Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9

CHANGES

@@ -1,5 +1,19 @@
+3975.	[bug]		Don't populate or use the bad cache for queries that
+			don't request or use recursion. [RT #37466]
+
+3974.	[bug]		handle DH_compute_key() failure correctly in
+			openssldh_link.c. [RT #37477]
+
+3973.	[func]		Added hooks for Google/Great Performance Tools
+			CPU Profiler, including in real time. [RT #37339]
+
+3972.	[bug]		Fix host's usage statement. [RT #37397]
+
+3971.	[bug]		Reduce the cascasding failures due to a bad $TTL line
+			in named-checkconf / named-checkzone. [RT #37138]
+
 3970.   [contrib]       Fixed a use after free bug in the SDB LDAP driver.
-                        [RT #37237]
+			[RT #37237]
 
 3969.	[test]		Added 'delv' system test. [RT #36901]
 

bin/check/named-checkconf.c

@@ -67,7 +67,7 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr, "usage: %s [-h] [-j] [-p] [-v] [-z] [-t directory] "
+	fprintf(stderr, "usage: %s [-h] [-j] [-p [-x]] [-v] [-z] [-t directory] "
 		"[named.conf]\n", program);
 	exit(1);
 }

bin/dig/host.c

@@ -165,7 +165,7 @@ show_usage(void) {
 "       -4 use IPv4 query transport only\n"
 "       -6 use IPv6 query transport only\n"
 "       -m set memory debugging flag (trace|record|usage)\n"
-"       -v print version number and exit\n", stderr);
+"       -V print version number and exit\n", stderr);
 	exit(1);
 }
 

bin/named/main.c

@@ -54,6 +54,10 @@
 
 #include <dlz/dlz_dlopen_driver.h>
 
+#ifdef HAVE_GPERFTOOLS_PROFILER
+#include <gperftools/profiler.h>
+#endif
+
 
 /*
  * Defining NS_MAIN provides storage declarations (rather than extern)
@@ -1169,6 +1173,10 @@ main(int argc, char *argv[]) {
 	char *instance = NULL;
 #endif
 
+#ifdef HAVE_GPERFTOOLS_PROFILER
+	(void) ProfilerStart(NULL);
+#endif
+
 	/*
 	 * Record version in core image.
 	 * strings named.core | grep "named version:"
@@ -1288,5 +1296,9 @@ main(int argc, char *argv[]) {
 
 	ns_os_shutdown();
 
+#ifdef HAVE_GPERFTOOLS_PROFILER
+	ProfilerStop();
+#endif
+
 	return (0);
 }

bin/named/query.c

@@ -6303,32 +6303,36 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 	 * if the current query has CD=0, then we can just return
 	 * SERVFAIL now.
 	 */
-	flags = 0;
-	failcache = dns_badcache_find(client->view->failcache,
-				      client->query.qname, qtype,
-				      &flags, &client->tnow);
-	if (failcache && (((flags & NS_FAILCACHE_CD) != 0) ||
-			  ((client->message->flags & DNS_MESSAGEFLAG_CD) == 0)))
-	{
-		if (isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(1))) {
-			char namebuf[DNS_NAME_FORMATSIZE];
-			char typename[DNS_RDATATYPE_FORMATSIZE];
+	if (RECURSIONOK(client)) {
+		flags = 0;
+		failcache = dns_badcache_find(client->view->failcache,
+					      client->query.qname, qtype,
+					      &flags, &client->tnow);
+		if (failcache &&
+		    (((flags & NS_FAILCACHE_CD) != 0) ||
+		     ((client->message->flags & DNS_MESSAGEFLAG_CD) == 0)))
+		{
+			if (isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(1))) {
+				char namebuf[DNS_NAME_FORMATSIZE];
+				char typename[DNS_RDATATYPE_FORMATSIZE];
 
-			dns_name_format(client->query.qname,
-					namebuf, sizeof(namebuf));
-			dns_rdatatype_format(qtype,
-					     typename, sizeof(typename));
-			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
-				      NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(1),
-				      "servfail cache hit %s/%s (%s)",
-				      namebuf, typename,
-				      ((flags & NS_FAILCACHE_CD) != 0)
-				       ? "CD=1"
-				       : "CD=0");
+				dns_name_format(client->query.qname,
+						namebuf, sizeof(namebuf));
+				dns_rdatatype_format(qtype, typename,
+						     sizeof(typename));
+				ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+					      NS_LOGMODULE_QUERY,
+					      ISC_LOG_DEBUG(1),
+					      "servfail cache hit %s/%s (%s)",
+					      namebuf, typename,
+					      ((flags & NS_FAILCACHE_CD) != 0)
+					       ? "CD=1"
+					       : "CD=0");
+			}
+			client->attributes |= NS_CLIENTATTR_NOSETFC;
+			QUERY_ERROR(DNS_R_SERVFAIL);
+			goto cleanup;
 		}
-		client->attributes |= NS_CLIENTATTR_NOSETFC;
-		QUERY_ERROR(DNS_R_SERVFAIL);
-		goto cleanup;
 	}
 
 	/*
@@ -8385,6 +8389,7 @@ ns_query_start(ns_client_t *client) {
 		 */
 		client->query.attributes &=
 			~(NS_QUERYATTR_RECURSIONOK|NS_QUERYATTR_CACHEOK);
+		client->query.attributes |= NS_CLIENTATTR_NOSETFC;
 	} else if ((client->attributes & NS_CLIENTATTR_RA) == 0 ||
 		   (message->flags & DNS_MESSAGEFLAG_RD) == 0) {
 		/*
@@ -8394,6 +8399,7 @@ ns_query_start(ns_client_t *client) {
 		 * doesn't want recursion, turn recursion off.
 		 */
 		client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
+		client->query.attributes |= NS_CLIENTATTR_NOSETFC;
 	}
 
 	/*

bin/tests/system/checkconf/altdlz.conf

@@ -23,3 +23,8 @@ zone "example.com" {
 	type master;
 	dlz external;
 };
+
+zone "." {
+	type redirect;
+	dlz external;
+};

bin/tests/system/checkzone/zones/badttl.db

@@ -0,0 +1,23 @@
+; Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+
+$TTL
+@		SOA     ns hostmaster 2011012708 3600 1200 604800 1200
+                NS      ns
+ns		A       192.0.2.1
+
+ns-and-dname	NS      ns.ns-and-dname
+		DNAME	example.com.
+ns.ns-and-dname	A       203.178.141.207

bin/tests/system/dnssec/tests.sh

@@ -2166,14 +2166,14 @@ status=`expr $status + $ret`
 echo "I:checking dnskey query with no data still gets put in cache ($n)"
 ret=0
 myDIGOPTS="+noadd +nosea +nostat +noquest +nocomm +nocmd -p 5300 @10.53.0.4"
-firstVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'`
+firstVal=`$DIG $myDIGOPTS insecure.example. dnskey| awk '$1 != ";;" { print $2 }'`
 sleep 1
-secondVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'`
-if [ $firstVal -eq $secondVal ]
+secondVal=`$DIG $myDIGOPTS insecure.example. dnskey| awk '$1 != ";;" { print $2 }'`
+if [ ${firstVal:-0} -eq ${secondVal:-0} ]
 then
 	sleep 1
-	thirdVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'`
-	if [ $firstVal -eq $thirdVal ]
+	thirdVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '$1 != ";;" { print $2 }'`
+	if [ ${firstVal:-0} -eq ${thirdVal:-0} ]
 	then
 		echo "I: cannot confirm query answer still in cache"
 		ret=1
@@ -2339,13 +2339,13 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload expiring.example 2>&1 |
 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush
 $DIG +noall +answer +dnssec +cd -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.1.$n
 $DIG +noall +answer +dnssec -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n
-ttls=`awk '{print $2}' dig.out.ns4.1.$n`
-ttls2=`awk '{print $2}' dig.out.ns4.2.$n`
-for ttl in $ttls; do
-    [ $ttl -eq 300 ] || ret=1
+ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n`
+ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n`
+for ttl in ${ttls:-0}; do
+    [ ${ttl:-0} -eq 300 ] || ret=1
 done
-for ttl in $ttls2; do
-    [ $ttl -le 60 ] || ret=1
+for ttl in ${ttls2:-0}; do
+    [ ${ttl:-0} -le 60 ] || ret=1
 done
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -2354,15 +2354,16 @@ status=`expr $status + $ret`
 echo "I:testing TTL is capped at RRSIG expiry time for records in the additional section ($n)"
 ret=0
 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush
+sleep 1
 $DIG +noall +additional +dnssec +cd -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n
 $DIG +noall +additional +dnssec -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n
-ttls=`awk '{print $2}' dig.out.ns4.1.$n`
-ttls2=`awk '{print $2}' dig.out.ns4.2.$n`
-for ttl in $ttls; do
-    [ $ttl -eq 300 ] || ret=1
+ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n`
+ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n`
+for ttl in ${ttls:-300}; do
+    [ ${ttl:-0} -eq 300 ] || ret=1
 done
-for ttl in $ttls2; do
-    [ $ttl -le 60 ] || ret=1
+for ttl in ${ttls2:-0}; do
+    [ ${ttl:-0} -le 60 ] || ret=1
 done
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -2377,12 +2378,12 @@ ret=0
 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush
 $DIG +noall +answer +dnssec +cd -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.1.$n
 $DIG +noall +answer +dnssec -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n
-ttls=`awk '{print $2}' dig.out.ns4.1.$n`
-ttls2=`awk '{print $2}' dig.out.ns4.2.$n`
-for ttl in $ttls; do
+ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n`
+ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n`
+for ttl in ${ttls:-0}; do
     [ $ttl -eq 300 ] || ret=1
 done
-for ttl in $ttls2; do
+for ttl in ${ttls2:-0}; do
     [ $ttl -le 120 -a $ttl -gt 60 ] || ret=1
 done
 n=`expr $n + 1`
@@ -2393,12 +2394,12 @@ echo "I:testing TTL of expired RRsets with dnssec-accept-expired yes; ($n)"
 ret=0
 $DIG +noall +answer +dnssec +cd -p 5300 expired.example soa @10.53.0.4 > dig.out.ns4.1.$n
 $DIG +noall +answer +dnssec -p 5300 expired.example soa @10.53.0.4 > dig.out.ns4.2.$n
-ttls=`awk '{print $2}' dig.out.ns4.1.$n`
-ttls2=`awk '{print $2}' dig.out.ns4.2.$n`
-for ttl in $ttls; do
+ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n`
+ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n`
+for ttl in ${ttls:-0}; do
     [ $ttl -eq 300 ] || ret=1
 done
-for ttl in $ttls2; do
+for ttl in ${ttls2:-0}; do
     [ $ttl -le 120 -a $ttl -gt 60 ] || ret=1
 done
 n=`expr $n + 1`
@@ -2410,12 +2411,12 @@ ret=0
 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush
 $DIG +noall +additional +dnssec +cd -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n
 $DIG +noall +additional +dnssec -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n
-ttls=`awk '{print $2}' dig.out.ns4.1.$n`
-ttls2=`awk '{print $2}' dig.out.ns4.2.$n`
-for ttl in $ttls; do
+ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n`
+ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n`
+for ttl in ${ttls:-300}; do
     [ $ttl -eq 300 ] || ret=1
 done
-for ttl in $ttls2; do
+for ttl in ${ttls2:-0}; do
     [ $ttl -le 120  -a $ttl -gt 60 ] || ret=1
 done
 n=`expr $n + 1`

bin/tests/system/masterformat/ns1/named.conf

@@ -27,6 +27,7 @@ options {
 	notify no;
 	dnssec-enable yes;
 	session-keyfile "session.key";
+	servfail-ttl 0;
 };
 
 key rndc_key {

bin/tests/system/masterformat/ns2/named.conf

@@ -26,6 +26,7 @@ options {
 	recursion no;
 	notify no;
 	dnssec-enable yes;
+	servfail-ttl 0;
 };
 
 zone "example" {

bin/tests/system/views/setup.sh

@@ -37,8 +37,8 @@ test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
 #
 $KEYGEN -K ns2/internal -r $RANDFILE -3q inline > /dev/null 2>&1
 $KEYGEN -K ns2/internal -r $RANDFILE -3qfk inline > /dev/null 2>&1
-k1=`$KEYGEN -K ns2/external -r $RANDFILE -3q inline`
-k2=`$KEYGEN -K ns2/external -r $RANDFILE -3qfk inline`
+k1=`$KEYGEN -K ns2/external -r $RANDFILE -3q inline 2> /dev/null`
+k2=`$KEYGEN -K ns2/external -r $RANDFILE -3qfk inline 2> /dev/null`
 $KEYGEN -K ns2/external -r $RANDFILE -3q inline > /dev/null 2>&1
 $KEYGEN -K ns2/external -r $RANDFILE -3qfk inline > /dev/null 2>&1
 test -n "$k1" && rm -f ns2/external/$k1.*

bin/tests/system/views/tests.sh

@@ -123,17 +123,20 @@ fi
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
-echo "I:verifying inline zones work with views"
-ret=0
-$DIG @10.53.0.2 -p 5300 -b 10.53.0.2 +dnssec DNSKEY inline > dig.out.internal
-$DIG @10.53.0.2 -p 5300 -b 10.53.0.5 +dnssec DNSKEY inline > dig.out.external
-grep "ANSWER: 4," dig.out.internal > /dev/null || ret=1
-grep "ANSWER: 4," dig.out.external > /dev/null || ret=1
-int=`awk '$4 == "DNSKEY" { print $8 }' dig.out.internal | sort`
-ext=`awk '$4 == "DNSKEY" { print $8 }' dig.out.external | sort`
-test "$int" != "$ext" || ret=1
-if [ $ret != 0 ]; then echo "I:failed"; fi
-status=`expr $status + $ret`
+if $SHELL ../testcrypto.sh
+then
+	echo "I:verifying inline zones work with views"
+	ret=0
+	$DIG @10.53.0.2 -p 5300 -b 10.53.0.2 +dnssec DNSKEY inline > dig.out.internal
+	$DIG @10.53.0.2 -p 5300 -b 10.53.0.5 +dnssec DNSKEY inline > dig.out.external
+	grep "ANSWER: 4," dig.out.internal > /dev/null || ret=1
+	grep "ANSWER: 4," dig.out.external > /dev/null || ret=1
+	int=`awk '$4 == "DNSKEY" { print $8 }' dig.out.internal | sort`
+	ext=`awk '$4 == "DNSKEY" { print $8 }' dig.out.external | sort`
+	test "$int" != "$ext" || ret=1
+	if [ $ret != 0 ]; then echo "I:failed"; fi
+	status=`expr $status + $ret`
+fi
 
 echo "I:exit status: $status"
 exit $status

config.h.in

@@ -230,6 +230,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Build with GeoIP Country IPv6 support */
 #undef HAVE_GEOIP_V6
 
+/* Define to use gperftools CPU profiler. */
+#undef HAVE_GPERFTOOLS_PROFILER
+
 /* Define to 1 if you have the <gssapi/gssapi.h> header file. */
 #undef HAVE_GSSAPI_GSSAPI_H
 
@@ -242,7 +245,7 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the <gssapi_krb5.h> header file. */
 #undef HAVE_GSSAPI_KRB5_H
 
-/* Define to 1 if you have the `if_nametoindex' function. */
+/* Define to 1 if you have the if_nametoindex function. */
 #undef HAVE_IF_NAMETOINDEX
 
 /* Define to 1 if you have the <inttypes.h> header file. */

configure

@@ -1001,6 +1001,7 @@ with_libxml2
 with_libjson
 enable_largefile
 with_purify
+with_gperftools_profiler
 enable_backtrace
 enable_symtable
 enable_ipv6
@@ -1667,7 +1668,7 @@ Optional Features:
   --enable-libbind	  deprecated
   --enable-warn-error	  turn on -Werror when compiling
   --enable-developer      enable developer build settings
-  --enable-seccomp        enable support for libseccomp sysstem call filtering
+  --enable-seccomp        enable support for libseccomp system call filtering
                           [default=no]
   --enable-kqueue         use BSD kqueue when available [default=yes]
   --enable-epoll          use Linux epoll when available [default=auto]
@@ -1707,7 +1708,7 @@ Optional Packages:
   --with-geoip=PATH       Build with GeoIP support (yes|no|path)
   --with-gssapi=PATH      Specify path for system-supplied GSSAPI [default=yes]
   --with-randomdev=PATH   Specify path for random device
-  --with-locktype=ARG       Specify mutex lock type (adaptive or standard)
+  --with-locktype=ARG     Specify mutex lock type (adaptive or standard)
   --with-libtool          use GNU libtool
   --with-openssl=PATH     Build with OpenSSL yes|no|path.
 			  (Crypto is required for DNSSEC)
@@ -1720,6 +1721,7 @@ Optional Packages:
   --with-libxml2=PATH     build with libxml2 library yes|no|path
   --with-libjson=PATH     build with libjson0 library yes|no|path
   --with-purify=PATH      use Rational purify
+  --with-gperftools-profiler  use gperftools CPU profiler
   --with-kame=PATH	  use Kame IPv6 default path /usr/local/v6
   --with-readline=LIBSPEC    specify readline library default -lreadline
 
@@ -17106,6 +17108,34 @@ esac
 
 
 
+#
+# Google/Great Performance Tools CPU Profiler
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use gperftools profiler" >&5
+$as_echo_n "checking whether to use gperftools profiler... " >&6; }
+
+# Check whether --with-gperftools-profiler was given.
+if test "${with_gperftools_profiler+set}" = set; then :
+  withval=$with_gperftools_profiler; use_profiler="$withval"
+else
+  use_profiler="no"
+fi
+
+
+case $use_profiler in
+	yes)
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE_GPERFTOOLS_PROFILER 1" >>confdefs.h
+
+		LIBS="$LIBS -lprofiler"
+		;;
+	*)
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+esac
 
 #
 # enable/disable dumping stack backtrace.  Also check if the system supports
@@ -19107,7 +19137,8 @@ esac
 case $ac_cv_have_if_nametoindex in
 yes)
 	ISC_PLATFORM_HAVEIFNAMETOINDEX="#define ISC_PLATFORM_HAVEIFNAMETOINDEX 1"
-	$as_echo "#define HAVE_IF_NAMETOINDEX 1" >>confdefs.h
+
+$as_echo "#define HAVE_IF_NAMETOINDEX 1" >>confdefs.h
 
 	;;
 *)

configure.in

@@ -95,7 +95,7 @@ esac
 
 #libseccomp sandboxing
 AC_ARG_ENABLE(seccomp,
-	AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp sysstem call filtering [default=no]]))
+	AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp system call filtering [default=no]]))
 case "$enable_seccomp" in
 	yes)
 	case $host_os in
@@ -1127,7 +1127,7 @@ then
 		      AC_DEFINE(HAVE_PTHREAD_ATTR_SETSTACKSIZE),)
 
         AC_ARG_WITH(locktype,
-                [  --with-locktype=ARG       Specify mutex lock type (adaptive or standard)],
+                [  --with-locktype=ARG     Specify mutex lock type (adaptive or standard)],
                 locktype="$withval", locktype="adaptive")
 
         case "$locktype" in
@@ -2402,6 +2402,25 @@ esac
 
 AC_SUBST(PURIFY)
 
+#
+# Google/Great Performance Tools CPU Profiler
+#
+AC_MSG_CHECKING(whether to use gperftools profiler)
+AC_ARG_WITH(gperftools-profiler,
+	[  --with-gperftools-profiler  use gperftools CPU profiler],
+	use_profiler="$withval", use_profiler="no")
+
+case $use_profiler in
+	yes)
+		AC_MSG_RESULT(yes)
+		AC_DEFINE([HAVE_GPERFTOOLS_PROFILER], 1,
+		[Define to use gperftools CPU profiler.])
+		LIBS="$LIBS -lprofiler"
+		;;
+	*)
+		AC_MSG_RESULT(no)
+		;;
+esac
 
 #
 # enable/disable dumping stack backtrace.  Also check if the system supports
@@ -3478,7 +3497,8 @@ esac
 case $ac_cv_have_if_nametoindex in
 yes)
 	ISC_PLATFORM_HAVEIFNAMETOINDEX="#define ISC_PLATFORM_HAVEIFNAMETOINDEX 1"
-	AC_DEFINE(HAVE_IF_NAMETOINDEX, 1)
+	AC_DEFINE(HAVE_IF_NAMETOINDEX, 1,
+	[Define to 1 if you have the if_nametoindex function.])
 	;;
 *)
 	ISC_PLATFORM_HAVEIFNAMETOINDEX="#undef ISC_PLATFORM_HAVEIFNAMETOINDEX"

lib/dns/include/dns/Makefile.in

@@ -13,15 +13,14 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.60 2011/11/14 18:32:34 each Exp $
-
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-HEADERS =	acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \
+HEADERS =	acache.h acl.h adb.h badcache.h bit.h byaddr.h \
+		cache.h callbacks.h cert.h \
 		client.h clientinfo.h compress.h \
 		db.h dbiterator.h dbtable.h diff.h dispatch.h \
 		dlz.h dlz_dlopen.h dns64.h dnssec.h ds.h dsdigest.h \

lib/dns/master.c

@@ -221,7 +221,7 @@ task_send(dns_loadctx_t *lctx);
 static void
 loadctx_destroy(dns_loadctx_t *lctx);
 
-#define GETTOKEN(lexer, options, token, eol) \
+#define GETTOKENERR(lexer, options, token, eol, err) \
 	do { \
 		result = gettoken(lexer, options, token, eol, callbacks); \
 		switch (result) { \
@@ -234,6 +234,7 @@ loadctx_destroy(dns_loadctx_t *lctx);
 				SETRESULT(lctx, result); \
 				LOGIT(result); \
 				read_till_eol = ISC_TRUE; \
+				err \
 				goto next_line; \
 			} else \
 				goto log_and_cleanup; \
@@ -249,6 +250,8 @@ loadctx_destroy(dns_loadctx_t *lctx);
 				goto log_and_cleanup; \
 		} \
 	} while (0)
+#define GETTOKEN(lexer, options, token, eol) \
+	GETTOKENERR(lexer, options, token, eol, {} )
 
 #define COMMITALL \
 	do { \
@@ -389,13 +392,19 @@ gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *token,
 	if (eol != ISC_TRUE)
 		if (token->type == isc_tokentype_eol ||
 		    token->type == isc_tokentype_eof) {
+			unsigned long int line;
+			const char *what;
+			const char *file;
+			file = isc_lex_getsourcename(lex);
+			line = isc_lex_getsourceline(lex);
+			if (token->type == isc_tokentype_eol) {
+				line--;
+				what = "line";
+			} else
+				what = "file";
 			(*callbacks->error)(callbacks,
 			    "dns_master_load: %s:%lu: unexpected end of %s",
-					    isc_lex_getsourcename(lex),
-					    isc_lex_getsourceline(lex),
-					    (token->type ==
-					     isc_tokentype_eol) ?
-					    "line" : "file");
+					    file, line, what);
 			return (ISC_R_UNEXPECTEDEND);
 		}
 	return (ISC_R_SUCCESS);
@@ -1152,7 +1161,9 @@ load_text(dns_loadctx_t *lctx) {
 				finish_origin = ISC_TRUE;
 			} else if (strcasecmp(DNS_AS_STR(token),
 					      "$TTL") == 0) {
-				GETTOKEN(lctx->lex, 0, &token, ISC_FALSE);
+				GETTOKENERR(lctx->lex, 0, &token, ISC_FALSE,
+					    lctx->ttl = 0;
+					    lctx->default_ttl_known = ISC_TRUE;);
 				result =
 				   dns_ttl_fromtext(&token.value.as_textregion,
 						    &lctx->ttl);

lib/dns/openssldh_link.c

@@ -93,7 +93,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
 	if (r.length < len)
 		return (ISC_R_NOSPACE);
 	ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv);
-	if (ret == 0)
+	if (ret <= 0)
 		return (dst__openssl_toresult2("DH_compute_key",
 					       DST_R_COMPUTESECRETFAILURE));
 	isc_buffer_add(secret, len);

lib/dns/rdataset.c

@@ -80,6 +80,7 @@ dns_rdataset_init(dns_rdataset_t *rdataset) {
 	rdataset->privateuint4 = 0;
 	rdataset->private5 = NULL;
 	rdataset->private6 = NULL;
+	rdataset->private7 = NULL;
 	rdataset->resign = 0;
 }
 

lib/isc/unix/app.c

@@ -716,6 +716,18 @@ isc__app_ctxrun(isc_appctx_t *ctx0) {
 						 strbuf);
 				return (ISC_R_UNEXPECTED);
 			}
+#ifdef HAVE_GPERFTOOLS_PROFILER
+			/*
+			 * Don't want to get 99.99% real time is sigsuspend()!
+			 */
+			if (sigaddset(&sset, SIGALRM) != 0) {
+				isc__strerror(errno, strbuf, sizeof(strbuf));
+				UNEXPECTED_ERROR(__FILE__, __LINE__,
+						 "isc_app_run() sigsetops: %s",
+						 strbuf);
+				return (ISC_R_UNEXPECTED);
+			}
+#endif
 			result = sigsuspend(&sset);
 		} else {
 			/*

util/copyrights

@@ -959,6 +959,7 @@
 ./bin/tests/system/checkzone/zones/bad-nsec3owner-padded.db	ZONE	2014
 ./bin/tests/system/checkzone/zones/bad1.db	ZONE	2013
 ./bin/tests/system/checkzone/zones/bad2.db	ZONE	2014
+./bin/tests/system/checkzone/zones/badttl.db	ZONE	2014
 ./bin/tests/system/checkzone/zones/good-nsec3-nopadhash.db	ZONE	2014
 ./bin/tests/system/checkzone/zones/good1.db	ZONE	2011
 ./bin/tests/system/checkzone/zones/spf.db	ZONE	2013
@@ -1002,6 +1003,13 @@
 ./bin/tests/system/database/ns1/named.conf2	CONF-C	2011,2013
 ./bin/tests/system/database/setup.sh		SH	2011,2012
 ./bin/tests/system/database/tests.sh		SH	2011,2012
+./bin/tests/system/delv/clean.sh		SH	2014
+./bin/tests/system/delv/ns1/named.conf		CONF-C	2014
+./bin/tests/system/delv/ns1/root.db		ZONE	2014
+./bin/tests/system/delv/ns2/example.db		ZONE	2014
+./bin/tests/system/delv/ns2/named.conf		CONF-C	2014
+./bin/tests/system/delv/ns3/named.conf		CONF-C	2014
+./bin/tests/system/delv/tests.sh		SH	2014
 ./bin/tests/system/dialup/ns1/example.db	ZONE	2000,2001,2004,2007
 ./bin/tests/system/dialup/ns1/named.conf	CONF-C	2000,2001,2004,2007
 ./bin/tests/system/dialup/ns1/root.db		ZONE	2000,2001,2004,2007

win32utils/Configure

@@ -2930,12 +2930,14 @@ exit 0;
 #  --with-libxml2 supported
 #  --with-libjson not supported on WIN32 (package not available on WIN32)
 #  --with-purify ? (package available on WIN32 but for free?)
+#  --with-gperftools-profiler (package not available on WIN32)
 #  --with-libtool not supported on WIN32 (never)
 #  --with-locktype not supported on WIN32 (not yet available on WIN32)
 #  --with-readline supported
 #  --with-idn support
 #  --with-[lib]iconv (part of IDN)
 #  --with-atf not supported on WIN32 (package not available on WIN32)
+#  --with-tuning supported
 #  --with-dlopen included without a way to disable it
 #  --with-dlz-* ?
 #