bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-03-01 13:01:40 -05:00

Author	SHA1	Message	Date
Mark Andrews	d65fb496fb	use perl not awk to do serial additions	2014-11-21 18:08:04 +11:00
Tinderbox User	5d35f07318	update copyright notice / whitespace	2014-11-20 23:45:24 +00:00
Evan Hunt	05e448935c	[master] refactor max-recursion-queries - the counters weren't set correctly when fetches timed out. instead we now pass down a counter object.	2014-11-19 18:21:02 -08:00
Tinderbox User	4ccffa13aa	update copyright notice / whitespace	2014-11-19 23:45:22 +00:00
Mukund Sivaraman	077350a407	Add .gitignore	2014-11-19 15:03:01 +05:30
Evan Hunt	c4f54e5bd1	[master] add max-recursion-queries also fixes and documentation for max-recursion-depth	2014-11-18 22:02:02 -08:00
Mark Andrews	f9ee67d9ce	%zu is not universally available	2014-11-19 12:10:06 +11:00
Tinderbox User	e208712faa	update copyright notice / whitespace	2014-11-18 23:45:22 +00:00
Evan Hunt	3230429e17	[master] limit recursion depth and iterative queries 4006. [security] A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500). The recursion depth limit is configured via the "max-recursion-depth" option. [RT #35780]	2014-11-17 23:24:44 -08:00
Tinderbox User	11dc1b1508	update copyright notice	2014-11-17 23:45:20 +00:00
Evan Hunt	0ada3802ea	[master] awk portability fix	2014-11-17 12:22:18 -08:00
Evan Hunt	a0b4f6d952	[master] geoip security fixes 4003. [security] When geoip-directory was reconfigured during named run-time, the previously loaded GeoIP data could remain, potentially causing wrong ACLs to be used or wrong results to be served based on geolocation. [RT #37720] 4002. [security] Lookups in GeoIP databases that were not loaded could cause an assertion failure. [RT #37679] 4001. [security] The caching of GeoIP lookups did not always handle address families correctly, potentially resulting in an assertion failure. [RT #37672]	2014-11-16 08:43:22 -08:00
Evan Hunt	e32d354f75	[master] allow arbitrary-size rndc output 4005. [func] The buffer used for returning text from rndc commands is now dynamically resizable, allowing arbitrarily large amounts of text to be sent back to the client. (Prior to this change, it was possible for the output of "rndc tsig-list" to be truncated.) [RT #37731]	2014-11-14 15:58:54 -08:00
Mukund Sivaraman	16c86a4980	Update .gitgnore files (ISC-Bugs #37773 )	2014-11-11 11:47:02 +05:30
Tinderbox User	6d0a639bd0	update copyright notice	2014-11-06 23:45:21 +00:00
Evan Hunt	3cc8c7d630	[master] fix nxrrset in nxdomain redirection 4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET from the redirect zone. [RT #37722]	2014-11-04 23:49:56 -08:00
Evan Hunt	ce96d4326c	[master] new mkeys and nzf naming format 3999. [func] "mkeys" and "nzf" files are now named after their corresponding views, unless the view name contains characters that would be incompatible with use in a filename (i.e., slash, backslash, or capital letters). If a view name does contain these characters, the files will still be named using a cryptographic hash of the view name. Regardless of this, if a file using the old name format is found to exist, it will continue to be used. [RT #37704]	2014-11-04 19:43:27 -08:00
Mark Andrews	1feee79e1f	3997. [protocol] Add OPENGPGKEY record. [RT# 37671]	2014-11-04 12:24:39 +11:00
Tinderbox User	12b386e1a6	update copyright notice	2014-10-30 23:45:21 +00:00
Mark Andrews	0f5144163c	3993. [func] Dig now supports EDNS negotiation by default. (dig +[no]ednsnegotiation). [RT #37604]	2014-10-30 23:13:12 +11:00
Mark Andrews	00fb0253c9	3991. [func] Add the ability to buffer logging output by specifying "buffered yes;" when defining a channel. [RT #26561]	2014-10-30 11:37:05 +11:00
Mark Andrews	a5c7cfbac4	3990. [testing] Add tests for unknown DNSSEC algorithm handling. [RT #37541]	2014-10-30 11:05:26 +11:00
Tinderbox User	6932de75ef	update copyright notice	2014-10-21 23:45:24 +00:00
Mark Andrews	4140a96f22	3987. [func] Allow the zone serial of a dynamically updatable zone to be updated via rndc. [RT #37404]	2014-10-21 18:15:42 +11:00
Evan Hunt	498b061031	[master] allow 1-week nta-lifetime/nta-recheck 3983. [bug] Change #3940 was incomplete: negative trust anchors could be set to last up to a week, but the "nta-lifetime" and "nta-recheck" options were still limted to one day. [RT #37522]	2014-10-20 13:40:17 -07:00
Evan Hunt	7cf2122e0d	[master] change 3977 altered expected linecount from secroots	2014-10-18 16:50:32 -07:00
Mark Andrews	72775a79fe	3981. [bug] Cache DS/NXDOMAIN independently of other query types. [RT #37467]	2014-10-18 13:09:09 +11:00
Mark Andrews	44ef2206d7	allow for the set of ttls to be empty	2014-10-16 14:46:44 +11:00
Mark Andrews	d9aaf7acce	make test more robust in the face of server failures	2014-10-16 12:34:12 +11:00
Evan Hunt	1cbc394e7c	[master] add redirect zone to checkconf -z test	2014-10-09 18:30:34 -07:00
Evan Hunt	ca0ee90361	[master] turn off servfail cache in masterformat test	2014-10-09 09:30:46 -07:00
Mark Andrews	c81d56c03e	3971. [bug] Reduce the cascasding failures due to a bad $TTL line in named-checkconf / named-checkzone. [RT #37138]	2014-10-05 08:29:34 +11:00
Mark Andrews	39fb5f2a5d	verifying inline zones work with views requires crypto to be configured	2014-10-04 18:06:04 +10:00
Evan Hunt	12002ea49e	[master] add delv system test 3969. [test] Added 'delv' system test. [RT #36901]	2014-10-02 22:37:20 -07:00
Tinderbox User	7a3f584cfc	update copyright notice	2014-10-02 23:45:25 +00:00
Mark Andrews	b24061719c	3967. [test] Add test for inlined signed zone in multiple views with different DNSKEY sets. [RT #35759]	2014-10-03 07:59:44 +10:00
Mark Andrews	a837c939c4	SIG(0) update forwarding testing requires crypto be configured	2014-10-02 11:07:01 +10:00
Mark Andrews	ed1c845c1d	3964. [func] nsupdate now performs check-names processing. [RT #36266]	2014-10-02 09:35:43 +10:00
Evan Hunt	7b04216015	[master] improve dlzexternal test 3963. [test] Added NXRRSET test cases to the "dlzexternal" system test. [RT #37344]	2014-09-30 17:08:12 -07:00
Tinderbox User	be484acb22	update copyright notice	2014-09-30 23:45:22 +00:00
Mark Andrews	ffeaac1d82	3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with BADSIG. [RT #37216]	2014-10-01 07:24:16 +10:00
Mark Andrews	c83b91fb63	3960. [bug] 'dig +sigchase' could loop forever. [RT #37220 ]	2014-10-01 07:06:20 +10:00
Tinderbox User	2fb35a6d59	update copyright notice	2014-09-29 23:45:24 +00:00
Mark Andrews	4bc581ca31	use RANDFILE rather than /dev/urandom	2014-09-29 23:39:07 +10:00
Mark Andrews	1c5990c2f9	3958. [bug] Detect when writeable files have multiple references in named.conf. [RT #37172]	2014-09-29 12:10:10 +10:00
Mark Andrews	80169c379d	3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384. [RT #37183]	2014-09-29 10:18:54 +10:00
Mark Andrews	10c12aa549	3956. [func] Notify messages are now rate limited by notify-rate and startup-notify-rate instead of serial-query-rate. [RT #24454] 3955. [bug] Notify messages due to changes are no longer queued behind startup notify messages. [RT #24454]	2014-09-29 10:01:08 +10:00
Mark Andrews	9a36fb86f5	3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159 ]	2014-09-27 12:14:20 +10:00
Mark Andrews	27cd03a21c	use more portable awk	2014-09-19 15:00:18 +10:00
Mark Andrews	06e28e50bd	give the nameserver a little longer to response	2014-09-18 10:06:48 +10:00
Mark Andrews	1a5f84d56a	UNTESTED -> SKIPPED	2014-09-16 23:49:52 +10:00
Mark Andrews	3867312e4c	3951. [func] Add the ability to set yet-to-be-defined EDNS flags to dig (+ednsflags=#). [RT #37142]	2014-09-13 19:13:59 +10:00
Tinderbox User	2c69f767d6	update copyright notice	2014-09-10 23:45:21 +00:00
Mark Andrews	947cf282a7	3949. [experimental] Experimental support for draft-andrews-edns1 by sending EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when building). Add support for limiting the EDNS version advertised to servers: server { edns-version 0; }; Log the EDNS version received in the query log. [RT #35864]	2014-09-10 15:31:40 +10:00
Mark Andrews	5c420ccc29	drop 'I:send many simultaneous updates via a update forwarder' test until re-written using perl	2014-09-07 22:08:45 +10:00
Mark Andrews	76a17033db	also fix the expected count	2014-09-07 20:24:59 +10:00
Mark Andrews	48179343c2	reduce number of nsupdates being simultaeously forked	2014-09-07 20:24:14 +10:00
Mark Andrews	8aa098c633	update copyrights	2014-09-06 09:38:48 +10:00
Evan Hunt	c9e976dc43	[master] [rt37057] server-id tests 3944. [test] Added a regression test for "server-id". [RT #37057]	2014-09-04 18:18:36 -07:00
Tinderbox User	948c80ffa8	update copyright notice	2014-09-04 23:45:24 +00:00
Evan Hunt	a878301981	[master] servfail cache 3943. [func] SERVFAIL responses can now be cached for a limited time (configured by "servfail-ttl", default 10 seconds, limit 30). This can reduce the frequency of retries when an authoritative server is known to be failing, e.g., due to ongoing DNSSEC validation problems. [RT #21347]	2014-09-03 23:28:14 -07:00
Mark Andrews	fec7998314	3942. [bug] Wildcard responses from a optout range should be marked as insecure. [RT #37072]	2014-09-04 13:57:50 +10:00
Evan Hunt	c3d0221104	[master] oops, nta lifetime change broke dnssec test	2014-09-03 20:51:32 -07:00
Evan Hunt	3d066288ad	[master] [rt37069] update NTA limit to a week 3940. [func] "rndc nta" now allows negative trust anchors to be set for up to one week. [RT #37069]	2014-09-03 19:00:03 -07:00
Mark Andrews	74717eef53	3939. [func] Improve UPDATE forwarding performance by allowing TCP connections to be shared. [RT #37039]	2014-09-04 10:37:45 +10:00
Mark Andrews	1a63fb1d14	update copyrights	2014-08-30 12:27:49 +10:00
Tinderbox User	3278ff814d	update copyright notice	2014-08-29 23:45:22 +00:00
Evan Hunt	d46855caed	[master] ECS authoritative support 3936. [func] Added authoritative support for the EDNS Client Subnet (ECS) option. ACLs can now include "ecs" elements which specify an address or network prefix; if an ECS option is included in a DNS query, then the address encoded in the option will be matched against "ecs" ACL elements. Also, if an ECS address is included in a query, then it will be used instead of the client source address when matching "geoip" ACL elements. This behavior can be overridden with "geoip-use-ecs no;". When "ecs" or "geoip" ACL elements are used to select a view for a query, the response will include an ECS option to indicate which client network the answer is valid for. (Thanks to Vincent Bernat.) [RT #36781]	2014-08-28 22:05:57 -07:00
Evan Hunt	180319f572	[master] fix geoip asnum matching 3935. [bug] "geoip asnum" ACL elements would not match unless the full organization name was specified. They can now match against the AS number alone (e.g., AS1234). [RT #36945]	2014-08-28 21:40:32 -07:00
Mark Andrews	7c73ac5e13	3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve sit-secrets documentation. [RT #36980]	2014-08-29 14:35:21 +10:00
Evan Hunt	0c2313eb36	[master] fixes to checkconf test, HIP casecompare 3933. [bug] Corrected the implementation of dns_rdata_casecompare() for the HIP rdata type. [RT #36911] 3932. [test] Improved named-checkconf tests. [RT #36911]	2014-08-27 21:36:13 -07:00
Evan Hunt	74745c760c	[master] "rndc nta -r" could hang 3930. [bug] "rndc nta -r" could cause a server hang if the NTA was not found. [RT #36909]	2014-08-25 18:01:26 -07:00
Tinderbox User	fea81a5e0e	update copyright notice	2014-08-22 23:45:27 +00:00
Evan Hunt	087b3e8d90	[master] add to rndc test 3928. [test] Improve rndc system test. [RT #36898]	2014-08-22 16:41:57 -07:00
Mark Andrews	840d6a4614	3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917	2014-08-22 16:32:19 +10:00
Mark Andrews	cef76ee5bd	3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833 ]	2014-08-22 15:45:40 +10:00
Tinderbox User	5165c59007	update copyright notice	2014-08-21 23:45:22 +00:00
Mark Andrews	f5695ad0e1	3917. [bug] dig, nslookup and host now continue on names that are too long after applying a search list elements. [RT #36892]	2014-08-21 18:05:55 +10:00
Tinderbox User	aebd0e85bf	update copyright notice	2014-08-15 23:45:20 +00:00
Jeremy C. Reed	821350367e	fix typos or misspellings	2014-08-15 10:35:31 -05:00
Tinderbox User	cd14665cdf	update copyright notice	2014-08-07 23:45:19 +00:00
Evan Hunt	cfe32752a6	[master] [36737] allow zero-length URI and CAA fields 3914. [bug] Allow the URI target and CAA value fields to be zero length. [RT #36737]	2014-08-06 17:40:42 -07:00
Tinderbox User	1e7501fe07	update copyright notice	2014-08-06 23:45:23 +00:00
Mark Andrews	43b9737b11	3911. [func] Implement EDNS EXPIRE option client side. [RT #35925 ]	2014-08-06 11:50:40 +10:00
Tinderbox User	79bb509936	update copyright notice	2014-08-02 23:45:21 +00:00
Mark Andrews	c38341ec43	3908. [bug] rndc now differentiates between a zone in multiple views and a zone that doesn't exist at all. [RT #36691]	2014-08-02 14:43:26 +10:00
Mark Andrews	f2a91da02e	adjust range	2014-07-31 20:32:50 +10:00
Tinderbox User	d1b499c827	update copyright notice	2014-07-29 23:45:20 +00:00
Evan Hunt	2383eb5272	[master] add CAA rdata support 3056. [protocol] Added support for CAA record type (RFC 6844). [RT #36625]	2014-07-29 08:40:35 -07:00
Mark Andrews	275a8affe7	3899. [bug] "request-ixfr" is only applicable to slave and redirect zones. [RT #36608]	2014-07-25 14:23:14 +10:00
Mark Andrews	ac5ed74860	3897. [bug] RPZ summary information was not properly being updated after a AXFR resulting in changes sometimes being ignored. [RT #35885]	2014-07-22 10:57:58 +10:00
Mark Andrews	39cad8fb7d	update copyrights	2014-07-08 12:40:40 +10:00
Mark Andrews	fce704e751	rename dnssec/ns7/split-rrsig.in	2014-07-08 11:12:32 +10:00
Mark Andrews	3c13af3759	3892. [bug] Setting '-t aaaa' in .digrc had unintended side effects. [RT #36452]	2014-07-08 02:00:28 +10:00
Mark Andrews	63e1ac1e09	3890. [bug] RRSIG sets that were not loaded in a single transaction at start up where not being correctly added to re-signing heaps. [RT #36302]	2014-07-07 12:05:01 +10:00
Mark Andrews	6f6b7781d5	save the output of rndc nta so that it can be analysed if there is a failure; more cleanups	2014-06-30 11:41:09 +10:00
Mark Andrews	62275d5306	make test for nsec3param more robust	2014-06-27 15:50:51 +10:00
Mark Andrews	b05ef7092f	update nta failure messages	2014-06-27 11:53:39 +10:00
Mark Andrews	284f6435c2	adjust NTA test timing windows to support slower machines; self tune sleeps bases of actual elapsed time;	2014-06-26 13:37:50 +10:00
Tinderbox User	9f8df2d75c	update copyright notice	2014-06-25 23:45:21 +00:00
Mark Andrews	7205cd2db7	cleanup nsupdate.out	2014-06-25 16:16:34 +10:00
Mark Andrews	eca15167ac	dump unexpected update failures	2014-06-25 16:12:25 +10:00
Mark Andrews	33399d6a14	3888. [func] 'rndc status' now reports the number of automatic zones. [RT #36015]	2014-06-25 13:17:03 +10:00
Mark Andrews	70ee770c69	Net::DNS 0.78 should work when it is released as it contains: Fix rt.cpan.org #96439 Uninitialised decoding object when printing packet	2014-06-25 01:01:50 +10:00
Mark Andrews	1c95f67232	use $PERL	2014-06-24 13:50:14 +10:00
Tinderbox User	5a31767b09	update copyright notice	2014-06-19 23:45:23 +00:00
Evan Hunt	cac2181160	[master] CDS/CDNSKEY rrtypes 3884. [protocol] Add CDS and CDNSKEY record types. [RT #36333]	2014-06-19 00:35:11 -07:00
Evan Hunt	b8a9632333	[master] complete NTA work 3882. [func] By default, negative trust anchors will be tested periodically to see whether data below them can be validated, and if so, they will be allowed to expire early. The "rndc nta -force" option overrides this behvaior. The default NTA lifetime and the recheck frequency can be configured by the "nta-lifetime" and "nta-recheck" options. [RT #36146]	2014-06-18 16:50:38 -07:00
Tinderbox User	636aadbfe4	update copyright notice	2014-06-17 23:45:20 +00:00
Evan Hunt	a4e76a630e	[master] update gitignore files; use rev-parse to get srcid	2014-06-17 13:49:30 -07:00
Mark Andrews	a0d411c05f	3880. [test] Update ans.pl to work with new TSIG support in Net::DNS; add additional Net::DNS version prerequisite checks. [RT #36327]	2014-06-17 10:35:46 +10:00
Evan Hunt	56510cd031	[master] null terminate strings for coverity	2014-06-16 15:30:11 -07:00
Mark Andrews	48789995c1	use $NSUPDATE	2014-06-15 18:35:19 +10:00
Mark Andrews	f9e47cfe4f	Net::DNS 0.76 broke the handling of some packets	2014-06-14 10:11:06 +10:00
Mark Andrews	1881aea774	fix test to see if $PERL is set (cherry picked from commit 44f0f310d41acc5c772d38353fe35ddacb3fee80)	2014-06-13 11:47:23 +10:00
Mark Andrews	d4a98c0fb7	die if $Net::DNS::VERSION >= 0.73	2014-06-13 11:25:32 +10:00
Evan Hunt	fb710168ef	[master] use correct shared library suffix	2014-06-12 17:06:23 -07:00
Tinderbox User	4ded8003e3	update copyright notice	2014-06-12 23:45:22 +00:00
Evan Hunt	06e0d6bb12	[master] address rpz bugs 3877. [bug] Inserting and deleting parent and child nodes in response policy zones could trigger an assertion failure. [RT #36272]	2014-06-11 20:00:19 -07:00
Mark Andrews	9c2cf9e201	update copyrights	2014-06-11 10:28:09 +10:00
Evan Hunt	8d8f9f7f86	[master] suppress unnecessary db lookups in DLZ redirect zones 3876. [bug] Improve efficiency of DLZ redirect zones by suppressing unnecessary database lookups. [RT #35835]	2014-06-10 16:25:26 -07:00
Mark Andrews	20dec973da	4. [test] Check that only "check-names master" is needed for updates to be accepted.	2014-06-10 13:48:57 +10:00
Mark Andrews	32a1fd3dd2	update spf check	2014-06-10 12:28:33 +10:00
Mark Andrews	3b187cad7a	3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210 ]	2014-06-10 09:32:43 +10:00
Mukund Sivaraman	79d27f505a	[35063] Don't publish an activated key automatically before its publish time	2014-06-04 14:31:42 +05:30
Mark Andrews	ab6fd5e892	initialise matches	2014-06-02 13:53:59 +10:00
Mark Andrews	5360986092	set max	2014-06-02 13:42:58 +10:00
Mark Andrews	3a26e75e3c	accept a range of stats values	2014-06-02 08:15:47 +10:00
Evan Hunt	0cfb247368	[master] rndc nta 3867. [func] "rndc nta" can now be used to set a temporary negative trust anchor, which disables DNSSEC validation below a specified name for a specified period of time (not exceeding 24 hours). This can be used when validation for a domain is known to be failing due to a configuration error on the part of the domain owner rather than a spoofing attack. [RT #29358]	2014-05-29 22:22:53 -07:00
Mark Andrews	536da846f6	update copyrights	2014-05-30 09:41:33 +10:00
Mark Andrews	44b0e0b1d5	More changes for: 3864. [bug] RPZ didn't work well when being used as forwarder. [RT #36060]	2014-05-30 08:41:27 +10:00
Mark Andrews	3d75189141	3864. [bug] RPZ didn't work well when being used as forwarder. [RT #36060]	2014-05-29 17:02:10 +10:00
Mark Andrews	4694229f60	make a explict edns query so this subtest is independent of other tests	2014-05-29 10:46:44 +10:00
Mark Andrews	800d25b848	3863. [bug] The "E" flag was missing from the query log as a unintended side effect of code rearrangement to support EDNS EXPIRE. [RT #36117]	2014-05-29 08:04:55 +10:00
Tinderbox User	284d5252c1	update copyright notice	2014-05-15 23:45:22 +00:00
Mark Andrews	01f881c1c5	3849. [bug] Disabling forwarding could trigger a REQUIRE assertion. [RT #35979]	2014-05-15 16:54:32 +10:00
Mark Andrews	69530009f1	use portable awk	2014-05-15 00:34:17 +10:00
Mark Andrews	05816676bb	3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP ixfr query. [RT #35980]	2014-05-14 09:59:02 +10:00
Mark Andrews	733898cffe	use sub second sleeps for prefetch disabled test	2014-05-09 15:00:36 +10:00
Mark Andrews	151759e7b7	address suspected race in system test for 'named -L'	2014-05-08 11:10:04 +10:00
Tinderbox User	c381ccf794	update copyright notice	2014-05-07 23:45:21 +00:00
Evan Hunt	60988462e5	[master] use posix-compatible shell in system tests 3839. [test] Use only posix-compatible shell in system tests. [RT #35625]	2014-05-06 22:06:04 -07:00
Mark Andrews	b36fc8294e	3837. [security] A NULL pointer is passed to query_prefetch resulting a REQUIRE assertion failure when a fetch is actually initiated. [ RT #35899] Squashed commit of the following: commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00 Author: Mukund Sivaraman <muks@isc.org> Date: Sun May 4 22:34:34 2014 +0530 Fix a comment commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03 Author: Mark Andrews <marka@isc.org> Date: Sun May 4 23:34:25 2014 +1000 pass the correct name to query_prefetch	2014-05-05 10:12:12 +10:00
Evan Hunt	c0c4512020	[master] fixed geoip elements in named ACLs 3835. [bug] Geoip ACL elements didn't work correctly when referenced via named or nested ACLs. [RT #35879]	2014-04-30 20:21:56 -07:00
Mark Andrews	f09f1bf18e	fix filter-aaaa system test to work when crypto is disabled	2014-05-01 12:28:50 +10:00
Mark Andrews	5b56f2e3cc	zero pad date and month fields	2014-05-01 11:41:32 +10:00
Mark Andrews	c2abd6efeb	update copyrights	2014-05-01 10:00:00 +10:00
Mark Andrews	96f07724d6	use SKIPPED exit code (255)	2014-05-01 00:33:11 +10:00
Mark Andrews	0172c9fc2c	use +nottlid	2014-04-30 15:53:37 +10:00
Evan Hunt	44613d4d86	[master] named -L option for default logfile 3832. [func] "named -L <filename>" causes named to send log messages to the specified file by default instead of to the system log. (Thanks to Tony Finch.) [RT #35845]	2014-04-29 17:17:03 -07:00
Tinderbox User	f6ea2b1d09	update copyright notice	2014-04-29 23:45:21 +00:00
Evan Hunt	b4ba66ba1e	[master] "dnssec-signzone -N date" 3827. [func] "dnssec-signzone -N date" updates serial number to the current date in YYYYMMDDNN format. [RT #35800]	2014-04-29 16:29:20 -07:00
Mark Andrews	e54767a3c9	change exit code	2014-04-29 22:57:15 +10:00
Mark Andrews	1a158ef6ee	fix testsock6.pl (cherry picked from commit `660195a82c`)	2014-04-29 19:15:55 +10:00
Evan Hunt	54267016bc	[master] add geoip and filter-aaaa to SUBDIRS	2014-04-28 22:41:13 -07:00
Tinderbox User	06081a0d61	update copyright notice	2014-04-25 23:45:21 +00:00
Evan Hunt	aefb3e308b	[master] better DDNS in DLZ; mysqldyn 3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic update and transaction support. Thanks to Marty Lee for the contribution. [RT #35656] 3820. [func] The DLZ API doesn't pass the database version to the lookup() function; this can cause DLZ modules that allow dynamic updates to mishandle prerequisite checks. This has been corrected by adding a 'dbversion' field to the dns_clientinfo_t structure. [RT #35656]	2014-04-25 13:06:30 -07:00
Mark Andrews	36e5ac0033	3819. [bug] NSEC3 hashes need to be able to be entered and displayed without padding. This is not a issue for currently defined algorithms but may be for future hash algorithms. [RT #27925]	2014-04-24 18:58:03 +10:00
Evan Hunt	2ae159b376	[master] globally rename "delve" to "delv" 3817. [func] The "delve" command is now spelled "delv" to avoid a namespace collision with the Xapian project. [RT #35801]	2014-04-23 11:14:12 -07:00
Tinderbox User	953189d30e	update copyright notice	2014-04-22 23:45:19 +00:00
Evan Hunt	ec3b216506	[master] masterfile-style 3814. [func] The "masterfile-style" zone option controls the formatting of dumped zone files. Options are "relative" (multiline format) and "full" (one record per line). The default is "relative". [RT #20798]	2014-04-17 17:10:29 -07:00
Evan Hunt	7318bbc262	[master] serial-update-method date; 3811. [func] "serial-update-method date;" sets serial number on dynamic update to today's date in YYYYMMDDNN format. (Thanks to Bradley Forschinger.) [RT #24903]	2014-04-17 16:05:50 -07:00
Evan Hunt	92fe6db3e4	[master] use test -r in system tests 3806. [test] Improved system test portability. [RT #35625]	2014-04-09 20:29:52 -07:00
Evan Hunt	baad8d9fd8	[master] allow null "file" for DLZ or alternate db zones 3803. [bug] "named-checkconf -z" incorrectly rejected zones using alternate data sources for not having a "file" option. [RT #35685]	2014-04-07 13:29:56 -07:00
Mark Andrews	5b60bde47b	use perl	2014-04-07 21:53:47 +10:00
Mark Andrews	a4941d6b5e	update check the correct resigning time is reported in zonestatus test to be more portable	2014-04-07 11:50:50 +10:00
Mark Andrews	0dfd942409	3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing time. [RT #35659]	2014-04-04 11:33:49 +11:00
Tinderbox User	180d8b0eec	update copyright notice	2014-03-30 23:46:03 +00:00
Mukund Sivaraman	ef9334d745	3795. [bug] Make named-checkconf detect raw masterfiles for hint zones and reject them. [RT #35268] Squashed commit of the following: commit 5b0254711d6b77940d6217b9131b9d401df8a866 Author: Mukund Sivaraman <muks@isc.org> Date: Fri Mar 28 02:09:01 2014 +0530 Remove redundant helper function commit a4341c1a2ba830c8cee1def57a533f987f67c3dc Author: Mark Andrews <marka@isc.org> Date: Thu Jan 30 10:08:17 2014 +1100 error out if masterfile-format raw is specified for a hint zone.	2014-03-31 04:55:37 +05:30
Evan Hunt	22e29471c7	[master] check allow-update in view/options 3787. [bug] The code that checks whether "auto-dnssec" is allowed was ignoring "allow-update" ACLs set at the options or view level. [RT #29536]	2014-03-12 21:36:01 -07:00
Mark Andrews	6f49db82ab	calling $TSIGKEYGEN doesn't work with libtool.	2014-03-13 15:11:46 +11:00
Tinderbox User	0add14467b	update copyright notice	2014-03-12 23:46:05 +00:00
Evan Hunt	89740699cd	[master] fixed 'fixed' 3784. [bug] Using "rrset-order fixed" when it had not been enabled at compile time caused inconsistent results. It now works as documented, defaulting to cyclic mode. [RT #28104]	2014-03-12 08:45:44 -07:00
Evan Hunt	46bc64f4b1	[master] tsig-keygen 3783. [func] "tsig-keygen" is now available as an alternate command name for "ddns-confgen". It generates a TSIG key in named.conf format without comments. [RT #35503]	2014-03-12 08:29:15 -07:00
Mark Andrews	bab2bf7dfd	expr length arg is not portable	2014-03-12 13:59:41 +11:00
Evan Hunt	62258ada48	[master] auto-generate salt 3781. [func] Specifying "auto" as the salt when using "rndc signing -nsec3param" causes named to generate a 64-bit salt at random. [RT #35322]	2014-03-11 08:46:58 -07:00
Evan Hunt	7b46a4aa41	[master] fix negative numbers in $GENERATE 3780. [bug] $GENERATE handled negative numbers incorrectly. [RT #25528]	2014-03-10 11:55:32 -07:00
Tinderbox User	e9c7fe450e	update copyright notice	2014-03-06 23:46:08 +00:00
Evan Hunt	741dfd3ccd	[master] tests directory cleanup	2014-03-06 11:11:27 -08:00
Tinderbox User	8ab8cd1fa6	update copyright notice	2014-03-01 23:46:15 +00:00
Evan Hunt	ec88c1fdff	[master] capture stderr in systests.output - also tidied up runall.sh summary output	2014-02-28 21:59:28 -08:00
Evan Hunt	98922b2b2b	[master] merge several interdependent fixes 3760. [bug] Improve SIT with native PKCS#11 and on Windows. [RT #35433] 3759. [port] Enable delve on Windows. [RT #35441] 3758. [port] Enable export library APIs on windows. [RT #35382]	2014-02-26 19:00:05 -08:00
Evan Hunt	061f61dd3b	[master] add files omitted from coverage test	2014-02-26 08:54:21 -08:00
Evan Hunt	3a01ded15d	[master] enable windows python tools 3757. [port] Enable Python tools (dnssec-coverage, dnssec-checkds) to run on Windows. [RT #34355]	2014-02-26 08:43:50 -08:00
Mark Andrews	cc00679829	wait for zone to transfer	2014-02-23 14:06:15 +11:00
Evan Hunt	999926955b	[master] fix test error	2014-02-21 08:05:40 -08:00
Tinderbox User	20a96edbf9	update copyright notice	2014-02-20 23:46:35 +00:00
Mark Andrews	caac342072	add @ISC_OPENSSL_LIBS@	2014-02-21 00:35:22 +11:00
Mark Andrews	16134801ce	3750. [experimental] Partially implement EDNS EXPIRE option as described in draft-andrews-dnsext-expire-00. Retrivial of remaining time to expiry from slave zones is supported. EXPIRE uses an experimental option code (65002) and is subject to change. [RT #35416]	2014-02-20 14:56:20 +11:00
Mark Andrews	86a85a3bbd	don't error on rpz percentage checks as they fail inconsistently on virtual machines	2014-02-20 12:22:14 +11:00
Mark Andrews	e676a59686	update copyrights	2014-02-20 10:53:11 +11:00
Mark Andrews	7e2e41df67	3748. [func] Use delve to test dns_client interfaces. [RT #35383 ]	2014-02-19 19:33:21 +11:00
Evan Hunt	35f6a21f5f	[master] max-zone-ttl 3746. [func] New "max-zone-ttl" option enforces maximum TTLs for zones. If loading a zone containing a higher TTL, the load fails. DDNS updates with higher TTLs are accepted but the TTL is truncated. (Note: Currently supported for master zones only; inline-signing slaves will be added.) [RT #38405]	2014-02-18 23:26:50 -08:00
Mark Andrews	b5f6271f4d	3744. [experimental] SIT: send and process Source Identity Tokens (which are similar to DNS Cookies by Donald Eastlake) and are designed to help clients detect off path spoofed responses and for servers to detect legitimate clients. SIT use a experimental EDNS option code (65001). SIT can be enabled via --enable-developer or --enable-sit. It is on by default in Windows. RRL processing as been updated to know about SIT with legitimate clients not being rate limited. [RT #35389]	2014-02-19 12:53:42 +11:00
Tinderbox User	3fd910dec5	update copyright notice	2014-02-17 23:46:29 +00:00
Evan Hunt	5efcb3a3e2	[master] fix test errors - require 5.006_001 - cut off the least significant figures of rrsig dates before comparison to avoid integer overflow	2014-02-17 08:40:02 -08:00
Evan Hunt	7ba88e2a95	[master] fix dnssec test errors	2014-02-16 14:14:56 -08:00
Evan Hunt	72fd845d5a	[master] remove accidentally committed changes	2014-02-16 13:59:19 -08:00
Evan Hunt	792915beb0	[master] fix accidental dig breakage	2014-02-16 13:42:42 -08:00
Evan Hunt	dbb012765c	[master] merge libiscpk11 to libisc 3735. [cleanup] Merged the libiscpk11 library into libisc to simplify dependencies. [RT #35205]	2014-02-11 21:20:28 -08:00
Tinderbox User	6874b16e4a	update copyright notice	2014-02-10 23:46:26 +00:00
Mark Andrews	d7729155df	3734. [bug] Improve building with libtool. [RT #35314 ]	2014-02-10 15:01:06 +11:00
Tinderbox User	81f58902eb	update copyright notice	2014-02-07 23:46:39 +00:00
Mark Andrews	2870ee1fe5	use exit 255	2014-02-08 09:43:16 +11:00
Mark Andrews	0584ab7e9c	#include <isc/util.h>	2014-02-07 16:46:11 +11:00
Evan Hunt	7983f6f77a	[master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2014-02-06 19:41:48 -08:00
Evan Hunt	166341d554	[master] add no-case-compress 3731. [func] Added a "no-case-compress" ACL, which causes named to use case-insensitive compression (disabling change #3645) for specified clients. (This is useful when dealing with broken client implementations that use case-sensitive name comparisons, rejecting responses that fail to match the capitalization of the query that was sent.) [RT #35300]	2014-02-06 19:37:26 -08:00
Mark Andrews	a928b54fa9	silence unused parameter	2014-02-07 11:47:32 +11:00
Evan Hunt	a165a17a81	[master] dnssec-keygen fixes 3730. [cleanup] Added "never" as a synonym for "none" when configuring key event dates in the dnssec tools. [RT #35277] 3729. [bug] dnssec-kegeyn could set the publication date incorrectly when only the activation date was specified on the command line. [RT #35278]	2014-02-06 15:59:14 -08:00
Tinderbox User	7fa75f8e0e	update copyright notice	2014-02-06 23:46:25 +00:00
Tinderbox User	0666e6db54	update copyright notice	2014-01-31 23:46:22 +00:00
Evan Hunt	d0803df331	[master] fixed geoip in blackhole ACLs 3722. [bug] Using geoip ACLs in a blackhole statement could cause a segfault. [RT #35272]	2014-01-30 17:03:32 -08:00
Tinderbox User	04b5785fde	update copyright notice	2014-01-29 23:46:19 +00:00
Mark Andrews	75d747e1c5	3719. [bug] Address memory leak in in peer.c. [RT #35255 ]	2014-01-30 07:54:52 +11:00
Mark Andrews	61932ed917	copyright cleanups	2014-01-29 14:05:46 +11:00
Tinderbox User	aa7b16ec2a	update copyright notice	2014-01-21 23:46:16 +00:00
Evan Hunt	d58e33bfab	[master] testcrypto.sh in system tests 3714. [test] System tests that need to test for cryptography support before running can now use a common "testcrypto.sh" script to do so. [RT #35213]	2014-01-20 16:08:09 -08:00
Evan Hunt	e45d0508c3	[master] skip unnecesary also-notify data 3713. [bug] Save memory by not storing "also-notify" addresses in zone objects that are configured not to send notify requests. [RT #35195]	2014-01-20 15:53:51 -08:00
Tinderbox User	dfd5f3b388	update copyright notice	2014-01-18 23:46:13 +00:00
Evan Hunt	12bf5d4796	[master] address several issues with native pkcs11	2014-01-18 11:51:07 -08:00
Tinderbox User	c0682c2367	update copyright notice	2014-01-17 23:46:32 +00:00
Francis Dupont	e02659b241	applied emacs filled-paragraph (ESC-q) to reindent SUBDIRS	2014-01-17 14:14:30 +01:00
Tinderbox User	1633aead67	update copyright notice	2014-01-16 23:46:28 +00:00
Mark Andrews	db8938c993	3710. [bug] Address double dns_zone_detach when switching to using automatic empty zones from regular zones. [RT #35177]	2014-01-17 10:04:16 +11:00
Evan Hunt	5760095601	[master] skip xfer test with Net::DNS 0.73	2014-01-16 09:50:23 -08:00
Francis Dupont	6080262ffe	add iscpk11 dep in lwresd system test	2014-01-16 16:06:04 +01:00
Mark Andrews	e20788e121	update copyrights	2014-01-16 15:19:24 +11:00
Tinderbox User	bf0266f286	update copyright notice	2014-01-14 23:46:22 +00:00
Evan Hunt	ba751492fc	[master] native PKCS#11 support 3705. [func] "configure --enable-native-pkcs11" enables BIND to use the PKCS#11 API for all cryptographic functions, so that it can drive a hardware service module directly without the need to use a modified OpenSSL as intermediary (so long as the HSM's vendor provides a complete-enough implementation of the PKCS#11 interface). This has been tested successfully with the Thales nShield HSM and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031]	2014-01-14 15:40:56 -08:00
Mark Andrews	07fb9b8330	3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185 ]	2014-01-14 16:12:30 +11:00
Tinderbox User	2cf1d5b098	update copyright notice	2014-01-12 23:46:23 +00:00
Mark Andrews	fb756ba304	3703. [func] Prefetch about to expire records if they are queried for, see prefetch option for details. [RT #35041]	2014-01-12 21:29:15 +11:00
Tinderbox User	f70a10508f	update copyright notice	2014-01-11 23:46:17 +00:00
Evan Hunt	7d2b185f16	[master] new dnssec-coverage options 3702. [func] 'dnssec-coverage -l' option specifies a length of time to check for coverage; events further into the future are ignored. 'dnssec-coverage -z' checks only ZSK events, and 'dnssec-coverage -k' checks only KSK events. (Thanks to Peter Palfrader.) [RT #35168]	2014-01-10 17:53:21 -08:00
Mark Andrews	a7c412f37c	update copyrights	2014-01-11 07:07:56 +11:00
Mark Andrews	ff6de396a9	3701. [func] named-checkconf can now suppress the printing of shared secrets by specifying '-x'. [RT #34465]	2014-01-10 16:56:36 +11:00
Tinderbox User	431a83fb29	update copyright notice	2014-01-09 23:46:35 +00:00
Mark Andrews	d4eb30fa2d	stop spamming system logs	2014-01-09 16:23:40 +11:00
Tinderbox User	e8914b47a2	update copyright notice	2014-01-05 23:46:12 +00:00
Mark Andrews	e9649ece3b	3696. [bug] dig failed to handle AXFR style IXFR responses which span multiple messages. [RT #35137]	2014-01-06 06:22:30 +11:00
Tinderbox User	9c61ab2c99	update copyright notice	2013-12-21 23:46:16 +00:00
Evan Hunt	c14ba71070	[master] warn if key-directory doesn't exist 3694. [bug] Warn when a key-directory is configured for a zone, but does not exist or is not a directory. [RT #35109]	2013-12-20 14:57:03 -08:00
Tinderbox User	7c329be7c0	update copyright notice	2013-12-15 23:46:14 +00:00
Tinderbox User	eade480b33	update copyright notice	2013-12-13 23:46:17 +00:00
Evan Hunt	0606c47750	[master] correct dispatch address/port check 3690. [bug] Iterative responses could be missed when the source port for an upstream query was the same as the listener port (53). [RT #34925]	2013-12-12 22:39:12 -08:00
Evan Hunt	9b895f30f1	[master] fix insecure delegation across static-stub zones 3689. [bug] Fixed a bug causing an insecure delegation from one static-stub zone to another to fail with a broken trust chain. [RT #35081]	2013-12-12 22:19:33 -08:00
Tinderbox User	de77dcc2c1	update copyright notice	2013-12-11 23:47:38 +00:00
Evan Hunt	4e1d84a33c	typo	2013-12-11 14:00:07 -08:00
Evan Hunt	0bbe3273a2	[master] dnssec-signzone -Q 3686. [func] "dnssec-signzone -Q" drops signatures from keys that are still published but no longer active. [RT #34990]	2013-12-11 13:25:21 -08:00
Tinderbox User	79812068ff	update copyright notice	2013-12-06 23:47:28 +00:00
Mark Andrews	7d65cbaca0	3684. [bug] The list of included files would grow on reload. [RT 35090]	2013-12-07 09:44:45 +11:00
Curtis Blackburn	8009525601	3682. [bug] Correct the behavior of rndc retransfer to allow inline-signing slave zones to retain NSEC3 parameters instead of reverting to NSEC [RT #34745]	2013-12-04 12:26:20 -06:00
Evan Hunt	d999ca28d4	[master] check hint files in named-checkconf -z 3676. [bug] "named-checkconf -z" now checks zones of type hint and redirect as well as master. [RT #35046]	2013-11-25 12:26:53 -08:00
Mark Andrews	225146b2c8	3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026 ]	2013-11-18 11:22:59 +11:00
Mark Andrews	ced4f794cf	check expected responses	2013-11-15 13:22:48 +11:00
Mark Andrews	3ac9ef6a6d	move forwarder server to 10.53.0.5	2013-11-15 13:16:51 +11:00
Tinderbox User	432d8fa3b4	update copyright notice	2013-11-14 23:46:24 +00:00
Evan Hunt	434bfc3dfa	[master] "in-view" zone option 3673. [func] New "in-view" zone option allows direct sharing of zones between views. [RT #32968]	2013-11-13 20:35:40 -08:00
Evan Hunt	0618287859	[master] allow setting local addr in dns_client 3672. [func] Local address can now be specified when using dns_client API. [RT #34811]	2013-11-13 10:52:22 -08:00
Mark Andrews	c4004ada2a	adjust sync point	2013-11-13 15:44:54 +11:00
Mark Andrews	6b0434299b	3671. [bug] Don't allow dnssec-importkey overwrite a existing non-imported private key.	2013-11-13 12:01:09 +11:00
Mark Andrews	015f044f7f	remove copyright noticed	2013-11-09 13:55:49 +11:00
Tinderbox User	97c299486a	update copyright notice	2013-11-08 23:46:19 +00:00
Mark Andrews	2048955015	3667. [func] dig: add support to keep the TCP socket open between successive queries (+[no]keepopen). [RT #34918]	2013-11-07 10:50:01 +11:00
Mark Andrews	49c1e0d18d	3666. [func] Add a tool, named-rrchecker, for checking the syntax of individual resource records. This tool is intended to be called by provisioning systems so that the front end does not need to be upgraded to support new DNS record types. [RT #34778]	2013-11-07 10:41:47 +11:00
Mark Andrews	50c67f588e	remove blank (cherry picked from commit 75aa3c6f2ada5dcc657d0858ee4544c7997d9840)	2013-09-23 09:47:30 +10:00
Mark Andrews	9fa2a0deed	3652. [bug] Address bug with rpz-drop policy. [RT #34816 ]	2013-09-21 17:27:43 +10:00
Tinderbox User	bcbb556868	update copyright notice	2013-09-19 23:46:20 +00:00
Evan Hunt	c7965f84c2	[master] comment nzf files 3649. [cleanup] Include a comment in .nzf files, giving the name of the associated view. [RT #34765]	2013-09-19 15:37:09 -07:00
Mark Andrews	88a6dc33b7	only generate DSA/ECDSA signatures in named if we have a source of randomness and only on specific platforms	2013-09-19 10:40:38 +10:00
Mark Andrews	7667dd1a03	call zone_settimer; sub test failure was not being detected (cherry picked from commit `ebd7900670`)	2013-09-18 12:57:46 +10:00
Mark Andrews	2c089bf6d2	whitspace	2013-09-16 10:14:07 +10:00
Tinderbox User	a989ffdbb3	update copyright notice	2013-09-10 23:46:14 +00:00
Evan Hunt	78f20eda3c	[master] clean up tests, update .gitignore	2013-09-09 19:37:17 -07:00
Mark Andrews	3d3aa9cde6	use -r rather then -f	2013-09-09 12:19:30 +10:00
Mark Andrews	23c73a1848	only test dsa if we have a random device	2013-09-09 11:42:58 +10:00
Tinderbox User	63737247d1	update copyright notice	2013-09-05 23:46:16 +00:00
Mark Andrews	cb69994ff8	3645. [protocol] Use case sensitive compression when responding to queries. [RT #34737]	2013-09-05 12:22:34 +10:00
Evan Hunt	690bd6bf5d	[master] fix inline test, add importkey to win32 build	2013-09-04 18:56:50 -07:00
Mark Andrews	5b9469c0db	test for ECDSAP256SHA256 support	2013-09-04 22:33:31 +10:00
Mark Andrews	0c91911b4d	3642. [func] Allow externally generated DNSKEY to be imported into the DNSKEY management framework. A new tool dnssec-importkey is used to this. [RT #34698]	2013-09-04 13:53:02 +10:00
Mark Andrews	b5f4cc132e	3641. [bug] Handle changes to sig-validity-interval settings better. [RT #34625]	2013-09-04 13:45:00 +10:00
Mark Andrews	d6f99498d6	3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used in a key zone. [RT #34238]	2013-09-04 13:14:06 +10:00
Tinderbox User	4b2c089cd8	update copyright notice	2013-08-19 23:46:14 +00:00
Mark Andrews	997c2c5116	3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583]	2013-08-19 09:18:28 +10:00
Tinderbox User	33d6c4a086	update copyright notice	2013-08-16 23:46:11 +00:00
Mark Andrews	e548e07a9a	3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583]	2013-08-16 13:54:23 +10:00
Tinderbox User	377b774598	update copyright notice	2013-08-15 23:46:17 +00:00
Mark Andrews	d1e22676de	3635. [bug] Signatures were not being removed from a zone with only KSK keys for a algorithm. [RT #24439]	2013-08-15 13:37:07 +10:00
Mark Andrews	7ace327795	3632. [bug] Signature from newly inactive keys were not being removed. [RT #32178]	2013-08-15 10:48:05 +10:00
Mark Andrews	75ae74f8fd	3629. [func] Allow the printing of cryptographic fields in DNSSEC records by dig to be suppressed (dig +nocrypto). [RT #34534]	2013-08-12 15:37:51 +10:00
Mark Andrews	16bd30ae69	3628. [func] Report DNSKEY key id's when dumping the cache. [RT #34533]	2013-08-12 14:38:26 +10:00
Mark Andrews	df0892aea6	3627. [bug] RPZ changes were not effective on slaves. [RT #34450 ]	2013-08-09 13:23:01 +10:00
Tinderbox User	f378953f3b	update copyright notice	2013-08-07 23:46:12 +00:00
Mark Andrews	f45f654185	3625. [bug] Don't send notify messages to machines outside of the test setup.	2013-08-07 15:48:55 +10:00
Evan Hunt	3cea62e3df	[master] fix bad test output when server fails	2013-07-25 11:15:53 -07:00
Tinderbox User	44c016134f	update copyright notice	2013-07-13 23:46:06 +00:00
Evan Hunt	9a32b8d8f8	[master] add a sleep to prevent intermittent test failure	2013-07-13 15:30:56 -07:00
Evan Hunt	421d4a0647	[master] rpz work 3620. [func] Added "rpz-client-ip" policy triggers, enabling RPZ responses to be configured on the basis of the client IP address; this can be used, for example, to blacklist misbehaving recursive or stub resolvers. [RT #33605] 3619. [bug] Fixed a bug in RPZ with "recursive-only no;" [RT #33776]	2013-07-12 14:46:47 -07:00
Evan Hunt	0b4ed61d20	[master] added missing file	2013-07-12 00:01:33 -07:00
Evan Hunt	0949306cb9	[master] check include file mtimes 3618. [func] "rndc reload" now checks modification times of include files as well as master files to determine whether to skip reloading a zone. [RT #33936]	2013-07-11 16:32:36 -07:00
Evan Hunt	964bdcd7ad	[master] don't go nonresponsive during "rndc reload" 3617. [bug] Named was failing to answer queries during "rndc reload" [RT #34098]	2013-07-11 10:54:21 -07:00
Tinderbox User	77b1d950a6	update copyright notice	2013-07-10 23:46:10 +00:00
Evan Hunt	1d26c6b9b8	[master] count the test cases correctly	2013-07-09 22:52:43 -07:00
Evan Hunt	927e4c9fec	[master] address race conditions with removing inline zones 3513. [bug] named could crash when deleting inline-signing zones with "rndc delzone". [RT #34066]	2013-07-09 17:39:21 -07:00
Evan Hunt	4ba84a5bdb	[master] use egrep as solaris doesn't like grep -E	2013-07-01 14:08:31 -07:00
Evan Hunt	9d4ec6d2c5	[master] "flushtree -all" no longer optional Updated CHANGES note: 3606. [func] "rndc flushtree" now flushes matching records in the address database and bad cache as well as the DNS cache. (Previously only the DNS cache was flushed.) [RT #33970]	2013-06-30 18:53:48 -07:00
Evan Hunt	9fa5a723e1	[master] "rndc flushtree -all <name>" 3606. [func] "rndc flushtree -all" flushes matching records in the ADB and bad cache as well as the DNS cache. (Without the "-all" option, flushtree will still only flush records from the DNS cache.) [RT #33970]	2013-06-26 14:59:32 -07:00
Mark Andrews	945ce145e0	Use extended regular expression as HPUX doesn't like grep -w '$TXT\\|ANY$'	2013-06-17 12:59:50 +10:00
Evan Hunt	be3f14af79	[master] fix system test failure - needed to specify session key file	2013-06-15 01:39:23 -07:00
Tinderbox User	53e8ebc8f0	update copyright notice	2013-06-14 23:46:13 +00:00
Evan Hunt	b7e40659ef	[master] rebuild resigning heaps when loading map files 3597. [bug] Ensure automatic-resigning heaps are reconstructed when loading zones in map format. [RT #33381]	2013-06-14 10:16:10 -07:00
Tinderbox User	1443158c11	update copyright notice	2013-06-13 23:46:13 +00:00
Mark Andrews	8e15d5eb3a	3593. [func] Update EDNS processing to better track remote server capabilities. [RT #30655]	2013-06-12 11:31:30 +10:00
Tinderbox User	1ec9fe2c3c	update copyright notice	2013-06-08 23:46:57 +00:00
Evan Hunt	89be55dc90	[master] improve RRL handling of deferrals and slipped NXDOMAIN 3590. [bug] When using RRL on recursive servers, defer rate-limiting until after recursion is complete; also, use correct rcode for slipped NXDOMAIN responses. [RT #33604]	2013-06-08 13:17:33 -07:00
Mark Andrews	c6eb92beb1	3589. [func] Report serial numbers in when starting zone transfers. Report accepted NOTIFY requests including serial. [RT# 33037]	2013-06-08 09:49:03 +10:00
Mark Andrews	8144dc702b	3587. [func] 'named -g' now checks the logging configuration but does not use it. [RT #33473]	2013-06-06 11:08:16 +10:00
Tinderbox User	099fa63e55	update copyright notice	2013-06-05 23:46:14 +00:00
Evan Hunt	5f1dc0d505	[master] add "-clean" option to "rndc delzone" 3585. [func] "rndc delzone -clean" option removes zone files when deleting a zone. [RT #33570]	2013-06-04 21:26:29 -07:00
Mark Andrews	1e34fe9044	3582. [bug] Silence false positive warning regarding missing file directive for inline slave zones. [RT #33662]	2013-06-04 11:34:03 +10:00
Tinderbox User	6d4487398e	update copyright notice	2013-05-29 23:46:19 +00:00
Mark Andrews	5f238c3c64	3577. [bug] Handle zero TTL values better. [RT #33411 ]	2013-05-29 18:10:11 +10:00
Tinderbox User	be899a549d	update copyright notice	2013-05-10 23:46:06 +00:00
Curtis Blackburn	428dd5c588	3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled zone names containing punctuation marks and other nonstandard characters. [RT #33419]	2013-05-10 16:12:27 -05:00
Tinderbox User	2147c42301	update copyright notice	2013-05-03 23:46:12 +00:00
Evan Hunt	34f3693b93	[master] log forwarded updates 3566. [func] Log when forwarding updates to master. [RT #33240]	2013-05-03 14:05:32 -07:00
Evan Hunt	1a076410c2	[master] fix corrupt map file handling 3564. [bug] Improved handling of corrupted map files. [RT #33380]	2013-05-03 14:00:12 -07:00
Evan Hunt	03b5d2689d	[master] add hash to map files 3562. [func] Update map file header format to include a SHA-1 hash of the database content, so that corrupted map files can be rejected at load time. [RT #32459]	2013-05-01 22:20:02 -07:00
Tinderbox User	7105104b6e	update copyright notice	2013-04-30 06:39:16 +00:00
Tinderbox User	055fd5fcba	update copyright notice	2013-04-30 05:03:43 +00:00
Tinderbox User	954e43e605	update copyright notice	2013-04-30 04:51:59 +00:00
Mark Andrews	26bb3b7a67	3559. [func] Check that both forms of Sender Policy Framework records exist or do not exist. [RT #33355]	2013-04-30 13:49:41 +10:00
Tinderbox User	5655174c2c	update copyright notice	2013-04-29 23:46:13 +00:00
Mark Andrews	9a785712f1	3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331 ]	2013-04-29 15:46:54 +10:00
Mark Andrews	ec8a802114	3557. [bug] Reloading redirect zones was broken. [RT #33292 ]	2013-04-29 15:20:09 +10:00
Evan Hunt	0e932023c4	[master] resume overriding rrl test failures	2013-04-25 20:02:59 -07:00
Evan Hunt	a6d43d18b1	[master] fixed several RRL issues 3554. [bug] RRL failed to correctly rate-limit upward referrals and failed to count dropped error responses in the statistics. [RT #33225]	2013-04-25 14:42:44 -07:00
Mark Andrews	78e179da20	egrep was not precise enough	2013-04-13 22:34:35 +10:00
Evan Hunt	b99bfa184b	[master] unify internal and export libraries 3550. [func] Unified the internal and export versions of the BIND libraries, allowing external clients to use the same libraries as BIND. [RT #33131]	2013-04-10 13:49:57 -07:00
Mark Andrews	cc444c73d5	add sleep 1 to loop	2013-04-10 21:35:36 +10:00
Tinderbox User	526cc7c2c0	update copyright notice	2013-04-09 23:46:07 +00:00
Mark Andrews	1cc4695f0d	3547. [bug] Some malformed unknown rdata records were not properly detected and rejected. [RT #33129]	2013-04-08 09:55:14 +10:00
Mark Andrews	3a6d62c59f	3546. [func] Add EUI48 and EUI64 types. [RT #33082 ]	2013-04-05 09:07:28 +11:00
Mark Andrews	c2838610c6	s/-e/-x/	2013-04-05 07:37:40 +11:00
Tinderbox User	f9adb48aea	update copyright notice	2013-04-03 23:46:07 +00:00
Mark Andrews	085496379f	add SAMPLE to the list of varables to be exported (cherry picked from commit `cf3e838fd3`)	2013-04-04 07:27:21 +11:00
Mark Andrews	8013077aa7	3541. [bug] The parts if libdns was not being properly initialized in when built in libexport mode. [RT #33028]	2013-04-03 17:27:40 +11:00
Tinderbox User	313b0ea9f2	update copyright notice	2013-03-23 23:46:06 +00:00
Evan Hunt	67adc03ef8	[master] add DSCP support 3535. [func] Add support for setting Differentiated Services Code Point (DSCP) values in named. Most configuration options which take a "port" option (e.g., listen-on, forwarders, also-notify, masters, notify-source, etc) can now also take a "dscp" option specifying a code point for use with outgoing traffic, if supported by the underlying OS. [RT #27596]	2013-03-22 14:05:33 -07:00
Evan Hunt	4bf686cf5d	[master] zone parsing broken with embedded null 3534. [bug] Extra text after an embedded NULL was ignored when parsing zone files. [RT #32699]	2013-03-21 19:30:10 -07:00
Tinderbox User	ad67363430	update copyright notice	2013-03-21 23:46:12 +00:00
Mark Andrews	15d970cb23	remove broken redundant test	2013-03-21 12:38:16 +11:00
Evan Hunt	831f59eb43	[master] add dnssec-coverage tool 3528. [func] New "dnssec-coverage" command scans the timing metadata for a set of DNSSEC keys and reports if a lapse in signing coverage has been scheduled inadvertently. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28098]	2013-03-20 14:39:13 -07:00
Tinderbox User	cfa2326b5c	update copyright notice	2013-03-14 23:46:11 +00:00
Evan Hunt	4eb998928b	[master] algorithm flexibility for rndc 3525. [func] Support for additional signing algorithms in rndc: hmac-sha1, -sha224, -sha256, -sha384, and -sha512. The -A option to rndc-confgen can be used to select the algorithm for the generated key. (The default is still hmac-md5; this may change in a future release.) [RT #20363]	2013-03-13 17:53:11 -07:00
Evan Hunt	21a7fde6ba	[master] handle servfail at DLZ zone apex 3522. [bug] DLZ lookups could fail to return SERVFAIL when they ought to. [RT #32685]	2013-03-11 15:54:03 -07:00
Mark Andrews	fae66f41c5	wait for upstream transfer to complete	2013-03-08 17:14:03 +11:00
Tinderbox User	40b42978b9	update copyright notice	2013-03-05 23:46:17 +00:00
Mark Andrews	ab8ea5c51e	check that the lwresd server has started before querying it (cherry picked from commit 661f1197a200bdd3d2411e9b02a46b93fb1fb083)	2013-03-05 17:24:19 +11:00
Mark Andrews	8e5fce1f9c	update copyrights	2013-03-01 10:39:29 +11:00
Evan Hunt	2a184ff865	[master] accept >4g max-{,a}cache-size 3506. [func] When setting "max-cache-size" and "max-acache-size", the keyword "unlimited" is no longer defined as equal to 4 gigabytes (except on 32-bit platforms); it means literally unlimited. [RT #32358] 3505. [bug] When setting "max-cache-size" and "max-acache-size", larger values than 4 gigabytes could not be set explicitly, though larger sizes were available when setting cache size to 0. This has been corrected; the full range is now available. [RT #32358]	2013-02-28 09:29:12 -08:00
Evan Hunt	501941f0b6	[master] add geoip support 3504. [func] Add support for ACLs based on geographic location, using MaxMind GeoIP databases. Based on code contributed by Ken Brownfield <kb@slide.com>. [RT #30681]	2013-02-27 17:19:39 -08:00
Tinderbox User	bea3baa50c	update copyright notice	2013-02-27 23:46:03 +00:00
Mark Andrews	90e1d62889	check that inlineslave.bk and inlineslave.bk.signed exist	2013-02-28 09:01:16 +11:00
Evan Hunt	40a7e85f3e	[master] better zone-statistics syntax 3501. [func] zone-statistics now takes three options: full, terse, and none. "yes" and "no" are retained as synonyms for full and terse, respectively. [RT #29165]	2013-02-27 11:53:58 -08:00
Mark Andrews	b3d3dd301b	ensure test starting conditions are met	2013-02-27 17:02:16 +11:00
Evan Hunt	68357e5241	[master] avoid double-free in rrl - RRL could assert when freeing qname - also, changed test addresses from 192.168/16 to 192.0/16	2013-02-26 19:15:11 -08:00
Evan Hunt	d654c95c96	[master] force 0 exit status from rrl system test RRL system test seems to be highly dependent on system speed. We are leaving it running and reporting results, but forcing it to return PASS unless one or more of the servers crashed or could not start.	2013-02-26 18:46:57 -08:00
Mark Andrews	609b8d0817	update copyrights	2013-02-27 12:27:58 +11:00
Mark Andrews	30314ce9c5	'!' is not portable.	2013-02-26 23:11:43 +11:00
Mark Andrews	118bdfd8c4	3497. [func] When deleting a slave/stub zone using 'rndc delzone' report the files that were being used so they can be cleaned up if desired. [RT #27899] Squashed commit of the following: commit 0e4e69d0c3153fe94aaa375b908cf7e3e45b5059 Author: Mark Andrews <marka@isc.org> Date: Thu Feb 21 17:01:44 2013 +1100 report the zones to be removed rather than removing them commit 5d247ac592eef64c4c467d99af4983b8c1ff998f Author: Mark Andrews <marka@isc.org> Date: Wed Feb 20 15:05:47 2013 +1100 remove slave/stub files when deleting a zone using delzone	2013-02-26 14:48:21 +11:00
Tinderbox User	f97d56e757	update copyright notice	2013-02-25 23:46:03 +00:00
Evan Hunt	94315060c2	[master] RPZ speedup (phase 2, multiple RPZ's) 3495. [func] Support multiple response-policy zones, while improving RPZ performance. [RT #32476]	2013-02-25 12:46:51 -08:00
Evan Hunt	55e5c51e66	[master] DNS RRL 3494. [func] DNS RRL: Blunt the impact of DNS reflection and amplification attacks by rate-limiting substantially- identical responses. [RT #28130]	2013-02-25 12:45:56 -08:00
Tinderbox User	573d78f3d5	update copyright notice	2013-02-21 23:45:56 +00:00
Evan Hunt	a81ae06ed3	[master] forbid inline-signing slave with no file 3491. [bug] Slave zones using inline-signing must specify a file name. [RT #31946]	2013-02-20 14:01:31 -08:00
Evan Hunt	2425d8bb7c	[master] truncate logged rdata if too long 3490. [bug] When logging RDATA during update, truncate if it's too long. [RT #32365] cherry picked from: commit 16ddb566e5a5b57bf925adef2b5543dddc1de49b commit cd97e0c23b09f38aac49aabab66ee13c68b7a3f3 commit d087fa982649c081d58c5bb16e63da3428e2b89d commit d0795bdffef57612dd7654ffd09c9f4216eee2c8	2013-02-20 13:54:52 -08:00
Mark Andrews	3c7df84b20	3488. [bug] Use after free error with DH generated keys. [RT #32649 ]	2013-02-18 20:26:26 +11:00
Tinderbox User	32dc577940	update copyright notice	2013-02-16 23:46:02 +00:00
Mark Andrews	c9297d3759	3487. [bug] Change 3444 was not complete. There was a additional place where the NOQNAME proof needed to be saved. [RT #32629] Squashed commit of the following: commit cdef844f57bd3eb30b1f77135b89b6f9360e8bee Author: Mark Andrews <marka@isc.org> Date: Sat Feb 16 00:27:14 2013 +1100 whitespace commit 60eb7e3f6cdd102d6aaf0fb4ada8c552576e4502 Author: Mark Andrews <marka@isc.org> Date: Sat Feb 16 00:19:51 2013 +1100 return noqname proof with +cd and dlv	2013-02-16 07:45:43 +11:00
Evan Hunt	0b8bd3a4ae	[master] address TKEY bugs 3486. [bug] named could crash when using TKEY-negotiated keys that had been deleted and then recreated. [RT #32506] commit 6a48b9999766d26cddc7cef275cd984b7d53c014 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 14:59:46 2013 -0800 [rt32506] don't dump key if dump is unimplemented commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 14:42:25 2013 -0800 [rt32506] make sure LRU needs adjusting before adjusting it commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 12:28:28 2013 -0800 [rt32506] demonstrate bugs in tkey test	2013-02-15 10:19:50 -08:00
Tinderbox User	17131a9459	update copyright notice	2013-01-25 23:45:56 +00:00
Evan Hunt	c9611b4573	[master] change "fast" to "map" 3475. [cleanup] Changed name of 'map' zone file format (previously 'fast'). [RT #32458]	2013-01-24 14:20:48 -08:00
Evan Hunt	8f7d23a25c	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2013-01-23 15:48:47 -08:00
Tinderbox User	3aaa526a94	update copyright notice	2013-01-23 23:45:55 +00:00
Evan Hunt	ffff5d6792	[master] fix dns_request_createvia assert 3474. [bug] nsupdate could assert when the local and remote address families didn't match. [RT #22897]	2013-01-23 15:39:05 -08:00
Evan Hunt	9a0dd99a75	[master] fix incorrect nsec3 check - check for NSEC3 in empty nodes when not due to optout delegations - fixed typo in output ("Bad record NSEC record") - incidentally fixed an error in signzone that caused an incorrect warning about missing DNSKEYs when using -S and -3 together 3473. [bug] dnssec-signzone/verify could incorrectly report an error condition due to an empty node above an opt-out delegation lacking an NSEC3. [RT #32072]	2013-01-23 14:56:00 -08:00
Evan Hunt	214836c184	[master] dump masterfile after successful xfrin 3470. [bug] Slave zones could fail to dump when successfully refreshing after an initial failure. [RT #31276]	2013-01-22 15:49:50 -08:00
Evan Hunt	cbd1fa092e	[master] DLZ fixes - handle malformed answers from DLZ better: - handle dlz_lookup errors better: when the first lookup of a name returns an unexpected failure code, we return it to the caller rather than continuing on to look up the wildcard. we now only continue processing if the return from the first lookup was either ISC_R_SUCCESS or ISC_R_NOTFOUND. - improved backward-compatibility for dlz_version: added a DLZ_DLOPEN_AGE value indicating how many versions back from the current DLZ_DLOPEN_VERSION named will support	2013-01-22 15:13:08 -08:00
Tinderbox User	0a8a14d513	update copyright notice	2013-01-21 23:45:48 +00:00
Evan Hunt	a631c8d9b8	[master] prevent ixfr/ns1 being removed	2013-01-21 14:16:15 -08:00
Evan Hunt	30a7cf3957	[master] add 10.53.0.8 address	2013-01-21 12:36:41 -08:00
Tinderbox User	5ac5300fdf	update copyright notice	2013-01-17 23:46:25 +00:00
Evan Hunt	71f8edccba	[master] fix DNS64 with RPZ-remapped A records 3468. [security] RPZ rules to generate A records (but not AAAA records) could trigger an assertion failure when used in conjunction with DNS64. [RT #32141]	2013-01-17 11:23:30 -08:00
Curtis Blackburn	c8803902d6	[bug] Added checks in dnssec-keygen and dnssec-settime to check for delete date < inactive date. [RT #31719]	2013-01-17 10:59:16 -06:00
Tinderbox User	dc3d68d6fe	update copyright notice	2013-01-11 23:46:02 +00:00
Evan Hunt	b3d116c299	[master] fixed clientinfo version check 3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check in DLZ example driver. [RT #32275]	2013-01-10 19:57:21 -08:00
Tinderbox User	5c6b95ba1b	update copyright notice	2013-01-10 23:46:00 +00:00
Mark Andrews	4801931443	3461. [bug] Negative responses could incorrectly have AD=1 set. [RT #32237]	2013-01-10 23:09:08 +11:00
Evan Hunt	578e319607	[master] add -J option to checkzone/compilezone 3459. [func] Added -J option to named-checkzone/named-compilezone to specify the path to the journal file. [RT #30958]	2013-01-09 16:56:46 -08:00
Tinderbox User	b941edbeb5	update copyright notice	2013-01-09 23:45:53 +00:00
Mark Andrews	c07c2a862e	3458. [bug] Return FORMERR when presented with a overly long domain named in a request. [RT #29682]	2013-01-10 10:30:15 +11:00
Mark Andrews	f1c1aab2c9	3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836 ]	2013-01-10 08:26:31 +11:00
Mark Andrews	1a592aae29	test eighth interface	2013-01-09 19:08:59 +11:00
Tinderbox User	afe7d4b934	update copyright notice	2013-01-08 23:45:50 +00:00
Mark Andrews	fc0bfa07c7	3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;' failed. [RT #31960]	2013-01-09 07:40:27 +11:00
Tinderbox User	49503f1d9f	update copyright notice	2013-01-05 23:45:47 +00:00
Mark Andrews	25b95d31ce	3450. [bug] Stop logfileconfig system test spam system logs. [RT #32315] Squashed commit of the following: commit ad40744e2c7dc253b70857bb229def5dd194b418 Author: Mark Andrews <marka@isc.org> Date: Fri Jan 4 17:24:45 2013 +1100 logfileconfig spams the system log files	2013-01-06 07:56:10 +11:00
Tinderbox User	6fe42ff85c	update copyright notice	2013-01-04 23:45:53 +00:00
Evan Hunt	cb0a74fd8d	[master] show signzone errors in pkcs11 test	2013-01-03 19:55:34 -08:00
Evan Hunt	222d38735f	[master] allow-query-on works now 3448. [bug] The allow-query-on ACL was not processed correctly. [RT #29486]	2013-01-03 15:13:45 -08:00
Tinderbox User	d91e5a75df	update copyright notice	2013-01-02 23:45:51 +00:00
Tinderbox User	024cf50d12	update copyright notice	2013-01-01 23:45:47 +00:00
Mark Andrews	ae395e5f97	remove extranous rdata in nxrrset call as it is not ingnored in Net::DNS 0.70	2012-12-21 14:16:41 +11:00
Mark Andrews	ab91ece513	sign_tcp_continuation doesn't work with the newer versions of Net:DNS. Code has been submitted so we don't need to use the sign_tcp_continuation hack in future.	2012-12-21 12:58:58 +11:00
Tinderbox User	9191b6c9e8	update copyright notice	2012-12-20 23:45:48 +00:00
Mark Andrews	b372587363	TSIG no longer has a mac_size method; arcount no longer need to be adjusted	2012-12-21 00:30:14 +11:00
Mark Andrews	f127a35b6c	adjust test to account for blank owner after origin now being rejected	2012-12-19 14:37:56 +11:00
Mark Andrews	4040ff974c	-H not -i sets iterations	2012-12-19 14:18:05 +11:00
Mark Andrews	58c543d840	remove redundant $ORIGINs	2012-12-19 13:34:31 +11:00
Mark Andrews	8462dfb880	3443. [bug] The NOQNAME proof was not being returned from cached insecure responses. [RT #21409]	2012-12-19 09:55:02 +11:00
Mark Andrews	03958ad4b9	3442. [port] Net::DNS 0.69 introduced a non backwards compatible change. [RT #32216]	2012-12-19 08:46:36 +11:00
Mark Andrews	b6f22cc32f	Net::DNS 0.{70,71} doesn't force the TTL to zero for yxrrset, nxrrset and rr_del	2012-12-18 11:43:46 +11:00
Mark Andrews	6301757d64	don't wipe out named.run when restarting	2012-12-14 17:39:22 +11:00
Tinderbox User	b8e2e5dd86	update copyright notice	2012-12-08 23:45:51 +00:00
Mark Andrews	fe898ea0ee	DIG -> $DIG	2012-12-08 15:35:01 +11:00
Mark Andrews	e85702ce5b	3438. [bug] Don't accept unknown data escape in quotes. [RT #32031 ] Squashed commit of the following: commit 7ad3daade513c94a1c92ee7c91c112f161d13ef4 Author: Mark Andrews <marka@isc.org> Date: Mon Dec 3 15:03:44 2012 +1100 look at the second token to determine if a TXT record in of unknown format or not commit 7df32138462646f6aee84ffa56d02ac24ec8d672 Author: Mark Andrews <marka@isc.org> Date: Mon Dec 3 12:42:18 2012 +1100 '"\#"' was incorrectly being treated as a unknown data escape sequence.	2012-12-08 14:05:32 +11:00
Mark Andrews	6f7abb89ec	3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialise buffers with constant data. [RT #32064] Squashed commit of the following: commit 3433b96bf11f8c90ccbe412f01d02a6d8bbc2d33 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:41:16 2012 +1100 isc_buffer_init -> isc_buffer_constinit commit c22dbcc1122a0a44f7b46068e0ccbc25353a57d5 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:38:39 2012 +1100 isc_buffer_init -> isc_buffer_constinit commit 900820416c45c1887d0d22d7a010df60a903bd56 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:24:19 2012 +1100 remove isc_buffer_reconstinit commit f815711c17b05f9961786a90b9bae902d3c01494 Author: Mark Andrews <marka@isc.org> Date: Wed Dec 5 15:42:57 2012 +1100 add isc_buffer_constinit	2012-12-08 12:48:57 +11:00
Tinderbox User	aae306e914	update copyright notice	2012-12-07 23:45:48 +00:00
Evan Hunt	abff0f462a	[master] pass client info to DLZ findzone method 3434. [bug] Pass client info to the DLZ findzone() entry point in addition to lookup(). This makes it possible for a database to answer differently whether it's authoritative for a name depending on the address of the client. [RT #31775]	2012-12-06 12:59:36 -08:00
Evan Hunt	177be355d4	[master] handle ISC_R_NOMORE correctly 3433. [bug] dlz_findzone() did not correctly handle ISC_R_NOMORE. [RT #31172]	2012-12-06 12:41:58 -08:00
Evan Hunt	2b8bed6681	[master] multiple-dlz/dlz-nxdomain 3432. [func] Multiple DLZ databases can now be configured. DLZ databases are searched in the order configured, unless set to "search no", in which case a zone can be configured to be retrieved from a particular DLZ database by using a "dlz <name>" option in the zone statement. DLZ databases can support type "master" and "redirect" zones. [RT #27597]	2012-12-06 12:39:52 -08:00
Evan Hunt	de5890da9b	[master] support all algorithms in ddns-confgen 3431. [bug] ddns-confgen: Some valid key algorithms were not accepted. [RT #31927]	2012-12-05 16:36:58 -08:00
Mark Andrews	3ff483ed84	loop 'I:checking expired signatures were updated' test	2012-12-03 09:30:38 +11:00
Mark Andrews	bde9e26d13	add -U 4	2012-11-29 08:12:51 +11:00
Mark Andrews	53e52b463e	adjust looping threshold from 10 to 15	2012-11-28 12:05:56 +11:00
Evan Hunt	8f9a5ae817	[master] correct checkds test	2012-11-27 15:03:55 -08:00
Mark Andrews	b13b452020	3424. [func] dnssec-dsfromkey now emits the hash without spaces. [RT #31951] Squashed commit of the following: commit 7369da0369e1de1fe6c5b5f84df8848b9a0984eb Author: Mark Andrews <marka@isc.org> Date: Fri Nov 23 17:24:04 2012 +1100 dupped/created reversed in log message commit 0cef5faaf3ac22b00ed0f95b6bb7a146cf4cac15 Author: Mark Andrews <marka@isc.org> Date: Fri Nov 23 13:40:14 2012 +1100 remove space from DS hash	2012-11-27 14:22:28 +11:00
Mark Andrews	c22f43b829	limit the number of udp dispatches when testing to 4	2012-11-26 22:11:27 +11:00
ckb	2786b6c53f	3422. [bug] Added a clear error message for when the SOA does not match the referral. [RT #31281]	2012-11-21 16:44:34 -06:00
Mark Andrews	20b95f5ff6	3421. [bug] Named loops when re-signing if all keys are offline. [RT #31916] Squashed commit of the following: commit f47af0ca6793687b9c8d08fd44b0c091ba5a4f9a Author: Mark Andrews <marka@isc.org> Date: Wed Nov 21 17:45:21 2012 +1100 dns_dns_zonediff_t -> dns_zonediff_t, clarify comment commit 344edefc3ee90856a7ff990abe7971925ba843b2 Author: Mark Andrews <marka@isc.org> Date: Tue Nov 20 13:12:26 2012 +1100 commit the zone changes if a keep was marked as being offline commit cad2c2446ebfc20b6d8c4f6dd0d6596d7106cc0f Author: Mark Andrews <marka@isc.org> Date: Tue Nov 20 13:08:29 2012 +1100 check for looping when re-signing expiring.example	2012-11-21 17:48:57 +11:00
Mark Andrews	8737e0d006	HPUX doesn't support 128 threads	2012-11-18 00:25:39 +11:00
Mark Andrews	c3c30fc43c	force integer output	2012-11-17 23:58:50 +11:00
Mark Andrews	55670a1e55	3416. [bug] Named could die on shutdown if running with 128 UDP dispatches per interface. [RT #31743] Squashed commit of the following: commit 1a97c755f8496f65024af0f634c1acf59a0a4252 Author: Mark Andrews <marka@isc.org> Date: Wed Nov 7 07:14:36 2012 +1100 add regression test for RT31743 commit 7b16b5f77fad39478168aac25742823f2fcd825b Author: Mark Andrews <marka@isc.org> Date: Fri Nov 2 23:57:24 2012 +1100 array bounds error when shutting down interface	2012-11-14 07:47:58 +11:00
Mark Andrews	4326ea8b66	use stop.pl to ensure old server is fully shutdown before starting new server	2012-11-08 07:38:13 +11:00
Mark Andrews	30a86ca430	add missing ARPANAME definition	2012-11-06 15:29:01 +11:00
Mark Andrews	e7d8a61783	More for: 3410. [bug] Addressed Coverity warnings. [RT #31626 Squashed commit of the following: commit d94f5463f508773a7b027230cd81b61cf8c9cfce Author: Mark Andrews <marka@isc.org> Date: Tue Oct 30 11:52:32 2012 +1100 <string.h> -> <isc/string.h> commit d707d6fb739c6e6df90a864141b418a13d3bccc8 Author: Mark Andrews <marka@isc.org> Date: Tue Oct 30 11:48:20 2012 +1100 address coverity warnings	2012-10-30 12:01:39 +11:00
Evan Hunt	f46168b879	[master] allow dnssec options in inline-signing slaves 3408. [bug] Some DNSSEC-related options (update-check-ksk, dnssec-loadkeys-interval, dnssec-dnskey-kskonly) are now legal in slave zones as long as inline-signing is in use. [RT #31078]	2012-10-26 16:14:59 -07:00
Evan Hunt	9c659b618f	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2012-10-24 18:03:54 -07:00
Tinderbox User	a3fb84bd1b	update copyright notice	2012-10-24 23:46:51 +00:00
Evan Hunt	4b3d727d96	[master] remove spurious signatures from glue 3404. [bug] dnssec-signzone: When re-signing a zone, remove RRSIG and NSEC records from nodes that used to be in-zone but are now below a zone cut. [RT #31556]	2012-10-24 15:46:59 -07:00
ckb	24d8211904	[rt25085] 3402. [bug] Correct interface numbers for IPv4 and IPv6 interfaces. [RT #25085]	2012-10-24 14:47:29 -05:00
Evan Hunt	47c5b8af92	[master] silence coverity warnings 3401. [bug] Addressed Coverity warnings. [RT #31484]	2012-10-23 22:04:06 -07:00
Tinderbox User	c37fbb91e3	update copyright notice	2012-10-18 23:46:07 +00:00
Mark Andrews	de0fd68097	3398. [bug] SOA parameters were not being updated with inline signed zones if the zone was modified while the server was offline. [RT #29272]	2012-10-19 10:25:06 +11:00
Mark Andrews	0fbd29837a	3396. [bug] OPT records were incorrectly removed from signed, truncated responses. [RT #31439]	2012-10-18 13:25:06 +11:00
Mark Andrews	415df3c9c0	test for directory existance before calling find	2012-10-16 10:56:42 +11:00
Mark Andrews	4b17401c9c	add test support for dropping edns messages (-T dropedns); ignoring edns in queries (-T noedns); variable max UDP (-T maxudp=value)	2012-10-16 10:23:08 +11:00
Mark Andrews	1721e1f2a6	Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9	2012-10-07 11:35:56 +11:00
Tinderbox User	15c7a1bf20	update copyright notice	2012-10-06 23:46:11 +00:00
Mark Andrews	20783a3baf	remove empty directories when cleaning	2012-10-06 17:27:38 +10:00
Mark Andrews	dbf693fdfd	3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262 ]	2012-10-06 14:56:33 +10:00
Mark Andrews	611dc88768	3390. [bug] Silence clang compiler warnings. [RT #30417 ]	2012-10-06 14:20:45 +10:00
Mark Andrews	ecd851b832	add dsdigest	2012-10-03 14:04:48 +10:00
Mark Andrews	22a711df5e	add bin/tests/system/dsdigest/prereq.sh.in	2012-10-03 13:59:50 +10:00
Mark Andrews	058e44186b	3387. [func] Support for a DS digest can be disabled at runtime with disable-ds-digests. [RT #21581]	2012-10-03 12:38:43 +10:00
Tinderbox User	8e3eb3600a	update copyright notice	2012-10-02 23:46:09 +00:00
Mark Andrews	aa49af836c	3385. [bug] named-checkconf didn't detect missing master lists in also-notify clauses. [RT #30810]	2012-10-02 13:06:02 +10:00
Mark Andrews	2d68e392f3	copyright style	2012-09-20 10:42:24 +10:00
Mark Andrews	953414e971	make tests less timing sensitive by spining	2012-09-18 14:49:58 +10:00
Mark Andrews	5f26ffc2b4	3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808 ]	2012-09-14 07:53:19 +10:00
Mark Andrews	d0522678a1	don't call out to the internet when running test	2012-08-30 13:53:41 +10:00
Mark Andrews	26dde51a93	silence warning	2012-08-24 10:42:44 +10:00
Mark Andrews	d1f43359e4	3379. [bug] nsupdate terminated unexpectedly in interactive mode if built with readline support. [RT #29550]	2012-08-22 13:38:51 +10:00
Mark Andrews	076bda8c2e	we didn't catch a zero option at the global level when views are active	2012-08-17 13:40:17 +10:00
Tinderbox User	36a3d08a72	update copyright notice	2012-08-15 23:46:02 +00:00
Evan Hunt	85705b4b5a	allow "forward" and "forwarders" in static-stub 3363. [bug] Need to allow "forward" and "fowarders" options in static-stub zones; this had been overlooked. [RT #30482]	2012-08-15 13:08:15 -07:00
Tinderbox User	23554e8479	update copyright notice	2012-08-14 23:46:02 +00:00
Evan Hunt	820fdd61dd	properly range-check fields that do not allow 0 3362. [bug] Setting some option values to 0 in named.conf could trigger an assertion failure on startup. [RT #27730]	2012-08-13 22:39:42 -07:00
Evan Hunt	8f6d6d72e8	support '-' salt in rndc signing -nsec3param 3361. [bug] "rndc signing -nsec3param" didn't work correctly when salt was set to '-' (no salt). [RT #30099]	2012-08-13 22:24:36 -07:00
Evan Hunt	3f755529ee	address memory leak with bad tsig secret 3359. [bug] An improperly-formed TSIG secret could cause a memory leak. [RT #30607]	2012-08-10 20:15:59 -07:00
Tinderbox User	953692fa1e	update copyright notice	2012-07-25 23:46:04 +00:00
ckb	e7857b5ee0	3356. [bug] Cap the TTL of signed RRsets when RRSIGs are approaching their expiry, so they don't remain in caches after expiry. [RT #26429]	2012-07-25 17:06:34 -05:00
Mark Andrews	3ce2018dfa	3355. [port] Use more portable awk in verify system test.	2012-07-25 12:59:45 +10:00
Mark Andrews	6eb6af6732	3354. [func] Improve OpenSSL error logging. [RT #29932 ]	2012-07-23 15:08:21 +10:00
Mark Andrews	16de4bca76	add verify system test	2012-07-19 13:11:42 +10:00
Evan Hunt	b123be9195	fix copyrights in checkds test	2012-07-06 14:24:24 -07:00
ckb	14d4dd1053	added cleanup of test files	2012-07-06 10:00:45 -05:00
ckb	c514f38c80	Conflicts: lib/dns/dst_parse.c lib/isc/win32/file.c	2012-07-05 16:07:31 -05:00
Tinderbox User	a3128c1995	update copyright notice	2012-06-29 23:45:57 +00:00
Tinderbox User	54f04323c0	update copyright notice	2012-06-29 01:49:43 +00:00
Mark Andrews	bf8267aa45	reverse bad copyright update	2012-06-29 11:39:47 +10:00
Tinderbox User	247bf37860	update copyright notice	2012-06-29 01:22:18 +00:00
Mark Andrews	66dddd906a	make the checkds system test dependent on the result of python discovery	2012-06-28 23:08:07 +10:00
Mark Andrews	1cefb9df3f	3344. [func] New "dnssec-checkds" command checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099]	2012-06-28 17:06:00 +10:00
Tinderbox User	da5d53fb14	update copyright notice	2012-06-26 23:45:56 +00:00
Mark Andrews	c41c261fc7	3342. [bug] Change #3314 broke saving of stub zones to disk resulting in excessive cpu usage in some cases. [RT #29952]	2012-06-27 09:21:09 +10:00
Mark Andrews	ad127d839d	3341. [func] New "dnssec-verify" command checks a signed zone to ensure correctness of signatures and of NSEC/NSEC3 chains. [RT #23673]	2012-06-25 13:57:32 +10:00
Tinderbox User	3b398443f0	update copyright notice	2012-06-21 23:46:36 +00:00

... 8 9 10 11 12 ...

2008 commits