy daemon when built with
			"configure --enable-dnsrps".  Thanks to Vernon
			Schryver and Farsight Security. [RT #43376]
 2017-09-11 11:57:43 -07:00
Evan Hunt
8e014c45ae [master] dig: retain domain when retrying with tcp 
4712.	[bug]		"dig +domain" and "dig +search" didn't retain the
			search domain when retrying with TCP. [RT #45547]
 2017-09-11 10:10:16 -07:00
Evan Hunt
3e66721b35 [master] add missing rrtypes to genzones 
4711.	[test]		Some RR types were missing from genzones.sh.
			[RT #45782]
 2017-09-11 09:34:41 -07:00
Tinderbox User
672586440b update copyright notice / whitespace 2017-09-09 23:46:01 +00:00
Evan Hunt
e06d728f13 [master] removed outdated library reference 2017-09-09 11:49:04 -07:00
Francis Dupont
90f6140832 Finished merge of rt45019 (openssl hash default) 2017-09-09 10:30:16 +02:00
Evan Hunt
8eb88aafee [master] add libns and remove liblwres 
4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                        are no longer supported. [RT #45186]

4707.	[func]		The lightweight resolver daemon and library (lwresd
			and liblwres) have been removed. [RT #45186]

4706.	[func]		Code implementing name server query processing has
			been moved from bin/named to a new library "libns".
			Functions remaining in bin/named are now prefixed
			with "named_" rather than "ns_".  This will make it
			easier to write unit tests for name server code, or
			link name server functionality into new tools.
			[RT #45186]
 2017-09-08 13:47:34 -07:00
Evan Hunt
509ba96497 [rt45019] separate DNS_CRYPTO_LIBS from ISC_OPENSSL_LIBS and use both 2017-09-07 22:05:20 -07:00
Tinderbox User
40780aa36f update copyright notice / whitespace 2017-09-06 23:46:23 +00:00
Mark Andrews
023ab19634 add quotes arount $send_response 2017-09-06 19:26:10 +10:00
Mark Andrews
df50751585 4700. [func] Serving of stale answers is now supported. This 
allows named to provide stale cached answers when
                        the authoritative server is under attack.
                        See max-stale-ttl, stale-answer-enable,
                        stale-answer-ttl. [RT #44790]
 2017-09-06 09:58:29 +10:00
Tinderbox User
421f833b67 update copyright notice / whitespace 2017-09-04 23:46:16 +00:00
Mark Andrews
e2a737bcb8 4699. [func] Multiple cookie-secret clauses can now be specified. 
The first one specified is used to generate new
                        server cookies.  [RT #45672]
 2017-09-05 09:19:45 +10:00
Mark Andrews
39a7292aab check for dnssec support 2017-09-04 10:23:03 +10:00
Tinderbox User
24036b61f6 update copyright notice / whitespace 2017-09-01 23:45:56 +00:00
Mark Andrews
eb7c571e93 specify algorithm 2017-09-01 15:34:38 +10:00
Mark Andrews
0f1fc8f421 specify algorithm; remove partial duplicate test; add missing test numbers 2017-09-01 14:52:26 +10:00
Mark Andrews
2e743d9bdc Squashed commit of the following: 
commit 2a0e5695da2e0f701191e2783209ac05c9d01e6c
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 12:15:05 2017 +1000

    remove 'on' from error message

commit f18a8d699b69be35b938cfe2b30ebb30cd78e814
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 11:58:41 2017 +1000

    add more cookie-secret named-checkconf tests

commit ca8f5f5f57ccbeb970310866523a909eb411a554
Author: Mark Andrews <marka@isc.org>
Date:   Thu Aug 31 11:31:57 2017 +1000

    properly check algorithm names
 2017-08-31 12:19:37 +10:00
Evan Hunt
45afdb2672 [master] remove default algorithm in dnssec-keygen 
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
 2017-08-30 18:51:11 -07:00
Tinderbox User
587f005032 update copyright notice / whitespace 2017-08-30 23:46:18 +00:00
Mark Andrews
0aed466565 4693. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]
 2017-08-31 07:57:50 +10:00
Tinderbox User
731ec8ce9b update copyright notice / whitespace 2017-08-29 23:46:16 +00:00
Michał Kępień
efe7977c4d [master] Add -4/-6 command line options to nsupdate and rndc 
4691.	[func]		Add -4/-6 command line options to nsupdate and rndc.
			[RT #45632]
 2017-08-29 10:21:54 +02:00
Michał Kępień
d6814700de [master] Ensure consistent handling of -4/-6 command line options in all tools 
4690.	[bug]		Command line options -4/-6 were handled inconsistently
			between tools. [RT #45632]
 2017-08-29 10:19:38 +02:00
Mark Andrews
07741d43c8 4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in 
messages. [RT #44804]
 2017-08-25 08:38:19 +10:00
Michał Kępień
330365566d [master] Prevent dnssec-settime from printing a bogus warning 
4686.	[bug]		dnssec-settime -p could print a bogus warning about
			key deletion scheduled before its inactivation when a
			key had an inactivation date set but no deletion date
			set. [RT #45807]
 2017-08-21 10:20:10 +02:00
Michał Kępień
5201b96d03 [master] Fix calculation of dates for a successor key 
4685.	[bug]		dnssec-settime incorrectly calculated publication and
			activation dates for a successor key. [RT #45806]
 2017-08-21 09:55:36 +02:00
Michał Kępień
367fcd7454 [master] Prevent delv from sending bogus queries for provided server address 
4684.	[bug]		delv could send bogus DNS queries when an explicit
			server address was specified on the command line along
			with -4/-6. [RT #45804]
 2017-08-21 09:18:13 +02:00
Tinderbox User
22eb446339 update copyright notice / whitespace 2017-08-17 23:46:21 +00:00
Michał Kępień
1aa583b5a5 [master] Prevent nsupdate from immediately exiting on invalid user input in interactive mode 
4683.	[bug]		Prevent nsupdate from immediately exiting on invalid
			user input in interactive mode. [RT #28194]
 2017-08-17 08:29:12 +02:00
Mark Andrews
615b961e02 4682. [bug] Don't report errors on records below a DNAME. 
[RT #44880]
 2017-08-17 15:49:59 +10:00
Tinderbox User
6a14924454 update copyright notice / whitespace 2017-08-15 23:47:19 +00:00
Mark Andrews
52fd57c989 4681. [bug] Log messages from the validator now include the 
associated view unless the view is "_default/IN"
                        or "_dnsclient/IN". [RT #45770]
 2017-08-16 09:29:20 +10:00
Mark Andrews
e85a2c5624 'uname -o' is not portable, suppress error message; remove spurious cat tmp.out; provide forensics for failure analysis 2017-08-15 18:02:24 +10:00
Tinderbox User
1c3b9b7666 update copyright notice / whitespace 2017-08-14 23:48:00 +00:00
Michał Kępień
877c264edc [master] Make dnssec-verify suggest using -o when appropriate 
4679.	[cleanup]	Suggest using -o when dnssec-verify finds a SOA record
			not at top of zone and -o is not used. [RT #45519]
 2017-08-14 14:01:27 +02:00
Mark Andrews
00f067539a sort options 2017-08-14 21:40:59 +10:00
Tinderbox User
f4eb664ce3 update copyright notice / whitespace 2017-08-09 23:47:50 +00:00