Commit graph

156 commits

Author SHA1 Message Date
Mark Andrews
8bcd80824c 4581. [port] Linux: Add getpid and getrandom to the list of system
calls named uses for seccomp. [RT #44883]

(cherry picked from commit f94f3e2791)
2017-03-16 11:23:36 +11:00
Curtis Blackburn
294ef74e5a 4515. [port] FreeBSD: Find readline headers when they are in
edit/readline/ instead of readline/. [RT #43658]
2016-11-18 11:12:28 -08:00
Evan Hunt
669e108d67 [v9_11] use arc4random_stir() when available
4499.	[port]		MacOSX: silence deprecated function warning
			by using arc4random_stir() when available
			instead of arc4random_addrandom(). [RT #43503]

(cherry picked from commit 3fb62a5a4e)
2016-11-01 14:00:54 -07:00
Mark Andrews
2a1860ad83 4494. [bug] Look for <editline/readline.h>. [RT #43429]
(cherry picked from commit 6fbb2b51d8)
2016-10-27 15:49:11 +11:00
Evan Hunt
801707fe19 [v9_11] store "addzone" zone config in a NZD database
4421.	[func]		When built with LMDB (Lightning Memory-mapped
			Database), named will now use a database to store
			the configuration for zones added by "rndc addzone"
			instead of using a flat NZF file. This improves
			performance of "rndc delzone" and "rndc modzone"
			significantly. Existing NZF files will
			automatically by converted to NZD databases.
			To view the contents of an NZD or to roll back to
			NZF format, use "named-nzd2nzf". To disable
                        this feature, use "configure --without-lmdb".
                        [RT #39837]
2016-07-21 11:14:16 -07:00
Mark Andrews
bd5040035c regen 2016-07-21 17:02:06 +10:00
Mukund Sivaraman
a16f42441a Use GCC builtin for clz in RPZ lookup code (#42818)
(cherry picked from commit 27038b159b)
2016-07-11 10:05:06 +05:30
Witold Krecicki
19d80ce584 4358. [test] Added American Fuzzy Lop harness that allows
feeding fuzzed packets into BIND.
			[RT #41723]
2016-05-05 11:49:38 +02:00
Mukund Sivaraman
d1dbf6b20f Use __built_expect() where available (#41411) 2016-02-01 08:59:49 +05:30
Evan Hunt
f02c22d58a [master] add uname data to named -V
4308.	[func]		Added operating system details to "named -V"
			output. [RT #41452]
2016-01-30 11:06:58 -08:00
Evan Hunt
b66b333f59 [master] dnstap
4235.	[func]		Added support in named for "dnstap", a fast method of
			capturing and logging DNS traffic, and a new command
			"dnstap-read" to read a dnstap log file.  Use
			"configure --enable-dnstap" to enable this
			feature (note that this requires libprotobuf-c
			and libfstrm). See the ARM for configuration details.

			Thanks to Robert Edmonds of Farsight Security.
			[RT #40211]
2015-10-02 12:32:42 -07:00
Witold Krecicki
a239044323 4234. [func] Add deflate compression in statistics channel HTTP
server. [RT #40861]
2015-10-02 10:45:10 +02:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
2015-07-06 09:44:24 +10:00
Mark Andrews
8a9bac8dec 4133. [port] Update how various json libraries are handled.
[RT #39646]
2015-06-05 10:16:24 +10:00
Mukund Sivaraman
1783676a64 Add a --enable-querytrace configure switch for very verbose query tracelogging (#37520) 2015-02-26 16:51:07 +05:30
Mark Andrews
d8f2dd46cb 4025. [port] bsdi: failed to build. [RT #38047] 2014-12-19 12:06:35 +11:00
Francis Dupont
fc63119c8b Hardened OpenSSL digest/HMAC calls [RT #37944] 2014-12-02 12:41:01 +01:00
Francis Dupont
1831311ac6 added hooks for gperftools CPU profiler [#37339] 2014-10-08 15:14:02 +02:00
Mark Andrews
70be388974 [rt36039]
3902.   bug]            liblwres wasn't handling link-local addresses in
                        nameserver clauses in resolv.conf. [RT #36039]
2014-07-30 23:26:37 +10:00
Evan Hunt
6fa84a3e25 [master] enable libseccomp system call filtering
3851.	[func]		Allow libseccomp based system-call filtering
			on Linux; use "configure --enable-seccomp" to
			turn it on.  Thanks to Loganaden Velvindron for
			the contribution. [RT #35347]
2014-05-15 20:29:30 -07:00
Evan Hunt
1ea6e09c37 [master] check for arc4random_addrandom()
3840.	[port]		Check for arc4random_addrandom() before using it;
			it's been removed from OpenBSD 5.5. [RT #35907]
2014-05-07 08:58:25 -07:00
Evan Hunt
8cbf3b6fc3 [master] use adaptive locks when available
3781.	[tuning]	Use adaptive mutex locks when available; this
			has been found to improve performance under load
			on many systems. "configure --with-locktype=standard"
			restores conventional mutex locks. [RT #32576]
2014-03-10 12:14:35 -07:00
Evan Hunt
98922b2b2b [master] merge several interdependent fixes
3760.   [bug]           Improve SIT with native PKCS#11 and on Windows.
			[RT #35433]

3759.   [port]          Enable delve on Windows. [RT #35441]

3758.   [port]          Enable export library APIs on windows. [RT #35382]
2014-02-26 19:00:05 -08:00
Mark Andrews
bc4410b878 remove ENABLE_SIT 2014-02-25 01:10:36 +11:00
Mark Andrews
8f80420c71 don't set want_openssl_aes unless CRYPTO = -DOPENSSL 2014-02-20 20:30:50 +11:00
Evan Hunt
6a3fa181d1 [master] add "--with-tuning=large" option
3745.	[func]		"configure --with-tuning=large" adjusts various
			compiled-in constants and default settings to
			values suited to large servers with abundant
			memory. [RT #29538]
2014-02-18 22:36:14 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
2014-02-19 12:53:42 +11:00
Mark Andrews
850b5e8093 Add Linux support to:
3733.   [func]          Improve interface scanning support.  Interface
                        information will be automatically updated if the
                        OS supports routing sockets (MacOS, *BSD, Linux).
                        Use "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
2014-02-10 09:46:54 +11:00
Mark Andrews
62ec9fd168 3733. [func] Improve interface scanning support. Interface
information will be automatically updated if the
                        OS supports routing sockets.  Use
                        "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
2014-02-07 17:16:37 +11:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Evan Hunt
ba751492fc [master] native PKCS#11 support
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
2014-01-14 15:40:56 -08:00
Mark Andrews
03152360db 3661. [bug] Address lock order reversal deadlock with inline zones.
[RT #34856]
2013-10-08 11:43:08 +11:00
Evan Hunt
c174d5c13c [master] portability fix
3614.	[port]		Check for <linux/types.h>. [RT #34162]
2013-07-10 20:44:58 -07:00
Evan Hunt
feb067b25a [master] add JSON statistics channel
3524.	[func]		Added an alternate statistics channel in JSON format,
			when the server is built with the json-c library:
			http://[address]:[port]/json.  [RT #32630]
2013-03-13 14:24:50 -07:00
Evan Hunt
501941f0b6 [master] add geoip support
3504.	[func]		Add support for ACLs based on geographic location,
			using MaxMind GeoIP databases. Based on code
			contributed by Ken Brownfield <kb@slide.com>.
			[RT #30681]
2013-02-27 17:19:39 -08:00
Mark Andrews
b123b265e3 3435. [bug] Cross compilation support in configure was broken.
[RT #32078]
2012-12-07 16:43:22 +11:00
Mark Andrews
63dd467330 update libtool support to version 2.4.2 2012-11-28 04:32:15 +00:00
Evan Hunt
5506903c92 Merge rt28412b
- check for mmap() in configure
- implement isc_file_mmap() and isc_file_munmap() to do
  malloc()/read() and free() when run on systems that do not
  support mmap().
2012-06-21 12:58:46 -07:00
Evan Hunt
d878b8d87c merged filter-aaaa-on-v6 (ATT SoW)
3327.	[func]		Added 'filter-aaaa-on-v6' option; this is similar
			to 'filter-aaaa-on-v4' but applies to IPv6
			connections.  (Use "configure --enable-filter-aaaa"
			to enable this option.)  [RT #27308]
2012-05-14 11:50:00 -07:00
Mark Andrews
aaaf8d4f48 3317. [func] Add ECDSA support (RFC 6605). [RT #21918] 2012-05-02 23:20:17 +10:00
Mark Andrews
b9848361b9 regen 2011-12-20 00:49:49 +00:00
Evan Hunt
1d32b1df37 3244. [func] Added readline support to nslookup and nsupdate.
Also simplified nsupdate syntax to make "update"
			and "prereq" optional. [RT #24659]
2011-12-16 23:01:17 +00:00
Mark Andrews
30d9cf665d 3171. [port] darwin 10.* and freebsd [89] are now built threaded by
default.
2011-10-14 05:42:52 +00:00
Automatic Updater
a44bf3209a regen 2011-07-28 13:33:09 +00:00
Evan Hunt
422009fe5b 3066. [func] The DLZ "dlopen" driver is now built by default,
no longer requiring a configure option.  To
			disable it, use "configure --without-dlopen".
                        Driver also supported on win32.  [RT #23467]
2011-03-10 04:36:16 +00:00
Mark Andrews
4417904b15 regen 2011-02-27 06:21:53 +00:00
Mark Andrews
819f0ca24a regen 2011-01-13 02:06:40 +00:00
Mark Andrews
87708bde16 3008. [func] Response policy zones (RPZ) support. [RT #21726] 2011-01-13 01:59:28 +00:00
Mark Andrews
9fffc937a9 rege 2010-12-23 04:09:28 +00:00
Mark Andrews
aa5b977943 regen 2010-12-18 14:47:42 +00:00