This commit converts the license handling to adhere to the REUSE
specification. It specifically:
1. Adds used licnses to LICENSES/ directory
2. Add "isc" template for adding the copyright boilerplate
3. Changes all source files to include copyright and SPDX license
header, this includes all the C sources, documentation, zone files,
configuration files. There are notes in the doc/dev/copyrights file
on how to add correct headers to the new files.
4. Handle the rest that can't be modified via .reuse/dep5 file. The
binary (or otherwise unmodifiable) files could have license places
next to them in <foo>.license file, but this would lead to cluttered
repository and most of the files handled in the .reuse/dep5 file are
system test files.
(cherry picked from commit 58bd26b6cf)
Send back BADCOOKIE responses instead of TC=1 when slipping.
Skip rate limiting for UDP requests with valid server cookies.
(cherry picked from commit a59482b85c)
Add a comment explaining the purpose of setting the "today" variable in
Sphinx invocations to prevent confusion caused by the absence of that
variable from reStructuredText sources.
(cherry picked from commit e67cdb390a)
Some Sphinx variables used in the ARM are only set in
doc/arm/Makefile.in. This works fine when building the ARM using
"make", but does not work with Read the Docs, which only looks at
conf.py files.
Since Read the Docs does not run ./configure, renaming conf.py to
conf.py.in and using Autoconf output variables is not a feasible
solution.
Instead, extend doc/arm/conf.py with some Python code which processes
the "version" file using regular expressions and sets the relevant
Sphinx variables accordingly. As this solution also works fine when
building the ARM using "make", drop the relevant -D options from the
list of sphinx-build options used for building the ARM in
doc/arm/Makefile.in.
Note that the man_SPHINXOPTS counterparts of the removed -D switches are
left intact because doc/man/conf.py is a separate Sphinx project which
is only processed using "make" and duplicating the Python code added to
doc/arm/conf.py by this commit would be inelegant.
(cherry picked from commit 38d251e11b)
it is pointless to convert revoked keys to DS or CDS records as
they cannot be used to provide a cryptographic link from the parent
zone.
(cherry picked from commit 04a5529c2d)
The documentation was inconsistent with the code. The new description
for cookie-algorithm now reflects the current behavior.
The following two commits are the relevant code changes to this
section of docs: afa81ee4a912f313
(cherry picked from commit b29a748119)
The lame-ttl cache is implemented in ADB as per-server locked
linked-list "indexed" with <qname,qtype>. This list has to be walked
every time there's a new query or new record added into the lame cache.
Determined attacker can use this to degrade performance of the resolver.
Resolver testing has shown that disabling the lame cache has little
impact on the resolver performance and it's a minimal viable defense
against this kind of attack.
The ReferenceRole class is only available in Sphinx >= 2.0.0, which
makes building BIND 9 documentation impossible with older Sphinx
versions:
Running Sphinx v1.7.6
Configuration error:
There is a programable error in your configuration file:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/sphinx/config.py", line 161, in __init__
execfile_(filename, config)
File "/usr/lib/python3.6/site-packages/sphinx/util/pycompat.py", line 150, in execfile_
exec_(code, _globals)
File "conf.py", line 21, in <module>
from sphinx.util.docutils import ReferenceRole
ImportError: cannot import name 'ReferenceRole'
Work around the problem by defining a stub version of the ReferenceRole
class if the latter cannot be imported. This allows documentation
(without GitLab hyperlinks in release notes) to be built with older
Sphinx versions.
(cherry picked from commit 8f8bbae3fc)
The 55636ab5 commit made some changes in the reference manual
regarding catalog zones which do not actually correspond to reality
for the v9_16 branch.
This commit reverts those changes.
The "zone-max-ttl" option inside a "dnssec-policy" is not used to cap
the TTLs in a zone, only yo calculate key rollover timings.
(cherry picked from commit 4e3ba81696)
The Debian 10 (buster) Docker image, which GitLab CI uses for building
documentation, currently contains the following package versions:
- Sphinx 4.2.0
- sphinx-rtd-theme 1.0.0
- docutils 0.17.1
Regenerate the man pages to match contents produced in a Sphinx
environment using the above package versions. This is necessary to
prevent the "docs" GitLab CI job from failing.
(cherry picked from commit ffd1e71fdf)