upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25079 commits 18 branches 854 tags 440 MiB
Commit graph

2008 commits

Author SHA1 Message Date
Mark Andrews
486c763015 use grep rather than xmllint 2015-08-18 10:03:58 +10:00
Mark Andrews
bce42685ab add missing echo 2015-08-18 09:37:14 +10:00
Mark Andrews
55df11d4e1 use sed instead of count 2015-08-18 00:35:06 +10:00
Mark Andrews
5f7540f12f improve failure diagnostics 2015-08-17 17:42:58 +10:00
Mark Andrews
741c65c4d8 ignore leading zeros of revoked keyid 2015-08-17 17:10:46 +10:00
Mukund Sivaraman
984d2bb9e5 Fix assertion failure in parsing UNSPEC(103) RR from text (#40274) 2015-08-14 13:30:52 +05:30
Mukund Sivaraman
474921d733 Fix assertion failure in parsing NSAP records from text 2015-08-14 13:11:26 +05:30
Tinderbox User
ed91aca9e6 update copyright notice / whitespace 2015-08-12 23:45:25 +00:00
Mark Andrews
c631ff56bf Updated CHANGES note to include require-server-cookie: 
4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
 2015-08-13 08:26:23 +10:00
Mark Andrews
151f1bcd5e 4172. [bug] Named / named-checkconf didn't handle a view of CLASS0. 
[RT #40265]
 2015-08-12 19:06:00 +10:00
Evan Hunt
05b1684791 [master] fix an awk portability issue 2015-08-03 14:21:16 -07:00
Tinderbox User
f3cbd0e029 update copyright notice / whitespace 2015-08-02 23:45:22 +00:00
Evan Hunt
68116c5a5f [master] add +nocookie options where needed 2015-08-02 11:18:12 -07:00
Evan Hunt
a3b21effd7 [master] missing 'use' caused test failure 2015-07-21 13:49:54 -07:00
Evan Hunt
a32ca13d12 [master] statschannel test failed when only JSON was available 2015-07-20 19:09:22 -07:00
Evan Hunt
9501aa9d5a [master] portability 2015-07-20 19:01:29 -07:00
Tinderbox User
35af5049f8 update copyright notice / whitespace 2015-07-10 23:45:23 +00:00
Evan Hunt
b716b9cddc [master] add JSON and more XML tests 
4161.	[test]		Add JSON test for traffic size stats; also test
			for consistency between "rndc stats" and the XML
			and JSON statistics channel contents. [RT #38700]
 2015-07-09 21:18:42 -07:00
Tinderbox User
f16a6bfb6c update copyright notice / whitespace 2015-07-09 23:45:22 +00:00
Evan Hunt
1479200aa0 [master] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:53:39 -07:00
Tinderbox User
9ab5a7d83c update copyright notice / whitespace 2015-07-07 23:45:22 +00:00
Evan Hunt
70d987def5 [master] traffic size stats 
4156.	[func]		Added statistics counters to track the sizes
			of incoming queries and outgoing responses in
			histogram buckets, as specified in RSSAC002.
			[RT #39049]
 2015-07-06 22:29:06 -07:00
Mukund Sivaraman
33ca26968b Allow RPZ rewrite logging to be configured on a per-zone basis (#39754) 2015-07-06 08:57:51 +05:30
Mark Andrews
3e33f4198d 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]
 2015-07-06 12:52:37 +10:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the 
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
 2015-07-06 09:44:24 +10:00
Tinderbox User
337d408adb update copyright notice / whitespace 2015-06-29 23:45:23 +00:00
Mukund Sivaraman
08f0129732 Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 2015-06-29 18:33:18 +05:30
Mark Andrews
4a61eae651 4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 
was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]
 2015-06-29 15:48:41 +10:00
Witold Krecicki
f10a67dad2 Add statistics counters for nxdomain redirections. [RT #39790] 2015-06-25 09:21:50 +02:00
Tinderbox User
e0ba64bdd2 update copyright notice / whitespace 2015-06-23 23:45:21 +00:00
Mukund Sivaraman
0439bfedd9 Fix parsing of NZFs saved by rndc addzone with view specified (#39845) 2015-06-23 14:19:48 +05:30
Mukund Sivaraman
b4e114e3cd Print unsigned values for serial, etc. in rndc zonestatus output (#39854) 2015-06-23 13:57:33 +05:30
Witold Krecicki
af3770ed93 rndc reconfig reports configuration errors the same way rndc reload does [RT #39635] 2015-06-12 10:19:29 +02:00
Witold Krecicki
f85deb5154 log expired NTA at startup 2015-06-08 13:57:24 +02:00
Mark Andrews
8c74b6a9a1 use sed as tail -n +# is not portable 2015-05-30 11:05:57 +10:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00
Mark Andrews
52a487f71a link against ISC_OPENSSL_LIBS 2015-05-28 11:06:39 +10:00
Mark Andrews
598b502695 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]
 2015-05-27 15:25:45 +10:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Tinderbox User
b7b835bfb0 update copyright notice / whitespace 2015-05-24 23:45:24 +00:00
Mark Andrews
83622f9a4c link against libisc 2015-05-24 12:50:56 +10:00
Mark Andrews
cb9b145f39 don't include <isc/print.h> 2015-05-24 12:50:20 +10:00
Mark Andrews
936adc1282 link against libisc 2015-05-24 11:58:15 +10:00
Tinderbox User
d70dac20d2 update copyright notice / whitespace 2015-05-23 23:45:25 +00:00
Mark Andrews
2ac85d943b specfiy where libisc is 
(cherry picked from commit c907e7b512e88b641595d514790e2b41575f149e)
 2015-05-24 06:03:08 +10:00
Mark Andrews
e6e7de5cda link against ISCLIBS 2015-05-24 05:42:44 +10:00
Francis Dupont
850cfa4e86 Added isc in includes (print.h requires it) 2015-05-23 15:51:34 +02:00
Francis Dupont
3759f10fc5 added print.h includes, updated copyrights 2015-05-23 14:21:51 +02:00
Tinderbox User
46ee7c3260 update copyright notice / whitespace 2015-05-22 23:45:24 +00:00
Curtis Blackburn
717c2b9655 4125. [test] Added tests for dig, renamed delv test to digdelv. 
[RT #39490]
 2015-05-22 11:47:17 -07:00
Evan Hunt
c55a1da4fc [master] log parsing errors from default config or addzone/modzone 
4124.	[func]		Log errors or warnings encountered when parsing the
			internal default configuration.  Clarify the logging
			of errors and warnings encountered in rndc
			addzone or modzone parameters. [RT #39440]
 2015-05-21 23:04:29 -07:00
Tinderbox User
0dfc0745c4 update copyright notice / whitespace 2015-05-21 23:45:26 +00:00
Mukund Sivaraman
705cea35a8 Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 2015-05-21 11:10:49 +05:30
Evan Hunt
7e6cf6fc6e [master] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]
 2015-05-19 15:47:42 -07:00
Jeremy C. Reed
20914534e6 add a space after shell here-document name 
<<END> foo.out
  to
<<END > foo.out

to be consistent with shell style

discussed via jabber in bind9 room
 2015-05-19 13:22:36 -04:00
Mark Andrews
c7463967db 4119. [func] Allow dig to set the message opcode. [RT #39550] 2015-05-19 12:46:06 +10:00
Evan Hunt
d9aefcf5cb [master] there are now 98 automatic zones 2015-05-16 10:07:17 -07:00
Tinderbox User
9ae1588020 update copyright notice / whitespace 2015-05-08 23:45:24 +00:00
Mukund Sivaraman
b947e1a521 Fix a bug in RPZ that could cause unwanted recursion (#39229) 
Conflicts:
	doc/arm/notes.xml
 2015-05-07 08:29:36 +05:30
Tinderbox User
012142bbe0 update copyright notice / whitespace 2015-05-06 23:45:24 +00:00
Mark Andrews
fe76a64294 restore is_zone on return from redirect lookup [RT #37989b] 
(cherry picked from commit 1d405c1412b3a2e5aafb37ea55b332914246349e)
 2015-05-07 08:32:42 +10:00
Tinderbox User
4e92a74ec4 update copyright notice / whitespace 2015-05-05 23:45:24 +00:00
Evan Hunt
9e804040a2 [master] add "rndc -r" to print result code 
4115.	[func]		"rndc -r" now prints the result code (e.g.,
			ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
			running the requested command. [RT #38913]
 2015-05-05 16:39:09 -07:00
Evan Hunt
d4ed608e0c [master] Allow some tests to run partially if Net::DNS is unavailable 2015-05-05 08:33:09 -07:00
Mukund Sivaraman
8f25faf972 Fix a regression in radix tree implementation introduced by ECS code (#38983) 2015-05-05 13:11:23 +05:30
Tinderbox User
6376559cd3 update copyright notice / whitespace 2015-05-04 23:45:23 +00:00
Evan Hunt
dc877b38a0 [master] check for Net::DNS 
4113.	[test]		Check for Net::DNS is some system test
			prerequisites. [RT #39369]
 2015-05-04 12:51:38 -07:00
Evan Hunt
1c02dd9dd9 [master] fix root-delegation-only without exclude 
4112.	[bug]		Named failed to load when "root-delegation-only"
			was used without a list of domains to exclude.
			[RT #39380]
 2015-05-04 12:44:10 -07:00
Tinderbox User
b299727c2e update copyright notice / whitespace 2015-04-23 23:45:22 +00:00
Mark Andrews
c82b378115 4108. [func] A additional nxdomain redirect (nxdomain-redirect) 
method is now supported. [RT #37989]
 2015-04-23 16:57:15 +10:00
Tinderbox User
37873c28de update copyright notice / whitespace 2015-04-21 23:45:21 +00:00
Jeremy C. Reed
ae6b7bcd92 add some more files to cleanup after successful system test runs 2015-04-21 08:42:09 -04:00
Jeremy C. Reed
6c1e7a347f add gitignore file 2015-04-21 08:37:12 -04:00
Mark Andrews
f1a261ba2d 4104. [bug] Address uninitialized elements. [RT #39252] 2015-04-17 14:04:47 +10:00
Mark Andrews
e834b30f7c use awk for line count rather that wc -l which may space pad 2015-04-16 12:17:59 +10:00
Mark Andrews
c855e7170a 4100. [bug] Inherited owernames on the line immediately following 
a $INCLUDE were not working.  [RT #39268]
 2015-04-15 12:47:57 +10:00
Tinderbox User
a269ca51cc update copyright notice / whitespace 2015-04-14 23:45:21 +00:00
Mukund Sivaraman
ac31adc3b7 Add additional logging about xfrin transfer status (#39170) 2015-04-14 12:16:26 +05:30
Tinderbox User
1b0b6d7325 update copyright notice / whitespace 2015-04-07 23:45:23 +00:00
Evan Hunt
f28e5058c3 [master] dig can now learn the SIT value when retrying 
4093.	[func]		Dig now learns the SIT value from truncated
			responses when it retries over TCP. [RT #39047]
 2015-04-06 23:16:54 -07:00
Mark Andrews
febb020dce 4092. [bug] 'in-view' didn't work for zones beneath a empty zone. 
[RT #39173]
 2015-04-07 13:21:33 +10:00
Tinderbox User
6e61135f10 update copyright notice / whitespace 2015-03-27 23:45:21 +00:00
Mukund Sivaraman
f9f81abff0 Fix a crash while parsing malformed CAA RRs in presentation format (#39003) 2015-03-27 10:32:03 +05:30
Tinderbox User
811acf52b8 update copyright notice / whitespace 2015-03-04 23:45:21 +00:00
Mark Andrews
1b05d22789 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]
 2015-03-05 09:59:29 +11:00
Mark Andrews
012ce6857e use unique query names 2015-03-04 17:12:37 +11:00
Mark Andrews
2e0d8d74d7 handle daylight savings changes 2015-03-04 15:51:31 +11:00
Evan Hunt
7ae96d8823 [master] add "lock-file" and fix up singleton code 
4080.	[func]		Completed change #4022, adding a "lock-file" option
			to named.conf to override the default lock file,
			in addition to the "named -X <filename>" command
			line option.  Setting the lock file to "none"
			using either method disables the check completely.
			[RT #37908]
 2015-03-02 19:27:54 -08:00
Tinderbox User
3d787a1213 update copyright notice / whitespace 2015-03-02 23:45:21 +00:00
Mukund Sivaraman
10dd5f62f2 Add support for Valgrind's helgrind tool (#38706) 
Also fix one locking issue that helgrind found: Maintain stats->lock
while stats->reference is used.
 2015-03-02 13:42:20 +05:30
Tinderbox User
5e93bad21b update copyright notice / whitespace 2015-03-01 23:45:20 +00:00
Mark Andrews
0be58dd2da add $DESCRIPTION 2015-02-28 00:10:56 +11:00
Mark Andrews
0382684a06 add $DESCRIPTION 2015-02-28 00:09:25 +11:00
Mark Andrews
326b84f20e fix version tests 2015-02-27 17:01:25 +11:00
Mark Andrews
a8da00ef95 4079. [func] Preserve the case of the ownername of records to 
the RRset level. [RT #37442]
 2015-02-27 15:08:38 +11:00
Mark Andrews
be9720ae2c 4077. [test] Add static-stub regression test for DS NXDOMAIN 
return making the static stub disappear. [RT #38564]
 2015-02-27 12:46:45 +11:00
Tinderbox User
f159b7b5c7 update copyright notice / whitespace 2015-02-25 23:45:22 +00:00
Mukund Sivaraman
5a505fc4c2 Add facility to run system test nameds under Valgrind (#38546) 2015-02-25 09:06:45 +05:30
Evan Hunt
bfc11b9c65 [master] additional mkeys tests 
4065.	[test]		Additional RFC 5011 tests. [RT #38569]
 2015-02-23 21:07:26 -08:00
Mark Andrews
2b4860c4dc rt38571: handle Time::Piece not being supported by perl 2015-02-18 23:49:33 +11:00
Mark Andrews
82c6bce26a ignore dig's result when expecting 'connection timed out' 2015-02-12 13:44:30 +11:00
Tinderbox User
f6bc0a8608 update copyright notice / whitespace 2015-02-11 23:45:25 +00:00
Mark Andrews
2ff2145ff5 4061. [bug] Handle timeout in legacy system test. [RT #38573] 2015-02-11 16:53:39 +11:00
Tinderbox User
d481ce8bba update copyright notice / whitespace 2015-02-09 23:45:20 +00:00
Mark Andrews
dd06dbd512 add named.conf 2015-02-08 23:12:44 +11:00
Tinderbox User
8a1d7e8e8f update copyright notice / whitespace 2015-02-07 23:45:20 +00:00
Mark Andrews
e10d453eb4 add crypto prerequisite 2015-02-08 08:16:54 +11:00
Tinderbox User
29756974c5 update copyright notice / whitespace 2015-02-06 23:45:21 +00:00
Evan Hunt
29beab1340 [master] fix "initialize with revoked key" test, add missing newline 2015-02-05 23:53:36 -08:00
Mark Andrews
b1de3a999c use $PERL 2015-02-06 16:58:39 +11:00
Evan Hunt
591389c7d4 [master] 5011 tests and fixes 
4056.	[bug]		Expanded automatic testing of trust anchor
			management and fixed several small bugs including
			a memory leak and a possible loss of key state
			information. [RT #38458]

4055.	[func]		"rndc managed-keys" can be used to check status
			of trust anchors or to force keys to be refreshed,
			Also, the managed keys data file has easier-to-read
			comments.  [RT #38458]
 2015-02-05 17:18:15 -08:00
Tinderbox User
39f68d7b64 update copyright notice / whitespace 2015-01-21 23:45:24 +00:00
Evan Hunt
2817aa56ca [master] "rndc modzone" 
4043.	[func]		"rndc modzone" can be used to modify the
			configuration of an existing zone, using similar
			syntax to "rndc addzone". [RT #37895]
 2015-01-20 22:34:16 -08:00
Evan Hunt
ff62d4458a [master] allow shared TCP sockets when connecting 
4041.	[func]		TCP sockets can now be shared while connecting.
			(This will be used to enable client-side support
			of pipelined queries.) [RT #38231]
 2015-01-20 17:22:31 -08:00
Evan Hunt
761d135ed6 [master] add TCP pipelining support 
4040.	[func]		Added server-side support for pipelined TCP
			queries. TCP connections are no longer closed after
			the first query received from a client. (The new
			"keep-response-order" option allows clients to be
			specified for which the old behavior will still be
			used.) [RT #37821]
 2015-01-20 16:14:09 -08:00
Tinderbox User
c110d61b17 update copyright notice / whitespace 2015-01-20 23:45:26 +00:00
Mark Andrews
f8eb4e5bfd 4037. [bug] also-notify was ignoring the tsig key when checking 
for duplicates resulting in some expected notify
                        messages not being sent. [RT #38369]
 2015-01-20 16:42:56 +11:00
Tinderbox User
2dd6ffb5cb update copyright notice / whitespace 2015-01-12 23:45:21 +00:00
Mukund Sivaraman
a6f0e9c985 Add NTA persistence (#37087) 
4034.   [func]          When added, negative trust anchors (NTA) are now
                        saved to files (viewname.nta), in order to
                        persist across restarts of the named server.
                        [RT #37087]
 2015-01-12 09:07:48 +05:30
Tinderbox User
f0cbe180f0 update copyright notice / whitespace 2015-01-10 23:45:22 +00:00
Mark Andrews
7952156995 4032. [bug] Built-in "empty" zones did not correctly inherit the 
"allow-transfer" ACL from the options or view.
                        [RT #38310]
 2015-01-10 22:01:42 +11:00
Tinderbox User
63b0524b96 update copyright notice / whitespace 2015-01-08 23:45:22 +00:00
Mark Andrews
d1f1f13c7f 4031. [bug] named-checkconf -z failed to report a missing file 
with a hint zone. [RT #38294]
 2015-01-08 19:19:12 +11:00
Tinderbox User
b129f72d95 update copyright notice / whitespace 2015-01-07 23:45:22 +00:00
Evan Hunt
74eb2f5cbc [master] rndc showzone / rndc delzone of non-added zones 
4030.	[func]		"rndc delzone" is now applicable to zones that were
			configured in named.conf, as well as zones that
			were added via "rndc addzone". (Note, however, that
			if named.conf is not also modified, the deleted zone
			will return when named is reloaded.) [RT #37887]

4029.	[func]		"rndc showzone" displays the current configuration
			of a specified zone. [RT #37887]
 2015-01-06 22:57:57 -08:00
Mark Andrews
b0c18fffd3 4028. [bug] $GENERATE with a zero step was not being caught as a 
error.  A $GENERATE with a / but no step was not being
                        caught as a error. [RT #38262]
 2015-01-06 11:31:34 +11:00
Mark Andrews
511ec77fca 4027. [port] Net::DNS 0.81 compatibility. [RT #38165 2014-12-23 08:37:46 +11:00
Tinderbox User
84d939b211 update copyright notice / whitespace 2014-12-21 23:45:20 +00:00
Evan Hunt
5deda448e8 [master] fixes for singleton on hpux 
- hpux returns EADDRINUSE when listening on UDP sockets, so
  we need to check for that
- also need to ensure that subsidiary named processes are shut
  down in the runtime system test
 2014-12-20 00:31:54 -08:00
Evan Hunt
6963c6048f [master] still needed another -X 2014-12-19 16:57:24 -08:00
Evan Hunt
8249f11121 [master] add -X to lwresd 2014-12-18 22:52:44 -08:00
Mark Andrews
ae454ec746 update copyrights 2014-12-19 10:35:15 +11:00
Mukund Sivaraman
47d837a499 Make named a singleton process [RT#37908] 
Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/win32/libdns.def.in
	lib/isc/win32/file.c

The merge also needed to update files in legacy and tcp system tests
(newly introduced in master after branch was created) to introduce use
of lockfile.
 2014-12-18 12:31:25 +05:30
Evan Hunt
be7fba8019 [master] adjust max-recursion-queries 
4021.	[bug]		Adjust max-recursion-queries to accommodate
			the need for more queries when the cache is
			empty. [RT #38104]
 2014-12-15 22:28:06 -08:00
Mukund Sivaraman
d225dec89f Clean up after reclimit system test 2014-12-08 21:37:53 +05:30
Mark Andrews
39a5e136fb skip subtest if cryptography not compiled in 2014-12-06 00:48:52 +11:00
Mark Andrews
017aa9aef6 4019. [func] If named is not configured to validate the answer 
then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]
 2014-12-05 17:47:26 +11:00
Mark Andrews
12065c231e clean up intermediates 2014-12-05 08:28:15 +11:00
Mark Andrews
76b242bb77 pre-sign the zones 2014-12-05 07:28:29 +11:00
Tinderbox User
b9097be03b update copyright notice / whitespace 2014-12-03 23:45:24 +00:00
Mark Andrews
693d70f96f 4017. [testing] Add system test to check lookups to legacy servers 
with broken DNS behaviour. [RT #37965]
 2014-12-04 07:01:52 +11:00
Mark Andrews
ea3aa401bc 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]
 2014-12-03 11:34:07 +11:00
Tinderbox User
a3d2295829 update copyright notice / whitespace 2014-12-02 23:45:23 +00:00
Mark Andrews
6444de08d1 4014. [bug] When including a master file origin_changed was 
not being properly set leading to a potentially
                        spurious 'inherited owner' warning. [RT #37919]
 2014-12-03 09:42:30 +11:00
Evan Hunt
aafd2f2637 [master] remove obsolete 'relay' test 2014-12-02 13:57:35 -08:00
Francis Dupont
5c5c6d289d Add a TCP only option to server/peer 2014-12-02 14:17:59 +01:00
Tinderbox User
523ad879ce update copyright notice / whitespace 2014-11-24 23:53:16 +00:00
Mark Andrews
d040fa2f1c 4011. [bug] master's list port and dscp inheritance was not 
properly implemented. [RT #37792]
 2014-11-24 11:25:06 +11:00
Mark Andrews
7301df07cf extend the permissible number of queries to 25 from 24 2014-11-24 10:20:39 +11:00
Evan Hunt
92384667ff [master] delv +tcp 
4009.	[func]		delv: added a +tcp option. [RT #37855]
 2014-11-21 09:42:04 -08:00
Mark Andrews
d65fb496fb use perl not awk to do serial additions 2014-11-21 18:08:04 +11:00
Tinderbox User
5d35f07318 update copyright notice / whitespace 2014-11-20 23:45:24 +00:00
Evan Hunt
05e448935c [master] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.
 2014-11-19 18:21:02 -08:00
Tinderbox User
4ccffa13aa update copyright notice / whitespace 2014-11-19 23:45:22 +00:00
Mukund Sivaraman
077350a407 Add .gitignore 2014-11-19 15:03:01 +05:30
Evan Hunt
c4f54e5bd1 [master] add max-recursion-queries 
also fixes and documentation for max-recursion-depth
 2014-11-18 22:02:02 -08:00
Mark Andrews
f9ee67d9ce %zu is not universally available 2014-11-19 12:10:06 +11:00
Tinderbox User
e208712faa update copyright notice / whitespace 2014-11-18 23:45:22 +00:00
Evan Hunt
3230429e17 [master] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:24:44 -08:00
Tinderbox User
11dc1b1508 update copyright notice 2014-11-17 23:45:20 +00:00
Evan Hunt
0ada3802ea [master] awk portability fix 2014-11-17 12:22:18 -08:00
Evan Hunt
a0b4f6d952 [master] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:43:22 -08:00
Evan Hunt
e32d354f75 [master] allow arbitrary-size rndc output 
4005.	[func]		The buffer used for returning text from rndc
			commands is now dynamically resizable, allowing
			arbitrarily large amounts of text to be sent back
			to the client. (Prior to this change, it was
			possible for the output of "rndc tsig-list" to be
			truncated.) [RT #37731]
 2014-11-14 15:58:54 -08:00
Mukund Sivaraman
16c86a4980 Update .gitgnore files (ISC-Bugs #37773) 2014-11-11 11:47:02 +05:30
Tinderbox User
6d0a639bd0 update copyright notice 2014-11-06 23:45:21 +00:00
Evan Hunt
3cc8c7d630 [master] fix nxrrset in nxdomain redirection 
4000.	[bug]		NXDOMAIN redirection incorrectly handled NXRRSET
			from the redirect zone. [RT #37722]
 2014-11-04 23:49:56 -08:00
Evan Hunt
ce96d4326c [master] new mkeys and nzf naming format 
3999.	[func]		"mkeys" and "nzf" files are now named after
			their corresponding views, unless the view name
			contains characters that would be incompatible
			with use in a filename (i.e., slash, backslash,
			or capital letters). If a view name does contain
			these characters, the files will still be named
			using a cryptographic hash of the view name.
			Regardless of this, if a file using the old name
			format is found to exist, it will continue to be
			used. [RT #37704]
 2014-11-04 19:43:27 -08:00
Mark Andrews
1feee79e1f 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:39 +11:00
Tinderbox User
12b386e1a6 update copyright notice 2014-10-30 23:45:21 +00:00
Mark Andrews
0f5144163c 3993. [func] Dig now supports EDNS negotiation by default. 
(dig +[no]ednsnegotiation). [RT #37604]
 2014-10-30 23:13:12 +11:00
Mark Andrews
00fb0253c9 3991. [func] Add the ability to buffer logging output by specifying 
"buffered yes;" when defining a channel. [RT #26561]
 2014-10-30 11:37:05 +11:00
Mark Andrews
a5c7cfbac4 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]
 2014-10-30 11:05:26 +11:00
Tinderbox User
6932de75ef update copyright notice 2014-10-21 23:45:24 +00:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Evan Hunt
498b061031 [master] allow 1-week nta-lifetime/nta-recheck 
3983.	[bug]		Change #3940 was incomplete: negative trust anchors
			could be set to last up to a week, but the
			"nta-lifetime" and "nta-recheck" options were
			still limted to one day. [RT #37522]
 2014-10-20 13:40:17 -07:00
Evan Hunt
7cf2122e0d [master] change 3977 altered expected linecount from secroots 2014-10-18 16:50:32 -07:00
Mark Andrews
72775a79fe 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]
 2014-10-18 13:09:09 +11:00
Mark Andrews
44ef2206d7 allow for the set of ttls to be empty 2014-10-16 14:46:44 +11:00
Mark Andrews
d9aaf7acce make test more robust in the face of server failures 2014-10-16 12:34:12 +11:00
Evan Hunt
1cbc394e7c [master] add redirect zone to checkconf -z test 2014-10-09 18:30:34 -07:00
Evan Hunt
ca0ee90361 [master] turn off servfail cache in masterformat test 2014-10-09 09:30:46 -07:00
Mark Andrews
c81d56c03e 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]
 2014-10-05 08:29:34 +11:00
Mark Andrews
39fb5f2a5d verifying inline zones work with views requires crypto to be configured 2014-10-04 18:06:04 +10:00
Evan Hunt
12002ea49e [master] add delv system test 
3969.	[test]		Added 'delv' system test. [RT #36901]
 2014-10-02 22:37:20 -07:00
Tinderbox User
7a3f584cfc update copyright notice 2014-10-02 23:45:25 +00:00
Mark Andrews
b24061719c 3967. [test] Add test for inlined signed zone in multiple views 
with different DNSKEY sets. [RT #35759]
 2014-10-03 07:59:44 +10:00
Mark Andrews
a837c939c4 SIG(0) update forwarding testing requires crypto be configured 2014-10-02 11:07:01 +10:00
Mark Andrews
ed1c845c1d 3964. [func] nsupdate now performs check-names processing. 
[RT #36266]
 2014-10-02 09:35:43 +10:00
Evan Hunt
7b04216015 [master] improve dlzexternal test 
3963.	[test]		Added NXRRSET test cases to the "dlzexternal"
			system test. [RT #37344]
 2014-09-30 17:08:12 -07:00
Tinderbox User
be484acb22 update copyright notice 2014-09-30 23:45:22 +00:00
Mark Andrews
ffeaac1d82 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]
 2014-10-01 07:24:16 +10:00
Mark Andrews
c83b91fb63 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] 2014-10-01 07:06:20 +10:00
Tinderbox User
2fb35a6d59 update copyright notice 2014-09-29 23:45:24 +00:00
Mark Andrews
4bc581ca31 use RANDFILE rather than /dev/urandom 2014-09-29 23:39:07 +10:00
Mark Andrews
1c5990c2f9 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]
 2014-09-29 12:10:10 +10:00
Mark Andrews
80169c379d 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]
 2014-09-29 10:18:54 +10:00
Mark Andrews
10c12aa549 3956. [func] Notify messages are now rate limited by notify-rate and 
startup-notify-rate instead of serial-query-rate.
                        [RT #24454]

3955.   [bug]           Notify messages due to changes are no longer queued
                        behind startup notify messages. [RT #24454]
 2014-09-29 10:01:08 +10:00
Mark Andrews
9a36fb86f5 3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159] 2014-09-27 12:14:20 +10:00
Mark Andrews
27cd03a21c use more portable awk 2014-09-19 15:00:18 +10:00
Mark Andrews
06e28e50bd give the nameserver a little longer to response 2014-09-18 10:06:48 +10:00
Mark Andrews
1a5f84d56a UNTESTED -> SKIPPED 2014-09-16 23:49:52 +10:00
Mark Andrews
3867312e4c 3951. [func] Add the ability to set yet-to-be-defined EDNS flags 
to dig (+ednsflags=#). [RT #37142]
 2014-09-13 19:13:59 +10:00
Tinderbox User
2c69f767d6 update copyright notice 2014-09-10 23:45:21 +00:00
Mark Andrews
947cf282a7 3949. [experimental] Experimental support for draft-andrews-edns1 by sending 
EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
                        building).  Add support for limiting the EDNS version
                        advertised to servers: server { edns-version 0; };
                        Log the EDNS version received in the query log.
                        [RT #35864]
 2014-09-10 15:31:40 +10:00
Mark Andrews
5c420ccc29 drop 'I:send many simultaneous updates via a update forwarder' test until re-written using perl 2014-09-07 22:08:45 +10:00
Mark Andrews
76a17033db also fix the expected count 2014-09-07 20:24:59 +10:00
Mark Andrews
48179343c2 reduce number of nsupdates being simultaeously forked 2014-09-07 20:24:14 +10:00
Mark Andrews
8aa098c633 update copyrights 2014-09-06 09:38:48 +10:00
Evan Hunt
c9e976dc43 [master] [rt37057] server-id tests 
3944.	[test]		Added a regression test for "server-id". [RT #37057]
 2014-09-04 18:18:36 -07:00
Tinderbox User
948c80ffa8 update copyright notice 2014-09-04 23:45:24 +00:00
Evan Hunt
a878301981 [master] servfail cache 
3943.	[func]		SERVFAIL responses can now be cached for a
			limited time (configured by "servfail-ttl",
			default 10 seconds, limit 30). This can reduce
			the frequency of retries when an authoritative
			server is known to be failing, e.g., due to
			ongoing DNSSEC validation problems. [RT #21347]
 2014-09-03 23:28:14 -07:00
Mark Andrews
fec7998314 3942. [bug] Wildcard responses from a optout range should be 
marked as insecure. [RT #37072]
 2014-09-04 13:57:50 +10:00
Evan Hunt
c3d0221104 [master] oops, nta lifetime change broke dnssec test 2014-09-03 20:51:32 -07:00
Evan Hunt
3d066288ad [master] [rt37069] update NTA limit to a week 
3940.	[func]		"rndc nta" now allows negative trust anchors to be
			set for up to one week. [RT #37069]
 2014-09-03 19:00:03 -07:00
Mark Andrews
74717eef53 3939. [func] Improve UPDATE forwarding performance by allowing TCP 
connections to be shared. [RT #37039]
 2014-09-04 10:37:45 +10:00
Mark Andrews
1a63fb1d14 update copyrights 2014-08-30 12:27:49 +10:00
Tinderbox User
3278ff814d update copyright notice 2014-08-29 23:45:22 +00:00
Evan Hunt
d46855caed [master] ECS authoritative support 
3936.	[func]		Added authoritative support for the EDNS Client
			Subnet (ECS) option.

			ACLs can now include "ecs" elements which specify
			an address or network prefix; if an ECS option is
			included in a DNS query, then the address encoded
			in the option will be matched against "ecs" ACL
			elements.

			Also, if an ECS address is included in a query,
			then it will be used instead of the client source
			address when matching "geoip" ACL elements.  This
			behavior can be overridden with "geoip-use-ecs no;".

			When "ecs" or "geoip" ACL elements are used to
			select a view for a query, the response will include
			an ECS option to indicate which client network the
			answer is valid for.

			(Thanks to Vincent Bernat.) [RT #36781]
 2014-08-28 22:05:57 -07:00
Evan Hunt
180319f572 [master] fix geoip asnum matching 
3935.	[bug]		"geoip asnum" ACL elements would not match unless
			the full organization name was specified.  They
			can now match against the AS number alone (e.g.,
			AS1234). [RT #36945]
 2014-08-28 21:40:32 -07:00
Mark Andrews
7c73ac5e13 3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve 
sit-secrets documentation. [RT #36980]
 2014-08-29 14:35:21 +10:00
Evan Hunt
0c2313eb36 [master] fixes to checkconf test, HIP casecompare 
3933.	[bug]		Corrected the implementation of dns_rdata_casecompare()
			for the HIP rdata type.  [RT #36911]

3932.	[test]		Improved named-checkconf tests. [RT #36911]
 2014-08-27 21:36:13 -07:00
Evan Hunt
74745c760c [master] "rndc nta -r" could hang 
3930.	[bug]		"rndc nta -r" could cause a server hang if the
			NTA was not found. [RT #36909]
 2014-08-25 18:01:26 -07:00
Tinderbox User
fea81a5e0e update copyright notice 2014-08-22 23:45:27 +00:00
Evan Hunt
087b3e8d90 [master] add to rndc test 
3928.	[test]		Improve rndc system test. [RT #36898]
 2014-08-22 16:41:57 -07:00
Mark Andrews
840d6a4614 3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917 2014-08-22 16:32:19 +10:00
Mark Andrews
cef76ee5bd 3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833] 2014-08-22 15:45:40 +10:00
Tinderbox User
5165c59007 update copyright notice 2014-08-21 23:45:22 +00:00
Mark Andrews
f5695ad0e1 3917. [bug] dig, nslookup and host now continue on names that are 
too long after applying a search list elements.
                        [RT #36892]
 2014-08-21 18:05:55 +10:00
Tinderbox User
aebd0e85bf update copyright notice 2014-08-15 23:45:20 +00:00
Jeremy C. Reed
821350367e fix typos or misspellings 2014-08-15 10:35:31 -05:00
Tinderbox User
cd14665cdf update copyright notice 2014-08-07 23:45:19 +00:00
Evan Hunt
cfe32752a6 [master] [36737] allow zero-length URI and CAA fields 
3914.	[bug]		Allow the URI target and CAA value fields to
			be zero length. [RT #36737]
 2014-08-06 17:40:42 -07:00
Tinderbox User
1e7501fe07 update copyright notice 2014-08-06 23:45:23 +00:00
Mark Andrews
43b9737b11 3911. [func] Implement EDNS EXPIRE option client side. [RT #35925] 2014-08-06 11:50:40 +10:00
Tinderbox User
79bb509936 update copyright notice 2014-08-02 23:45:21 +00:00
Mark Andrews
c38341ec43 3908. [bug] rndc now differentiates between a zone in multiple 
views and a zone that doesn't exist at all. [RT #36691]
 2014-08-02 14:43:26 +10:00
Mark Andrews
f2a91da02e adjust range 2014-07-31 20:32:50 +10:00
Tinderbox User
d1b499c827 update copyright notice 2014-07-29 23:45:20 +00:00
Evan Hunt
2383eb5272 [master] add CAA rdata support 
3056.	[protocol]	Added support for CAA record type (RFC 6844).
			[RT #36625]
 2014-07-29 08:40:35 -07:00
Mark Andrews
275a8affe7 3899. [bug] "request-ixfr" is only applicable to slave and redirect 
zones. [RT #36608]
 2014-07-25 14:23:14 +10:00
Mark Andrews
ac5ed74860 3897. [bug] RPZ summary information was not properly being updated 
after a AXFR resulting in changes sometimes being
                        ignored.  [RT #35885]
 2014-07-22 10:57:58 +10:00
Mark Andrews
39cad8fb7d update copyrights 2014-07-08 12:40:40 +10:00
Mark Andrews
fce704e751 rename dnssec/ns7/split-rrsig.in 2014-07-08 11:12:32 +10:00
Mark Andrews
3c13af3759 3892. [bug] Setting '-t aaaa' in .digrc had unintended side 
effects. [RT #36452]
 2014-07-08 02:00:28 +10:00
Mark Andrews
63e1ac1e09 3890. [bug] RRSIG sets that were not loaded in a single transaction 
at start up where not being correctly added to
                        re-signing heaps.  [RT #36302]
 2014-07-07 12:05:01 +10:00
Mark Andrews
6f6b7781d5 save the output of rndc nta so that it can be analysed if there is a failure; more cleanups 2014-06-30 11:41:09 +10:00
Mark Andrews
62275d5306 make test for nsec3param more robust 2014-06-27 15:50:51 +10:00
Mark Andrews
b05ef7092f update nta failure messages 2014-06-27 11:53:39 +10:00
Mark Andrews
284f6435c2 adjust NTA test timing windows to support slower machines; self tune sleeps bases of actual elapsed time; 2014-06-26 13:37:50 +10:00
Tinderbox User
9f8df2d75c update copyright notice 2014-06-25 23:45:21 +00:00
Mark Andrews
7205cd2db7 cleanup nsupdate.out 2014-06-25 16:16:34 +10:00
Mark Andrews
eca15167ac dump unexpected update failures 2014-06-25 16:12:25 +10:00
Mark Andrews
33399d6a14 3888. [func] 'rndc status' now reports the number of automatic 
zones. [RT #36015]
 2014-06-25 13:17:03 +10:00
Mark Andrews
70ee770c69 Net::DNS 0.78 should work when it is released as it contains: 
Fix rt.cpan.org #96439

		Uninitialised decoding object when printing packet
 2014-06-25 01:01:50 +10:00
Mark Andrews
1c95f67232 use $PERL 2014-06-24 13:50:14 +10:00
Tinderbox User
5a31767b09 update copyright notice 2014-06-19 23:45:23 +00:00
Evan Hunt
cac2181160 [master] CDS/CDNSKEY rrtypes 
3884.	[protocol]	Add CDS and CDNSKEY record types. [RT #36333]
 2014-06-19 00:35:11 -07:00
Evan Hunt
b8a9632333 [master] complete NTA work 
3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]
 2014-06-18 16:50:38 -07:00
Tinderbox User
636aadbfe4 update copyright notice 2014-06-17 23:45:20 +00:00
Evan Hunt
a4e76a630e [master] update gitignore files; use rev-parse to get srcid 2014-06-17 13:49:30 -07:00
Mark Andrews
a0d411c05f 3880. [test] Update ans.pl to work with new TSIG support in 
Net::DNS; add additional Net::DNS version prerequisite
                        checks. [RT #36327]
 2014-06-17 10:35:46 +10:00
Evan Hunt
56510cd031 [master] null terminate strings for coverity 2014-06-16 15:30:11 -07:00
Mark Andrews
48789995c1 use $NSUPDATE 2014-06-15 18:35:19 +10:00
Mark Andrews
f9e47cfe4f Net::DNS 0.76 broke the handling of some packets 2014-06-14 10:11:06 +10:00
Mark Andrews
1881aea774 fix test to see if $PERL is set 
(cherry picked from commit 44f0f310d41acc5c772d38353fe35ddacb3fee80)
 2014-06-13 11:47:23 +10:00
Mark Andrews
d4a98c0fb7 die if $Net::DNS::VERSION >= 0.73 2014-06-13 11:25:32 +10:00
Evan Hunt
fb710168ef [master] use correct shared library suffix 2014-06-12 17:06:23 -07:00
Tinderbox User
4ded8003e3 update copyright notice 2014-06-12 23:45:22 +00:00
Evan Hunt
06e0d6bb12 [master] address rpz bugs 
3877.	[bug]		Inserting and deleting parent and child nodes
			in response policy zones could trigger an assertion
			failure. [RT #36272]
 2014-06-11 20:00:19 -07:00
Mark Andrews
9c2cf9e201 update copyrights 2014-06-11 10:28:09 +10:00
Evan Hunt
8d8f9f7f86 [master] suppress unnecessary db lookups in DLZ redirect zones 
3876.	[bug]		Improve efficiency of DLZ redirect zones by
			suppressing unnecessary database lookups. [RT #35835]
 2014-06-10 16:25:26 -07:00
Mark Andrews
20dec973da 4. [test] Check that only "check-names master" is needed for 
updates to be accepted.
 2014-06-10 13:48:57 +10:00
Mark Andrews
32a1fd3dd2 update spf check 2014-06-10 12:28:33 +10:00
Mark Andrews
3b187cad7a 3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210] 2014-06-10 09:32:43 +10:00
Mukund Sivaraman
79d27f505a [35063] Don't publish an activated key automatically before its publish time 2014-06-04 14:31:42 +05:30
Mark Andrews
ab6fd5e892 initialise matches 2014-06-02 13:53:59 +10:00
Mark Andrews
5360986092 set max 2014-06-02 13:42:58 +10:00
Mark Andrews
3a26e75e3c accept a range of stats values 2014-06-02 08:15:47 +10:00
Evan Hunt
0cfb247368 [master] rndc nta 
3867.	[func]		"rndc nta" can now be used to set a temporary
			negative trust anchor, which disables DNSSEC
			validation below a specified name for a specified
			period of time (not exceeding 24 hours).  This
			can be used when validation for a domain is known
			to be failing due to a configuration error on
			the part of the domain owner rather than a
			spoofing attack. [RT #29358]
 2014-05-29 22:22:53 -07:00
Mark Andrews
536da846f6 update copyrights 2014-05-30 09:41:33 +10:00
Mark Andrews
44b0e0b1d5 More changes for: 
3864.   [bug]           RPZ didn't work well when being used as forwarder.
                        [RT #36060]
 2014-05-30 08:41:27 +10:00
Mark Andrews
3d75189141 3864. [bug] RPZ didn't work well when being used as forwarder. 
[RT #36060]
 2014-05-29 17:02:10 +10:00
Mark Andrews
4694229f60 make a explict edns query so this subtest is independent of other tests 2014-05-29 10:46:44 +10:00
Mark Andrews
800d25b848 3863. [bug] The "E" flag was missing from the query log as a 
unintended side effect of code rearrangement to
                        support EDNS EXPIRE. [RT #36117]
 2014-05-29 08:04:55 +10:00
Tinderbox User
284d5252c1 update copyright notice 2014-05-15 23:45:22 +00:00
Mark Andrews
01f881c1c5 3849. [bug] Disabling forwarding could trigger a REQUIRE assertion. 
[RT #35979]
 2014-05-15 16:54:32 +10:00
Mark Andrews
69530009f1 use portable awk 2014-05-15 00:34:17 +10:00
Mark Andrews
05816676bb 3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP 
ixfr query. [RT #35980]
 2014-05-14 09:59:02 +10:00
Mark Andrews
733898cffe use sub second sleeps for prefetch disabled test 2014-05-09 15:00:36 +10:00
Mark Andrews
151759e7b7 address suspected race in system test for 'named -L' 2014-05-08 11:10:04 +10:00
Tinderbox User
c381ccf794 update copyright notice 2014-05-07 23:45:21 +00:00
Evan Hunt
60988462e5 [master] use posix-compatible shell in system tests 
3839.	[test]		Use only posix-compatible shell in system tests.
			[RT #35625]
 2014-05-06 22:06:04 -07:00
Mark Andrews
b36fc8294e 3837. [security] A NULL pointer is passed to query_prefetch resulting 
a REQUIRE assertion failure when a fetch is actually
                        initiated.  [ RT #35899]

Squashed commit of the following:

commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00
Author: Mukund Sivaraman <muks@isc.org>
Date:   Sun May 4 22:34:34 2014 +0530

    Fix a comment

commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03
Author: Mark Andrews <marka@isc.org>
Date:   Sun May 4 23:34:25 2014 +1000

    pass the correct name to query_prefetch
 2014-05-05 10:12:12 +10:00
Evan Hunt
c0c4512020 [master] fixed geoip elements in named ACLs 
3835.	[bug]		Geoip ACL elements didn't work correctly when
                        referenced via named or nested ACLs. [RT #35879]
 2014-04-30 20:21:56 -07:00
Mark Andrews
f09f1bf18e fix filter-aaaa system test to work when crypto is disabled 2014-05-01 12:28:50 +10:00
Mark Andrews
5b56f2e3cc zero pad date and month fields 2014-05-01 11:41:32 +10:00
Mark Andrews
c2abd6efeb update copyrights 2014-05-01 10:00:00 +10:00
Mark Andrews
96f07724d6 use SKIPPED exit code (255) 2014-05-01 00:33:11 +10:00
Mark Andrews
0172c9fc2c use +nottlid 2014-04-30 15:53:37 +10:00
Evan Hunt
44613d4d86 [master] named -L option for default logfile 
3832.	[func]		"named -L <filename>" causes named to send log
			messages to the specified file by default instead
			of to the system log. (Thanks to Tony Finch.)
			[RT #35845]
 2014-04-29 17:17:03 -07:00
Tinderbox User
f6ea2b1d09 update copyright notice 2014-04-29 23:45:21 +00:00
Evan Hunt
b4ba66ba1e [master] "dnssec-signzone -N date" 
3827.	[func]		"dnssec-signzone -N date" updates serial number
			to the current date in YYYYMMDDNN format.
			[RT #35800]
 2014-04-29 16:29:20 -07:00
Mark Andrews
e54767a3c9 change exit code 2014-04-29 22:57:15 +10:00
Mark Andrews
1a158ef6ee fix testsock6.pl 
(cherry picked from commit 660195a82c)
 2014-04-29 19:15:55 +10:00
Evan Hunt
54267016bc [master] add geoip and filter-aaaa to SUBDIRS 2014-04-28 22:41:13 -07:00
Tinderbox User
06081a0d61 update copyright notice 2014-04-25 23:45:21 +00:00
Evan Hunt
aefb3e308b [master] better DDNS in DLZ; mysqldyn 
3821.	[contrib]	Added a new "mysqldyn" DLZ module with dynamic
			update and transaction support. Thanks to Marty
			Lee for the contribution. [RT #35656]

3820.	[func]		The DLZ API doesn't pass the database version to
			the lookup() function; this can cause DLZ modules
			that allow dynamic updates to mishandle prerequisite
			checks. This has been corrected by adding a
			'dbversion' field to the dns_clientinfo_t
			structure. [RT #35656]
 2014-04-25 13:06:30 -07:00
Mark Andrews
36e5ac0033 3819. [bug] NSEC3 hashes need to be able to be entered and 
displayed without padding.  This is not a issue for
                        currently defined algorithms but may be for future
                        hash algorithms. [RT #27925]
 2014-04-24 18:58:03 +10:00
Evan Hunt
2ae159b376 [master] globally rename "delve" to "delv" 
3817.	[func]		The "delve" command is now spelled "delv" to avoid
			a namespace collision with the Xapian project.
			[RT #35801]
 2014-04-23 11:14:12 -07:00
Tinderbox User
953189d30e update copyright notice 2014-04-22 23:45:19 +00:00
Evan Hunt
ec3b216506 [master] masterfile-style 
3814.	[func]		The "masterfile-style" zone option controls the
			formatting of dumped zone files. Options are
			"relative" (multiline format) and "full" (one
			record per line). The default is "relative".
			[RT #20798]
 2014-04-17 17:10:29 -07:00
Evan Hunt
7318bbc262 [master] serial-update-method date; 
3811.	[func]		"serial-update-method date;" sets serial number
			on dynamic update to today's date in YYYYMMDDNN
			format. (Thanks to Bradley Forschinger.) [RT #24903]
 2014-04-17 16:05:50 -07:00
Evan Hunt
92fe6db3e4 [master] use test -r in system tests 
3806.	[test]		Improved system test portability. [RT #35625]
 2014-04-09 20:29:52 -07:00
Evan Hunt
baad8d9fd8 [master] allow null "file" for DLZ or alternate db zones 
3803.	[bug]		"named-checkconf -z" incorrectly rejected zones
			using alternate data sources for not having a "file"
			option. [RT #35685]
 2014-04-07 13:29:56 -07:00
Mark Andrews
5b60bde47b use perl 2014-04-07 21:53:47 +10:00
Mark Andrews
a4941d6b5e update check the correct resigning time is reported in zonestatus test to be more portable 2014-04-07 11:50:50 +10:00
Mark Andrews
0dfd942409 3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing 
time. [RT #35659]
 2014-04-04 11:33:49 +11:00
Tinderbox User
180d8b0eec update copyright notice 2014-03-30 23:46:03 +00:00
Mukund Sivaraman
ef9334d745 3795. [bug] Make named-checkconf detect raw masterfiles for 
hint zones and reject them. [RT #35268]

Squashed commit of the following:

commit 5b0254711d6b77940d6217b9131b9d401df8a866
Author: Mukund Sivaraman <muks@isc.org>
Date:   Fri Mar 28 02:09:01 2014 +0530

    Remove redundant helper function

commit a4341c1a2ba830c8cee1def57a533f987f67c3dc
Author: Mark Andrews <marka@isc.org>
Date:   Thu Jan 30 10:08:17 2014 +1100

    error out if masterfile-format raw is specified for a hint zone.
 2014-03-31 04:55:37 +05:30
Evan Hunt
22e29471c7 [master] check allow-update in view/options 
3787.	[bug]		The code that checks whether "auto-dnssec" is
			allowed was ignoring "allow-update" ACLs set at
			the options or view level. [RT #29536]
 2014-03-12 21:36:01 -07:00
Mark Andrews
6f49db82ab calling $TSIGKEYGEN doesn't work with libtool. 2014-03-13 15:11:46 +11:00
Tinderbox User
0add14467b update copyright notice 2014-03-12 23:46:05 +00:00
Evan Hunt
89740699cd [master] fixed 'fixed' 
3784.	[bug]		Using "rrset-order fixed" when it had not been
			enabled at compile time caused inconsistent
			results. It now works as documented, defaulting
			to cyclic mode. [RT #28104]
 2014-03-12 08:45:44 -07:00
Evan Hunt
46bc64f4b1 [master] tsig-keygen 
3783.	[func]		"tsig-keygen" is now available as an alternate
			command name for "ddns-confgen".  It generates
			a TSIG key in named.conf format without comments.
			[RT #35503]
 2014-03-12 08:29:15 -07:00
Mark Andrews
bab2bf7dfd expr length arg is not portable 2014-03-12 13:59:41 +11:00
Evan Hunt
62258ada48 [master] auto-generate salt 
3781.	[func]		Specifying "auto" as the salt when using
			"rndc signing -nsec3param" causes named to
			generate a 64-bit salt at random. [RT #35322]
 2014-03-11 08:46:58 -07:00
Evan Hunt
7b46a4aa41 [master] fix negative numbers in $GENERATE 
3780.	[bug]		$GENERATE handled negative numbers incorrectly.
			[RT #25528]
 2014-03-10 11:55:32 -07:00
Tinderbox User
e9c7fe450e update copyright notice 2014-03-06 23:46:08 +00:00
Evan Hunt
741dfd3ccd [master] tests directory cleanup 2014-03-06 11:11:27 -08:00
Tinderbox User
8ab8cd1fa6 update copyright notice 2014-03-01 23:46:15 +00:00
Evan Hunt
ec88c1fdff [master] capture stderr in systests.output 
- also tidied up runall.sh summary output
 2014-02-28 21:59:28 -08:00
Evan Hunt
98922b2b2b [master] merge several interdependent fixes 
3760.   [bug]           Improve SIT with native PKCS#11 and on Windows.
			[RT #35433]

3759.   [port]          Enable delve on Windows. [RT #35441]

3758.   [port]          Enable export library APIs on windows. [RT #35382]
 2014-02-26 19:00:05 -08:00
Evan Hunt
061f61dd3b [master] add files omitted from coverage test 2014-02-26 08:54:21 -08:00
Evan Hunt
3a01ded15d [master] enable windows python tools 
3757.	[port]		Enable Python tools (dnssec-coverage,
			dnssec-checkds) to run on Windows. [RT #34355]
 2014-02-26 08:43:50 -08:00
Mark Andrews
cc00679829 wait for zone to transfer 2014-02-23 14:06:15 +11:00
Evan Hunt
999926955b [master] fix test error 2014-02-21 08:05:40 -08:00
Tinderbox User
20a96edbf9 update copyright notice 2014-02-20 23:46:35 +00:00
Mark Andrews
caac342072 add @ISC_OPENSSL_LIBS@ 2014-02-21 00:35:22 +11:00
Mark Andrews
16134801ce 3750. [experimental] Partially implement EDNS EXPIRE option as described 
in draft-andrews-dnsext-expire-00.  Retrivial of
                        remaining time to expiry from slave zones is supported.

                        EXPIRE uses an experimental option code (65002) and
                        is subject to change. [RT #35416]
 2014-02-20 14:56:20 +11:00
Mark Andrews
86a85a3bbd don't error on rpz percentage checks as they fail inconsistently on virtual machines 2014-02-20 12:22:14 +11:00
Mark Andrews
e676a59686 update copyrights 2014-02-20 10:53:11 +11:00
Mark Andrews
7e2e41df67 3748. [func] Use delve to test dns_client interfaces. [RT #35383] 2014-02-19 19:33:21 +11:00
Evan Hunt
35f6a21f5f [master] max-zone-ttl 
3746.	[func]		New "max-zone-ttl" option enforces maximum
			TTLs for zones. If loading a zone containing a
			higher TTL, the load fails. DDNS updates with
			higher TTLs are accepted but the TTL is truncated.
			(Note: Currently supported for master zones only;
			inline-signing slaves will be added.) [RT #38405]
 2014-02-18 23:26:50 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Tinderbox User
3fd910dec5 update copyright notice 2014-02-17 23:46:29 +00:00
Evan Hunt
5efcb3a3e2 [master] fix test errors 
- require 5.006_001
- cut off the least significant figures of rrsig dates before
  comparison to avoid integer overflow
 2014-02-17 08:40:02 -08:00
Evan Hunt
7ba88e2a95 [master] fix dnssec test errors 2014-02-16 14:14:56 -08:00
Evan Hunt
72fd845d5a [master] remove accidentally committed changes 2014-02-16 13:59:19 -08:00
Evan Hunt
792915beb0 [master] fix accidental dig breakage 2014-02-16 13:42:42 -08:00
Evan Hunt
dbb012765c [master] merge libiscpk11 to libisc 
3735.	[cleanup]	Merged the libiscpk11 library into libisc
			to simplify dependencies. [RT #35205]
 2014-02-11 21:20:28 -08:00