upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 10:59:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25079 commits 18 branches 854 tags 440 MiB
Commit graph

10345 commits

Author SHA1 Message Date
Mark Andrews
d8e6cd0f8b use HAVE_SYS_SYSCTL_H 2015-09-29 07:26:04 +10:00
Francis Dupont
1d96b1a5ad Removed unused addrbuf 2015-09-28 17:32:40 +02:00
Francis Dupont
722ed14020 Fixed status vs statex 2015-09-28 17:30:07 +02:00
Francis Dupont
29d9a2927c Fixed project files 2015-09-28 15:46:33 +02:00
Francis Dupont
6066985ca8 Fixed isc_meminfo_totalphys return cast (size_t is *not* 64 bit) 2015-09-28 15:34:24 +02:00
Francis Dupont
b39bbe3c95 Fixed missing #include "config.h" 2015-09-28 14:50:18 +02:00
Francis Dupont
c4baee15c8 Fixed missing from libisccfg.def 2015-09-28 14:47:20 +02:00
Witold Krecicki
e6d0a391f5 4223. [func] Add support for setting max-cache-size to percentage 
of available physical memory, set default to 90%.
			[RT #38442]
 2015-09-28 11:08:50 +02:00
Mark Andrews
98a7f8c7ae 4222. [func] Bias IPv6 servers when selecting the next server to 
query. [RT #40836]
 2015-09-28 18:57:19 +10:00
Mark Andrews
8d80b4939d 4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create. 
[RT #40583]
 2015-09-25 09:18:43 +10:00
Mark Andrews
a21c415687 4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK, 
EGAIN when these soft error are not retried for
                        isc_socket_send*().
 2015-09-21 17:22:53 +10:00
Tinderbox User
9268c62bd0 update copyright notice / whitespace 2015-09-18 23:45:23 +00:00
Mark Andrews
4dd41c7d59 4218. [bug] Potential null pointer dereference on out of memory if mmap is not supported. [RT #40777] 2015-09-19 07:12:02 +10:00
Mark Andrews
f6e45a5c54 4217. [protocol] Add support for CSYNC. [RT #40532] 2015-09-18 23:45:12 +10:00
Mark Andrews
705d56b47a 4216. [cleanup] Silence static analysis warnings. [RT #40649] 2015-09-18 23:30:01 +10:00
Mark Andrews
2592ee16b5 document optional class 2015-09-18 13:25:31 +10:00
Mark Andrews
03fac9f931 document that the syslog facility is optional 2015-09-18 13:12:50 +10:00
Mark Andrews
e0a30050c8 4214. [protocol] Add support for TALINK. [RT #40544] 2015-09-18 07:43:43 +10:00
Mark Andrews
741b63c869 4212. [func] Re-query if we get a bad client cookie returned over 
UDP. [RT #40748]
 2015-09-17 14:20:32 +10:00
Mark Andrews
f43e5c8ed2 4210. [cleanup] Silence use after free false positive. [RT #40743] 2015-09-17 14:05:19 +10:00
Mark Andrews
0f2ecf4b5c 4207. [bug] Handle class mismatches with raw zone files. 
[RT #40746]
 2015-09-16 10:43:22 +10:00
Evan Hunt
226339ed43 [master] spurious spaces in named-checkconf -p 
4205.	[bug]		'named-checkconf -p' could include unwanted spaces
			when printing tuples with unset optional fields.
			[RT #40731]
 2015-09-14 08:50:17 -07:00
Mark Andrews
5a49f61ca9 4199. [protocol] Add support for NINFO, RKEY, SINK, TA. 
[RT #40545] [RT #40547] [RT #40561] [RT #40563]
 2015-09-11 17:35:01 +10:00
Evan Hunt
4523c3b371 [master] incorrect result code in isccc 
4202.	[bug]		isccc_cc_fromwire() could return an incorrect
			result. [RT #40614]
 2015-09-11 00:04:25 -07:00
Mark Andrews
3fa134363f 4200. [cleanup] win32: update BINDinstall to be BIND release 
independent. [RT #38915]
 2015-09-11 12:25:39 +10:00
Tinderbox User
f28c6dc514 update copyright notice / whitespace 2015-09-10 23:46:28 +00:00
Mark Andrews
3dd63ba00f 4199. [protocol] Add support for NINFO, RKEY, TA. 
[RT #40545] [RT #40547] [RT #40563]
 2015-09-10 17:58:29 +10:00
Mark Andrews
63874956de 4199. [protocol] Add support for NINFO, RKEY. [RT #40547] [RT #40563] 2015-09-10 17:07:05 +10:00
Mark Andrews
8b29fc0b7a 4199. [protocol] Add support for RKEY. [RT #40563] 2015-09-10 14:50:20 +10:00
Evan Hunt
d37f4738f4 [master] clean up dead code 2015-09-09 08:38:23 -07:00
Mark Andrews
4ca7391e64 4196. [doc] Improve how "enum + other" types are documented. 
[RT #40608]

4195.   [bug]           'max-zone-ttl unlimited;' was broken. [RT #40608]
 2015-09-09 17:02:11 +10:00
Mark Andrews
fbd9aaa58c 4194. [bug] named-checkconf -p failed to properly print a port 
range.  [RT #40634]
 2015-09-09 16:49:11 +10:00
Mark Andrews
3b83676e07 *.vcxproj.in should use CRLF as EOL 2015-08-27 21:57:18 +00:00
Evan Hunt
bcae9a15c1 [master] s/the the/the/ 2015-08-27 14:11:27 -07:00
Mark Andrews
91f66e374b eol -> crlf 2015-08-26 12:43:08 +10:00
Mark Andrews
7ec3c447fd copy notes.pdf to Build\Releasei and link to it from index.html 2015-08-26 12:11:07 +10:00
Tinderbox User
0d5b7ed79d update copyright notice / whitespace 2015-08-25 23:45:27 +00:00
Mark Andrews
02093e4c3b 4193. [bug] Handle broken servers that return BADVERS incorrectly. 
[RT #40427]
 2015-08-25 16:52:43 +10:00
Mark Andrews
9b956d342e 4192. [bug] The default rrset-order of random was not always being 
applied. [RT #40456]
 2015-08-25 14:52:27 +10:00
Mark Andrews
5855fd79e3 4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones 
as per RFC 6763. [RT #37889]
 2015-08-25 14:46:06 +10:00
Mark Andrews
dc3912f3ca 4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as 
valid with check-names.  <forest> still needs to be
                        LDH. [RT #40399]
 2015-08-22 15:27:33 +10:00
Mark Andrews
7d0dfa63cf 4189. [cleanup] Don't exit on overly long tokens in named.conf. 
[RT #40418]
 2015-08-22 15:08:22 +10:00
Mark Andrews
18ba804f3a 4188. [bug] Support HTTP/1.0 client properly on the statistics 
channel. [RT #40261]
 2015-08-20 09:55:28 +10:00
Tinderbox User
161b5249b9 update copyright notice / whitespace 2015-08-19 23:45:23 +00:00
Tinderbox User
0d63efe476 update copyright notice / whitespace 2015-08-18 23:45:26 +00:00
Mukund Sivaraman
ec3dbae9eb Use unknown format when totext() is not implemented for any RDATA (#40317) 2015-08-18 20:11:46 +05:30
Mukund Sivaraman
bf350c9f1a Fix RPZ bugs related to wildcard triggers (#40357) 2015-08-18 19:39:53 +05:30
Mark Andrews
b46fc43469 #include <isc/safe.h> 2015-08-18 21:22:48 +10:00
Evan Hunt
b750a49f3f [master] fixed memory leak in dns_compress_add() 
4184.	[bug]		Fixed a possible memory leak in name compression
			when rendering long messages. (Also, improved
			wire_test for testing such messages.) [RT #40375]
 2015-08-17 22:41:44 -07:00
Mark Andrews
47d459ef43 add isc_safe_memequal and isc_safe_memcompare; remove isc_safe_memcmp 2015-08-18 12:25:22 +10:00
Evan Hunt
420a43c8d8 [master] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]
 2015-08-17 18:26:44 -07:00
Tinderbox User
503ffdad3b update copyright notice / whitespace 2015-08-17 23:45:35 +00:00
Evan Hunt
b2f85a0c8e [master] win32: vs2015 compliance; openssl dependency for check.c 2015-08-17 11:35:10 -07:00
Mukund Sivaraman
b0ba1a6059 Use mnemonics for RR class and type comparisons (#40297) 2015-08-17 12:23:35 +05:30
Mark Andrews
70862302f8 4181. [bug] Queued notify messages could be dequeued from the 
wrong rate limiter queue. [RT #40350]
 2015-08-17 10:37:06 +10:00
Tinderbox User
288c18263f update copyright notice / whitespace 2015-08-14 23:45:27 +00:00
Mukund Sivaraman
d7262e5c86 Fix double frees in getaddrinfo() in libirs (#40209) 2015-08-14 13:55:31 +05:30
Mukund Sivaraman
984d2bb9e5 Fix assertion failure in parsing UNSPEC(103) RR from text (#40274) 2015-08-14 13:30:52 +05:30
Mukund Sivaraman
474921d733 Fix assertion failure in parsing NSAP records from text 2015-08-14 13:11:26 +05:30
Mark Andrews
9dc5ef7f24 4175. [bug] TKEY with GSS-API keys needed bigger buffers. 
[RT #40333]
 2015-08-14 08:20:01 +10:00
Evan Hunt
45ad059c4a [master] address VS2015 compiler warning 2015-08-13 14:58:28 -07:00
Tinderbox User
ed91aca9e6 update copyright notice / whitespace 2015-08-12 23:45:25 +00:00
Mark Andrews
c631ff56bf Updated CHANGES note to include require-server-cookie: 
4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
 2015-08-13 08:26:23 +10:00
Mark Andrews
151f1bcd5e 4172. [bug] Named / named-checkconf didn't handle a view of CLASS0. 
[RT #40265]
 2015-08-12 19:06:00 +10:00
Evan Hunt
9b8f93083d [master] fix tsig class checks 
4171.	[bug]		Fixed incorrect class checks in TSIG RR
			implementation. [RT #40287]
 2015-08-11 22:16:44 -07:00
Evan Hunt
c707e2b986 [master] fix length check in OPENPGPKEY 
4170.	[security]	An incorrect boundary check in the OPENPGPKEY
			rdatatype could trigger an assertion failure.
			[RT #40286]
 2015-08-11 20:01:44 -07:00
Tinderbox User
c4567d0675 update copyright notice / whitespace 2015-08-07 23:45:26 +00:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
 2015-08-07 13:16:10 -07:00
Mukund Sivaraman
991f97366b Fix win32 build (UNUSED is present later) 
(cherry picked from commit 63dcc28d3e)
 2015-07-31 15:01:04 +05:30
Mark Andrews
46e7fc51b8 badcookie has a offical code point of 23 2015-07-27 15:22:09 +10:00
Mark Andrews
dbb064aa79 4165. [bug] An failure to reset a value to NULL in tkey.c could 
result in an assertion failure. (CVE-2015-5477)
                        [RT #40046]
 2015-07-14 14:48:42 +10:00
Tinderbox User
faa3b61828 update copyright notice / whitespace 2015-07-13 23:45:24 +00:00
Mark Andrews
3a49d0ff10 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]
 2015-07-13 09:46:59 +10:00
Mark Andrews
0bc743f9bc 4162. [bug] httpdmgr->flags was not being initialized. [RT #40017] 2015-07-10 18:42:20 +10:00
Tinderbox User
f16a6bfb6c update copyright notice / whitespace 2015-07-09 23:45:22 +00:00
Evan Hunt
fc5f1971a1 [master] fix build error with ISC_MEM_TRACKLINES=0 2015-07-09 14:23:29 -07:00
Evan Hunt
1479200aa0 [master] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:53:39 -07:00
Mark Andrews
af63e286dd set error code if aes selected and not implemented 2015-07-08 12:20:46 +10:00
Tinderbox User
9ab5a7d83c update copyright notice / whitespace 2015-07-07 23:45:22 +00:00
Mark Andrews
bd08b82891 add warning not about handling malformed option content 2015-07-07 10:25:09 +10:00
Mark Andrews
46fc714aa0 dig +ednsopt=<invalid> could trigger a assertion failure [RT #39990] 2015-07-06 23:03:51 +10:00
Mukund Sivaraman
33ca26968b Allow RPZ rewrite logging to be configured on a per-zone basis (#39754) 2015-07-06 08:57:51 +05:30
Mark Andrews
3e33f4198d 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]
 2015-07-06 12:52:37 +10:00
Tinderbox User
8f0b326d9a update copyright notice / whitespace 2015-07-05 23:45:22 +00:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the 
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
 2015-07-06 09:44:24 +10:00
Tinderbox User
85d23eaae8 update copyright notice / whitespace 2015-07-03 23:45:24 +00:00
Mark Andrews
307adf6792 4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835] 2015-07-03 10:17:33 +10:00
Tinderbox User
2bd63eca27 update copyright notice / whitespace 2015-07-01 23:45:22 +00:00
Mark Andrews
753b27a7d3 4150. [bug] win32: listen-on-v6 { any; }; was not working. Apply 
minimal fix.  [RT #39667]
 2015-07-01 11:51:45 +10:00
Tinderbox User
337d408adb update copyright notice / whitespace 2015-06-29 23:45:23 +00:00
Mukund Sivaraman
c44c77178e Fix race in getaddrinfo() in libirs, which caused assertion failure in delv (#39873) 2015-06-29 19:44:42 +05:30
Mukund Sivaraman
08f0129732 Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 2015-06-29 18:33:18 +05:30
Mark Andrews
4a61eae651 4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 
was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]
 2015-06-29 15:48:41 +10:00
Mark Andrews
adbf81335b 4146. [bug] Address reference leak that could prevent a clean 
shutdown. [RT #37125]
 2015-06-25 18:36:27 +10:00
Mark Andrews
2f66e2dd81 4145. [bug] Not all unassociated adb entries where being printed. 
[RT #37125]
 2015-06-25 18:26:59 +10:00
Mukund Sivaraman
8aecc50f0d Remove backwards compatibility grammar (#39845) 
This was not done in the previous merge commit, so that it could be
merged cleanly into release branches.
 2015-06-23 14:23:12 +05:30
Mukund Sivaraman
0439bfedd9 Fix parsing of NZFs saved by rndc addzone with view specified (#39845) 2015-06-23 14:19:48 +05:30
Mark Andrews
d4422ec231 don't use C++ keyword new; use (const char *) for output of strchr((const char *), char) 2015-06-18 11:14:43 +10:00
Mark Andrews
a85c6b35af 4138. [bug] A uninitialized value in validator.c could result 
in a assertion failure. (CVE-2015-4620) [RT #39795]
 2015-06-17 09:13:03 +10:00
Mark Andrews
a8cb6c6fbc add #define check_stale_rdataset check_stale_rdataset64 2015-06-12 11:17:07 +10:00
Mark Andrews
c781d465b6 silence unused parameter warning 2015-06-11 14:03:19 +10:00
Mukund Sivaraman
59a9cb54c1 Propagate stale attribute when updating stats (#39141) 
Squashed commit of the following:

commit 9b5b9fa30fbeba8ee1e95cb1028017230ed4db02
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:54 2015 +0530

    Remove double function prototypes

commit f3bb8cc60ae476eaa871ba10330b16425ced2d7c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:34 2015 +0530

    Unify several copies of redundant code into a helper function

commit 4899fb9b2f36fc5d159fa877c0780a442a7cbdb3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu Apr 2 00:23:53 2015 +0530

    Propagate stale attribute when updating stats
 2015-06-10 14:04:30 +05:30
Witold Krecicki
f85deb5154 log expired NTA at startup 2015-06-08 13:57:24 +02:00
Tinderbox User
a03c39ef51 update copyright notice / whitespace 2015-06-05 23:45:26 +00:00
Witold Krecicki
8d21d93a6b better logging of RPZ changes RT #39670 2015-06-05 12:24:11 +02:00
Mark Andrews
6c0c85563f update comment as per rt39703 2015-06-05 11:09:35 +10:00
Mark Andrews
8a9bac8dec 4133. [port] Update how various json libraries are handled. 
[RT #39646]
 2015-06-05 10:16:24 +10:00
Tinderbox User
e545fce91b update copyright notice / whitespace 2015-06-04 23:45:25 +00:00
Evan Hunt
8c9fba44a4 [master] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:18:55 -07:00
Mark Andrews
e0fea0bf85 silence coverity warnings 2015-05-30 17:44:52 +10:00
Mark Andrews
03089dd420 add INSIST to silence coverity 2015-05-30 17:37:14 +10:00
Mark Andrews
4e056cee66 unsigned constants 2015-05-29 11:26:13 +10:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00
Evan Hunt
2bb245e04a [master] typo in comment 2015-05-28 15:04:40 -07:00
Mark Andrews
38c19e5779 4130. [bug] The compatability shim for *printf() misprinted some 
large numbers. [RT #39586]
 2015-05-29 07:21:49 +10:00
Mark Andrews
8bb630c751 4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532] 2015-05-28 14:41:21 +10:00
Mark Andrews
e53e202ef3 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 2015-05-28 13:17:07 +10:00
Tinderbox User
3813d22587 update copyright notice / whitespace 2015-05-27 23:45:25 +00:00
Mark Andrews
e7b7ede003 add dns_zone_cdscheck 2015-05-27 16:17:54 +10:00
Mark Andrews
598b502695 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]
 2015-05-27 15:25:45 +10:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Mark Andrews
5af7557757 use unsigned constants 2015-05-24 12:51:55 +10:00
Tinderbox User
d70dac20d2 update copyright notice / whitespace 2015-05-23 23:45:25 +00:00
Mark Andrews
503f0b324a #undef before #define 2015-05-24 06:04:09 +10:00
Francis Dupont
941b62c8cb finished print.h stuff 2015-05-23 16:12:24 +02:00
Francis Dupont
3759f10fc5 added print.h includes, updated copyrights 2015-05-23 14:21:51 +02:00
Tinderbox User
46ee7c3260 update copyright notice / whitespace 2015-05-22 23:45:24 +00:00
Mark Andrews
9e5390f3f3 add cfg_parse_buffer2 2015-05-22 22:24:06 +10:00
Mark Andrews
7507c1826f all of NEED*PRINT are needed if %z is not supported 2015-05-22 22:12:42 +10:00
Evan Hunt
c55a1da4fc [master] log parsing errors from default config or addzone/modzone 
4124.	[func]		Log errors or warnings encountered when parsing the
			internal default configuration.  Clarify the logging
			of errors and warnings encountered in rndc
			addzone or modzone parameters. [RT #39440]
 2015-05-21 23:04:29 -07:00
Mark Andrews
22909ca827 unconditionally include stdio.h 2015-05-22 10:08:43 +10:00
Tinderbox User
0dfc0745c4 update copyright notice / whitespace 2015-05-21 23:45:26 +00:00
Mark Andrews
9e69ff9ad0 exclude isc_print_printf and isc_print_fprintf 2015-05-22 08:22:19 +10:00
Evan Hunt
cadf8d687b [master] add %z format options to printf 
4123.	[port]		Added %z (size_t) format options to the portable
			internal printf/sprintf implementation. [RT #39586]
 2015-05-21 14:55:15 -07:00
Mukund Sivaraman
705cea35a8 Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 2015-05-21 11:10:49 +05:30
Evan Hunt
19365b43e9 [master] ensure rpz summary consistence during AXFR updates 
4121.	[bug]		When updating a response-policy zone via AXFR,
			summary data about other policy zones could fall
			out of sync. Ultimately this could trigger an
			assertion failure in rpz.c. [RT #39567]
 2015-05-20 15:00:50 -07:00
Evan Hunt
7e6cf6fc6e [master] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]
 2015-05-19 15:47:42 -07:00
Tinderbox User
f5280a1563 update copyright notice / whitespace 2015-05-11 23:45:22 +00:00
Mark Andrews
1acfed3dac update variable name to better reflect reality 
(cherry picked from commit 51a82fe30d)
 2015-05-11 13:42:04 +10:00
Mark Andrews
844b568182 use dns_opcode_t 2015-05-11 12:16:44 +10:00
Mark Andrews
b4a6f7fff4 #include <string.h> for strcmp 2015-05-11 12:16:07 +10:00
Mukund Sivaraman
b947e1a521 Fix a bug in RPZ that could cause unwanted recursion (#39229) 
Conflicts:
	doc/arm/notes.xml
 2015-05-07 08:29:36 +05:30
Tinderbox User
012142bbe0 update copyright notice / whitespace 2015-05-06 23:45:24 +00:00
Tinderbox User
4e92a74ec4 update copyright notice / whitespace 2015-05-05 23:45:24 +00:00
Evan Hunt
9e804040a2 [master] add "rndc -r" to print result code 
4115.	[func]		"rndc -r" now prints the result code (e.g.,
			ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
			running the requested command. [RT #38913]
 2015-05-05 16:39:09 -07:00
Mark Andrews
675900780a 150 ->160 2015-05-06 09:24:16 +10:00
Mark Andrews
5e73a8d791 set initial values for 9.11.x 2015-05-06 08:27:49 +10:00
Mukund Sivaraman
8f25faf972 Fix a regression in radix tree implementation introduced by ECS code (#38983) 2015-05-05 13:11:23 +05:30
Tinderbox User
452a29e62c update copyright notice / whitespace 2015-04-28 23:45:24 +00:00
Mark Andrews
b292230ab8 4110. [bug] Address memory leaks / null pointer dereferences 
on out of memory. [RT #39310]
 2015-04-29 03:16:50 +10:00
Mark Andrews
e77e449549 4109. [port] linux: support reading the local port range from 
net.ipv4.ip_local_port_range. [RT # 39379]
 2015-04-25 08:25:42 +10:00
Mark Andrews
c82b378115 4108. [func] A additional nxdomain redirect (nxdomain-redirect) 
method is now supported. [RT #37989]
 2015-04-23 16:57:15 +10:00
Mark Andrews
ef0e674456 4107. [bug] Address potential deadlock when updating zone content. 
[RT #39269]
 2015-04-18 13:45:03 +10:00
Tinderbox User
1413616670 update copyright notice / whitespace 2015-04-17 23:45:24 +00:00
Mark Andrews
def6608a44 don't set rdh_ttl in init_rdataset 2015-04-17 23:09:05 +10:00
Francis Dupont
ab973ec40c misc x64 VS 2015 CTP fixes [#39308] 2015-04-17 11:39:26 +02:00
Mark Andrews
f1a261ba2d 4104. [bug] Address uninitialized elements. [RT #39252] 2015-04-17 14:04:47 +10:00
Francis Dupont
bcb68be0a8 misc fixes for VS 2015 CTP #39267 2015-04-17 02:57:02 +02:00
Tinderbox User
ace0b8d470 update copyright notice / whitespace 2015-04-15 23:45:22 +00:00
Evan Hunt
c03fe78ef5 [master] use after free in resquery_destroy() 
4102.	[bug]		Fix a use after free bug introduced in change
			#4094.  [RT #39281]
 2015-04-15 15:38:14 -07:00
Mark Andrews
c855e7170a 4100. [bug] Inherited owernames on the line immediately following 
a $INCLUDE were not working.  [RT #39268]
 2015-04-15 12:47:57 +10:00
Tinderbox User
a269ca51cc update copyright notice / whitespace 2015-04-14 23:45:21 +00:00
Mukund Sivaraman
ac31adc3b7 Add additional logging about xfrin transfer status (#39170) 2015-04-14 12:16:26 +05:30
Mukund Sivaraman
2c4d5faf7f Don't use query->sendevent after it's been destroyed (#39132) 2015-04-13 15:04:41 +05:30
Mark Andrews
54fe1d05b6 4095. [bug] zone->options2 was not being properly initalized. 
[RT #39228]
 2015-04-11 08:04:02 +10:00
Evan Hunt
d9b37259f3 [master] hold a reference on fetch context during query 
4094.	[bug]		A race during shutdown or reconfiguration could
			cause an assertion in mem.c. [RT #38979]
 2015-04-08 14:33:45 -07:00
Tinderbox User
6e61135f10 update copyright notice / whitespace 2015-03-27 23:45:21 +00:00
Mukund Sivaraman
fba894c98b Some cleanups in isc mem code (#38896) 2015-03-27 23:12:11 +05:30
Mukund Sivaraman
f9f81abff0 Fix a crash while parsing malformed CAA RRs in presentation format (#39003) 2015-03-27 10:32:03 +05:30
Mukund Sivaraman
9a7532f836 Send notifies immediately for slave zones during startup (#38843) 2015-03-25 10:55:55 +05:30
Tinderbox User
3e2bfb151a update copyright notice / whitespace 2015-03-23 23:45:21 +00:00
Mark Andrews
cef65f9409 @ISC_OPENSSL_INC@ needs to not be by itself 
(cherry picked from commit a5885354413d503105521b7bf4cd603927f81814)
 2015-03-24 07:54:51 +11:00
Evan Hunt
e89972afcb [master] fixed build errors with libressl 
4088.	[port]		Fixed errors when building with libressl. [RT #38899]
 2015-03-23 13:34:56 -05:00
Mukund Sivaraman
ebeb4b3e09 Fix a crash due to use-after-free (#38495) 2015-03-18 06:42:54 +05:30
Mukund Sivaraman
24f2cc7d06 Fix a possible race in updating stats counters (#38826) 
and do some other isc mem cleanups.
 2015-03-09 10:30:47 +05:30
Mukund Sivaraman
f5a62d97e3 Fix -Wshadow warnings (#38762) 
These happen due to ntohs()/htons() macro expansion in glibc.
 2015-03-09 09:23:46 +05:30
Evan Hunt
da4a7772eb [master] improve thread support reporting 
4083.	[cleanup]	Print of the number of CPUs and UDP listeners
			in the log and in "rndc status" output; indicate
			whether threads are supported in "named -V" output.
			[RT #38811]
 2015-03-04 15:56:33 -08:00
Mark Andrews
f2f3880223 add missing defs 2015-03-05 10:48:04 +11:00
Tinderbox User
811acf52b8 update copyright notice / whitespace 2015-03-04 23:45:21 +00:00
Mark Andrews
1b05d22789 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]
 2015-03-05 09:59:29 +11:00
Mark Andrews
29d52c001f 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 2015-03-03 16:43:42 +11:00
Evan Hunt
7ae96d8823 [master] add "lock-file" and fix up singleton code 
4080.	[func]		Completed change #4022, adding a "lock-file" option
			to named.conf to override the default lock file,
			in addition to the "named -X <filename>" command
			line option.  Setting the lock file to "none"
			using either method disables the check completely.
			[RT #37908]
 2015-03-02 19:27:54 -08:00
Tinderbox User
3d787a1213 update copyright notice / whitespace 2015-03-02 23:45:21 +00:00
Mukund Sivaraman
10dd5f62f2 Add support for Valgrind's helgrind tool (#38706) 
Also fix one locking issue that helgrind found: Maintain stats->lock
while stats->reference is used.
 2015-03-02 13:42:20 +05:30
Mukund Sivaraman
0ea9f8037d Remove more wider memset() over control now that it's handled below (#38621) 2015-03-02 12:52:41 +05:30
Tinderbox User
5e93bad21b update copyright notice / whitespace 2015-03-01 23:45:20 +00:00
Evan Hunt
ed57645433 [master] add 64-bit symbols for ownercase functions 2015-02-27 17:36:29 -08:00
Tinderbox User
34eab435ac update copyright notice / whitespace 2015-02-27 23:45:24 +00:00
Evan Hunt
2bbf69e1e2 [master] add missing externals 2015-02-26 21:58:19 -08:00
Mark Andrews
4677223a53 address -Wshadow warning 2015-02-27 16:46:54 +11:00
Mark Andrews
a8da00ef95 4079. [func] Preserve the case of the ownername of records to 
the RRset level. [RT #37442]
 2015-02-27 15:08:38 +11:00
Mark Andrews
b5edc023a1 4078. [bug] Hand the case where CMSG_SPACE(sizeof(int)) != 
CMSG_SPACE(sizeof(int)). [RT #38621.
 2015-02-27 14:52:26 +11:00
Mark Andrews
bb5df338d9 4076. [bug] Named could crash on shutdown with outstanding 
reload / reconfig events. [RT #38622]
 2015-02-27 12:34:43 +11:00
Mark Andrews
42580072de protect with #ifdef HAVE_PTHREAD_MUTEX_ADAPTIVE_NP 2015-02-27 11:37:35 +11:00
Mark Andrews
af669cb4fd 4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708] 2015-02-27 10:55:55 +11:00
Tinderbox User
c10fda07d6 update copyright notice / whitespace 2015-02-26 23:45:22 +00:00
Mukund Sivaraman
1783676a64 Add a --enable-querytrace configure switch for very verbose query tracelogging (#37520) 2015-02-26 16:51:07 +05:30
Mukund Sivaraman
ebeb668f86 Remove unused functions (#38547) 2015-02-26 14:47:03 +05:30
Mukund Sivaraman
07dd40e8ee Initialize pthread_mutexattrs just once (#38547) 2015-02-26 14:43:45 +05:30
Mukund Sivaraman
db93c0def5 Fix a segfault when running nslookup (#38548) 2015-02-26 14:03:35 +05:30
Tinderbox User
f159b7b5c7 update copyright notice / whitespace 2015-02-25 23:45:22 +00:00
Mukund Sivaraman
5a505fc4c2 Add facility to run system test nameds under Valgrind (#38546) 2015-02-25 09:06:45 +05:30
Evan Hunt
bfc11b9c65 [master] additional mkeys tests 
4065.	[test]		Additional RFC 5011 tests. [RT #38569]
 2015-02-23 21:07:26 -08:00
Tinderbox User
c3854e9cd3 update copyright notice / whitespace 2015-02-23 23:45:20 +00:00
Evan Hunt
7acc2f2156 [master] fix LOADPENDING issues 
4063.	[bug]		Asynchronous zone loads were not handled
			correctly when the zone load was already in
			progress; this could trigger a crash in zt.c.
			[RT #37573]
 2015-02-22 20:43:39 -08:00
Evan Hunt
07229d51a6 [master] report library version numbers on win32 2015-02-20 23:23:59 -08:00
Mark Andrews
072ce62d23 used unsigned zero 2015-02-19 15:42:29 +11:00
Tinderbox User
a70b865da3 update copyright notice / whitespace 2015-02-18 23:45:23 +00:00
Mark Andrews
6a837e5121 address race condition with multiple isc_socket_connect calls in change 4041 2015-02-18 23:32:31 +11:00
Mukund Sivaraman
e58eb371a0 RPZ: Don't diff keys out of bounds, found via Valgrind (#38559) 2015-02-18 12:49:56 +05:30
Tinderbox User
8f0427f11b update copyright notice / whitespace 2015-02-17 23:45:20 +00:00
Evan Hunt
1f81c9e1e2 [master] silence warning 2015-02-17 11:37:26 -08:00
Tinderbox User
c8a55dfd0a update copyright notice / whitespace 2015-02-12 23:45:23 +00:00
Mukund Sivaraman
ffc393dd18 Remove canary code from hash destroy function (#38602) 
This triggers a Valgrind out-of-bounds read report. It was introduced by
commit 5d7849ad7f.

No CHANGES entry necessary as it doesn't have any user-visible or
behavioral change. It removes an out-of-bounds read issue that went
undetected when allocated through isc_mem as the memory was present.
The memory read was compared to itself, so it has no behavioral change.
 2015-02-12 18:14:34 +05:30
Mark Andrews
f4102ab13e 4060. [bug] dns_rdata_freestruct could be call on a uninitialised 
structure when handling a error. [RT #38568]
 2015-02-11 16:50:11 +11:00
Evan Hunt
8fa6f39c85 [master] oops, win32 data exports work differently now 2015-02-10 17:26:09 -08:00
Evan Hunt
82a42fe81e [master] export dns_zone_mkey_{month,day,hour} 2015-02-10 16:59:09 -08:00
Tinderbox User
f3affbe2ff update copyright notice / whitespace 2015-02-10 23:45:23 +00:00
Evan Hunt
a98f70acc8 [master] address valgrind warnings 
4059.	[bug]		Addressed valgrind warnings. [RT #38549]
 2015-02-10 14:01:38 -08:00
Evan Hunt
2616cb6944 [master] fix PRNG selection in dispatch.c 
4058.	[bug]		UDP dispatches could use the wrong psuedorandom
			number generator context. [RT #38578]
 2015-02-10 13:54:48 -08:00
Tinderbox User
29756974c5 update copyright notice / whitespace 2015-02-06 23:45:21 +00:00
Evan Hunt
82843574c9 [master] fix keytable test 2015-02-06 14:08:28 -08:00
Mark Andrews
29fc1a4197 <isc/print.h> 2015-02-06 13:30:22 +11:00
Evan Hunt
591389c7d4 [master] 5011 tests and fixes 
4056.	[bug]		Expanded automatic testing of trust anchor
			management and fixed several small bugs including
			a memory leak and a possible loss of key state
			information. [RT #38458]

4055.	[func]		"rndc managed-keys" can be used to check status
			of trust anchors or to force keys to be refreshed,
			Also, the managed keys data file has easier-to-read
			comments.  [RT #38458]
 2015-02-05 17:18:15 -08:00
Mark Andrews
d2a50c9ba8 cast to (unsigned long) to silence format warning 2015-02-05 07:50:24 +11:00
Francis Dupont
1059bc2e42 added mdig tool 2015-02-04 14:22:32 +01:00
Evan Hunt
801fb8b894 [master] avoid crash due to managed-key rollover 
4053.	[security]	Revoking a managed trust anchor and supplying
			an untrusted replacement could cause named
			to crash with an assertion failure.
			(CVE-2015-1349) [RT #38344]
 2015-02-03 18:25:28 -08:00
Tinderbox User
92059a966a update copyright notice / whitespace 2015-02-03 23:46:29 +00:00
Mukund Sivaraman
2696ceb4d4 Fix a Valgrind warning about use of uninitialized memory (as part of #38454) 2015-02-03 11:43:34 +05:30
Mukund Sivaraman
fe12a8f107 Fix a leak of pthread_mutexattr_t (#38454) 
4051.	[bug]		Fix a leak of pthread_mutexattr_t. [RT #38454]
 2015-02-03 11:42:06 +05:30
Tinderbox User
f72460c717 update copyright notice / whitespace 2015-01-30 23:45:24 +00:00
Mark Andrews
e77ef50a57 4049. [bug] CDS and CDNSKEY had the wrong attributes. [RT #38491] 2015-01-30 21:48:28 +11:00
Tinderbox User
59e7a41eaf update copyright notice / whitespace 2015-01-29 23:45:24 +00:00
Mark Andrews
7865bb3549 copy COPYRIGHT and OpenSSL Licence to Build\Release 2015-01-29 14:36:09 +11:00
Mark Andrews
4b36b9c1ff 4048. [bug] adb hash table was not being grown. [RT #38470] 2015-01-29 11:50:30 +11:00
Tinderbox User
be755f4725 update copyright notice / whitespace 2015-01-22 23:45:26 +00:00
Evan Hunt
84ee90b52d [master] fix 'total use' accounting 
4046.   [bug]           Accounting of "total use" in memory context
                        statistics was not correct. [RT #38370]
 2015-01-22 09:44:24 -08:00
Evan Hunt
f885a6172e [master] silence warning 2015-01-22 09:03:24 -08:00
Mark Andrews
875574f1e4 4045. [bug] Skip to next master on dns_request_createvia4 failure. 
[RT #25185]
 2015-01-22 15:56:50 +11:00
Tinderbox User
39f68d7b64 update copyright notice / whitespace 2015-01-21 23:45:24 +00:00
Mark Andrews
17dc146c7c 4044. [bug] Change 3955 was not complete resulting is a assertion 
failure is the timing was just right. [RT #38352]
 2015-01-22 10:38:40 +11:00
Evan Hunt
e91c70668e [master] restored accidentally removed externals 2015-01-20 22:38:27 -08:00
Mark Andrews
22e3e00ac9 4042. [bug] zone.c:iszonesecure was being called too late. 
[RT #38371]
 2015-01-21 13:18:30 +11:00
Mark Andrews
83b9e799df #ifdef protect 'b' 2015-01-21 13:07:50 +11:00
Evan Hunt
ff62d4458a [master] allow shared TCP sockets when connecting 
4041.	[func]		TCP sockets can now be shared while connecting.
			(This will be used to enable client-side support
			of pipelined queries.) [RT #38231]
 2015-01-20 17:22:31 -08:00
Evan Hunt
761d135ed6 [master] add TCP pipelining support 
4040.	[func]		Added server-side support for pipelined TCP
			queries. TCP connections are no longer closed after
			the first query received from a client. (The new
			"keep-response-order" option allows clients to be
			specified for which the old behavior will still be
			used.) [RT #37821]
 2015-01-20 16:14:09 -08:00
Evan Hunt
b77ae24e3e [master] more windows VS14 compatibility work 
(completes change #3987)
 2015-01-20 15:45:38 -08:00
Tinderbox User
c110d61b17 update copyright notice / whitespace 2015-01-20 23:45:26 +00:00
Evan Hunt
11463c0ac2 [master] clean up gcc -Wshadow warnings 
4039.	[cleanup]	Cleaned up warnings from gcc -Wshadow. [RT #37381]
 2015-01-20 13:29:18 -08:00
Mark Andrews
cc0a48a381 4038. [bug] Add 'rpz' flag to node and use it to determine whether 
to call dns_rpz_delete.  This should prevent unbalanced
                        add / delete calls. [RT #36888
 2015-01-20 16:57:42 +11:00
Mark Andrews
f8eb4e5bfd 4037. [bug] also-notify was ignoring the tsig key when checking 
for duplicates resulting in some expected notify
                        messages not being sent. [RT #38369]
 2015-01-20 16:42:56 +11:00
Evan Hunt
59c489552d [master] remove a potentially misleading log message 2015-01-19 20:15:01 -08:00
Tinderbox User
b624001e36 update copyright notice / whitespace 2015-01-16 23:45:22 +00:00
Mukund Sivaraman
b05a50c852 Make call to open a temporary file name safe during NZF creation (#38331) 
Based on a patch sent in by Tony Finch <dot@dotat.at>.

Also fix win32 implementation of isc_file_openunique() to use a random
filename instead of using the process id.
 2015-01-16 18:29:23 +05:30
Tinderbox User
2dd6ffb5cb update copyright notice / whitespace 2015-01-12 23:45:21 +00:00
Mukund Sivaraman
4716d844c4 Add missing symbols to libdns.def.in 2015-01-12 09:55:56 +05:30
Mukund Sivaraman
a6f0e9c985 Add NTA persistence (#37087) 
4034.   [func]          When added, negative trust anchors (NTA) are now
                        saved to files (viewname.nta), in order to
                        persist across restarts of the named server.
                        [RT #37087]
 2015-01-12 09:07:48 +05:30
Tinderbox User
f0cbe180f0 update copyright notice / whitespace 2015-01-10 23:45:22 +00:00
Mark Andrews
f4dda9cf28 4033. [bug] Missing out of memory check in request.c:req_send. 
[RT #38311]
 2015-01-11 09:24:33 +11:00
Evan Hunt
4b52ac401d [master] remove unhelpful comment, revise change note 
3973.	[test]		Added hooks for Google Performance Tools
			CPU profiler, including real-time/wall-clock
			profiling. [RT #37339]
 2015-01-10 00:17:57 -08:00
Tinderbox User
63b0524b96 update copyright notice / whitespace 2015-01-08 23:45:22 +00:00
Mark Andrews
d1f1f13c7f 4031. [bug] named-checkconf -z failed to report a missing file 
with a hint zone. [RT #38294]
 2015-01-08 19:19:12 +11:00
Tinderbox User
b129f72d95 update copyright notice / whitespace 2015-01-07 23:45:22 +00:00
Evan Hunt
f784ce7523 [master] add missing functions 2015-01-07 00:22:31 -08:00
Evan Hunt
74eb2f5cbc [master] rndc showzone / rndc delzone of non-added zones 
4030.	[func]		"rndc delzone" is now applicable to zones that were
			configured in named.conf, as well as zones that
			were added via "rndc addzone". (Note, however, that
			if named.conf is not also modified, the deleted zone
			will return when named is reloaded.) [RT #37887]

4029.	[func]		"rndc showzone" displays the current configuration
			of a specified zone. [RT #37887]
 2015-01-06 22:57:57 -08:00
Tinderbox User
651c5a50f4 update copyright notice / whitespace 2015-01-06 23:45:23 +00:00
Mark Andrews
b0c18fffd3 4028. [bug] $GENERATE with a zero step was not being caught as a 
error.  A $GENERATE with a / but no step was not being
                        caught as a error. [RT #38262]
 2015-01-06 11:31:34 +11:00
Tinderbox User
055f6517b4 update copyright notice / whitespace 2014-12-19 23:45:22 +00:00
Mark Andrews
d8f2dd46cb 4025. [port] bsdi: failed to build. [RT #38047] 2014-12-19 12:06:35 +11:00
Mark Andrews
1e0ed0c6f5 4024. [bug] dns_rdata_opt_first, dns_rdata_opt_next, 
dns_rdata_opt_current, dns_rdata_txt_first,
                        dns_rdata_txt_next and dns_rdata_txt_current were
                        documented but not implemented.  These have now been
                        implemented.

                        dns_rdata_spf_first, dns_rdata_spf_next and
                        dns_rdata_spf_current were document but not
                        implemented.  The prototypes for these
                        functions have been removed. [RT #38068]

4023.   [bug]           win32: socket handling with explict ports and
                        invoking named with -4 was broken for some
                        configurations. [RT #38068]
 2014-12-19 11:35:07 +11:00
Mukund Sivaraman
47d837a499 Make named a singleton process [RT#37908] 
Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/win32/libdns.def.in
	lib/isc/win32/file.c

The merge also needed to update files in legacy and tcp system tests
(newly introduced in master after branch was created) to introduce use
of lockfile.
 2014-12-18 12:31:25 +05:30
Evan Hunt
9fcbc46062 [master] more missing entry points 2014-12-16 14:40:33 -08:00
Evan Hunt
fc12d18471 [master] typos 2014-12-16 12:42:05 -08:00
Evan Hunt
25ee607cf5 [master] add more missing entry points 2014-12-16 12:09:09 -08:00
Mark Andrews
eb690e00e7 add missing entry points 2014-12-17 00:27:17 +11:00
Mark Andrews
2efb444806 add missing entry points 2014-12-16 23:46:15 +11:00
Mark Andrews
f5c22df82b win32 build 2014-12-16 23:36:44 +11:00
Evan Hunt
be7fba8019 [master] adjust max-recursion-queries 
4021.	[bug]		Adjust max-recursion-queries to accommodate
			the need for more queries when the cache is
			empty. [RT #38104]
 2014-12-15 22:28:06 -08:00
Mark Andrews
132410d33f add/sort 2014-12-16 14:49:17 +11:00
Mark Andrews
7799a5edea add missing entries 2014-12-16 14:41:25 +11:00
Mark Andrews
2e98ab2c9d remove non null check 2014-12-09 19:51:32 +11:00
Mark Andrews
017aa9aef6 4019. [func] If named is not configured to validate the answer 
then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]
 2014-12-05 17:47:26 +11:00
Mark Andrews
ea3aa401bc 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]
 2014-12-03 11:34:07 +11:00
Mark Andrews
6444de08d1 4014. [bug] When including a master file origin_changed was 
not being properly set leading to a potentially
                        spurious 'inherited owner' warning. [RT #37919]
 2014-12-03 09:42:30 +11:00
Francis Dupont
5c5c6d289d Add a TCP only option to server/peer 2014-12-02 14:17:59 +01:00
Francis Dupont
fc63119c8b Hardened OpenSSL digest/HMAC calls [RT #37944] 2014-12-02 12:41:01 +01:00
Mark Andrews
401f7510d7 use the actual header 2014-11-28 19:17:26 +11:00
Mark Andrews
7554ff1619 add #define rdataset_clearprefetch rdataset_clearprefetch64 2014-11-25 12:06:23 +11:00
Tinderbox User
523ad879ce update copyright notice / whitespace 2014-11-24 23:53:16 +00:00
Mark Andrews
092d3b76db 4010. [cleanup] Clear the prefetchable state when initiating a prefetch. 
[RT #37399]
 2014-11-24 11:18:30 +11:00
Evan Hunt
92384667ff [master] delv +tcp 
4009.	[func]		delv: added a +tcp option. [RT #37855]
 2014-11-21 09:42:04 -08:00
Mark Andrews
70bceacc80 silence signed/unsigned warning 2014-11-21 20:28:17 +11:00
Evan Hunt
3e5b4176d8 [master] win32 build fix 2014-11-20 15:55:43 -08:00
Evan Hunt
c6b699b58e [master] remove inadvertently-retained content from quota.h 2014-11-20 12:55:01 -08:00
Evan Hunt
05e448935c [master] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.
 2014-11-19 18:21:02 -08:00
Evan Hunt
c4f54e5bd1 [master] add max-recursion-queries 
also fixes and documentation for max-recursion-depth
 2014-11-18 22:02:02 -08:00
Evan Hunt
3230429e17 [master] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:24:44 -08:00
Evan Hunt
c325ff9c79 [master] complete coverity fixes 2014-11-17 17:39:00 -08:00
Mark Andrews
4ac862fa96 only execute additional tests if create call succeeds 2014-11-18 12:19:37 +11:00
Evan Hunt
a0b4f6d952 [master] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:43:22 -08:00
Tinderbox User
aee6c351d3 update copyright notice 2014-11-15 23:45:22 +00:00
Evan Hunt
63fb92c1ba [master] fix false positive compiler warning 
a "pointer always evaluates to true" warning was blocking
compilation of the radix ATF test when using --enable-developer
with gcc 4.8.2.
 2014-11-15 00:56:30 -08:00
Evan Hunt
907e01d6f3 [master] buffer ATF test was failing 2014-11-15 00:56:17 -08:00
Evan Hunt
e32d354f75 [master] allow arbitrary-size rndc output 
4005.	[func]		The buffer used for returning text from rndc
			commands is now dynamically resizable, allowing
			arbitrarily large amounts of text to be sent back
			to the client. (Prior to this change, it was
			possible for the output of "rndc tsig-list" to be
			truncated.) [RT #37731]
 2014-11-14 15:58:54 -08:00
Evan Hunt
c4abb19716 [master] reference leak with AAAA glue but not A 
4004.	[bug]		When delegations had AAAA glue but not A, a
			reference could be leaked causing an assertion
			failure on shutdown. [RT #37796]
 2014-11-14 09:02:28 -08:00
Mukund Sivaraman
a3157f3c75 [master] close() fd when done (Coverity report) 2014-11-11 07:15:02 +05:30
Evan Hunt
fadf7291df [master] check creat() return 2014-11-10 17:30:58 -08:00
Tinderbox User
6d0a639bd0 update copyright notice 2014-11-06 23:45:21 +00:00
Evan Hunt
067c0c38e7 [master] s/mempcy/memmove/ 2014-11-06 13:01:59 -08:00
Mark Andrews
8f0cf84bb1 set working directory; #include <string.h> 2014-11-06 18:02:32 +11:00
Tinderbox User
d478dbae80 update copyright notice 2014-11-05 23:45:20 +00:00
Evan Hunt
ad9645512c [master] add print.h 2014-11-04 20:43:41 -08:00
Evan Hunt
ce96d4326c [master] new mkeys and nzf naming format 
3999.	[func]		"mkeys" and "nzf" files are now named after
			their corresponding views, unless the view name
			contains characters that would be incompatible
			with use in a filename (i.e., slash, backslash,
			or capital letters). If a view name does contain
			these characters, the files will still be named
			using a cryptographic hash of the view name.
			Regardless of this, if a file using the old name
			format is found to exist, it will continue to be
			used. [RT #37704]
 2014-11-04 19:43:27 -08:00
Tinderbox User
5781d00939 update copyright notice 2014-11-04 23:45:20 +00:00
Mark Andrews
a31d0513c3 add missing opening bracket 2014-11-04 17:02:32 +11:00
Mark Andrews
b976c39c07 3998. [bug] isc_radix_search was returning matches that were 
to precise. [RT #37680]
 2014-11-04 12:34:12 +11:00
Mark Andrews
1feee79e1f 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:39 +11:00
Tinderbox User
03fc2ff527 update copyright notice 2014-10-31 23:45:23 +00:00
Mark Andrews
c2f8108123 3996. [bug] Address use after free on out of memory error in 
keyring_add. [RT #37639]
 2014-10-31 11:44:09 +11:00
Mark Andrews
4e59131f18 3995. [bug] receive_secure_serial holds the zone lock for too 
long. [RT #37626]
 2014-10-31 11:38:14 +11:00
Mark Andrews
00fb0253c9 3991. [func] Add the ability to buffer logging output by specifying 
"buffered yes;" when defining a channel. [RT #26561]
 2014-10-30 11:37:05 +11:00
Mark Andrews
eb5243365c 3989. [cleanup] Remove redundent dns_db_resigned calls. [RT #35748] 2014-10-30 10:53:12 +11:00
Mark Andrews
bad93fb90c missing comma 2014-10-28 16:10:49 +11:00
Tinderbox User
6932de75ef update copyright notice 2014-10-21 23:45:24 +00:00
Francis Dupont
4d6329c1b3 Handle VS14 incompatible changes [RT #37380] 2014-10-21 09:34:33 +02:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Francis Dupont
7fbfa379e2 Accept up to 256 byte PINs in native PKCS#11. [RT #37410] 2014-10-20 22:55:40 +02:00
Evan Hunt
498b061031 [master] allow 1-week nta-lifetime/nta-recheck 
3983.	[bug]		Change #3940 was incomplete: negative trust anchors
			could be set to last up to a week, but the
			"nta-lifetime" and "nta-recheck" options were
			still limted to one day. [RT #37522]
 2014-10-20 13:40:17 -07:00
Mark Andrews
72775a79fe 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]
 2014-10-18 13:09:09 +11:00
Mark Andrews
871f3c8bee 3980. [bug] Improve --with-tuning=large by self tuning of SO_RCVBUF 
size. [RT #37187]
 2014-10-18 12:40:13 +11:00
Mark Andrews
48f97c23b7 3979. [bug] Negative trust anchor fetches where not properly 
managed. [RT #37488]
 2014-10-18 10:07:24 +11:00
Evan Hunt
188690149b [master] add diffie-hellman key unit test 
3978.	[test]		Added a unit test for Diffie-Hellman key
			computation, completing change #3974. [RT #37477]
 2014-10-17 15:55:37 -07:00
Evan Hunt
eb6d61d5e0 [master] correctly validate 5011 trust anchors 
3976.	[bug]		When refreshing managed-key trust anchors, clear
			any cached trust so that they will always be
			revalidated with the current set of secure
			roots. [RT #37506]
 2014-10-17 15:40:07 -07:00
Tinderbox User
28b2fddfd4 update copyright notice 2014-10-16 23:45:23 +00:00
Mark Andrews
ca77632f65 initialize rdataset->private7 2014-10-16 11:23:01 +11:00
Mark Andrews
58a1051e92 3974. [bug] handle DH_compute_key() failure correctly in 
openssldh_link.c. [RT #37477]
 2014-10-13 23:41:36 +11:00
Evan Hunt
34cb27055a [master] install badcache.h 2014-10-08 19:42:48 -07:00
Francis Dupont
1831311ac6 added hooks for gperftools CPU profiler [#37339] 2014-10-08 15:14:02 +02:00
Mark Andrews
bbec761a67 silence compiler warning 2014-10-08 17:47:46 +11:00
Tinderbox User
d1573beb05 update copyright notice 2014-10-04 23:45:22 +00:00
Mark Andrews
c81d56c03e 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]
 2014-10-05 08:29:34 +11:00
Tinderbox User
7a3f584cfc update copyright notice 2014-10-02 23:45:25 +00:00
Mark Andrews
9c0589bc8b 3966. [bug] Missing dns_db_closeversion call in receive_secure_db. 
[RT #35746]
 2014-10-03 07:50:09 +10:00
Mark Andrews
dda69168ea 3965. [func] Log outgoing packets and improve packet logging to 
support logging the remote address. [RT #36624]
 2014-10-02 09:40:11 +10:00
Mark Andrews
ed1c845c1d 3964. [func] nsupdate now performs check-names processing. 
[RT #36266]
 2014-10-02 09:35:43 +10:00
Tinderbox User
be484acb22 update copyright notice 2014-09-30 23:45:22 +00:00
Mark Andrews
ffeaac1d82 3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with 
BADSIG.  [RT #37216]
 2014-10-01 07:24:16 +10:00
Mark Andrews
fa827173df 3959. [bug] Updates could be lost if they arrived immediately 
after a rndc thaw. [RT #37233]
 2014-10-01 06:59:19 +10:00
Tinderbox User
2fb35a6d59 update copyright notice 2014-09-29 23:45:24 +00:00
Mark Andrews
1c5990c2f9 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]
 2014-09-29 12:10:10 +10:00
Mark Andrews
80169c379d 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]
 2014-09-29 10:18:54 +10:00
Mark Andrews
10c12aa549 3956. [func] Notify messages are now rate limited by notify-rate and 
startup-notify-rate instead of serial-query-rate.
                        [RT #24454]

3955.   [bug]           Notify messages due to changes are no longer queued
                        behind startup notify messages. [RT #24454]
 2014-09-29 10:01:08 +10:00
Mark Andrews
4b92bc0022 don't redefine GEOIP_DATA 2014-09-29 09:33:24 +10:00
Tinderbox User
e64f32cd04 update copyright notice 2014-09-27 23:45:22 +00:00
Mark Andrews
9a36fb86f5 3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159] 2014-09-27 12:14:20 +10:00
Mark Andrews
a266ab205b 3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the 
two name pointers were the same. [RT #37176]
 2014-09-27 11:41:44 +10:00
Evan Hunt
6896fdd3b2 [master] spelling 2014-09-15 18:18:12 -07:00
Mark Andrews
48b093c864 update named-checkzone manpage for SPF changes 2014-09-13 07:55:57 +10:00
Mark Andrews
1bf72e5325 silence compiler warning 2014-09-11 13:34:17 +10:00
Mark Andrews
947cf282a7 3949. [experimental] Experimental support for draft-andrews-edns1 by sending 
EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
                        building).  Add support for limiting the EDNS version
                        advertised to servers: server { edns-version 0; };
                        Log the EDNS version received in the query log.
                        [RT #35864]
 2014-09-10 15:31:40 +10:00
Mark Andrews
52131a8351 3948. [port] solaris: RCVBUFSIZE was too large on Solaris with 
--with-tuning=large. [RT #37059]
 2014-09-09 09:41:55 +10:00
Mark Andrews
2b703026f3 check isc_mutext_init and destoy mutex when done 2014-09-07 08:24:36 +10:00
Mark Andrews
8aa098c633 update copyrights 2014-09-06 09:38:48 +10:00
Tinderbox User
5fa6a064b8 regen master 2014-09-05 19:26:47 +00:00
Evan Hunt
f687e639f0 [master] [rt36786] use INSTALL_PROGRAM for shared libs 
3947.	[cleanup]	Set the executable bit on libraries when using
			libtool. [RT #36786]
 2014-09-05 10:24:20 -07:00
Mark Andrews
2fa1fc5332 3945. [bug] Invalid wildcard expansions could be incorrectly 
accepted by the validator. [RT #37093]
 2014-09-05 12:10:55 +10:00
Mark Andrews
06dbd20c66 move declaration to start of block 2014-09-05 11:39:42 +10:00
Tinderbox User
948c80ffa8 update copyright notice 2014-09-04 23:45:24 +00:00
Evan Hunt
a878301981 [master] servfail cache 
3943.	[func]		SERVFAIL responses can now be cached for a
			limited time (configured by "servfail-ttl",
			default 10 seconds, limit 30). This can reduce
			the frequency of retries when an authoritative
			server is known to be failing, e.g., due to
			ongoing DNSSEC validation problems. [RT #21347]
 2014-09-03 23:28:14 -07:00
Mark Andrews
3560b7d66c move declaration to start of block 2014-09-04 14:20:25 +10:00
Mark Andrews
fec7998314 3942. [bug] Wildcard responses from a optout range should be 
marked as insecure. [RT #37072]
 2014-09-04 13:57:50 +10:00
Mark Andrews
74717eef53 3939. [func] Improve UPDATE forwarding performance by allowing TCP 
connections to be shared. [RT #37039]
 2014-09-04 10:37:45 +10:00
Mark Andrews
92a649d814 complete conversion to FCTXTRACE3 2014-08-30 20:37:20 +10:00
Mark Andrews
1a63fb1d14 update copyrights 2014-08-30 12:27:49 +10:00
Tinderbox User
3278ff814d update copyright notice 2014-08-29 23:45:22 +00:00
Evan Hunt
f5c24a7f48 [master] add better servfail logging 
3937.	[func]		Added some debug logging to better indicate the
			conditions causing SERVFAILs when resolving.
			[RT #35538]
 2014-08-28 22:37:55 -07:00
Evan Hunt
d46855caed [master] ECS authoritative support 
3936.	[func]		Added authoritative support for the EDNS Client
			Subnet (ECS) option.

			ACLs can now include "ecs" elements which specify
			an address or network prefix; if an ECS option is
			included in a DNS query, then the address encoded
			in the option will be matched against "ecs" ACL
			elements.

			Also, if an ECS address is included in a query,
			then it will be used instead of the client source
			address when matching "geoip" ACL elements.  This
			behavior can be overridden with "geoip-use-ecs no;".

			When "ecs" or "geoip" ACL elements are used to
			select a view for a query, the response will include
			an ECS option to indicate which client network the
			answer is valid for.

			(Thanks to Vincent Bernat.) [RT #36781]
 2014-08-28 22:05:57 -07:00
Evan Hunt
180319f572 [master] fix geoip asnum matching 
3935.	[bug]		"geoip asnum" ACL elements would not match unless
			the full organization name was specified.  They
			can now match against the AS number alone (e.g.,
			AS1234). [RT #36945]
 2014-08-28 21:40:32 -07:00
Mark Andrews
7c73ac5e13 3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve 
sit-secrets documentation. [RT #36980]
 2014-08-29 14:35:21 +10:00
Evan Hunt
0c2313eb36 [master] fixes to checkconf test, HIP casecompare 
3933.	[bug]		Corrected the implementation of dns_rdata_casecompare()
			for the HIP rdata type.  [RT #36911]

3932.	[test]		Improved named-checkconf tests. [RT #36911]
 2014-08-27 21:36:13 -07:00
Mark Andrews
1164997311 3931. [cleanup] Cleanup how dlz grammer is defined. [RT #36879] 2014-08-26 15:01:29 +10:00
Mark Andrews
be5d42f255 dlz clauses are not inheritable 2014-08-25 14:52:01 +10:00
Evan Hunt
27d6642e8b [master] complete change #3925 
- don't use fwdname in dns_view_findzonecut()
 2014-08-22 14:57:30 -07:00
Mark Andrews
840d6a4614 3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917 2014-08-22 16:32:19 +10:00
Tinderbox User
a24330c480 regen master 2014-08-16 01:06:20 +00:00
Mark Andrews
15a885dfc6 remove duplicate request-ixfr rt36878 
(cherry picked from commit 0a484c39fc)
 2014-08-16 08:51:20 +10:00
Jeremy C. Reed
821350367e fix typos or misspellings 2014-08-15 10:35:31 -05:00
Mark Andrews
291c0dfbc9 remove redundant isc_sockaddr_format call 2014-08-08 21:27:35 +10:00
Tinderbox User
cd14665cdf update copyright notice 2014-08-07 23:45:19 +00:00
Evan Hunt
91e7faa874 [master] win32 sockets don't support dscp 2014-08-06 21:35:49 -07:00
Evan Hunt
89f3d83d7e [master] files missing for win32 build 2014-08-06 20:51:04 -07:00
Evan Hunt
ef1ba8ffa7 [master] need local strlcpy() in VS2005 2014-08-06 19:57:04 -07:00
Tinderbox User
6cdcc9df5b update copyright notice 2014-08-07 01:14:24 +00:00
Evan Hunt
cfe32752a6 [master] [36737] allow zero-length URI and CAA fields 
3914.	[bug]		Allow the URI target and CAA value fields to
			be zero length. [RT #36737]
 2014-08-06 17:40:42 -07:00
Tinderbox User
1e7501fe07 update copyright notice 2014-08-06 23:45:23 +00:00
Mark Andrews
493f3eb297 3913. [bug] Address race issue in dispatch. [RT #36731] 2014-08-06 18:49:53 +10:00
Evan Hunt
338a89339a [master] install new include file 2014-08-05 22:11:17 -07:00
Evan Hunt
a6ad80dd08 [master] make lwres/stdlib.h and lwres/string.h instead of compat.h 2014-08-05 22:01:06 -07:00
Mark Andrews
c5734964e6 3912. [bug] Address some unrecoverable lookup failures. [RT #36330] 2014-08-06 14:18:04 +10:00
Mark Andrews
f38a398033 silence signed/unsigned comparision warning 2014-08-06 12:25:03 +10:00
Mark Andrews
b47839a675 alphabetize zone_clauses 2014-08-06 11:54:54 +10:00
Mark Andrews
43b9737b11 3911. [func] Implement EDNS EXPIRE option client side. [RT #35925] 2014-08-06 11:50:40 +10:00
Mukund Sivaraman
a338c2d947 [36720] Free event early (fixes race to free) 
Patch contributed by yhu2 <yadi.hu@windriver.com>.
 2014-08-05 17:08:14 +05:30
Mark Andrews
3e90f6c373 3910. [bug] When computing the number of elements required for a 
acl count_acl_elements could have a short count leading
                        to a assertion failure.  Also zero out new acl elements
                        in dns_acl_merge.  [RT #36675]
 2014-08-03 10:05:02 +10:00
Tinderbox User
79bb509936 update copyright notice 2014-08-02 23:45:21 +00:00
Mark Andrews
c38341ec43 3908. [bug] rndc now differentiates between a zone in multiple 
views and a zone that doesn't exist at all. [RT #36691]
 2014-08-02 14:43:26 +10:00
Tinderbox User
25633bca23 update copyright notice 2014-07-31 23:45:21 +00:00
Evan Hunt
7712d1660a [master] [rt36642] fix URI RR format 
3906.	[protocol]	Update URI record format to comply with
			draft-faltstrom-uri-08. [RT #36642]
 2014-07-30 20:41:59 -07:00
Mark Andrews
b04839cfe2 [rt36341] 
3905.   [bug]           Address deadlock between view.c and adb.c. [RT #36341]
 2014-07-31 11:38:11 +10:00
Mark Andrews
3a55d43527 3904. [func] Add the RPZ SOA to the additional section. [RT36507] 2014-07-31 10:51:48 +10:00
Mark Andrews
a04588e781 update copyrights 2014-07-31 09:47:00 +10:00
Mark Andrews
1e5fd07d16 #include print_p.h 2014-07-31 00:26:21 +10:00
Mark Andrews
70be388974 [rt36039] 
3902.   bug]            liblwres wasn't handling link-local addresses in
                        nameserver clauses in resolv.conf. [RT #36039]
 2014-07-30 23:26:37 +10:00
Tinderbox User
d1b499c827 update copyright notice 2014-07-29 23:45:20 +00:00
Evan Hunt
c1e42fa06d [master] use correct length 2014-07-29 15:24:39 -07:00
Evan Hunt
2383eb5272 [master] add CAA rdata support 
3056.	[protocol]	Added support for CAA record type (RFC 6844).
			[RT #36625]
 2014-07-29 08:40:35 -07:00
Mark Andrews
275a8affe7 3899. [bug] "request-ixfr" is only applicable to slave and redirect 
zones. [RT #36608]
 2014-07-25 14:23:14 +10:00
Mark Andrews
bc4006c0d3 alphabetize optionstable 2014-07-22 14:14:55 +10:00
Mark Andrews
0e50e50206 alphabetize server_clauses 2014-07-22 14:00:27 +10:00
Mark Andrews
6a6838f973 3898. [bug] To small a buffer in tohexstr() calls in test code. 
[RT #36598]
 2014-07-22 11:26:28 +10:00
Mark Andrews
ac5ed74860 3897. [bug] RPZ summary information was not properly being updated 
after a AXFR resulting in changes sometimes being
                        ignored.  [RT #35885]
 2014-07-22 10:57:58 +10:00
Mark Andrews
a1dee90bfb adjust INSIST now that dev->dscp is unsigned 2014-07-19 11:56:23 +10:00
Mark Andrews
044c780437 silence coverity, explicitly ignore dns_peer_gettransferdscp result 2014-07-18 12:55:04 +10:00
Mark Andrews
89cf81b462 3896. [bug] Address performance issues with DSCP code on some 
platforms. [RT #36534]
 2014-07-18 11:40:44 +10:00
Mark Andrews
2e6d7a724a silence "Value stored to 'length' is never read" by removing assignment 2014-07-17 09:44:57 +10:00
Tinderbox User
b6f7267093 update copyright notice 2014-07-15 23:45:19 +00:00
Mark Andrews
71ec6d0940 3894. [bug] Buffers in isc_print_vsnprintf were not properly 
initialized leading to potential overflows when
                        printing out quad values. [RT #36505]
 2014-07-15 22:53:07 +10:00
Mark Andrews
a920fb9dc2 3893. [bug] Peer DSCP values could be returned without being set. 
[RT #36538]
 2014-07-15 22:40:39 +10:00
Tinderbox User
8a9485517e update copyright notice 2014-07-10 23:45:19 +00:00
Mark Andrews
7eb82402e3 Revert "update description to match code; doxygen fixes" 
This reverts commit 1fc784da63.
 2014-07-10 10:37:10 +10:00
Mark Andrews
9862191c37 update description to match code; doxygen fixes 2014-07-10 10:36:33 +10:00
Mark Andrews
1fc784da63 update description to match code; doxygen fixes 2014-07-10 10:32:54 +10:00
Mark Andrews
dcc7a2738f hold a nta reference while fetching 2014-07-10 10:24:47 +10:00
Mark Andrews
63e1ac1e09 3890. [bug] RRSIG sets that were not loaded in a single transaction 
at start up where not being correctly added to
                        re-signing heaps.  [RT #36302]
 2014-07-07 12:05:01 +10:00
Mark Andrews
769224a8dc state fw_copy is never used; n only needs to be set for fw_ordinary; 
(cherry picked from commit d956d9689c13b093fff5faf6b10f06338354dcfc)
 2014-07-04 08:51:26 +10:00
Mark Andrews
e58154a6ec silence coverity warnings 2014-07-02 15:28:02 +10:00
Mark Andrews
7dbd309799 be consistent about expire time 2014-07-02 14:12:46 +10:00
Mark Andrews
5d63868ad0 DNS_VALIDATOR_NONTA needs passed to sub validator 2014-07-02 14:12:15 +10:00
Mark Andrews
e31a37787b silence coverity - reviewed by Evan over jabber 2014-07-01 09:52:02 +10:00
Mark Andrews
1a03e9eb52 rename closesocket to socketclose to avoid coverity model for window's closesocket 2014-06-26 10:47:48 +10:00
Mark Andrews
33399d6a14 3888. [func] 'rndc status' now reports the number of automatic 
zones. [RT #36015]
 2014-06-25 13:17:03 +10:00
Mark Andrews
65eba0a5a8 add init_count 2014-06-25 12:40:28 +10:00
Mark Andrews
777ea03a92 move definition of FILE_VERSION to after #define of FILE_VERSION 2014-06-25 12:29:15 +10:00
Mark Andrews
c312172e13 more statics that were optimised out 2014-06-25 11:10:25 +10:00
Mark Andrews
c21e9f1a92 add and deserialize are structure element names 2014-06-25 09:45:53 +10:00
Mark Andrews
ef117da205 3887. [cleanup] Make all static symbols in rbtdb64 end in "64" so 
they are easier to use in a debugger. [RT #36373]
 2014-06-25 08:33:37 +10:00
Mark Andrews
d2dc08308f set now on all paths 2014-06-25 00:44:11 +10:00
Mark Andrews
6343df7150 silence signed vs unsigned 2014-06-25 00:19:17 +10:00
Mark Andrews
ba5c73b383 3886. [bug] rbtdb_write_header should use a once to initialize 
FILE_VERSION. [RT #36374]
 2014-06-24 19:58:25 +10:00
Mark Andrews
a421f4458d use isc_time_seconds rather than .seconds 2014-06-23 23:15:19 +10:00
Evan Hunt
4ef06963a4 [master] unresolved externals 2014-06-20 13:51:36 -07:00
Tinderbox User
5a31767b09 update copyright notice 2014-06-19 23:45:23 +00:00
Evan Hunt
cac2181160 [master] CDS/CDNSKEY rrtypes 
3884.	[protocol]	Add CDS and CDNSKEY record types. [RT #36333]
 2014-06-19 00:35:11 -07:00
Mark Andrews
bfbd478cdb silence coverity 2014-06-19 11:33:22 +10:00
Evan Hunt
5e6cfc7c9a [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2014-06-18 17:25:19 -07:00
Evan Hunt
f47ed4bb4d [master] silence warning 2014-06-18 17:24:48 -07:00
Mark Andrews
3a37159a95 add #include <isc/print.h> 2014-06-19 10:20:34 +10:00
Evan Hunt
b8a9632333 [master] complete NTA work 
3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]
 2014-06-18 16:50:38 -07:00
Mark Andrews
8eb2d262dc silence coverity - add nul termination 2014-06-18 20:04:21 +10:00
Tinderbox User
636aadbfe4 update copyright notice 2014-06-17 23:45:20 +00:00
Evan Hunt
a4e76a630e [master] update gitignore files; use rev-parse to get srcid 2014-06-17 13:49:30 -07:00
Mark Andrews
e177c7b814 add EAI_OVERFLOW to lwres 2014-06-17 10:20:24 +10:00
Tinderbox User
51437e2eea update copyright notice 2014-06-16 23:45:20 +00:00
Evan Hunt
56510cd031 [master] null terminate strings for coverity 2014-06-16 15:30:11 -07:00
Tinderbox User
4ded8003e3 update copyright notice 2014-06-12 23:45:22 +00:00
Evan Hunt
06e0d6bb12 [master] address rpz bugs 
3877.	[bug]		Inserting and deleting parent and child nodes
			in response policy zones could trigger an assertion
			failure. [RT #36272]
 2014-06-11 20:00:19 -07:00
Mark Andrews
1208790272 make lhs unsigned 2014-06-12 11:12:22 +10:00
Mark Andrews
8a2ff13c3d add INSISTs to silence tainted data false positive in Coverity 2014-06-12 10:42:39 +10:00
Tinderbox User
889eb2e055 update copyright notice 2014-06-11 23:45:23 +00:00
Mark Andrews
23fe5cbb07 pass rng to destroy 2014-06-11 22:57:46 +10:00
Mark Andrews
0c57bf16a5 fix unbalanced lock; test for non NULL before dereference; 2014-06-11 21:42:36 +10:00
Evan Hunt
8d8f9f7f86 [master] suppress unnecessary db lookups in DLZ redirect zones 
3876.	[bug]		Improve efficiency of DLZ redirect zones by
			suppressing unnecessary database lookups. [RT #35835]
 2014-06-10 16:25:26 -07:00
Evan Hunt
7c9d11b654 [master] add print.h, CHANGES note 2014-06-10 08:54:16 -07:00
Mukund Sivaraman
aa232396ee [24702] Include key filename in logged message 
Squashed commit of the following:

commit 593e6bc7e29938ff5c2f7508bde303fb069a97a9
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 19:17:40 2014 +0530

    Increase size of filename buffers

commit b8685678e026ba98b8833e26664193b6345eb00e
Author: Evan Hunt <each@isc.org>
Date:   Wed Jun 4 18:57:44 2014 -0700

    [rt24702] some tweaks during review

commit adfbc8f808716c63e9e097d92beef104527e5c6f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed Jun 4 18:18:35 2014 +0530

    [24702] Include key filename in logged message

commit f1eff77e7e3704b145c3d65101a735467dd81dc3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed Jun 4 18:12:43 2014 +0530

    Add dst_key_getfilename()
 2014-06-10 19:18:34 +05:30
Mark Andrews
5331f97edc silence compiler warnings 2014-06-10 12:38:32 +10:00
Tinderbox User
1b2ae58ef1 update copyright notice 2014-06-09 23:45:20 +00:00
Mark Andrews
3b187cad7a 3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210] 2014-06-10 09:32:43 +10:00
Mark Andrews
b16d99bac1 3872. [bug] Address issues found by static analysis. [RT #36209] 2014-06-10 09:17:15 +10:00
Mukund Sivaraman
5456bddd39 [27303] Supply format string as first arg to printf() 
No CHANGES entry for this as it isn't proved to cause an issue for
anyone (isc_msgcat_get() has to return a format specifier) and isn't a
user visible change.

Squashed commit of the following:

commit bcb15c9aa17b0b706aefd9efef5f7e0e951064a3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed Jun 4 16:55:16 2014 +0530

    [27303] Supply format string as first arg to printf()

    The old code only had a problem if isc_msgcat_get() returned a format
    specifier (%n).
 2014-06-08 19:06:37 +05:30
Tinderbox User
780169512e update copyright notice 2014-06-04 23:45:22 +00:00
Mukund Sivaraman
79d27f505a [35063] Don't publish an activated key automatically before its publish time 2014-06-04 14:31:42 +05:30
Mukund Sivaraman
84dc4b3e7e [35942] Update random number generator to ChaCha based (and add tests) 
Squashed commit of the following:

commit 219a904fea95c74016229b6f4436d4f09de1bfd0
Author: Evan Hunt <each@isc.org>
Date:   Mon Jun 2 12:20:54 2014 -0700

    [rt35942] style

commit 90bc77185e9798af4595989abb8698efef8c70d7
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 18:01:30 2014 +0530

    Return p-value=0 when prerequisite (monobit) fails

commit 5594669728f1181a447616f60b835e4a043d1b21
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 17:44:25 2014 +0530

    Print proportion of test sequences passing too

commit 9e94b67a4114651224a8285f7c4a7fb03907f376
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 17:34:03 2014 +0530

    Check uniform distribution of p-values

commit acf911b32dd84ac1c30c57d8937cfeb6b3ff972f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 17:17:39 2014 +0530

    Check proportion of sequences passing a test

commit 7289eb441fc4ec623364ad882e22b240ba8da308
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon Jun 2 04:33:37 2014 +0530

    Refactor common setup code into random_test()

    No behavioral change is made.

commit 51feef3e08c233d34a6b8b9d25a72d43110b4eed
Author: Mukund Sivaraman <muks@isc.org>
Date:   Sun Jun 1 17:31:57 2014 +0530

    Fix binary rank computation

commit 0ea3c03dea353f309d13c38e26aa0abbffdcff2b
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue May 27 06:01:10 2014 +0530

    Add binary matrix rank RNG test

commit eb4e7c53540ac97436d94714d30084907eeff01a
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 15:45:31 2014 +0530

    Add function to find rank of a binary matrix

commit 1292a06e0e09ebd37d4ecf5337814951dcacc4a4
Author: Evan Hunt <each@isc.org>
Date:   Thu May 29 16:21:51 2014 -0700

    [rt35942] style; check whether we need libm for exp()

commit c19788e5a89235e937a5aedf2ebea50f33406609
Author: Evan Hunt <each@isc.org>
Date:   Thu May 29 15:31:19 2014 -0700

    [rt35942] incidental spelling error fixed

commit c833326ad0df21e2a8b35958e85ccc0a692e38be
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu May 29 11:34:37 2014 +0530

    Revert "Add function to find rank of a binary matrix"

    This reverts commit 21b2f230e17f7fc638f81d9a34bcb148b0c4a6fb.

    This test will be added in RT#36125.

commit cf786a533d34fdcd9e1c5650356e56d33e93a29f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu May 29 11:33:18 2014 +0530

    Revert "Add binary matrix rank RNG test"

    This reverts commit dd843b9ca84fa9af80ec39631152f82778f0b97c.

    This test will be added in RT#36125.

commit dd843b9ca84fa9af80ec39631152f82778f0b97c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue May 27 06:01:10 2014 +0530

    Add binary matrix rank RNG test

commit 21b2f230e17f7fc638f81d9a34bcb148b0c4a6fb
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 15:45:31 2014 +0530

    Add function to find rank of a binary matrix

commit 313c30088d6ba933bde3abb920f2a6d16b9b77e1
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 13:38:44 2014 +0530

    Add block frequency random test

commit 0d279c60ed3eabe52cf3e1435bf14ec62752536f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 13:04:03 2014 +0530

    Add preconditions from NIST spec

commit 7a6c5f2ce5078814d5cf0fea30596e58171174c1
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 26 12:51:03 2014 +0530

    Add functions to use in RNG tests

commit 8c5cb5594f904f6669cdffaa364f799b4a2c6b58
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu May 22 00:26:10 2014 +0530

    Add runs RNG test

commit 4882f078cc2596c0911066ffb783e4dd145a63ec
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 23:58:20 2014 +0530

    Pre-compute bitcounts LUT

commit 896db3809fba2d9884a4a3a2fa847a73e007ad7f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 23:30:23 2014 +0530

    Fix the bit value being checked (this shouldn't affect the test)

commit b932cbb5dae39eb819db29cf9490fb51d59b7c56
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 19:35:12 2014 +0530

    Add monobits RNG test

commit 7bef19fd8b095aa567a975ef5c97d5812162d92e
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 16:53:02 2014 +0530

    Add API documentation

commit 54483f7feb64b5646dd1da45b1fd396e7d04b926
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 21 16:39:03 2014 +0530

    Rename isc_rngctx_t to isc_rng_t

commit 7c5031b53555137a82c6b6218cd4dd5e95acf94d
Author: Evan Hunt <each@isc.org>
Date:   Tue May 20 23:29:53 2014 -0700

    [rt35942] use attach/detach with isc_rngctx_t

commit 8aabae5e09888e6af651ed27bd6b4e9f76334d55
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue May 20 18:32:42 2014 +0530

    Move RNG from dispatch.c to libisc

commit e6d4ad4f389998b91d46e95e258cf420cb21d977
Author: Mukund Sivaraman <muks@isc.org>
Date:   Mon May 12 19:16:27 2014 +0530

    Replace old arc4random with new ChaCha implementation from OpenBSD
 2014-06-04 13:44:10 +05:30
Mark Andrews
b925be3e54 attempt to silence leaked lock false positive 2014-06-04 14:07:16 +10:00
Mark Andrews
7cce33eb78 place a upper bound on rdcount 2014-06-04 13:20:42 +10:00
Mark Andrews
f4db7287da bad size on isc_mem_put 2014-06-04 11:45:09 +10:00
Tinderbox User
6efae581d0 update copyright notice 2014-06-03 23:45:20 +00:00
Mark Andrews
6fc3efb93f keytable depends on openssl/pkcs11 2014-06-03 15:15:19 +10:00
Mark Andrews
50a7454174 3868. [bug] isc_mem_setwater incorrectly cleared hi_called 
potentially leaving over memory cleaner running.
                        [RT #35270]
 2014-06-02 16:31:42 +10:00
Tinderbox User
803d842603 update copyright notice 2014-05-30 23:45:21 +00:00
Evan Hunt
0cfb247368 [master] rndc nta 
3867.	[func]		"rndc nta" can now be used to set a temporary
			negative trust anchor, which disables DNSSEC
			validation below a specified name for a specified
			period of time (not exceeding 24 hours).  This
			can be used when validation for a domain is known
			to be failing due to a configuration error on
			the part of the domain owner rather than a
			spoofing attack. [RT #29358]
 2014-05-29 22:22:53 -07:00
Mark Andrews
536da846f6 update copyrights 2014-05-30 09:41:33 +10:00
Evan Hunt
caa252e5ad [master] Fix bin/tests/rbt_test.c, use portable int types 2014-05-29 07:37:13 -07:00
Mukund Sivaraman
9ff0b976a1 Add missing include 
Reported by tinderbox. It is not required on this developer's machine,
but would be required on platforms that don't supply snprintf().
 2014-05-29 14:04:35 +05:30
Mukund Sivaraman
ce376a81fa [35904] Add various RBT unit tests 
No CHANGES entry was added as this commit mainly adds tests related
code.

Squashed commit of the following:

commit d3d44508daa128fb8b60f64b3a8c81f80602273d
Author: Evan Hunt <each@isc.org>
Date:   Wed May 7 09:36:41 2014 -0700

    [rt35904] remove private non-static names from .def file

commit dbca45661c3939f21c3bb3f405d08cfe1b35d7aa
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 7 21:39:32 2014 +0530

    Remove test for shortcut findnode()

    The implementation was not included in this review branch, but the tests
    erroneously made it through.

    This functionality will be addressed in a different ticket (RT#35906).

commit 94ff14576ab3407f2612d34727b7eacfefc3668c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed May 7 21:36:50 2014 +0530

    Minor indent fix

commit 50972f17697bb222996e433faa8224843366f9b2
Author: Evan Hunt <each@isc.org>
Date:   Tue May 6 20:05:21 2014 -0700

    [rt35904] style

commit 5c4d5d41fcc5bfecdeebc008896974385c841b8d
Author: Mukund Sivaraman <muks@isc.org>
Date:   Sun May 4 19:19:36 2014 +0530

    RBT related updates

    * Add various RBT unit tests
    * Add some helper methods useful in unit testing RBT code
    * General cleanup
 2014-05-29 11:09:23 +05:30
Mark Andrews
57d5f5abe1 silence coverity warning 2014-05-28 10:43:19 +10:00
Mark Andrews
358cc47a25 address typo 2014-05-27 14:10:12 +10:00
Mark Andrews
586d94eb74 3861. [security] Missing isc_buffer_availablelength check results 
in a REQUIRE assertion when printing out a packet.
                        [RT #36078]
 2014-05-25 12:39:03 +10:00
Mark Andrews
4b22b8decb fix typo == -> = 2014-05-24 23:24:19 +10:00
Mark Andrews
a569e1b321 3860. [bug] ioctl(DP_POLL) array size needs to be determined 
at run time as it is limited to {OPEN_MAX}.
                        [RT #35878]
 2014-05-23 13:05:23 +10:00
Mark Andrews
35711d3c73 correct EDNSOK sense 2014-05-22 22:02:09 +10:00