upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 19:41:04 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25079 commits 18 branches 854 tags 440 MiB
Commit graph

2008 commits

Author SHA1 Message Date
Evan Hunt
c55a1da4fc [master] log parsing errors from default config or addzone/modzone 
4124.	[func]		Log errors or warnings encountered when parsing the
			internal default configuration.  Clarify the logging
			of errors and warnings encountered in rndc
			addzone or modzone parameters. [RT #39440]
 2015-05-21 23:04:29 -07:00
Tinderbox User
0dfc0745c4 update copyright notice / whitespace 2015-05-21 23:45:26 +00:00
Mukund Sivaraman
705cea35a8 Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 2015-05-21 11:10:49 +05:30
Evan Hunt
7e6cf6fc6e [master] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]
 2015-05-19 15:47:42 -07:00
Jeremy C. Reed
20914534e6 add a space after shell here-document name 
<<END> foo.out
  to
<<END > foo.out

to be consistent with shell style

discussed via jabber in bind9 room
 2015-05-19 13:22:36 -04:00
Mark Andrews
c7463967db 4119. [func] Allow dig to set the message opcode. [RT #39550] 2015-05-19 12:46:06 +10:00
Evan Hunt
d9aefcf5cb [master] there are now 98 automatic zones 2015-05-16 10:07:17 -07:00
Tinderbox User
9ae1588020 update copyright notice / whitespace 2015-05-08 23:45:24 +00:00
Mukund Sivaraman
b947e1a521 Fix a bug in RPZ that could cause unwanted recursion (#39229) 
Conflicts:
	doc/arm/notes.xml
 2015-05-07 08:29:36 +05:30
Tinderbox User
012142bbe0 update copyright notice / whitespace 2015-05-06 23:45:24 +00:00
Mark Andrews
fe76a64294 restore is_zone on return from redirect lookup [RT #37989b] 
(cherry picked from commit 1d405c1412b3a2e5aafb37ea55b332914246349e)
 2015-05-07 08:32:42 +10:00
Tinderbox User
4e92a74ec4 update copyright notice / whitespace 2015-05-05 23:45:24 +00:00
Evan Hunt
9e804040a2 [master] add "rndc -r" to print result code 
4115.	[func]		"rndc -r" now prints the result code (e.g.,
			ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
			running the requested command. [RT #38913]
 2015-05-05 16:39:09 -07:00
Evan Hunt
d4ed608e0c [master] Allow some tests to run partially if Net::DNS is unavailable 2015-05-05 08:33:09 -07:00
Mukund Sivaraman
8f25faf972 Fix a regression in radix tree implementation introduced by ECS code (#38983) 2015-05-05 13:11:23 +05:30
Tinderbox User
6376559cd3 update copyright notice / whitespace 2015-05-04 23:45:23 +00:00
Evan Hunt
dc877b38a0 [master] check for Net::DNS 
4113.	[test]		Check for Net::DNS is some system test
			prerequisites. [RT #39369]
 2015-05-04 12:51:38 -07:00
Evan Hunt
1c02dd9dd9 [master] fix root-delegation-only without exclude 
4112.	[bug]		Named failed to load when "root-delegation-only"
			was used without a list of domains to exclude.
			[RT #39380]
 2015-05-04 12:44:10 -07:00
Tinderbox User
b299727c2e update copyright notice / whitespace 2015-04-23 23:45:22 +00:00
Mark Andrews
c82b378115 4108. [func] A additional nxdomain redirect (nxdomain-redirect) 
method is now supported. [RT #37989]
 2015-04-23 16:57:15 +10:00
Tinderbox User
37873c28de update copyright notice / whitespace 2015-04-21 23:45:21 +00:00
Jeremy C. Reed
ae6b7bcd92 add some more files to cleanup after successful system test runs 2015-04-21 08:42:09 -04:00
Jeremy C. Reed
6c1e7a347f add gitignore file 2015-04-21 08:37:12 -04:00
Mark Andrews
f1a261ba2d 4104. [bug] Address uninitialized elements. [RT #39252] 2015-04-17 14:04:47 +10:00
Mark Andrews
e834b30f7c use awk for line count rather that wc -l which may space pad 2015-04-16 12:17:59 +10:00
Mark Andrews
c855e7170a 4100. [bug] Inherited owernames on the line immediately following 
a $INCLUDE were not working.  [RT #39268]
 2015-04-15 12:47:57 +10:00
Tinderbox User
a269ca51cc update copyright notice / whitespace 2015-04-14 23:45:21 +00:00
Mukund Sivaraman
ac31adc3b7 Add additional logging about xfrin transfer status (#39170) 2015-04-14 12:16:26 +05:30
Tinderbox User
1b0b6d7325 update copyright notice / whitespace 2015-04-07 23:45:23 +00:00
Evan Hunt
f28e5058c3 [master] dig can now learn the SIT value when retrying 
4093.	[func]		Dig now learns the SIT value from truncated
			responses when it retries over TCP. [RT #39047]
 2015-04-06 23:16:54 -07:00
Mark Andrews
febb020dce 4092. [bug] 'in-view' didn't work for zones beneath a empty zone. 
[RT #39173]
 2015-04-07 13:21:33 +10:00
Tinderbox User
6e61135f10 update copyright notice / whitespace 2015-03-27 23:45:21 +00:00
Mukund Sivaraman
f9f81abff0 Fix a crash while parsing malformed CAA RRs in presentation format (#39003) 2015-03-27 10:32:03 +05:30
Tinderbox User
811acf52b8 update copyright notice / whitespace 2015-03-04 23:45:21 +00:00
Mark Andrews
1b05d22789 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]
 2015-03-05 09:59:29 +11:00
Mark Andrews
012ce6857e use unique query names 2015-03-04 17:12:37 +11:00
Mark Andrews
2e0d8d74d7 handle daylight savings changes 2015-03-04 15:51:31 +11:00
Evan Hunt
7ae96d8823 [master] add "lock-file" and fix up singleton code 
4080.	[func]		Completed change #4022, adding a "lock-file" option
			to named.conf to override the default lock file,
			in addition to the "named -X <filename>" command
			line option.  Setting the lock file to "none"
			using either method disables the check completely.
			[RT #37908]
 2015-03-02 19:27:54 -08:00
Tinderbox User
3d787a1213 update copyright notice / whitespace 2015-03-02 23:45:21 +00:00
Mukund Sivaraman
10dd5f62f2 Add support for Valgrind's helgrind tool (#38706) 
Also fix one locking issue that helgrind found: Maintain stats->lock
while stats->reference is used.
 2015-03-02 13:42:20 +05:30
Tinderbox User
5e93bad21b update copyright notice / whitespace 2015-03-01 23:45:20 +00:00
Mark Andrews
0be58dd2da add $DESCRIPTION 2015-02-28 00:10:56 +11:00
Mark Andrews
0382684a06 add $DESCRIPTION 2015-02-28 00:09:25 +11:00
Mark Andrews
326b84f20e fix version tests 2015-02-27 17:01:25 +11:00
Mark Andrews
a8da00ef95 4079. [func] Preserve the case of the ownername of records to 
the RRset level. [RT #37442]
 2015-02-27 15:08:38 +11:00
Mark Andrews
be9720ae2c 4077. [test] Add static-stub regression test for DS NXDOMAIN 
return making the static stub disappear. [RT #38564]
 2015-02-27 12:46:45 +11:00
Tinderbox User
f159b7b5c7 update copyright notice / whitespace 2015-02-25 23:45:22 +00:00
Mukund Sivaraman
5a505fc4c2 Add facility to run system test nameds under Valgrind (#38546) 2015-02-25 09:06:45 +05:30
Evan Hunt
bfc11b9c65 [master] additional mkeys tests 
4065.	[test]		Additional RFC 5011 tests. [RT #38569]
 2015-02-23 21:07:26 -08:00
Mark Andrews
2b4860c4dc rt38571: handle Time::Piece not being supported by perl 2015-02-18 23:49:33 +11:00
Mark Andrews
82c6bce26a ignore dig's result when expecting 'connection timed out' 2015-02-12 13:44:30 +11:00
Tinderbox User
f6bc0a8608 update copyright notice / whitespace 2015-02-11 23:45:25 +00:00
Mark Andrews
2ff2145ff5 4061. [bug] Handle timeout in legacy system test. [RT #38573] 2015-02-11 16:53:39 +11:00
Tinderbox User
d481ce8bba update copyright notice / whitespace 2015-02-09 23:45:20 +00:00
Mark Andrews
dd06dbd512 add named.conf 2015-02-08 23:12:44 +11:00
Tinderbox User
8a1d7e8e8f update copyright notice / whitespace 2015-02-07 23:45:20 +00:00
Mark Andrews
e10d453eb4 add crypto prerequisite 2015-02-08 08:16:54 +11:00
Tinderbox User
29756974c5 update copyright notice / whitespace 2015-02-06 23:45:21 +00:00
Evan Hunt
29beab1340 [master] fix "initialize with revoked key" test, add missing newline 2015-02-05 23:53:36 -08:00
Mark Andrews
b1de3a999c use $PERL 2015-02-06 16:58:39 +11:00
Evan Hunt
591389c7d4 [master] 5011 tests and fixes 
4056.	[bug]		Expanded automatic testing of trust anchor
			management and fixed several small bugs including
			a memory leak and a possible loss of key state
			information. [RT #38458]

4055.	[func]		"rndc managed-keys" can be used to check status
			of trust anchors or to force keys to be refreshed,
			Also, the managed keys data file has easier-to-read
			comments.  [RT #38458]
 2015-02-05 17:18:15 -08:00
Tinderbox User
39f68d7b64 update copyright notice / whitespace 2015-01-21 23:45:24 +00:00
Evan Hunt
2817aa56ca [master] "rndc modzone" 
4043.	[func]		"rndc modzone" can be used to modify the
			configuration of an existing zone, using similar
			syntax to "rndc addzone". [RT #37895]
 2015-01-20 22:34:16 -08:00
Evan Hunt
ff62d4458a [master] allow shared TCP sockets when connecting 
4041.	[func]		TCP sockets can now be shared while connecting.
			(This will be used to enable client-side support
			of pipelined queries.) [RT #38231]
 2015-01-20 17:22:31 -08:00
Evan Hunt
761d135ed6 [master] add TCP pipelining support 
4040.	[func]		Added server-side support for pipelined TCP
			queries. TCP connections are no longer closed after
			the first query received from a client. (The new
			"keep-response-order" option allows clients to be
			specified for which the old behavior will still be
			used.) [RT #37821]
 2015-01-20 16:14:09 -08:00
Tinderbox User
c110d61b17 update copyright notice / whitespace 2015-01-20 23:45:26 +00:00
Mark Andrews
f8eb4e5bfd 4037. [bug] also-notify was ignoring the tsig key when checking 
for duplicates resulting in some expected notify
                        messages not being sent. [RT #38369]
 2015-01-20 16:42:56 +11:00
Tinderbox User
2dd6ffb5cb update copyright notice / whitespace 2015-01-12 23:45:21 +00:00
Mukund Sivaraman
a6f0e9c985 Add NTA persistence (#37087) 
4034.   [func]          When added, negative trust anchors (NTA) are now
                        saved to files (viewname.nta), in order to
                        persist across restarts of the named server.
                        [RT #37087]
 2015-01-12 09:07:48 +05:30
Tinderbox User
f0cbe180f0 update copyright notice / whitespace 2015-01-10 23:45:22 +00:00
Mark Andrews
7952156995 4032. [bug] Built-in "empty" zones did not correctly inherit the 
"allow-transfer" ACL from the options or view.
                        [RT #38310]
 2015-01-10 22:01:42 +11:00
Tinderbox User
63b0524b96 update copyright notice / whitespace 2015-01-08 23:45:22 +00:00
Mark Andrews
d1f1f13c7f 4031. [bug] named-checkconf -z failed to report a missing file 
with a hint zone. [RT #38294]
 2015-01-08 19:19:12 +11:00
Tinderbox User
b129f72d95 update copyright notice / whitespace 2015-01-07 23:45:22 +00:00
Evan Hunt
74eb2f5cbc [master] rndc showzone / rndc delzone of non-added zones 
4030.	[func]		"rndc delzone" is now applicable to zones that were
			configured in named.conf, as well as zones that
			were added via "rndc addzone". (Note, however, that
			if named.conf is not also modified, the deleted zone
			will return when named is reloaded.) [RT #37887]

4029.	[func]		"rndc showzone" displays the current configuration
			of a specified zone. [RT #37887]
 2015-01-06 22:57:57 -08:00
Mark Andrews
b0c18fffd3 4028. [bug] $GENERATE with a zero step was not being caught as a 
error.  A $GENERATE with a / but no step was not being
                        caught as a error. [RT #38262]
 2015-01-06 11:31:34 +11:00
Mark Andrews
511ec77fca 4027. [port] Net::DNS 0.81 compatibility. [RT #38165 2014-12-23 08:37:46 +11:00
Tinderbox User
84d939b211 update copyright notice / whitespace 2014-12-21 23:45:20 +00:00
Evan Hunt
5deda448e8 [master] fixes for singleton on hpux 
- hpux returns EADDRINUSE when listening on UDP sockets, so
  we need to check for that
- also need to ensure that subsidiary named processes are shut
  down in the runtime system test
 2014-12-20 00:31:54 -08:00
Evan Hunt
6963c6048f [master] still needed another -X 2014-12-19 16:57:24 -08:00
Evan Hunt
8249f11121 [master] add -X to lwresd 2014-12-18 22:52:44 -08:00
Mark Andrews
ae454ec746 update copyrights 2014-12-19 10:35:15 +11:00
Mukund Sivaraman
47d837a499 Make named a singleton process [RT#37908] 
Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/win32/libdns.def.in
	lib/isc/win32/file.c

The merge also needed to update files in legacy and tcp system tests
(newly introduced in master after branch was created) to introduce use
of lockfile.
 2014-12-18 12:31:25 +05:30
Evan Hunt
be7fba8019 [master] adjust max-recursion-queries 
4021.	[bug]		Adjust max-recursion-queries to accommodate
			the need for more queries when the cache is
			empty. [RT #38104]
 2014-12-15 22:28:06 -08:00
Mukund Sivaraman
d225dec89f Clean up after reclimit system test 2014-12-08 21:37:53 +05:30
Mark Andrews
39a5e136fb skip subtest if cryptography not compiled in 2014-12-06 00:48:52 +11:00
Mark Andrews
017aa9aef6 4019. [func] If named is not configured to validate the answer 
then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]
 2014-12-05 17:47:26 +11:00
Mark Andrews
12065c231e clean up intermediates 2014-12-05 08:28:15 +11:00
Mark Andrews
76b242bb77 pre-sign the zones 2014-12-05 07:28:29 +11:00
Tinderbox User
b9097be03b update copyright notice / whitespace 2014-12-03 23:45:24 +00:00
Mark Andrews
693d70f96f 4017. [testing] Add system test to check lookups to legacy servers 
with broken DNS behaviour. [RT #37965]
 2014-12-04 07:01:52 +11:00
Mark Andrews
ea3aa401bc 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]
 2014-12-03 11:34:07 +11:00
Tinderbox User
a3d2295829 update copyright notice / whitespace 2014-12-02 23:45:23 +00:00
Mark Andrews
6444de08d1 4014. [bug] When including a master file origin_changed was 
not being properly set leading to a potentially
                        spurious 'inherited owner' warning. [RT #37919]
 2014-12-03 09:42:30 +11:00
Evan Hunt
aafd2f2637 [master] remove obsolete 'relay' test 2014-12-02 13:57:35 -08:00
Francis Dupont
5c5c6d289d Add a TCP only option to server/peer 2014-12-02 14:17:59 +01:00
Tinderbox User
523ad879ce update copyright notice / whitespace 2014-11-24 23:53:16 +00:00
Mark Andrews
d040fa2f1c 4011. [bug] master's list port and dscp inheritance was not 
properly implemented. [RT #37792]
 2014-11-24 11:25:06 +11:00
Mark Andrews
7301df07cf extend the permissible number of queries to 25 from 24 2014-11-24 10:20:39 +11:00
Evan Hunt
92384667ff [master] delv +tcp 
4009.	[func]		delv: added a +tcp option. [RT #37855]
 2014-11-21 09:42:04 -08:00
Mark Andrews
d65fb496fb use perl not awk to do serial additions 2014-11-21 18:08:04 +11:00
Tinderbox User
5d35f07318 update copyright notice / whitespace 2014-11-20 23:45:24 +00:00
Evan Hunt
05e448935c [master] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.
 2014-11-19 18:21:02 -08:00
Tinderbox User
4ccffa13aa update copyright notice / whitespace 2014-11-19 23:45:22 +00:00
Mukund Sivaraman
077350a407 Add .gitignore 2014-11-19 15:03:01 +05:30
Evan Hunt
c4f54e5bd1 [master] add max-recursion-queries 
also fixes and documentation for max-recursion-depth
 2014-11-18 22:02:02 -08:00
Mark Andrews
f9ee67d9ce %zu is not universally available 2014-11-19 12:10:06 +11:00
Tinderbox User
e208712faa update copyright notice / whitespace 2014-11-18 23:45:22 +00:00
Evan Hunt
3230429e17 [master] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:24:44 -08:00
Tinderbox User
11dc1b1508 update copyright notice 2014-11-17 23:45:20 +00:00
Evan Hunt
0ada3802ea [master] awk portability fix 2014-11-17 12:22:18 -08:00
Evan Hunt
a0b4f6d952 [master] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:43:22 -08:00
Evan Hunt
e32d354f75 [master] allow arbitrary-size rndc output 
4005.	[func]		The buffer used for returning text from rndc
			commands is now dynamically resizable, allowing
			arbitrarily large amounts of text to be sent back
			to the client. (Prior to this change, it was
			possible for the output of "rndc tsig-list" to be
			truncated.) [RT #37731]
 2014-11-14 15:58:54 -08:00
Mukund Sivaraman
16c86a4980 Update .gitgnore files (ISC-Bugs #37773) 2014-11-11 11:47:02 +05:30
Tinderbox User
6d0a639bd0 update copyright notice 2014-11-06 23:45:21 +00:00
Evan Hunt
3cc8c7d630 [master] fix nxrrset in nxdomain redirection 
4000.	[bug]		NXDOMAIN redirection incorrectly handled NXRRSET
			from the redirect zone. [RT #37722]
 2014-11-04 23:49:56 -08:00
Evan Hunt
ce96d4326c [master] new mkeys and nzf naming format 
3999.	[func]		"mkeys" and "nzf" files are now named after
			their corresponding views, unless the view name
			contains characters that would be incompatible
			with use in a filename (i.e., slash, backslash,
			or capital letters). If a view name does contain
			these characters, the files will still be named
			using a cryptographic hash of the view name.
			Regardless of this, if a file using the old name
			format is found to exist, it will continue to be
			used. [RT #37704]
 2014-11-04 19:43:27 -08:00
Mark Andrews
1feee79e1f 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:39 +11:00
Tinderbox User
12b386e1a6 update copyright notice 2014-10-30 23:45:21 +00:00
Mark Andrews
0f5144163c 3993. [func] Dig now supports EDNS negotiation by default. 
(dig +[no]ednsnegotiation). [RT #37604]
 2014-10-30 23:13:12 +11:00
Mark Andrews
00fb0253c9 3991. [func] Add the ability to buffer logging output by specifying 
"buffered yes;" when defining a channel. [RT #26561]
 2014-10-30 11:37:05 +11:00
Mark Andrews
a5c7cfbac4 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]
 2014-10-30 11:05:26 +11:00
Tinderbox User
6932de75ef update copyright notice 2014-10-21 23:45:24 +00:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Evan Hunt
498b061031 [master] allow 1-week nta-lifetime/nta-recheck 
3983.	[bug]		Change #3940 was incomplete: negative trust anchors
			could be set to last up to a week, but the
			"nta-lifetime" and "nta-recheck" options were
			still limted to one day. [RT #37522]
 2014-10-20 13:40:17 -07:00
Evan Hunt
7cf2122e0d [master] change 3977 altered expected linecount from secroots 2014-10-18 16:50:32 -07:00
Mark Andrews
72775a79fe 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]
 2014-10-18 13:09:09 +11:00
Mark Andrews
44ef2206d7 allow for the set of ttls to be empty 2014-10-16 14:46:44 +11:00
Mark Andrews
d9aaf7acce make test more robust in the face of server failures 2014-10-16 12:34:12 +11:00
Evan Hunt
1cbc394e7c [master] add redirect zone to checkconf -z test 2014-10-09 18:30:34 -07:00
Evan Hunt
ca0ee90361 [master] turn off servfail cache in masterformat test 2014-10-09 09:30:46 -07:00
Mark Andrews
c81d56c03e 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]
 2014-10-05 08:29:34 +11:00
Mark Andrews
39fb5f2a5d verifying inline zones work with views requires crypto to be configured 2014-10-04 18:06:04 +10:00
Evan Hunt
12002ea49e [master] add delv system test 
3969.	[test]		Added 'delv' system test. [RT #36901]
 2014-10-02 22:37:20 -07:00
Tinderbox User
7a3f584cfc update copyright notice 2014-10-02 23:45:25 +00:00
Mark Andrews
b24061719c 3967. [test] Add test for inlined signed zone in multiple views 
with different DNSKEY sets. [RT #35759]
 2014-10-03 07:59:44 +10:00
Mark Andrews
a837c939c4 SIG(0) update forwarding testing requires crypto be configured 2014-10-02 11:07:01 +10:00
Mark Andrews
ed1c845c1d 3964. [func] nsupdate now performs check-names processing. 
[RT #36266]
 2014-10-02 09:35:43 +10:00
Evan Hunt
7b04216015 [master] improve dlzexternal test 
3963.	[test]		Added NXRRSET test cases to the "dlzexternal"
			system test. [RT #37344]
 2014-09-30 17:08:12 -07:00
Tinderbox User
be484acb22 update copyright notice 2014-09-30 23:45:22 +00:00
Mark Andrews
ffeaac1d82 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]
 2014-10-01 07:24:16 +10:00
Mark Andrews
c83b91fb63 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] 2014-10-01 07:06:20 +10:00
Tinderbox User
2fb35a6d59 update copyright notice 2014-09-29 23:45:24 +00:00
Mark Andrews
4bc581ca31 use RANDFILE rather than /dev/urandom 2014-09-29 23:39:07 +10:00
Mark Andrews
1c5990c2f9 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]
 2014-09-29 12:10:10 +10:00
Mark Andrews
80169c379d 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]
 2014-09-29 10:18:54 +10:00
Mark Andrews
10c12aa549 3956. [func] Notify messages are now rate limited by notify-rate and 
startup-notify-rate instead of serial-query-rate.
                        [RT #24454]

3955.   [bug]           Notify messages due to changes are no longer queued
                        behind startup notify messages. [RT #24454]
 2014-09-29 10:01:08 +10:00
Mark Andrews
9a36fb86f5 3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159] 2014-09-27 12:14:20 +10:00
Mark Andrews
27cd03a21c use more portable awk 2014-09-19 15:00:18 +10:00
Mark Andrews
06e28e50bd give the nameserver a little longer to response 2014-09-18 10:06:48 +10:00
Mark Andrews
1a5f84d56a UNTESTED -> SKIPPED 2014-09-16 23:49:52 +10:00
Mark Andrews
3867312e4c 3951. [func] Add the ability to set yet-to-be-defined EDNS flags 
to dig (+ednsflags=#). [RT #37142]
 2014-09-13 19:13:59 +10:00
Tinderbox User
2c69f767d6 update copyright notice 2014-09-10 23:45:21 +00:00
Mark Andrews
947cf282a7 3949. [experimental] Experimental support for draft-andrews-edns1 by sending 
EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
                        building).  Add support for limiting the EDNS version
                        advertised to servers: server { edns-version 0; };
                        Log the EDNS version received in the query log.
                        [RT #35864]
 2014-09-10 15:31:40 +10:00
Mark Andrews
5c420ccc29 drop 'I:send many simultaneous updates via a update forwarder' test until re-written using perl 2014-09-07 22:08:45 +10:00
Mark Andrews
76a17033db also fix the expected count 2014-09-07 20:24:59 +10:00
Mark Andrews
48179343c2 reduce number of nsupdates being simultaeously forked 2014-09-07 20:24:14 +10:00
Mark Andrews
8aa098c633 update copyrights 2014-09-06 09:38:48 +10:00
Evan Hunt
c9e976dc43 [master] [rt37057] server-id tests 
3944.	[test]		Added a regression test for "server-id". [RT #37057]
 2014-09-04 18:18:36 -07:00
Tinderbox User
948c80ffa8 update copyright notice 2014-09-04 23:45:24 +00:00
Evan Hunt
a878301981 [master] servfail cache 
3943.	[func]		SERVFAIL responses can now be cached for a
			limited time (configured by "servfail-ttl",
			default 10 seconds, limit 30). This can reduce
			the frequency of retries when an authoritative
			server is known to be failing, e.g., due to
			ongoing DNSSEC validation problems. [RT #21347]
 2014-09-03 23:28:14 -07:00
Mark Andrews
fec7998314 3942. [bug] Wildcard responses from a optout range should be 
marked as insecure. [RT #37072]
 2014-09-04 13:57:50 +10:00
Evan Hunt
c3d0221104 [master] oops, nta lifetime change broke dnssec test 2014-09-03 20:51:32 -07:00
Evan Hunt
3d066288ad [master] [rt37069] update NTA limit to a week 
3940.	[func]		"rndc nta" now allows negative trust anchors to be
			set for up to one week. [RT #37069]
 2014-09-03 19:00:03 -07:00
Mark Andrews
74717eef53 3939. [func] Improve UPDATE forwarding performance by allowing TCP 
connections to be shared. [RT #37039]
 2014-09-04 10:37:45 +10:00
Mark Andrews
1a63fb1d14 update copyrights 2014-08-30 12:27:49 +10:00
Tinderbox User
3278ff814d update copyright notice 2014-08-29 23:45:22 +00:00
Evan Hunt
d46855caed [master] ECS authoritative support 
3936.	[func]		Added authoritative support for the EDNS Client
			Subnet (ECS) option.

			ACLs can now include "ecs" elements which specify
			an address or network prefix; if an ECS option is
			included in a DNS query, then the address encoded
			in the option will be matched against "ecs" ACL
			elements.

			Also, if an ECS address is included in a query,
			then it will be used instead of the client source
			address when matching "geoip" ACL elements.  This
			behavior can be overridden with "geoip-use-ecs no;".

			When "ecs" or "geoip" ACL elements are used to
			select a view for a query, the response will include
			an ECS option to indicate which client network the
			answer is valid for.

			(Thanks to Vincent Bernat.) [RT #36781]
 2014-08-28 22:05:57 -07:00
Evan Hunt
180319f572 [master] fix geoip asnum matching 
3935.	[bug]		"geoip asnum" ACL elements would not match unless
			the full organization name was specified.  They
			can now match against the AS number alone (e.g.,
			AS1234). [RT #36945]
 2014-08-28 21:40:32 -07:00
Mark Andrews
7c73ac5e13 3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve 
sit-secrets documentation. [RT #36980]
 2014-08-29 14:35:21 +10:00
Evan Hunt
0c2313eb36 [master] fixes to checkconf test, HIP casecompare 
3933.	[bug]		Corrected the implementation of dns_rdata_casecompare()
			for the HIP rdata type.  [RT #36911]

3932.	[test]		Improved named-checkconf tests. [RT #36911]
 2014-08-27 21:36:13 -07:00
Evan Hunt
74745c760c [master] "rndc nta -r" could hang 
3930.	[bug]		"rndc nta -r" could cause a server hang if the
			NTA was not found. [RT #36909]
 2014-08-25 18:01:26 -07:00
Tinderbox User
fea81a5e0e update copyright notice 2014-08-22 23:45:27 +00:00
Evan Hunt
087b3e8d90 [master] add to rndc test 
3928.	[test]		Improve rndc system test. [RT #36898]
 2014-08-22 16:41:57 -07:00
Mark Andrews
840d6a4614 3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917 2014-08-22 16:32:19 +10:00
Mark Andrews
cef76ee5bd 3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833] 2014-08-22 15:45:40 +10:00
Tinderbox User
5165c59007 update copyright notice 2014-08-21 23:45:22 +00:00
Mark Andrews
f5695ad0e1 3917. [bug] dig, nslookup and host now continue on names that are 
too long after applying a search list elements.
                        [RT #36892]
 2014-08-21 18:05:55 +10:00
Tinderbox User
aebd0e85bf update copyright notice 2014-08-15 23:45:20 +00:00
Jeremy C. Reed
821350367e fix typos or misspellings 2014-08-15 10:35:31 -05:00
Tinderbox User
cd14665cdf update copyright notice 2014-08-07 23:45:19 +00:00
Evan Hunt
cfe32752a6 [master] [36737] allow zero-length URI and CAA fields 
3914.	[bug]		Allow the URI target and CAA value fields to
			be zero length. [RT #36737]
 2014-08-06 17:40:42 -07:00
Tinderbox User
1e7501fe07 update copyright notice 2014-08-06 23:45:23 +00:00
Mark Andrews
43b9737b11 3911. [func] Implement EDNS EXPIRE option client side. [RT #35925] 2014-08-06 11:50:40 +10:00
Tinderbox User
79bb509936 update copyright notice 2014-08-02 23:45:21 +00:00
Mark Andrews
c38341ec43 3908. [bug] rndc now differentiates between a zone in multiple 
views and a zone that doesn't exist at all. [RT #36691]
 2014-08-02 14:43:26 +10:00
Mark Andrews
f2a91da02e adjust range 2014-07-31 20:32:50 +10:00
Tinderbox User
d1b499c827 update copyright notice 2014-07-29 23:45:20 +00:00
Evan Hunt
2383eb5272 [master] add CAA rdata support 
3056.	[protocol]	Added support for CAA record type (RFC 6844).
			[RT #36625]
 2014-07-29 08:40:35 -07:00
Mark Andrews
275a8affe7 3899. [bug] "request-ixfr" is only applicable to slave and redirect 
zones. [RT #36608]
 2014-07-25 14:23:14 +10:00
Mark Andrews
ac5ed74860 3897. [bug] RPZ summary information was not properly being updated 
after a AXFR resulting in changes sometimes being
                        ignored.  [RT #35885]
 2014-07-22 10:57:58 +10:00
Mark Andrews
39cad8fb7d update copyrights 2014-07-08 12:40:40 +10:00
Mark Andrews
fce704e751 rename dnssec/ns7/split-rrsig.in 2014-07-08 11:12:32 +10:00
Mark Andrews
3c13af3759 3892. [bug] Setting '-t aaaa' in .digrc had unintended side 
effects. [RT #36452]
 2014-07-08 02:00:28 +10:00
Mark Andrews
63e1ac1e09 3890. [bug] RRSIG sets that were not loaded in a single transaction 
at start up where not being correctly added to
                        re-signing heaps.  [RT #36302]
 2014-07-07 12:05:01 +10:00
Mark Andrews
6f6b7781d5 save the output of rndc nta so that it can be analysed if there is a failure; more cleanups 2014-06-30 11:41:09 +10:00
Mark Andrews
62275d5306 make test for nsec3param more robust 2014-06-27 15:50:51 +10:00
Mark Andrews
b05ef7092f update nta failure messages 2014-06-27 11:53:39 +10:00
Mark Andrews
284f6435c2 adjust NTA test timing windows to support slower machines; self tune sleeps bases of actual elapsed time; 2014-06-26 13:37:50 +10:00
Tinderbox User
9f8df2d75c update copyright notice 2014-06-25 23:45:21 +00:00
Mark Andrews
7205cd2db7 cleanup nsupdate.out 2014-06-25 16:16:34 +10:00
Mark Andrews
eca15167ac dump unexpected update failures 2014-06-25 16:12:25 +10:00
Mark Andrews
33399d6a14 3888. [func] 'rndc status' now reports the number of automatic 
zones. [RT #36015]
 2014-06-25 13:17:03 +10:00
Mark Andrews
70ee770c69 Net::DNS 0.78 should work when it is released as it contains: 
Fix rt.cpan.org #96439

		Uninitialised decoding object when printing packet
 2014-06-25 01:01:50 +10:00
Mark Andrews
1c95f67232 use $PERL 2014-06-24 13:50:14 +10:00
Tinderbox User
5a31767b09 update copyright notice 2014-06-19 23:45:23 +00:00
Evan Hunt
cac2181160 [master] CDS/CDNSKEY rrtypes 
3884.	[protocol]	Add CDS and CDNSKEY record types. [RT #36333]
 2014-06-19 00:35:11 -07:00
Evan Hunt
b8a9632333 [master] complete NTA work 
3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]
 2014-06-18 16:50:38 -07:00
Tinderbox User
636aadbfe4 update copyright notice 2014-06-17 23:45:20 +00:00
Evan Hunt
a4e76a630e [master] update gitignore files; use rev-parse to get srcid 2014-06-17 13:49:30 -07:00
Mark Andrews
a0d411c05f 3880. [test] Update ans.pl to work with new TSIG support in 
Net::DNS; add additional Net::DNS version prerequisite
                        checks. [RT #36327]
 2014-06-17 10:35:46 +10:00
Evan Hunt
56510cd031 [master] null terminate strings for coverity 2014-06-16 15:30:11 -07:00
Mark Andrews
48789995c1 use $NSUPDATE 2014-06-15 18:35:19 +10:00
Mark Andrews
f9e47cfe4f Net::DNS 0.76 broke the handling of some packets 2014-06-14 10:11:06 +10:00
Mark Andrews
1881aea774 fix test to see if $PERL is set 
(cherry picked from commit 44f0f310d41acc5c772d38353fe35ddacb3fee80)
 2014-06-13 11:47:23 +10:00
Mark Andrews
d4a98c0fb7 die if $Net::DNS::VERSION >= 0.73 2014-06-13 11:25:32 +10:00
Evan Hunt
fb710168ef [master] use correct shared library suffix 2014-06-12 17:06:23 -07:00
Tinderbox User
4ded8003e3 update copyright notice 2014-06-12 23:45:22 +00:00
Evan Hunt
06e0d6bb12 [master] address rpz bugs 
3877.	[bug]		Inserting and deleting parent and child nodes
			in response policy zones could trigger an assertion
			failure. [RT #36272]
 2014-06-11 20:00:19 -07:00
Mark Andrews
9c2cf9e201 update copyrights 2014-06-11 10:28:09 +10:00
Evan Hunt
8d8f9f7f86 [master] suppress unnecessary db lookups in DLZ redirect zones 
3876.	[bug]		Improve efficiency of DLZ redirect zones by
			suppressing unnecessary database lookups. [RT #35835]
 2014-06-10 16:25:26 -07:00
Mark Andrews
20dec973da 4. [test] Check that only "check-names master" is needed for 
updates to be accepted.
 2014-06-10 13:48:57 +10:00
Mark Andrews
32a1fd3dd2 update spf check 2014-06-10 12:28:33 +10:00
Mark Andrews
3b187cad7a 3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210] 2014-06-10 09:32:43 +10:00
Mukund Sivaraman
79d27f505a [35063] Don't publish an activated key automatically before its publish time 2014-06-04 14:31:42 +05:30
Mark Andrews
ab6fd5e892 initialise matches 2014-06-02 13:53:59 +10:00
Mark Andrews
5360986092 set max 2014-06-02 13:42:58 +10:00
Mark Andrews
3a26e75e3c accept a range of stats values 2014-06-02 08:15:47 +10:00
Evan Hunt
0cfb247368 [master] rndc nta 
3867.	[func]		"rndc nta" can now be used to set a temporary
			negative trust anchor, which disables DNSSEC
			validation below a specified name for a specified
			period of time (not exceeding 24 hours).  This
			can be used when validation for a domain is known
			to be failing due to a configuration error on
			the part of the domain owner rather than a
			spoofing attack. [RT #29358]
 2014-05-29 22:22:53 -07:00
Mark Andrews
536da846f6 update copyrights 2014-05-30 09:41:33 +10:00
Mark Andrews
44b0e0b1d5 More changes for: 
3864.   [bug]           RPZ didn't work well when being used as forwarder.
                        [RT #36060]
 2014-05-30 08:41:27 +10:00
Mark Andrews
3d75189141 3864. [bug] RPZ didn't work well when being used as forwarder. 
[RT #36060]
 2014-05-29 17:02:10 +10:00
Mark Andrews
4694229f60 make a explict edns query so this subtest is independent of other tests 2014-05-29 10:46:44 +10:00
Mark Andrews
800d25b848 3863. [bug] The "E" flag was missing from the query log as a 
unintended side effect of code rearrangement to
                        support EDNS EXPIRE. [RT #36117]
 2014-05-29 08:04:55 +10:00
Tinderbox User
284d5252c1 update copyright notice 2014-05-15 23:45:22 +00:00
Mark Andrews
01f881c1c5 3849. [bug] Disabling forwarding could trigger a REQUIRE assertion. 
[RT #35979]
 2014-05-15 16:54:32 +10:00
Mark Andrews
69530009f1 use portable awk 2014-05-15 00:34:17 +10:00
Mark Andrews
05816676bb 3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP 
ixfr query. [RT #35980]
 2014-05-14 09:59:02 +10:00
Mark Andrews
733898cffe use sub second sleeps for prefetch disabled test 2014-05-09 15:00:36 +10:00
Mark Andrews
151759e7b7 address suspected race in system test for 'named -L' 2014-05-08 11:10:04 +10:00
Tinderbox User
c381ccf794 update copyright notice 2014-05-07 23:45:21 +00:00
Evan Hunt
60988462e5 [master] use posix-compatible shell in system tests 
3839.	[test]		Use only posix-compatible shell in system tests.
			[RT #35625]
 2014-05-06 22:06:04 -07:00
Mark Andrews
b36fc8294e 3837. [security] A NULL pointer is passed to query_prefetch resulting 
a REQUIRE assertion failure when a fetch is actually
                        initiated.  [ RT #35899]

Squashed commit of the following:

commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00
Author: Mukund Sivaraman <muks@isc.org>
Date:   Sun May 4 22:34:34 2014 +0530

    Fix a comment

commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03
Author: Mark Andrews <marka@isc.org>
Date:   Sun May 4 23:34:25 2014 +1000

    pass the correct name to query_prefetch
 2014-05-05 10:12:12 +10:00
Evan Hunt
c0c4512020 [master] fixed geoip elements in named ACLs 
3835.	[bug]		Geoip ACL elements didn't work correctly when
                        referenced via named or nested ACLs. [RT #35879]
 2014-04-30 20:21:56 -07:00
Mark Andrews
f09f1bf18e fix filter-aaaa system test to work when crypto is disabled 2014-05-01 12:28:50 +10:00
Mark Andrews
5b56f2e3cc zero pad date and month fields 2014-05-01 11:41:32 +10:00
Mark Andrews
c2abd6efeb update copyrights 2014-05-01 10:00:00 +10:00
Mark Andrews
96f07724d6 use SKIPPED exit code (255) 2014-05-01 00:33:11 +10:00
Mark Andrews
0172c9fc2c use +nottlid 2014-04-30 15:53:37 +10:00
Evan Hunt
44613d4d86 [master] named -L option for default logfile 
3832.	[func]		"named -L <filename>" causes named to send log
			messages to the specified file by default instead
			of to the system log. (Thanks to Tony Finch.)
			[RT #35845]
 2014-04-29 17:17:03 -07:00
Tinderbox User
f6ea2b1d09 update copyright notice 2014-04-29 23:45:21 +00:00
Evan Hunt
b4ba66ba1e [master] "dnssec-signzone -N date" 
3827.	[func]		"dnssec-signzone -N date" updates serial number
			to the current date in YYYYMMDDNN format.
			[RT #35800]
 2014-04-29 16:29:20 -07:00
Mark Andrews
e54767a3c9 change exit code 2014-04-29 22:57:15 +10:00
Mark Andrews
1a158ef6ee fix testsock6.pl 
(cherry picked from commit 660195a82c)
 2014-04-29 19:15:55 +10:00
Evan Hunt
54267016bc [master] add geoip and filter-aaaa to SUBDIRS 2014-04-28 22:41:13 -07:00
Tinderbox User
06081a0d61 update copyright notice 2014-04-25 23:45:21 +00:00
Evan Hunt
aefb3e308b [master] better DDNS in DLZ; mysqldyn 
3821.	[contrib]	Added a new "mysqldyn" DLZ module with dynamic
			update and transaction support. Thanks to Marty
			Lee for the contribution. [RT #35656]

3820.	[func]		The DLZ API doesn't pass the database version to
			the lookup() function; this can cause DLZ modules
			that allow dynamic updates to mishandle prerequisite
			checks. This has been corrected by adding a
			'dbversion' field to the dns_clientinfo_t
			structure. [RT #35656]
 2014-04-25 13:06:30 -07:00
Mark Andrews
36e5ac0033 3819. [bug] NSEC3 hashes need to be able to be entered and 
displayed without padding.  This is not a issue for
                        currently defined algorithms but may be for future
                        hash algorithms. [RT #27925]
 2014-04-24 18:58:03 +10:00
Evan Hunt
2ae159b376 [master] globally rename "delve" to "delv" 
3817.	[func]		The "delve" command is now spelled "delv" to avoid
			a namespace collision with the Xapian project.
			[RT #35801]
 2014-04-23 11:14:12 -07:00
Tinderbox User
953189d30e update copyright notice 2014-04-22 23:45:19 +00:00
Evan Hunt
ec3b216506 [master] masterfile-style 
3814.	[func]		The "masterfile-style" zone option controls the
			formatting of dumped zone files. Options are
			"relative" (multiline format) and "full" (one
			record per line). The default is "relative".
			[RT #20798]
 2014-04-17 17:10:29 -07:00
Evan Hunt
7318bbc262 [master] serial-update-method date; 
3811.	[func]		"serial-update-method date;" sets serial number
			on dynamic update to today's date in YYYYMMDDNN
			format. (Thanks to Bradley Forschinger.) [RT #24903]
 2014-04-17 16:05:50 -07:00
Evan Hunt
92fe6db3e4 [master] use test -r in system tests 
3806.	[test]		Improved system test portability. [RT #35625]
 2014-04-09 20:29:52 -07:00
Evan Hunt
baad8d9fd8 [master] allow null "file" for DLZ or alternate db zones 
3803.	[bug]		"named-checkconf -z" incorrectly rejected zones
			using alternate data sources for not having a "file"
			option. [RT #35685]
 2014-04-07 13:29:56 -07:00
Mark Andrews
5b60bde47b use perl 2014-04-07 21:53:47 +10:00
Mark Andrews
a4941d6b5e update check the correct resigning time is reported in zonestatus test to be more portable 2014-04-07 11:50:50 +10:00
Mark Andrews
0dfd942409 3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing 
time. [RT #35659]
 2014-04-04 11:33:49 +11:00
Tinderbox User
180d8b0eec update copyright notice 2014-03-30 23:46:03 +00:00
Mukund Sivaraman
ef9334d745 3795. [bug] Make named-checkconf detect raw masterfiles for 
hint zones and reject them. [RT #35268]

Squashed commit of the following:

commit 5b0254711d6b77940d6217b9131b9d401df8a866
Author: Mukund Sivaraman <muks@isc.org>
Date:   Fri Mar 28 02:09:01 2014 +0530

    Remove redundant helper function

commit a4341c1a2ba830c8cee1def57a533f987f67c3dc
Author: Mark Andrews <marka@isc.org>
Date:   Thu Jan 30 10:08:17 2014 +1100

    error out if masterfile-format raw is specified for a hint zone.
 2014-03-31 04:55:37 +05:30
Evan Hunt
22e29471c7 [master] check allow-update in view/options 
3787.	[bug]		The code that checks whether "auto-dnssec" is
			allowed was ignoring "allow-update" ACLs set at
			the options or view level. [RT #29536]
 2014-03-12 21:36:01 -07:00
Mark Andrews
6f49db82ab calling $TSIGKEYGEN doesn't work with libtool. 2014-03-13 15:11:46 +11:00
Tinderbox User
0add14467b update copyright notice 2014-03-12 23:46:05 +00:00
Evan Hunt
89740699cd [master] fixed 'fixed' 
3784.	[bug]		Using "rrset-order fixed" when it had not been
			enabled at compile time caused inconsistent
			results. It now works as documented, defaulting
			to cyclic mode. [RT #28104]
 2014-03-12 08:45:44 -07:00
Evan Hunt
46bc64f4b1 [master] tsig-keygen 
3783.	[func]		"tsig-keygen" is now available as an alternate
			command name for "ddns-confgen".  It generates
			a TSIG key in named.conf format without comments.
			[RT #35503]
 2014-03-12 08:29:15 -07:00
Mark Andrews
bab2bf7dfd expr length arg is not portable 2014-03-12 13:59:41 +11:00
Evan Hunt
62258ada48 [master] auto-generate salt 
3781.	[func]		Specifying "auto" as the salt when using
			"rndc signing -nsec3param" causes named to
			generate a 64-bit salt at random. [RT #35322]
 2014-03-11 08:46:58 -07:00
Evan Hunt
7b46a4aa41 [master] fix negative numbers in $GENERATE 
3780.	[bug]		$GENERATE handled negative numbers incorrectly.
			[RT #25528]
 2014-03-10 11:55:32 -07:00
Tinderbox User
e9c7fe450e update copyright notice 2014-03-06 23:46:08 +00:00
Evan Hunt
741dfd3ccd [master] tests directory cleanup 2014-03-06 11:11:27 -08:00
Tinderbox User
8ab8cd1fa6 update copyright notice 2014-03-01 23:46:15 +00:00
Evan Hunt
ec88c1fdff [master] capture stderr in systests.output 
- also tidied up runall.sh summary output
 2014-02-28 21:59:28 -08:00
Evan Hunt
98922b2b2b [master] merge several interdependent fixes 
3760.   [bug]           Improve SIT with native PKCS#11 and on Windows.
			[RT #35433]

3759.   [port]          Enable delve on Windows. [RT #35441]

3758.   [port]          Enable export library APIs on windows. [RT #35382]
 2014-02-26 19:00:05 -08:00
Evan Hunt
061f61dd3b [master] add files omitted from coverage test 2014-02-26 08:54:21 -08:00
Evan Hunt
3a01ded15d [master] enable windows python tools 
3757.	[port]		Enable Python tools (dnssec-coverage,
			dnssec-checkds) to run on Windows. [RT #34355]
 2014-02-26 08:43:50 -08:00
Mark Andrews
cc00679829 wait for zone to transfer 2014-02-23 14:06:15 +11:00
Evan Hunt
999926955b [master] fix test error 2014-02-21 08:05:40 -08:00
Tinderbox User
20a96edbf9 update copyright notice 2014-02-20 23:46:35 +00:00
Mark Andrews
caac342072 add @ISC_OPENSSL_LIBS@ 2014-02-21 00:35:22 +11:00
Mark Andrews
16134801ce 3750. [experimental] Partially implement EDNS EXPIRE option as described 
in draft-andrews-dnsext-expire-00.  Retrivial of
                        remaining time to expiry from slave zones is supported.

                        EXPIRE uses an experimental option code (65002) and
                        is subject to change. [RT #35416]
 2014-02-20 14:56:20 +11:00
Mark Andrews
86a85a3bbd don't error on rpz percentage checks as they fail inconsistently on virtual machines 2014-02-20 12:22:14 +11:00
Mark Andrews
e676a59686 update copyrights 2014-02-20 10:53:11 +11:00
Mark Andrews
7e2e41df67 3748. [func] Use delve to test dns_client interfaces. [RT #35383] 2014-02-19 19:33:21 +11:00
Evan Hunt
35f6a21f5f [master] max-zone-ttl 
3746.	[func]		New "max-zone-ttl" option enforces maximum
			TTLs for zones. If loading a zone containing a
			higher TTL, the load fails. DDNS updates with
			higher TTLs are accepted but the TTL is truncated.
			(Note: Currently supported for master zones only;
			inline-signing slaves will be added.) [RT #38405]
 2014-02-18 23:26:50 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Tinderbox User
3fd910dec5 update copyright notice 2014-02-17 23:46:29 +00:00
Evan Hunt
5efcb3a3e2 [master] fix test errors 
- require 5.006_001
- cut off the least significant figures of rrsig dates before
  comparison to avoid integer overflow
 2014-02-17 08:40:02 -08:00
Evan Hunt
7ba88e2a95 [master] fix dnssec test errors 2014-02-16 14:14:56 -08:00
Evan Hunt
72fd845d5a [master] remove accidentally committed changes 2014-02-16 13:59:19 -08:00
Evan Hunt
792915beb0 [master] fix accidental dig breakage 2014-02-16 13:42:42 -08:00
Evan Hunt
dbb012765c [master] merge libiscpk11 to libisc 
3735.	[cleanup]	Merged the libiscpk11 library into libisc
			to simplify dependencies. [RT #35205]
 2014-02-11 21:20:28 -08:00
Tinderbox User
6874b16e4a update copyright notice 2014-02-10 23:46:26 +00:00
Mark Andrews
d7729155df 3734. [bug] Improve building with libtool. [RT #35314] 2014-02-10 15:01:06 +11:00
Tinderbox User
81f58902eb update copyright notice 2014-02-07 23:46:39 +00:00
Mark Andrews
2870ee1fe5 use exit 255 2014-02-08 09:43:16 +11:00
Mark Andrews
0584ab7e9c #include <isc/util.h> 2014-02-07 16:46:11 +11:00
Evan Hunt
7983f6f77a [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2014-02-06 19:41:48 -08:00
Evan Hunt
166341d554 [master] add no-case-compress 
3731.	[func]		Added a "no-case-compress" ACL, which causes
			named to use case-insensitive compression
			(disabling change #3645) for specified
			clients. (This is useful when dealing
			with broken client implementations that
			use case-sensitive name comparisons,
			rejecting responses that fail to match the
			capitalization of the query that was sent.)
			[RT #35300]
 2014-02-06 19:37:26 -08:00
Mark Andrews
a928b54fa9 silence unused parameter 2014-02-07 11:47:32 +11:00
Evan Hunt
a165a17a81 [master] dnssec-keygen fixes 
3730.	[cleanup]	Added "never" as a synonym for "none" when
			configuring key event dates in the dnssec tools.
			[RT #35277]

3729.	[bug]		dnssec-kegeyn could set the publication date
			incorrectly when only the activation date was
			specified on the command line. [RT #35278]
 2014-02-06 15:59:14 -08:00
Tinderbox User
7fa75f8e0e update copyright notice 2014-02-06 23:46:25 +00:00
Tinderbox User
0666e6db54 update copyright notice 2014-01-31 23:46:22 +00:00
Evan Hunt
d0803df331 [master] fixed geoip in blackhole ACLs 
3722.	[bug]		Using geoip ACLs in a blackhole statement
			could cause a segfault. [RT #35272]
 2014-01-30 17:03:32 -08:00
Tinderbox User
04b5785fde update copyright notice 2014-01-29 23:46:19 +00:00
Mark Andrews
75d747e1c5 3719. [bug] Address memory leak in in peer.c. [RT #35255] 2014-01-30 07:54:52 +11:00
Mark Andrews
61932ed917 copyright cleanups 2014-01-29 14:05:46 +11:00
Tinderbox User
aa7b16ec2a update copyright notice 2014-01-21 23:46:16 +00:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests 
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
 2014-01-20 16:08:09 -08:00
Evan Hunt
e45d0508c3 [master] skip unnecesary also-notify data 
3713.	[bug]		Save memory by not storing "also-notify" addresses
			in zone objects that are configured not to send
			notify requests. [RT #35195]
 2014-01-20 15:53:51 -08:00
Tinderbox User
dfd5f3b388 update copyright notice 2014-01-18 23:46:13 +00:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Tinderbox User
c0682c2367 update copyright notice 2014-01-17 23:46:32 +00:00
Francis Dupont
e02659b241 applied emacs filled-paragraph (ESC-q) to reindent SUBDIRS 2014-01-17 14:14:30 +01:00
Tinderbox User
1633aead67 update copyright notice 2014-01-16 23:46:28 +00:00
Mark Andrews
db8938c993 3710. [bug] Address double dns_zone_detach when switching to 
using automatic empty zones from regular zones.
                        [RT #35177]
 2014-01-17 10:04:16 +11:00
Evan Hunt
5760095601 [master] skip xfer test with Net::DNS 0.73 2014-01-16 09:50:23 -08:00
Francis Dupont
6080262ffe add iscpk11 dep in lwresd system test 2014-01-16 16:06:04 +01:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Tinderbox User
bf0266f286 update copyright notice 2014-01-14 23:46:22 +00:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Mark Andrews
07fb9b8330 3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185] 2014-01-14 16:12:30 +11:00
Tinderbox User
2cf1d5b098 update copyright notice 2014-01-12 23:46:23 +00:00
Mark Andrews
fb756ba304 3703. [func] Prefetch about to expire records if they are queried 
for, see prefetch option for details. [RT #35041]
 2014-01-12 21:29:15 +11:00
Tinderbox User
f70a10508f update copyright notice 2014-01-11 23:46:17 +00:00
Evan Hunt
7d2b185f16 [master] new dnssec-coverage options 
3702.	[func]		'dnssec-coverage -l' option specifies a length
			of time to check for coverage; events further into
			the future are ignored.  'dnssec-coverage -z'
			checks only ZSK events, and 'dnssec-coverage -k'
			checks only KSK events.  (Thanks to Peter Palfrader.)
			[RT #35168]
 2014-01-10 17:53:21 -08:00
Mark Andrews
a7c412f37c update copyrights 2014-01-11 07:07:56 +11:00
Mark Andrews
ff6de396a9 3701. [func] named-checkconf can now suppress the printing of 
shared secrets by specifying '-x'. [RT #34465]
 2014-01-10 16:56:36 +11:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Mark Andrews
d4eb30fa2d stop spamming system logs 2014-01-09 16:23:40 +11:00
Tinderbox User
e8914b47a2 update copyright notice 2014-01-05 23:46:12 +00:00
Mark Andrews
e9649ece3b 3696. [bug] dig failed to handle AXFR style IXFR responses which 
span multiple messages. [RT #35137]
 2014-01-06 06:22:30 +11:00
Tinderbox User
9c61ab2c99 update copyright notice 2013-12-21 23:46:16 +00:00
Evan Hunt
c14ba71070 [master] warn if key-directory doesn't exist 
3694.	[bug]		Warn when a key-directory is configured for a zone,
			but does not exist or is not a directory. [RT #35109]
 2013-12-20 14:57:03 -08:00
Tinderbox User
7c329be7c0 update copyright notice 2013-12-15 23:46:14 +00:00
Tinderbox User
eade480b33 update copyright notice 2013-12-13 23:46:17 +00:00
Evan Hunt
0606c47750 [master] correct dispatch address/port check 
3690.	[bug]		Iterative responses could be missed when the source
			port for an upstream query was the same as the
			listener port (53). [RT #34925]
 2013-12-12 22:39:12 -08:00
Evan Hunt
9b895f30f1 [master] fix insecure delegation across static-stub zones 
3689.	[bug]		Fixed a bug causing an insecure delegation from one
			static-stub zone to another to fail with a broken
			trust chain. [RT #35081]
 2013-12-12 22:19:33 -08:00
Tinderbox User
de77dcc2c1 update copyright notice 2013-12-11 23:47:38 +00:00
Evan Hunt
4e1d84a33c typo 2013-12-11 14:00:07 -08:00
Evan Hunt
0bbe3273a2 [master] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]
 2013-12-11 13:25:21 -08:00
Tinderbox User
79812068ff update copyright notice 2013-12-06 23:47:28 +00:00
Mark Andrews
7d65cbaca0 3684. [bug] The list of included files would grow on reload. 
[RT 35090]
 2013-12-07 09:44:45 +11:00
Curtis Blackburn
8009525601 3682. [bug] Correct the behavior of rndc retransfer to allow 
inline-signing slave zones to retain NSEC3 parameters instead of
			reverting to NSEC [RT #34745]
 2013-12-04 12:26:20 -06:00
Evan Hunt
d999ca28d4 [master] check hint files in named-checkconf -z 
3676.	[bug]		"named-checkconf -z" now checks zones of type
			hint and redirect as well as master. [RT #35046]
 2013-11-25 12:26:53 -08:00
Mark Andrews
225146b2c8 3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026] 2013-11-18 11:22:59 +11:00
Mark Andrews
ced4f794cf check expected responses 2013-11-15 13:22:48 +11:00
Mark Andrews
3ac9ef6a6d move forwarder server to 10.53.0.5 2013-11-15 13:16:51 +11:00
Tinderbox User
432d8fa3b4 update copyright notice 2013-11-14 23:46:24 +00:00
Evan Hunt
434bfc3dfa [master] "in-view" zone option 
3673.	[func]		New "in-view" zone option allows direct sharing
			of zones between views. [RT #32968]
 2013-11-13 20:35:40 -08:00
Evan Hunt
0618287859 [master] allow setting local addr in dns_client 
3672.	[func]		Local address can now be specified when using
			dns_client API. [RT #34811]
 2013-11-13 10:52:22 -08:00
Mark Andrews
c4004ada2a adjust sync point 2013-11-13 15:44:54 +11:00
Mark Andrews
6b0434299b 3671. [bug] Don't allow dnssec-importkey overwrite a existing 
non-imported private key.
 2013-11-13 12:01:09 +11:00
Mark Andrews
015f044f7f remove copyright noticed 2013-11-09 13:55:49 +11:00
Tinderbox User
97c299486a update copyright notice 2013-11-08 23:46:19 +00:00
Mark Andrews
2048955015 3667. [func] dig: add support to keep the TCP socket open between 
successive queries (+[no]keepopen).  [RT #34918]
 2013-11-07 10:50:01 +11:00
Mark Andrews
49c1e0d18d 3666. [func] Add a tool, named-rrchecker, for checking the syntax 
of individual resource records.  This tool is intended
                        to be called by provisioning systems so that the front
                        end does not need to be upgraded to support new DNS
                        record types. [RT #34778]
 2013-11-07 10:41:47 +11:00
Mark Andrews
50c67f588e remove blank 
(cherry picked from commit 75aa3c6f2ada5dcc657d0858ee4544c7997d9840)
 2013-09-23 09:47:30 +10:00
Mark Andrews
9fa2a0deed 3652. [bug] Address bug with rpz-drop policy. [RT #34816] 2013-09-21 17:27:43 +10:00
Tinderbox User
bcbb556868 update copyright notice 2013-09-19 23:46:20 +00:00
Evan Hunt
c7965f84c2 [master] comment nzf files 
3649.	[cleanup]	Include a comment in .nzf files, giving the name of
			the associated view. [RT #34765]
 2013-09-19 15:37:09 -07:00
Mark Andrews
88a6dc33b7 only generate DSA/ECDSA signatures in named if we have a source of randomness and only on specific platforms 2013-09-19 10:40:38 +10:00
Mark Andrews
7667dd1a03 call zone_settimer; sub test failure was not being detected 
(cherry picked from commit ebd7900670)
 2013-09-18 12:57:46 +10:00
Mark Andrews
2c089bf6d2 whitspace 2013-09-16 10:14:07 +10:00
Tinderbox User
a989ffdbb3 update copyright notice 2013-09-10 23:46:14 +00:00
Evan Hunt
78f20eda3c [master] clean up tests, update .gitignore 2013-09-09 19:37:17 -07:00
Mark Andrews
3d3aa9cde6 use -r rather then -f 2013-09-09 12:19:30 +10:00
Mark Andrews
23c73a1848 only test dsa if we have a random device 2013-09-09 11:42:58 +10:00
Tinderbox User
63737247d1 update copyright notice 2013-09-05 23:46:16 +00:00
Mark Andrews
cb69994ff8 3645. [protocol] Use case sensitive compression when responding to 
queries. [RT #34737]
 2013-09-05 12:22:34 +10:00
Evan Hunt
690bd6bf5d [master] fix inline test, add importkey to win32 build 2013-09-04 18:56:50 -07:00
Mark Andrews
5b9469c0db test for ECDSAP256SHA256 support 2013-09-04 22:33:31 +10:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Mark Andrews
b5f4cc132e 3641. [bug] Handle changes to sig-validity-interval settings 
better. [RT #34625]
 2013-09-04 13:45:00 +10:00
Mark Andrews
d6f99498d6 3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used 
in a key zone. [RT #34238]
 2013-09-04 13:14:06 +10:00
Tinderbox User
4b2c089cd8 update copyright notice 2013-08-19 23:46:14 +00:00
Mark Andrews
997c2c5116 3636. [bug] Automatic empty zones now behave better with 
forward only "zones" beneath them. [RT #34583]
 2013-08-19 09:18:28 +10:00
Tinderbox User
33d6c4a086 update copyright notice 2013-08-16 23:46:11 +00:00
Mark Andrews
e548e07a9a 3636. [bug] Automatic empty zones now behave better with 
forward only "zones" beneath them. [RT #34583]
 2013-08-16 13:54:23 +10:00
Tinderbox User
377b774598 update copyright notice 2013-08-15 23:46:17 +00:00
Mark Andrews
d1e22676de 3635. [bug] Signatures were not being removed from a zone with 
only KSK keys for a algorithm. [RT #24439]
 2013-08-15 13:37:07 +10:00
Mark Andrews
7ace327795 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]
 2013-08-15 10:48:05 +10:00
Mark Andrews
75ae74f8fd 3629. [func] Allow the printing of cryptographic fields in DNSSEC 
records by dig to be suppressed (dig +nocrypto).
                        [RT #34534]
 2013-08-12 15:37:51 +10:00
Mark Andrews
16bd30ae69 3628. [func] Report DNSKEY key id's when dumping the cache. 
[RT #34533]
 2013-08-12 14:38:26 +10:00
Mark Andrews
df0892aea6 3627. [bug] RPZ changes were not effective on slaves. [RT #34450] 2013-08-09 13:23:01 +10:00
Tinderbox User
f378953f3b update copyright notice 2013-08-07 23:46:12 +00:00
Mark Andrews
f45f654185 3625. [bug] Don't send notify messages to machines outside of the 
test setup.
 2013-08-07 15:48:55 +10:00
Evan Hunt
3cea62e3df [master] fix bad test output when server fails 2013-07-25 11:15:53 -07:00
Tinderbox User
44c016134f update copyright notice 2013-07-13 23:46:06 +00:00
Evan Hunt
9a32b8d8f8 [master] add a sleep to prevent intermittent test failure 2013-07-13 15:30:56 -07:00
Evan Hunt
421d4a0647 [master] rpz work 
3620.	[func]		Added "rpz-client-ip" policy triggers, enabling
			RPZ responses to be configured on the basis of
			the client IP address; this can be used, for
			example, to blacklist misbehaving recursive
			or stub resolvers. [RT #33605]

3619.	[bug]		Fixed a bug in RPZ with "recursive-only no;"
			[RT #33776]
 2013-07-12 14:46:47 -07:00
Evan Hunt
0b4ed61d20 [master] added missing file 2013-07-12 00:01:33 -07:00