upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 12:02:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25079 commits 18 branches 854 tags 440 MiB
Commit graph

7766 commits

Author SHA1 Message Date
Mark Andrews
bc09fd1365 4436. [func] Return TLSA records as additional data for MX and SRV 
lookups. [RT #42894]

(cherry picked from commit bb900e62bf)
 2016-08-12 10:10:30 +10:00
Mark Andrews
36be0aad8e 4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message 
will not fit into a single IPv4 encapsulated IPv6
                        UDP packet when transmitted over a Ethernet link.
                        [RT #42871]

(cherry picked from commit 31ffec1541)
 2016-08-12 09:43:55 +10:00
Mark Andrews
33f91e248b 4434. [protocol] Return EDNS EXPIRE option for master zones in addition 
to slave zones. [RT #43008]

(cherry picked from commit bf2238b064)
 2016-08-12 09:32:29 +10:00
Evan Hunt
51227d6f16 [v9_11] error on bad parameter to 'rndc dumpdb' 
4433.	[cleanup]	Report an error when passing an invalid option or
			view name to "rndc dumpdb". [RT #42958]

(cherry picked from commit c38d989fdd)
 2016-08-11 16:04:38 -07:00
Mark Andrews
9e4811dc90 4432. [testing] Hide rndc output on expected failures in logfileconfig 
system test. [RT #27996]

(cherry picked from commit 12895c8d6f)
 2016-08-10 13:07:05 +10:00
Tinderbox User
b0cd1a7a63 update copyright notice / whitespace 2016-08-09 00:25:59 +00:00
Mark Andrews
12b791ae20 4431. [bug] named-checkconf now checks the rate-limit clause. 
[RT #42970]
 2016-08-08 23:54:15 +10:00
Mark Andrews
080582dc47 4430. [bug] Lwresd died if a search list was not defined. 
Found by 0x710DDDD At Alibaba Security. [RT #42895]

(cherry picked from commit 3146be6fd6)
 2016-08-08 10:23:22 +10:00
Mark Andrews
3a71cd8ca3 4429. [bug] Address potential use after free on fclose() error. 
[RT #42976]

(cherry picked from commit c1915935cf)
 2016-08-08 09:51:13 +10:00
Witold Krecicki
a23f742c3d Remove spurious isc_stdio_open 2016-07-28 14:26:36 +02:00
Witold Krecicki
ba340e4469 4426. [bug] Addressed Coverity warnings. [RT #42908] 2016-07-27 15:45:58 +02:00
Tinderbox User
1e9517ea21 regen v9_11 2016-07-27 01:12:35 +00:00
Witold Krecicki
bd9e956e03 Fix typos in nzd2nzf test 2016-07-26 21:16:15 +02:00
Witold Krecicki
3783f45e68 Fix merge error in bin/tests/system/conf.sh.in, add missing cleanups in tests 2016-07-26 20:33:06 +02:00
Mark Andrews
c70fb599b9 add space in #error message 2016-07-26 11:28:29 +10:00
Mark Andrews
17d4581ce9 remove comma 
(cherry picked from commit 0ac94b80e8)
 2016-07-26 11:17:52 +10:00
Tinderbox User
0ff8d59a07 regen v9_11 2016-07-26 01:11:57 +00:00
Mark Andrews
b62db16a58 named-rrchecker is also in ${prefix}/bin 2016-07-26 07:12:00 +10:00
Mark Andrews
72cc860dd2 4425. [bug] arpaname and dnstap-read were not being installed 
into ${prefix}/bin.  Tidy up installation issues
                        with CHANGE 4421. [RT #42910]

(cherry picked from commit 711aff9fa7)
 2016-07-26 06:54:19 +10:00
Witold Krecicki
a6d873b8bc Fix merge error in bin/tools/Makefile.in 2016-07-25 13:15:27 +02:00
Mark Andrews
b7161f9898 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries 
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]

(cherry picked from commit f20179857a)
 2016-07-22 20:03:06 +10:00
Evan Hunt
2fee8782a6 [v9_11] copyrights 2016-07-21 20:06:52 -07:00
Tinderbox User
adb0ac475d update copyright notice / whitespace 2016-07-21 23:46:46 +00:00
Evan Hunt
b83e886b30 [v9_11] silence clang warnings 
4422.	[port]		Silence clang warnings in dig.c and dighost.c.
			[RT #42451]
 2016-07-21 15:54:00 -07:00
Evan Hunt
ee9982dbd9 [v9_11] add missing file 2016-07-21 12:45:39 -07:00
Evan Hunt
12c8dec44b [v9_11] print.h 2016-07-21 11:25:26 -07:00
Evan Hunt
801707fe19 [v9_11] store "addzone" zone config in a NZD database 
4421.	[func]		When built with LMDB (Lightning Memory-mapped
			Database), named will now use a database to store
			the configuration for zones added by "rndc addzone"
			instead of using a flat NZF file. This improves
			performance of "rndc delzone" and "rndc modzone"
			significantly. Existing NZF files will
			automatically by converted to NZD databases.
			To view the contents of an NZD or to roll back to
			NZF format, use "named-nzd2nzf". To disable
                        this feature, use "configure --without-lmdb".
                        [RT #39837]
 2016-07-21 11:14:16 -07:00
Mark Andrews
529d8a7cf1 4420. [func] nslookup now looks for AAAA as well as A by default. 
[RT #40420]

(cherry picked from commit e7e7efe901)
 2016-07-22 03:28:28 +10:00
Witold Krecicki
d9d7b2657e 4419. [bug] Don't cause undefined result if the label of an 
entry in catalog zone is changed. [RT #42708]
 2016-07-21 13:07:56 +02:00
Mark Andrews
a1ddbcb37a more copyright cleanups 
(cherry picked from commit 592127b7fa)
 2016-07-21 19:16:24 +10:00
Tinderbox User
5347c0fcb0 regen v9_11 2016-07-21 07:53:18 +00:00
Mark Andrews
704e6c8876 copyright 
(cherry picked from commit 813e9f7ee2)
 2016-07-21 17:02:22 +10:00
Evan Hunt
d907426f0f [v9_11] fix keymgr with low prepublication interval 
4417.	[bug]		dnssec-keymgr could fail to create successor keys
			if the prepublication interval was set to a value
			smaller than the default. [RT #42820]

Patch submitted by Nis Wechselberg (enbewe@enbewe.de).
 2016-07-20 15:14:20 -07:00
Evan Hunt
f0fe1930a2 [v9_11] normalize domain names for trailing dots 
4416.	[bug]		dnssec-keymgr: Domain names in policy files could
			fail to match due to trailing dots. [RT #42807]

Patch submitted by Armin Pech (mail@arminpech.de).
 2016-07-20 14:36:12 -07:00
Evan Hunt
a78396e652 [v9_11] deleted keys not correctly excluded 
4415.	[bug]		dnssec-keymgr: Expired/deleted keys were not always
			excluded. [RT #42884]

Patch submitted by Nis Wechselberg (enewe@enbewe.de).
 2016-07-20 14:29:01 -07:00
Mark Andrews
55d61515ec 4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED 
was returned. [RT #42733]

(cherry picked from commit 63e58ad048)
 2016-07-14 15:08:15 +10:00
Mark Andrews
111ec860a8 Visual Studio 2005 doesn't like named elements, construct addr using isc_netaddr_fromin6 
(cherry picked from commit d937f8e999)
 2016-07-14 11:31:01 +10:00
Mark Andrews
1ac74a984d Windows doesn't like LLU use ULL instead 
(cherry picked from commit 6b5d6472cdbdb57ee7d8247d85f07c42fb347663)
 2016-07-14 11:13:56 +10:00
Tinderbox User
1700442a77 regen v9_11 2016-07-14 00:01:54 +00:00
Mukund Sivaraman
2d5581de6e Make fixes for GCC 6 (#42721) 
(cherry picked from commit 4116177ac4)
 2016-07-13 13:56:22 +05:30
Evan Hunt
3525200d9f [v9_11] rndc dnstap -roll 
4411.	[func]		"rndc dnstap -roll" automatically rolls the
			dnstap output file; the previous version is
			saved with ".0" suffix, and earlier versions
			with ".1" and so on. An optional numeric argument
			indicates how many prior files to save. [RT #42830]
 2016-07-13 01:18:41 -07:00
Mark Andrews
28303a06ce 4410. [bug] Address use after free and memory leak with dnstap. 
[RT #42746]

(cherry picked from commit a2101037d9)
 2016-07-13 16:56:53 +10:00
Mark Andrews
64196d78c8 add more DNS64 default exclude acl tests 
(cherry picked from commit d147d56227)
 2016-07-13 10:58:46 +10:00
Mark Andrews
35c014cb1d 4408. [func] Continue waiting for expected response when we the 
response we get does not match the request. [RT #41026]

(cherry picked from commit ec5e01747a)
 2016-07-12 11:33:49 +10:00
Tinderbox User
ebb8a69f33 update copyright notice / whitespace 2016-07-11 23:47:19 +00:00
Mark Andrews
4d8940486c 4409. [bug] DNS64 should exlude mapped addresses by default when 
a exclude acl is not defined. [RT #42810]

(cherry picked from commit 557c7221fd)
 2016-07-11 14:12:42 +10:00
Mark Andrews
f555b59e36 4406. [bug] getrrsetbyname with a non absolute name could 
trigger a infinite recursion bug in lwresd
                        and named with lwres configured if when combined
                        with a search list entry the resulting name is
                        too long. [RT #42694]

(cherry picked from commit 38cc2d14e2)
 2016-07-07 13:50:38 +10:00
Mark Andrews
2be74962e4 ignore bin/tests/system/rndc/ns4/named.conf 
(cherry picked from commit 3c88f741c6)
 2016-07-07 09:57:01 +10:00
Tinderbox User
1105cecdc2 update copyright notice / whitespace 2016-07-06 23:47:18 +00:00
Tinderbox User
6af971acc0 regen v9_11 2016-07-06 01:09:13 +00:00
Mark Andrews
8d9a134fe7 4405. [bug] Change 4342 introduced a regression where you could 
not remove a delegation in a NSEC3 signed zone using
                        OPTOUT via nsupdate. [RT #42702]

(cherry picked from commit d811a7d9ef)
 2016-07-06 10:14:01 +10:00
Mark Andrews
f2af4484a8 one -f the -D sync's should have been just -D 
(cherry picked from commit 27505a932f)
 2016-07-06 08:33:31 +10:00
Mark Andrews
680c1ba73d ignore configure generated files 
(cherry picked from commit 0dacb6efdf)
 2016-06-29 23:32:27 +10:00
Mark Andrews
e96a2a2b89 ignore configure generated files 
(cherry picked from commit cd734243d4)
 2016-06-29 23:27:51 +10:00
Mark Andrews
cccfafa311 4403. [bug] Rename variables and arguments that shadow: basename, 
clone and gai_error.

(cherry picked from commit ecfa005085)
 2016-06-29 11:26:49 +10:00
Witold Krecicki
a77f86b6ca Fix keymgr test for change 4400 [RT #42718] 2016-06-27 12:22:01 +02:00
Tinderbox User
33d0a7767d regen master 2016-06-27 05:29:38 +00:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
50a3eae6cf 4400. [bug] ttl policy was not being inherited in policy.py. 
[RT #42718]
 2016-06-27 13:07:45 +10:00
Mark Andrews
8d49a1a0d1 4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and 
'ECDSAP384SHA384' don't have settable keysize.
                        [RT #42718]
 2016-06-27 12:11:37 +10:00
Mark Andrews
97e13cc244 4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py. 
[RT #42718]
 2016-06-27 11:49:11 +10:00
Tinderbox User
05da080bbd regen master 2016-06-27 01:25:44 +00:00
Mark Andrews
2616416a67 add missing <para>/<para> tags 2016-06-27 10:53:23 +10:00
Tinderbox User
4677c85720 regen master 2016-06-25 01:05:37 +00:00
Mark Andrews
8927a982bd update copyrights / whitespace 2016-06-24 16:23:26 +10:00
Mark Andrews
9f5443280f 4397. [bug] Update Windows python support. [RT #42538] 2016-06-24 16:04:10 +10:00
Mark Andrews
c1a72112b2 4396. [func] dnssec-keymgr now takes a '-r randomfile' option. 
[RT #42455]
 2016-06-24 14:12:24 +10:00
Mark Andrews
b709d84755 distclean cleanup 2016-06-24 13:52:01 +10:00
Mark Andrews
4840ef4581 4395 [bug] Improve out-of-tree installation of python modules. 
[RT #42586]
 2016-06-24 12:20:37 +10:00
Tinderbox User
76cf91b5df regen master 2016-06-24 01:05:13 +00:00
Tinderbox User
b54c2849fb update copyright notice / whitespace 2016-06-23 23:45:21 +00:00
Mark Andrews
7d262a3647 4394. [func] Add rndc command "dnstap-reopen" to close and 
reopen dnstap output filed. [RT #41803]
 2016-06-24 09:37:04 +10:00
Jeremy C. Reed
e8300d7263 Use test random file for tsig test using keygen 
This is for #42565: tsig test hangs and KEYGEN and randomdev

It was okayed there and is a trivial fix. No changes log needed.
 2016-06-23 18:48:09 -04:00
Tinderbox User
601645a1e8 update copyright notice / whitespace 2016-06-22 23:45:21 +00:00
Mark Andrews
10966da999 4402. [func] Collect statistics for RSSAC02v3 traffic-volume, 
traffic-sizes and rcode-volume reporting. [RT #41475]
 2016-06-23 08:44:54 +10:00
Witold Krecicki
4681ab1fc2 4387. [test] Rewritten test suite for catalog zones. [RT #42676] 
4386.	[func]		Support for master entries with TSIG keys in catalog
			zones. [RT #42577]
 2016-06-22 10:50:09 +02:00
Mark Andrews
b56bd9b59f 4387. [bug] Change 4336 was not complete leading to SERVFAIL 
being return as NS records expired. [RT #42683]
 2016-06-22 15:26:38 +10:00
Mark Andrews
96beefd76f 4386.[bug]Remove shadowed overmem function/variable. [RT #42706] 2016-06-22 15:13:24 +10:00
Witold Krecicki
3f06b888ae 4385. [func] Add support for allow-query and allow-transfer ACLs 
to catalog zones. [RT #42578]
 2016-06-20 13:39:44 +02:00
Mark Andrews
c1bf332c7c silence rm error message 2016-06-20 14:33:33 +10:00
Mark Andrews
eff62988e6 checking that default nta's were lifted due to lifetime were not robust 2016-06-20 14:29:11 +10:00
Mark Andrews
bcd6666984 silence compiler warning 2016-06-19 22:59:58 +10:00
Mark Andrews
948fe5822b 4384. [bug] Change 4256 accidentally disabled logging of the 
rndc command. [RT #42654]
 2016-06-18 00:10:51 +10:00
Mark Andrews
3f0de196f7 report subtest number 2016-06-17 10:50:33 +10:00
Tinderbox User
3939cc42d8 update copyright notice / whitespace 2016-06-16 23:45:22 +00:00
Mark Andrews
caf7c2fd25 style 2016-06-17 07:13:12 +10:00
Tinderbox User
dce54b9b5c update copyright notice / whitespace 2016-06-14 23:45:25 +00:00
Mark Andrews
3635d8f910 do not overflow exit status. [RT #42643] 2016-06-14 13:48:39 +10:00
Mark Andrews
ecff557eeb 4383. [bug] Correct spelling error in stats channel description of 
"EDNS client subnet option received". [RT #42633]
 2016-06-14 11:31:17 +10:00
Francis Dupont
985d2d1b71 Updated OpenSSL patches for 1.0.[12] (active/supported) 2016-06-13 18:05:33 +02:00
Mark Andrews
eb6d8d7a48 silence coverity warnings 2016-06-12 00:08:31 +10:00
Tinderbox User
ffaab41a01 update copyright notice / whitespace 2016-06-10 23:45:19 +00:00
Evan Hunt
eb3195d211 [master] add a test for dig +subnet with various prefix lengths 2016-06-09 22:49:52 -07:00
Mark Andrews
fbc50678e1 4382. [bug] rndc {addzone,modzone,delzone,showzone} should all 
compare the zone name using a canonical format.
                        [RT #42630]
 2016-06-10 11:03:53 +10:00
Mark Andrews
eb54bc33a2 also cleanup node 2016-06-03 18:04:37 +10:00
Mark Andrews
92ddd7ad2c detach before restore 2016-06-03 17:23:08 +10:00
Mark Andrews
b4750b5991 reset zversion on restart 2016-06-03 14:33:16 +10:00
Witold Krecicki
c2afbab9dc 4381. [bug] Missing "zone-directory" option in catalog zone 
definition caused BIND to crash. [RT #42579]
 2016-06-02 21:41:02 +02:00
Tinderbox User
e76f113739 regen master 2016-06-02 01:05:09 +00:00
Mark Andrews
d055178624 simplify poorly written conditional 2016-06-02 10:18:17 +10:00
Tinderbox User
1c6d1ca335 update copyright notice / whitespace 2016-06-01 23:45:30 +00:00
Francis Dupont
3933e5c763 Merged rt42563 (ht.c fixes) 2016-06-01 14:49:01 +02:00
Francis Dupont
2a8aa10492 Merged rt42505 (misc DNSSEC bugs) 2016-06-01 09:18:49 +02:00
Tinderbox User
7336a12983 update copyright notice / whitespace 2016-05-31 23:45:29 +00:00
Evan Hunt
3d0b7d5cc3 [master] zone-directory option for catalog zones 
4380.	[experimental]	Added a "zone-directory" option to "catalog-zones"
			syntax, allowing local masterfiles for slaves
			that are provisioned by catalog zones to be stored
			in a directory other than the server's working
			directory. [RT #42527]
 2016-05-31 10:36:27 -07:00
Tinderbox User
262bebd081 update copyright notice / whitespace 2016-05-27 23:45:23 +00:00
Mark Andrews
9268297baa 4379. [bug] An INSIST could be triggered if a zone contains 
RRSIG records with expiry fields that loop
                        using serial number arithmetic. [RT #40571]
 2016-05-27 15:24:30 +10:00
Evan Hunt
e3f231023c [master] use $DIG not dig 2016-05-26 18:39:07 -07:00
Tinderbox User
260e8e04b0 regen master 2016-05-27 01:05:21 +00:00
Mark Andrews
aabcb1fde0 4377. [bug] Don't reuse zero TTL responses beyond the current 
client set (excludes ANY/SIG/RRSIG queries).
                        [RT #42142]
 2016-05-27 09:59:46 +10:00
Evan Hunt
6c2a76b3e2 [master] copyrights, win32 definitions 2016-05-26 12:36:17 -07:00
Witold Krecicki
7a00d69909 4376. [experimental] Added support for Catalog Zones, a new method for 
provisioning secondary servers in which a list of
                        zones to be served is stored in a DNS zone and can
                        be propagated to slaves via AXFR/IXFR. [RT #41581]

4375.   [func]          Add support for automatic reallocation of isc_buffer
                        to isc_buffer_put* functions. [RT #42394]
 2016-05-26 21:23:19 +02:00
Evan Hunt
bfe9697f92 [master] correct summary 2016-05-26 09:53:09 -07:00
Mark Andrews
3d1b521b5b update dnssec-keymgr documentation. [RT #42454] 2016-05-26 16:02:46 +10:00
Mark Andrews
32e1f3cda0 improve error message for missing dnssec-keygen/dnssec-settime. [RT #42456] 2016-05-26 15:46:10 +10:00
Mark Andrews
28784b996b minor host man page cleanups from Tony Finch [RT #42476] 2016-05-26 13:56:42 +10:00
Mark Andrews
ac11084829 4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the 
probability of reference counting errors as seen
                        in 4365. [RT #42405]
 2016-05-26 12:11:00 +10:00
Mark Andrews
10f8dc8456 4370. [bug] Address python3 compatibility issues with RNDC module. 
[RT #42499] [RT #42506]
 2016-05-26 12:01:31 +10:00
Tinderbox User
7173647ada update copyright notice / whitespace 2016-05-25 23:45:21 +00:00
Evan Hunt
0cbe448914 [master] minimal-any 
4371.	[func]		New "minimal-any" option reduces the size of UDP
			responses for qtype ANY by returning a single
			arbitrarily selected RRset instead of all RRsets.
			Thanks to Tony Finch. [RT #41615]
 2016-05-25 13:54:34 -07:00
Mark Andrews
9c6a57d7c7 address python2/python3 differences 2016-05-25 15:19:25 +10:00
Mark Andrews
d4a9a6c4a9 pass $KEYGEN to $KEYMGR 2016-05-25 14:05:26 +10:00
Mark Andrews
e6d09e71d0 style 2016-05-25 13:41:48 +10:00
Mark Andrews
ecb9c56ff6 use python3 compatible syntax 2016-05-25 13:37:07 +10:00
Mark Andrews
9dede25430 4370. [bug] Address python3 compatibility issues with RNDC module. 
[RT #42499]
 2016-05-25 11:48:52 +10:00
Mark Andrews
d3600bb89d 4369. [bug] Fix 'make' and 'make install' out-of-tree python 
support. [RT #42484]
 2016-05-24 09:50:23 +10:00
Mark Andrews
7abac4a395 silence warning 2016-05-17 17:26:27 +10:00
Mark Andrews
4f200033d1 explict conversion 2016-05-17 17:22:51 +10:00
Mark Andrews
c3beecc1bc 4365. [bug] Address zone reference counting errors involving 
nxdomain-redirect. [RT #42258]
 2016-05-13 11:54:25 +10:00
Mark Andrews
32148399a2 ignore missing SERVFAIL 2016-05-12 14:25:43 +10:00
Tinderbox User
f5489931d7 update copyright notice / whitespace 2016-05-09 23:45:56 +00:00
Mark Andrews
8090ceb932 4363. [port] Turn off triggering UAC when running BINDInstall 
temporarily.
 2016-05-09 19:07:07 +10:00
Mark Andrews
97e9fc9e53 add missing dependancy 2016-05-09 15:42:57 +10:00
Mark Andrews
2b96f36d0c remember dig/rndc outputs 2016-05-09 07:59:19 +10:00
Mark Andrews
9e14bf1f86 add test counter 2016-05-09 07:29:43 +10:00
Witold Krecicki
9852ad2408 Fix awk compatibility issue in rndc system test 2016-05-07 13:33:51 +02:00
Tinderbox User
f89adb2c2a update copyright notice / whitespace 2016-05-05 23:45:48 +00:00
Evan Hunt
7614afdab2 [master] remove copyright header from policy.good 2016-05-05 14:26:15 -07:00
Witold Krecicki
e846f127d6 4362. [func] Changed rndc reconfig behaviour so that newly added 
zones are loaded asynchronously and the loading does
			not block the server. [RT #41934]
 2016-05-05 21:41:12 +02:00
Mark Andrews
5ac427050f 4360. [bug] Silence spurious 'bad key type' message when there is 
a existing TSIG key. [RT #42195]
 2016-05-05 22:27:08 +10:00
Mark Andrews
594d15df25 4359. [bug] Inherited 'also-notify' lists were not being checked 
by named-checkconf. [RT #42174]
 2016-05-05 21:59:09 +10:00
Witold Krecicki
19d80ce584 4358. [test] Added American Fuzzy Lop harness that allows 
feeding fuzzed packets into BIND.
			[RT #41723]
 2016-05-05 11:49:38 +02:00
Witold Krecicki
dc2a4887c4 4357. [func] Add the python RNDC module. [RT #42093] 2016-05-05 11:33:47 +02:00
Mark Andrews
08e36aa5a5 4356. [func] Add the ability to specify whether to wait for 
nameserver addresses to be looked up or not to
                        rpz with a new modifying directive 'nsip-wait-recurse'.                         [RT #35009]
 2016-05-05 16:29:05 +10:00
Evan Hunt
f1a2709aad [master] add extractability to pkcs11-list 
4354.	[func]		"pkcs11-list" now displays the extractability
			attribute of private or secret keys stored in
			an HSM, as either "true", "false", or "never"
			Thanks to Daniel Stirnimann. [RT #36557]
 2016-05-04 21:56:48 -07:00
Tinderbox User
99bbb58ce7 update copyright notice / whitespace 2016-05-04 23:45:36 +00:00
Evan Hunt
699f790c49 [master] update pkcs11 headers 
4353.	[cleanup]	Update PKCS#11 header files. [RT #42175]
 2016-05-04 15:55:03 -07:00
Evan Hunt
66074f152f [master] log message when using ISC DLV 
4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]
 2016-05-04 14:37:25 -07:00
Tinderbox User
9e6e0881fa update copyright notice / whitespace 2016-04-30 23:45:50 +00:00
Mark Andrews
cbad856135 support truncated hashes longer that 7 
(cherry picked from commit 5b291f619e312689e25de8fd5662b0b9d4a62679)
 2016-05-01 07:48:40 +10:00
Tinderbox User
3241ddcf93 regen master 2016-04-30 01:05:59 +00:00
Tinderbox User
21635968f7 update copyright notice / whitespace 2016-04-29 23:45:42 +00:00
Evan Hunt
470af54b4e [master] more python2/3 compatibility fixes; use setup.py to install 2016-04-29 14:40:45 -07:00
Evan Hunt
304d16f08f [master] address some python2/3 incompatibilities 2016-04-29 10:38:35 -07:00
Tinderbox User
17e9d6023e Add .8 and .html files for dnssec-keymgr 2016-04-29 16:42:23 +00:00
Evan Hunt
90c7806bb6 [master] remove gnu make dependency 2016-04-29 09:36:36 -07:00
Evan Hunt
a27dc50157 [master] copyrights 2016-04-28 22:30:53 -07:00
Mark Andrews
86f221492f alphabetize 2016-04-29 13:10:26 +10:00
Mark Andrews
48bf87ba83 4351. [bug] 'dig +noignore' didn't work. [RT #42273] 2016-04-29 12:41:02 +10:00
Mark Andrews
cf69e3d8b2 alphabetize host options 2016-04-29 11:21:49 +10:00
Tinderbox User
aa70afe5c1 update copyright notice / whitespace 2016-04-28 23:45:37 +00:00
Evan Hunt
f6096b958c [master] dnssec-keymgr 
4349.   [contrib]       kasp2policy: A python script to create a DNSSEC
                        policy file from an OpenDNSSEC KASP XML file.

4348.	[func]		dnssec-keymgr: A new python-based DNSSEC key
			management utility, which reads a policy definition
			file and can create or update DNSSEC keys as needed
			to ensure that a zone's keys match policy, roll over
			correctly on schedule, etc.  Thanks to Sebastian
			Castro for assistance in development. [RT #39211]
 2016-04-28 00:16:01 -07:00
Evan Hunt
5ecfee97ba [master] copyrights 2016-04-14 19:12:13 -07:00
Evan Hunt
3cd204c4a4 [master] fixed revoked key regression 
4436.	[bug]		Fixed a regression introduced in change #4337 which
			caused signed domains with revoked KSKs to fail
			validation. [RT #42147]
 2016-04-14 18:52:52 -07:00
Mark Andrews
7f79448198 remove unnecessary return 2016-04-08 04:24:47 +10:00
Tinderbox User
a0132868d1 update copyright notice / whitespace 2016-03-25 23:45:16 +00:00
Mark Andrews
42f6b7a890 add mdig.exe; fix typo in isc-hmac-fixup.exe 2016-03-26 09:07:54 +11:00
Evan Hunt
4a5f5c4ce1 [master] install mdig to bin not sbin 2016-03-25 09:52:00 -07:00
Tinderbox User
c19f42a378 update copyright notice / whitespace 2016-03-24 23:45:21 +00:00
Tinderbox User
e285c11870 regen master 2016-03-24 01:05:08 +00:00
Mark Andrews
6214c3c93a 4341. [bug] 'rndc flushtree' could fail to clean the tree if there 
wasn't a node at the specified name. [RT #41846]
 2016-03-24 11:31:25 +11:00
Tinderbox User
a63461cc4b update copyright notice / whitespace 2016-03-23 23:45:22 +00:00
Evan Hunt
7fa4c18451 [master] ECS family 0 handling was still broken 2016-03-23 15:00:30 -07:00
Evan Hunt
05b7b63f17 [master] more ECS handling fixes 2016-03-23 09:59:42 -07:00
Evan Hunt
395e6865d5 [master] fix ECS with family==0 
4341.	[bug]		Correct the handling of ECS options with
			address family 0. [RT #41377]
 2016-03-23 08:54:46 -07:00
Evan Hunt
d82b18a552 [master] fix uiAccess for win64 build 2016-03-22 17:28:12 -07:00
Evan Hunt
ddf3342cca [master] test pipelining with mdig 
4339.	[test]		Use "mdig" to test pipelined queries. [RT #41929]
 2016-03-22 17:26:38 -07:00
Evan Hunt
132a571179 [master] fix mkeys TTL 0 issue 
4337.	[bug]		The previous change exposed a latent flaw in
			key refresh queries for managed-keys when
			a cached DNSKEY had TTL 0. [RT #41986]
 2016-03-22 12:12:32 -07:00
Tinderbox User
27def92931 update copyright notice / whitespace 2016-03-21 23:45:22 +00:00
Mark Andrews
0993cd5f22 4336. [bug] Don't emit records with zero ttl unless the records 
were learnt with a zero ttl. [RT #41687]
 2016-03-21 13:22:21 +11:00
Mark Andrews
b8dcc13bc5 4335. [bug] zone->view could be detached too early. [RT #41942] 2016-03-21 12:02:00 +11:00
Tinderbox User
b1aac28027 update copyright notice / whitespace 2016-03-16 23:45:17 +00:00
Jeremy C. Reed
e12c78ebf6 add comments about why the configuration is bad 
I didn't get review. This is trivial.
 2016-03-16 15:42:56 -04:00
Mark Andrews
756c643330 4334. [func] 'named -V' now reports zlib version. [RT #41913] 2016-03-13 07:48:11 +11:00
Jeremy C. Reed
81780ffd74 use -r $RANDFILE for test using keygen 
stops hang
this is for ticket #41898
 2016-03-11 09:27:15 -05:00
Tinderbox User
4a7004f3ce update copyright notice / whitespace 2016-03-10 23:45:16 +00:00
Mark Andrews
7c52595464 4331. [func] When loading managed signed zones detect if the 
RRSIG's inception time is in the future and regenerate
                        the RRSIG immediately. [RT #41808]
 2016-03-10 17:01:08 +11:00
Tinderbox User
1fb011b1db regen master 2016-03-08 22:35:32 +00:00
Tinderbox User
2cc103828e update copyright notice / whitespace 2016-03-08 22:29:11 +00:00
Mark Andrews
1188aa3010 add automatic-interface-scan to ARM grammar 2016-03-09 09:00:07 +11:00
Mark Andrews
93ca5ee4c4 update copyrights 2016-03-08 16:21:19 +11:00
Mark Andrews
d6357f09aa 4329. [func] Warn about a common misconfiguration when forwarding 
RFC 1918 zones. [RT #41441]
 2016-03-08 10:11:23 +11:00
Tinderbox User
220ba6da87 update copyright notice / whitespace 2016-03-04 23:45:23 +00:00
Mark Andrews
8398f00156 4326. [protocol] Add support for AVC. [RT #41819 2016-03-04 18:11:41 +11:00
Mukund Sivaraman
9da98335c1 Code cleanups (#41656) 2016-03-04 12:18:17 +05:30
Evan Hunt
023ba1e6ef [master] add OS details to rndc status 
4325.	[func]		Add a line to "rndc status" indicating the
			hostname and operating system details. [RT #41610]
 2016-03-03 22:02:52 -08:00
Tinderbox User
f254ab049e update copyright notice / whitespace 2016-03-02 23:45:17 +00:00
Mark Andrews
ce7216c40a 4223. [bug] Improve HTTP header processing on statschannel. 
[RT #41674]
 2016-03-02 11:04:59 +11:00
Mark Andrews
455c0848f8 4322. [security] Duplicate EDNS COOKIE options in a response could 
trigger an assertion failure. (CVE-2016-2088)
                        [RT #41809]
 2016-02-27 11:23:50 +11:00
Mark Andrews
7f514657e2 update copyrights 2016-02-25 10:55:40 +11:00