upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 19:04:57 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25079 commits 18 branches 854 tags 440 MiB
Commit graph

10345 commits

Author SHA1 Message Date
Evan Hunt
0302fcbf7e [master] check addrlen/scopelen fit within family address length 2016-01-05 13:39:44 -08:00
Evan Hunt
1330ae5fc2 [master] check ECS address length 2016-01-05 12:17:54 -08:00
Francis Dupont
f2453ece5b Silent WIN64 warnings 2016-01-05 18:37:31 +01:00
Evan Hunt
c8b968f414 [master] fix use after free on xfr timeout 
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
 2016-01-04 22:05:23 -08:00
Evan Hunt
41494939b6 [master] fixed bogus server regression 
4288.	[bug]		Fixed a regression in resolver.c:possibly_mark()
			which caused known-bogus servers to be queried
			anyway. [RT #41321]
 2016-01-04 15:47:16 -08:00
Francis Dupont
7e9140c6b1 Updated copyrights (2) 2016-01-05 00:34:53 +01:00
Francis Dupont
343aeac717 Updated WIN32 files (rt40877) 2016-01-04 17:27:31 +01:00
Tinderbox User
0796eca5f7 update copyright notice / whitespace 2015-12-31 11:45:08 +00:00
Mark Andrews
292eb9c4e4 4286. [security] render_ecs errors were mishandled when printing out 
a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

(cherry picked from commit 3e0c1603a8)
 2015-12-31 22:19:46 +11:00
Mark Andrews
1b3d211802 4285. [security] Specific APL data could trigger a INSIST. 
(CVE-2015-8704) [RT #41396]
 2015-12-31 13:43:21 +11:00
Tinderbox User
7321d8df7b update copyright notice / whitespace 2015-12-27 23:45:24 +00:00
Evan Hunt
fbed5f0f44 [master] fix geoip options 
4284.	[bug]		Some GeoIP options were incorrectly documented
			using abbreviated forms which were not accepted by
			named.  The code has been updated to allow both
			long and abbreviated forms. [RT #41381]
 2015-12-26 10:50:32 -08:00
Mark Andrews
bed6e9d614 4383. [bug] OPENSSL_config is no longer re-callable. [RT #41348] 2015-12-24 10:31:07 +11:00
Mark Andrews
27deca2bf0 don't mix IPv4 and IPv6 capability bits 2015-12-17 08:17:00 +11:00
Curtis Blackburn
9effea437d [rt41269] additional tests for dig and delv, 
fix for --disable-ipv6 on osx,
              fixes for tests with --disable-ipv6
 2015-12-15 11:58:28 -08:00
Mark Andrews
f647c0df9f 4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257] 2015-12-15 19:49:40 +11:00
Mukund Sivaraman
ecc06cbc32 Use optimal message sizes to improve compression in AXFRs (#40996) 2015-12-15 13:24:14 +05:30
Mark Andrews
94c7301f6f 4279. [test] Don't use fixed ports when unit testing. [RT #41194] 2015-12-15 12:50:32 +11:00
Tinderbox User
6d27aeb4e2 update copyright notice / whitespace 2015-12-11 23:45:22 +00:00
Mark Andrews
564968bc0a whitespace 2015-12-11 14:29:18 +11:00
Tinderbox User
2a37470065 update copyright notice / whitespace 2015-12-09 23:45:23 +00:00
Evan Hunt
f21d2ee372 [master] comments 2015-12-09 08:54:04 -08:00
Mukund Sivaraman
22f379298c Disable the RBT benchmark unittest 2015-12-09 19:15:46 +05:30
Mukund Sivaraman
5d79b60fc5 Improve performance of RBT (#41165) 2015-12-09 19:10:55 +05:30
Tinderbox User
6c1f9f5c71 update copyright notice / whitespace 2015-12-07 23:45:25 +00:00
Mark Andrews
322e6b5be7 4276. [protocol] Add support for SMIMEA. [RT #40513] 2015-12-08 08:16:41 +11:00
Mukund Sivaraman
27bc16fcdc Lazily initialize dns_compress->table only when compression is enabled (#41189) 2015-12-07 12:48:57 +05:30
Mukund Sivaraman
5b13a593fe Speed up typemap_fromtext() (#41196) 2015-12-07 12:34:57 +05:30
Mark Andrews
95bef099e9 4273. [bug] Only call dns_test_begin() and dns_test_end() once each 
in nsec3_test as it fails with GOST if called multiple
                        times.
 2015-12-07 17:52:37 +11:00
Mark Andrews
a12a21a843 bracket mismatch; window openssl version check 2015-12-06 23:05:47 +11:00
Evan Hunt
226dd20bbd [master] isc__taskmgr_pause() could deadlock 
4271.	[test]		Unit tests could deadlock in isc__taskmgr_pause().
			[RT #41235]
 2015-12-03 20:49:28 -08:00
Evan Hunt
4071efbec0 [master] disallow map zones in response-policy 
4269.	[bug]		Zones using "map" format master files currently
			don't work as policy zones.  This limitation has
			now been documented; attempting to use such zones
			in "response-policy" statements is now a
			configuration error.  [RT #38321]
 2015-12-02 21:10:09 -08:00
Tinderbox User
f30a3f28db update copyright notice / whitespace 2015-11-30 23:45:24 +00:00
Mark Andrews
8e73941f33 4265. [bug] Address unchecked isc_mem_get calls. [RT #41187] 2015-11-30 10:29:29 +11:00
Tinderbox User
af0bea7aa7 update copyright notice / whitespace 2015-11-20 23:45:23 +00:00
Mark Andrews
5b1c7ef35b 4264. [bug] Check const of strchr/strrchr assignments match 
argument's const status. [RT #41150]
 2015-11-20 18:38:24 +11:00
李昶
65f6e2f909 Cleanup in journal_open() correctly (#41129) 2015-11-19 11:20:59 +05:30
Mukund Sivaraman
7bc21557f3 Fix bug in epoll_ctl() usage causing blocked connections (#41067) 2015-11-19 11:01:45 +05:30
Tinderbox User
69b10c86b9 update copyright notice / whitespace 2015-11-18 23:45:27 +00:00
Mark Andrews
c2955d0abd win32: new -> newtable 
(cherry picked from commit 5060d8639e932680456ab07519687d68298be5e0)
 2015-11-18 15:44:46 +11:00
Mark Andrews
268c4e79c4 4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. 
[RT #40556]
 2015-11-17 13:16:44 +11:00
Mark Andrews
6b9f38958c update 9.9.x range 2015-11-17 12:45:21 +11:00
Francis Dupont
dd784c18ef Merged VS 2015 64 bit warnings (#40373) 2015-11-16 17:47:10 +01:00
Mark Andrews
0d44dd6131 add dns_message_setclass 2015-11-16 14:27:08 +11:00
Mark Andrews
c8821d124c 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]
 2015-11-16 13:12:20 +11:00
Mark Andrews
2df63247be check dns_test_begin result 2015-11-11 22:38:39 +11:00
Mukund Sivaraman
58f7af60e7 Allow non-destructive control channel access using a "read-only" clause (#40498) 2015-11-11 13:46:57 +05:30
Tinderbox User
3865e18d3d update copyright notice / whitespace 2015-11-09 23:45:22 +00:00
Evan Hunt
e13d04fda9 [master] fix python script versions 
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
 2015-11-08 21:34:24 -08:00
Tinderbox User
4ba2689c1f update copyright notice / whitespace 2015-11-05 23:45:25 +00:00
Mark Andrews
f4b1a7e063 add dns_compress_disable 2015-11-06 00:15:23 +11:00
Witold Krecicki
bfd4b9e11a 4255. [func] Add 'message-compression' option to disable DNS compression in responses. [RT #40726] 2015-11-05 12:19:04 +01:00
Mark Andrews
29868ebbe3 4254. [bug] Address missing lock when getting zone's serial. 
[RT #41072]
 2015-11-05 17:43:30 +11:00
Mark Andrews
2f450fcd29 4253. [bug] Address fetch context reference count handling error 
on socket error.  [RT#40945]
 2015-11-05 17:10:10 +11:00
Mark Andrews
e939674d53 4252. [func] Add support for automating the generation CDS and 
CDNSKEY rrsets to named and dnssec-signzone.
                        [RT #40424]
 2015-11-05 12:09:48 +11:00
Evan Hunt
09f82f5079 [master] log TSIG key on xfrin 
4250.	[func]		Log the TSIG key in use during inbound zone
			transfers. [RT #41075]
 2015-11-02 20:13:13 -08:00
Tinderbox User
d4a69308f5 update copyright notice / whitespace 2015-10-29 23:45:34 +00:00
Evan Hunt
702e9f43bc [master] typo 2015-10-29 15:50:36 -07:00
Mark Andrews
7c38fa994b 0xf5f5f5f5f5f5f5f5 is a LLU 2015-10-30 08:11:48 +11:00
Mark Andrews
8475bed9de 4249. [func] Improve error reporting of TSIG / SIG(0) records in 
the wrong location. [RT #40953]
 2015-10-29 17:03:03 +11:00
Evan Hunt
821ff5e8fa [master] isc_atomic_storeq()/stats improvements 
4248.	[func]		Add an isc_atomic_storeq() function, use it in
			stats counters to improve performance.
			[RT #39972] [RT #39979]
 2015-10-28 22:19:18 -07:00
Mark Andrews
72ac929f2b 4244. [bug] The parser was not reporting that use-ixfr is obsolete. 
[RT #41010]
 2015-10-29 12:51:17 +11:00
Mark Andrews
a70fc47e9d 4243. [func] Improved stats reporting from Timothe Litt. [RT #38941] 2015-10-28 09:45:46 +11:00
Mark Andrews
c07c0517ca remove trailing blank line 2015-10-22 16:37:12 +11:00
Mark Andrews
79f0eedd65 cleanup trailing whitespace 2015-10-22 16:24:03 +11:00
Mark Andrews
30eec077db cleanup trailing white space in SGML like files 2015-10-22 16:09:46 +11:00
Mark Andrews
f824c65d1f 4340. [port] Fix LibreSSL compatibility. [RT #40977] 2015-10-19 10:43:58 +11:00
Mark Andrews
ffafab1328 remove redundant geoip.c in DNSSRCS 2015-10-16 23:21:20 +11:00
Mark Andrews
20ac20d6e8 remove INSIST and unconditionally call isc_stdio_close 2015-10-16 17:23:35 +11:00
Tinderbox User
43cc3edce9 update copyright notice / whitespace 2015-10-15 23:45:22 +00:00
Mark Andrews
6588a2b404 4238. [bug] Don't send to servers on net zero (0.0.0.0/8). 
[RT #40947]
 2015-10-16 08:00:15 +11:00
Mark Andrews
567196d10a INSIST(f != NULL) to silence coverity false positive 2015-10-16 07:17:25 +11:00
Evan Hunt
61d789916f [master] silence coverity warnings 2015-10-08 09:56:48 -07:00
Evan Hunt
0110f71a78 [master] dyndb.h renamed 2015-10-08 09:26:20 -07:00
Evan Hunt
0316be2d77 [master] restore test for unknown meta types 
- this test was incorrectly removed from the 9.11 branch some time ago,
  but has remained in the maintenance branches
 2015-10-07 00:28:17 -07:00
Tinderbox User
fd2597f756 regen master 2015-10-07 04:11:09 +00:00
Tinderbox User
010a51c427 regen master 2015-10-07 01:06:58 +00:00
Tinderbox User
19c7b1a029 update copyright notice / whitespace 2015-10-06 23:45:23 +00:00
Tinderbox User
2eeb74d1cf regen master 2015-10-06 05:45:21 +00:00
Evan Hunt
14a656f94b [master] upgrade doc toolchain 
4237.	[doc]		Upgraded documentation toolchain to use DocBook 5
			and dblatex. [RT #40766]
 2015-10-05 21:59:35 -07:00
Mark Andrews
09e42eb9e9 add <stdlib.h> for exit(3) 2015-10-06 14:10:49 +11:00
Tinderbox User
244d11a227 update copyright notice / whitespace 2015-10-03 23:45:23 +00:00
Evan Hunt
4a84f8899b [master] silence "missing initializer" warning 2015-10-02 18:47:33 -07:00
Tinderbox User
a625502bdd update copyright notice / whitespace 2015-10-02 23:45:32 +00:00
Evan Hunt
48b2a92da2 [master] missing .def entries, print.h 2015-10-02 14:38:59 -07:00
Francis Dupont
9a94a77a62 Added dns_master_styleflags 2015-10-02 23:01:18 +02:00
Evan Hunt
b66b333f59 [master] dnstap 
4235.	[func]		Added support in named for "dnstap", a fast method of
			capturing and logging DNS traffic, and a new command
			"dnstap-read" to read a dnstap log file.  Use
			"configure --enable-dnstap" to enable this
			feature (note that this requires libprotobuf-c
			and libfstrm). See the ARM for configuration details.

			Thanks to Robert Edmonds of Farsight Security.
			[RT #40211]
 2015-10-02 12:32:42 -07:00
Witold Krecicki
a239044323 4234. [func] Add deflate compression in statistics channel HTTP 
server. [RT #40861]
 2015-10-02 10:45:10 +02:00
Mark Andrews
1b1f6d21c7 curr_srtt = curr->srtt 2015-10-02 07:45:45 +10:00
Mark Andrews
b959848051 compare curr_srtt and best_srtt 2015-10-01 22:12:56 +10:00
Mark Andrews
30f8d5e386 remove deadcode; move NULL assignment arlier 2015-10-01 22:12:02 +10:00
Tinderbox User
551e0d486d update copyright notice / whitespace 2015-09-30 23:45:36 +00:00
Mark Andrews
24231afa05 4229. [bug] A variable could be used uninitalised in 
dns_update_signaturesinc. [RT #40784]
 2015-09-30 15:28:57 +10:00
Mark Andrews
8a0b6b3901 4228. [bug] Address race condition in dns_client_destroyrestrans. 
[RT #40605]
 2015-09-30 14:58:31 +10:00
Mark Andrews
2a12984ce6 4227. [bug] Silence static analysis warnings. [RT #40828 2015-09-30 14:14:47 +10:00
Tinderbox User
55cfbf322d update copyright notice / whitespace 2015-09-29 23:45:32 +00:00
Evan Hunt
40c619daee [master] fix theoretical shutdown race 
4226.	[bug]		Address a theoretical shutdown race in
			zone.c:notify_send_queue(). [RT #38958]
 2015-09-29 15:27:12 -07:00
Evan Hunt
a00f9e2f50 [master] merge dyndb 
4224.	[func]		Added support for "dyndb", a new interface for loading
			zone data from an external database, developed by
			Red Hat for the FreeIPA project.

			DynDB drivers fully implement the BIND database
			API, and are capable of significantly better
			performance and functionality than DLZ drivers,
			while taking advantage of advanced database
			features not available in BIND such as multi-master
			replication.

			Thanks to Adam Tkac and Petr Spacek of Red Hat.
			[RT #35271]
 2015-09-28 23:12:35 -07:00
Mark Andrews
7867d18ce0 Introduce end-of-line normalization 2015-09-29 08:25:35 +10:00
Mark Andrews
85e7a259a4 re-organise sort to use best_srtt and curr_srtt 2015-09-29 08:06:21 +10:00
Mark Andrews
d8e6cd0f8b use HAVE_SYS_SYSCTL_H 2015-09-29 07:26:04 +10:00
Francis Dupont
1d96b1a5ad Removed unused addrbuf 2015-09-28 17:32:40 +02:00
Francis Dupont
722ed14020 Fixed status vs statex 2015-09-28 17:30:07 +02:00
Francis Dupont
29d9a2927c Fixed project files 2015-09-28 15:46:33 +02:00
Francis Dupont
6066985ca8 Fixed isc_meminfo_totalphys return cast (size_t is *not* 64 bit) 2015-09-28 15:34:24 +02:00
Francis Dupont
b39bbe3c95 Fixed missing #include "config.h" 2015-09-28 14:50:18 +02:00
Francis Dupont
c4baee15c8 Fixed missing from libisccfg.def 2015-09-28 14:47:20 +02:00
Witold Krecicki
e6d0a391f5 4223. [func] Add support for setting max-cache-size to percentage 
of available physical memory, set default to 90%.
			[RT #38442]
 2015-09-28 11:08:50 +02:00
Mark Andrews
98a7f8c7ae 4222. [func] Bias IPv6 servers when selecting the next server to 
query. [RT #40836]
 2015-09-28 18:57:19 +10:00
Mark Andrews
8d80b4939d 4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create. 
[RT #40583]
 2015-09-25 09:18:43 +10:00
Mark Andrews
a21c415687 4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK, 
EGAIN when these soft error are not retried for
                        isc_socket_send*().
 2015-09-21 17:22:53 +10:00
Tinderbox User
9268c62bd0 update copyright notice / whitespace 2015-09-18 23:45:23 +00:00
Mark Andrews
4dd41c7d59 4218. [bug] Potential null pointer dereference on out of memory if mmap is not supported. [RT #40777] 2015-09-19 07:12:02 +10:00
Mark Andrews
f6e45a5c54 4217. [protocol] Add support for CSYNC. [RT #40532] 2015-09-18 23:45:12 +10:00
Mark Andrews
705d56b47a 4216. [cleanup] Silence static analysis warnings. [RT #40649] 2015-09-18 23:30:01 +10:00
Mark Andrews
2592ee16b5 document optional class 2015-09-18 13:25:31 +10:00
Mark Andrews
03fac9f931 document that the syslog facility is optional 2015-09-18 13:12:50 +10:00
Mark Andrews
e0a30050c8 4214. [protocol] Add support for TALINK. [RT #40544] 2015-09-18 07:43:43 +10:00
Mark Andrews
741b63c869 4212. [func] Re-query if we get a bad client cookie returned over 
UDP. [RT #40748]
 2015-09-17 14:20:32 +10:00
Mark Andrews
f43e5c8ed2 4210. [cleanup] Silence use after free false positive. [RT #40743] 2015-09-17 14:05:19 +10:00
Mark Andrews
0f2ecf4b5c 4207. [bug] Handle class mismatches with raw zone files. 
[RT #40746]
 2015-09-16 10:43:22 +10:00
Evan Hunt
226339ed43 [master] spurious spaces in named-checkconf -p 
4205.	[bug]		'named-checkconf -p' could include unwanted spaces
			when printing tuples with unset optional fields.
			[RT #40731]
 2015-09-14 08:50:17 -07:00
Mark Andrews
5a49f61ca9 4199. [protocol] Add support for NINFO, RKEY, SINK, TA. 
[RT #40545] [RT #40547] [RT #40561] [RT #40563]
 2015-09-11 17:35:01 +10:00
Evan Hunt
4523c3b371 [master] incorrect result code in isccc 
4202.	[bug]		isccc_cc_fromwire() could return an incorrect
			result. [RT #40614]
 2015-09-11 00:04:25 -07:00
Mark Andrews
3fa134363f 4200. [cleanup] win32: update BINDinstall to be BIND release 
independent. [RT #38915]
 2015-09-11 12:25:39 +10:00
Tinderbox User
f28c6dc514 update copyright notice / whitespace 2015-09-10 23:46:28 +00:00
Mark Andrews
3dd63ba00f 4199. [protocol] Add support for NINFO, RKEY, TA. 
[RT #40545] [RT #40547] [RT #40563]
 2015-09-10 17:58:29 +10:00
Mark Andrews
63874956de 4199. [protocol] Add support for NINFO, RKEY. [RT #40547] [RT #40563] 2015-09-10 17:07:05 +10:00
Mark Andrews
8b29fc0b7a 4199. [protocol] Add support for RKEY. [RT #40563] 2015-09-10 14:50:20 +10:00
Evan Hunt
d37f4738f4 [master] clean up dead code 2015-09-09 08:38:23 -07:00
Mark Andrews
4ca7391e64 4196. [doc] Improve how "enum + other" types are documented. 
[RT #40608]

4195.   [bug]           'max-zone-ttl unlimited;' was broken. [RT #40608]
 2015-09-09 17:02:11 +10:00
Mark Andrews
fbd9aaa58c 4194. [bug] named-checkconf -p failed to properly print a port 
range.  [RT #40634]
 2015-09-09 16:49:11 +10:00
Mark Andrews
3b83676e07 *.vcxproj.in should use CRLF as EOL 2015-08-27 21:57:18 +00:00
Evan Hunt
bcae9a15c1 [master] s/the the/the/ 2015-08-27 14:11:27 -07:00
Mark Andrews
91f66e374b eol -> crlf 2015-08-26 12:43:08 +10:00
Mark Andrews
7ec3c447fd copy notes.pdf to Build\Releasei and link to it from index.html 2015-08-26 12:11:07 +10:00
Tinderbox User
0d5b7ed79d update copyright notice / whitespace 2015-08-25 23:45:27 +00:00
Mark Andrews
02093e4c3b 4193. [bug] Handle broken servers that return BADVERS incorrectly. 
[RT #40427]
 2015-08-25 16:52:43 +10:00
Mark Andrews
9b956d342e 4192. [bug] The default rrset-order of random was not always being 
applied. [RT #40456]
 2015-08-25 14:52:27 +10:00
Mark Andrews
5855fd79e3 4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones 
as per RFC 6763. [RT #37889]
 2015-08-25 14:46:06 +10:00
Mark Andrews
dc3912f3ca 4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as 
valid with check-names.  <forest> still needs to be
                        LDH. [RT #40399]
 2015-08-22 15:27:33 +10:00
Mark Andrews
7d0dfa63cf 4189. [cleanup] Don't exit on overly long tokens in named.conf. 
[RT #40418]
 2015-08-22 15:08:22 +10:00
Mark Andrews
18ba804f3a 4188. [bug] Support HTTP/1.0 client properly on the statistics 
channel. [RT #40261]
 2015-08-20 09:55:28 +10:00
Tinderbox User
161b5249b9 update copyright notice / whitespace 2015-08-19 23:45:23 +00:00
Tinderbox User
0d63efe476 update copyright notice / whitespace 2015-08-18 23:45:26 +00:00
Mukund Sivaraman
ec3dbae9eb Use unknown format when totext() is not implemented for any RDATA (#40317) 2015-08-18 20:11:46 +05:30
Mukund Sivaraman
bf350c9f1a Fix RPZ bugs related to wildcard triggers (#40357) 2015-08-18 19:39:53 +05:30
Mark Andrews
b46fc43469 #include <isc/safe.h> 2015-08-18 21:22:48 +10:00
Evan Hunt
b750a49f3f [master] fixed memory leak in dns_compress_add() 
4184.	[bug]		Fixed a possible memory leak in name compression
			when rendering long messages. (Also, improved
			wire_test for testing such messages.) [RT #40375]
 2015-08-17 22:41:44 -07:00
Mark Andrews
47d459ef43 add isc_safe_memequal and isc_safe_memcompare; remove isc_safe_memcmp 2015-08-18 12:25:22 +10:00
Evan Hunt
420a43c8d8 [master] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]
 2015-08-17 18:26:44 -07:00
Tinderbox User
503ffdad3b update copyright notice / whitespace 2015-08-17 23:45:35 +00:00
Evan Hunt
b2f85a0c8e [master] win32: vs2015 compliance; openssl dependency for check.c 2015-08-17 11:35:10 -07:00
Mukund Sivaraman
b0ba1a6059 Use mnemonics for RR class and type comparisons (#40297) 2015-08-17 12:23:35 +05:30
Mark Andrews
70862302f8 4181. [bug] Queued notify messages could be dequeued from the 
wrong rate limiter queue. [RT #40350]
 2015-08-17 10:37:06 +10:00
Tinderbox User
288c18263f update copyright notice / whitespace 2015-08-14 23:45:27 +00:00
Mukund Sivaraman
d7262e5c86 Fix double frees in getaddrinfo() in libirs (#40209) 2015-08-14 13:55:31 +05:30
Mukund Sivaraman
984d2bb9e5 Fix assertion failure in parsing UNSPEC(103) RR from text (#40274) 2015-08-14 13:30:52 +05:30
Mukund Sivaraman
474921d733 Fix assertion failure in parsing NSAP records from text 2015-08-14 13:11:26 +05:30
Mark Andrews
9dc5ef7f24 4175. [bug] TKEY with GSS-API keys needed bigger buffers. 
[RT #40333]
 2015-08-14 08:20:01 +10:00
Evan Hunt
45ad059c4a [master] address VS2015 compiler warning 2015-08-13 14:58:28 -07:00
Tinderbox User
ed91aca9e6 update copyright notice / whitespace 2015-08-12 23:45:25 +00:00
Mark Andrews
c631ff56bf Updated CHANGES note to include require-server-cookie: 
4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
 2015-08-13 08:26:23 +10:00
Mark Andrews
151f1bcd5e 4172. [bug] Named / named-checkconf didn't handle a view of CLASS0. 
[RT #40265]
 2015-08-12 19:06:00 +10:00
Evan Hunt
9b8f93083d [master] fix tsig class checks 
4171.	[bug]		Fixed incorrect class checks in TSIG RR
			implementation. [RT #40287]
 2015-08-11 22:16:44 -07:00
Evan Hunt
c707e2b986 [master] fix length check in OPENPGPKEY 
4170.	[security]	An incorrect boundary check in the OPENPGPKEY
			rdatatype could trigger an assertion failure.
			[RT #40286]
 2015-08-11 20:01:44 -07:00
Tinderbox User
c4567d0675 update copyright notice / whitespace 2015-08-07 23:45:26 +00:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
 2015-08-07 13:16:10 -07:00
Mukund Sivaraman
991f97366b Fix win32 build (UNUSED is present later) 
(cherry picked from commit 63dcc28d3e)
 2015-07-31 15:01:04 +05:30
Mark Andrews
46e7fc51b8 badcookie has a offical code point of 23 2015-07-27 15:22:09 +10:00
Mark Andrews
dbb064aa79 4165. [bug] An failure to reset a value to NULL in tkey.c could 
result in an assertion failure. (CVE-2015-5477)
                        [RT #40046]
 2015-07-14 14:48:42 +10:00
Tinderbox User
faa3b61828 update copyright notice / whitespace 2015-07-13 23:45:24 +00:00
Mark Andrews
3a49d0ff10 4164. [bug] Don't rename slave files and journals on out of memory. 
[RT #40033]

4163.   [bug]           Address compiler warnings. [RT #40024]
 2015-07-13 09:46:59 +10:00
Mark Andrews
0bc743f9bc 4162. [bug] httpdmgr->flags was not being initialized. [RT #40017] 2015-07-10 18:42:20 +10:00
Tinderbox User
f16a6bfb6c update copyright notice / whitespace 2015-07-09 23:45:22 +00:00
Evan Hunt
fc5f1971a1 [master] fix build error with ISC_MEM_TRACKLINES=0 2015-07-09 14:23:29 -07:00
Evan Hunt
1479200aa0 [master] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:53:39 -07:00
Mark Andrews
af63e286dd set error code if aes selected and not implemented 2015-07-08 12:20:46 +10:00
Tinderbox User
9ab5a7d83c update copyright notice / whitespace 2015-07-07 23:45:22 +00:00
Mark Andrews
bd08b82891 add warning not about handling malformed option content 2015-07-07 10:25:09 +10:00
Mark Andrews
46fc714aa0 dig +ednsopt=<invalid> could trigger a assertion failure [RT #39990] 2015-07-06 23:03:51 +10:00
Mukund Sivaraman
33ca26968b Allow RPZ rewrite logging to be configured on a per-zone basis (#39754) 2015-07-06 08:57:51 +05:30
Mark Andrews
3e33f4198d 4154. [bug] A OPT record should be included with the FORMERR 
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]
 2015-07-06 12:52:37 +10:00
Tinderbox User
8f0b326d9a update copyright notice / whitespace 2015-07-05 23:45:22 +00:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the 
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
 2015-07-06 09:44:24 +10:00
Tinderbox User
85d23eaae8 update copyright notice / whitespace 2015-07-03 23:45:24 +00:00
Mark Andrews
307adf6792 4151. [bug] 'rndc flush' could cause a deadlock. [RT #39835] 2015-07-03 10:17:33 +10:00
Tinderbox User
2bd63eca27 update copyright notice / whitespace 2015-07-01 23:45:22 +00:00
Mark Andrews
753b27a7d3 4150. [bug] win32: listen-on-v6 { any; }; was not working. Apply 
minimal fix.  [RT #39667]
 2015-07-01 11:51:45 +10:00
Tinderbox User
337d408adb update copyright notice / whitespace 2015-06-29 23:45:23 +00:00
Mukund Sivaraman
c44c77178e Fix race in getaddrinfo() in libirs, which caused assertion failure in delv (#39873) 2015-06-29 19:44:42 +05:30
Mukund Sivaraman
08f0129732 Fix a bug printing zone names with '/' character in XML and JSON stats (#39873) 2015-06-29 18:33:18 +05:30
Mark Andrews
4a61eae651 4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 
was returning referrals rather than nodata responses
                        when the AAAA records were filtered.  [RT #39843]
 2015-06-29 15:48:41 +10:00
Mark Andrews
adbf81335b 4146. [bug] Address reference leak that could prevent a clean 
shutdown. [RT #37125]
 2015-06-25 18:36:27 +10:00
Mark Andrews
2f66e2dd81 4145. [bug] Not all unassociated adb entries where being printed. 
[RT #37125]
 2015-06-25 18:26:59 +10:00
Mukund Sivaraman
8aecc50f0d Remove backwards compatibility grammar (#39845) 
This was not done in the previous merge commit, so that it could be
merged cleanly into release branches.
 2015-06-23 14:23:12 +05:30
Mukund Sivaraman
0439bfedd9 Fix parsing of NZFs saved by rndc addzone with view specified (#39845) 2015-06-23 14:19:48 +05:30
Mark Andrews
d4422ec231 don't use C++ keyword new; use (const char *) for output of strchr((const char *), char) 2015-06-18 11:14:43 +10:00
Mark Andrews
a85c6b35af 4138. [bug] A uninitialized value in validator.c could result 
in a assertion failure. (CVE-2015-4620) [RT #39795]
 2015-06-17 09:13:03 +10:00
Mark Andrews
a8cb6c6fbc add #define check_stale_rdataset check_stale_rdataset64 2015-06-12 11:17:07 +10:00
Mark Andrews
c781d465b6 silence unused parameter warning 2015-06-11 14:03:19 +10:00
Mukund Sivaraman
59a9cb54c1 Propagate stale attribute when updating stats (#39141) 
Squashed commit of the following:

commit 9b5b9fa30fbeba8ee1e95cb1028017230ed4db02
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:54 2015 +0530

    Remove double function prototypes

commit f3bb8cc60ae476eaa871ba10330b16425ced2d7c
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Apr 7 19:30:34 2015 +0530

    Unify several copies of redundant code into a helper function

commit 4899fb9b2f36fc5d159fa877c0780a442a7cbdb3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Thu Apr 2 00:23:53 2015 +0530

    Propagate stale attribute when updating stats
 2015-06-10 14:04:30 +05:30
Witold Krecicki
f85deb5154 log expired NTA at startup 2015-06-08 13:57:24 +02:00
Tinderbox User
a03c39ef51 update copyright notice / whitespace 2015-06-05 23:45:26 +00:00
Witold Krecicki
8d21d93a6b better logging of RPZ changes RT #39670 2015-06-05 12:24:11 +02:00
Mark Andrews
6c0c85563f update comment as per rt39703 2015-06-05 11:09:35 +10:00
Mark Andrews
8a9bac8dec 4133. [port] Update how various json libraries are handled. 
[RT #39646]
 2015-06-05 10:16:24 +10:00
Tinderbox User
e545fce91b update copyright notice / whitespace 2015-06-04 23:45:25 +00:00
Evan Hunt
8c9fba44a4 [master] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:18:55 -07:00
Mark Andrews
e0fea0bf85 silence coverity warnings 2015-05-30 17:44:52 +10:00
Mark Andrews
03089dd420 add INSIST to silence coverity 2015-05-30 17:37:14 +10:00
Mark Andrews
4e056cee66 unsigned constants 2015-05-29 11:26:13 +10:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00
Evan Hunt
2bb245e04a [master] typo in comment 2015-05-28 15:04:40 -07:00
Mark Andrews
38c19e5779 4130. [bug] The compatability shim for *printf() misprinted some 
large numbers. [RT #39586]
 2015-05-29 07:21:49 +10:00
Mark Andrews
8bb630c751 4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532] 2015-05-28 14:41:21 +10:00
Mark Andrews
e53e202ef3 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 2015-05-28 13:17:07 +10:00
Tinderbox User
3813d22587 update copyright notice / whitespace 2015-05-27 23:45:25 +00:00
Mark Andrews
e7b7ede003 add dns_zone_cdscheck 2015-05-27 16:17:54 +10:00
Mark Andrews
598b502695 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]
 2015-05-27 15:25:45 +10:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Mark Andrews
5af7557757 use unsigned constants 2015-05-24 12:51:55 +10:00
Tinderbox User
d70dac20d2 update copyright notice / whitespace 2015-05-23 23:45:25 +00:00
Mark Andrews
503f0b324a #undef before #define 2015-05-24 06:04:09 +10:00
Francis Dupont
941b62c8cb finished print.h stuff 2015-05-23 16:12:24 +02:00
Francis Dupont
3759f10fc5 added print.h includes, updated copyrights 2015-05-23 14:21:51 +02:00
Tinderbox User
46ee7c3260 update copyright notice / whitespace 2015-05-22 23:45:24 +00:00
Mark Andrews
9e5390f3f3 add cfg_parse_buffer2 2015-05-22 22:24:06 +10:00
Mark Andrews
7507c1826f all of NEED*PRINT are needed if %z is not supported 2015-05-22 22:12:42 +10:00
Evan Hunt
c55a1da4fc [master] log parsing errors from default config or addzone/modzone 
4124.	[func]		Log errors or warnings encountered when parsing the
			internal default configuration.  Clarify the logging
			of errors and warnings encountered in rndc
			addzone or modzone parameters. [RT #39440]
 2015-05-21 23:04:29 -07:00
Mark Andrews
22909ca827 unconditionally include stdio.h 2015-05-22 10:08:43 +10:00
Tinderbox User
0dfc0745c4 update copyright notice / whitespace 2015-05-21 23:45:26 +00:00
Mark Andrews
9e69ff9ad0 exclude isc_print_printf and isc_print_fprintf 2015-05-22 08:22:19 +10:00
Evan Hunt
cadf8d687b [master] add %z format options to printf 
4123.	[port]		Added %z (size_t) format options to the portable
			internal printf/sprintf implementation. [RT #39586]
 2015-05-21 14:55:15 -07:00
Mukund Sivaraman
705cea35a8 Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 2015-05-21 11:10:49 +05:30
Evan Hunt
19365b43e9 [master] ensure rpz summary consistence during AXFR updates 
4121.	[bug]		When updating a response-policy zone via AXFR,
			summary data about other policy zones could fall
			out of sync. Ultimately this could trigger an
			assertion failure in rpz.c. [RT #39567]
 2015-05-20 15:00:50 -07:00
Evan Hunt
7e6cf6fc6e [master] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]
 2015-05-19 15:47:42 -07:00
Tinderbox User
f5280a1563 update copyright notice / whitespace 2015-05-11 23:45:22 +00:00
Mark Andrews
1acfed3dac update variable name to better reflect reality 
(cherry picked from commit 51a82fe30d)
 2015-05-11 13:42:04 +10:00
Mark Andrews
844b568182 use dns_opcode_t 2015-05-11 12:16:44 +10:00
Mark Andrews
b4a6f7fff4 #include <string.h> for strcmp 2015-05-11 12:16:07 +10:00
Mukund Sivaraman
b947e1a521 Fix a bug in RPZ that could cause unwanted recursion (#39229) 
Conflicts:
	doc/arm/notes.xml
 2015-05-07 08:29:36 +05:30
Tinderbox User
012142bbe0 update copyright notice / whitespace 2015-05-06 23:45:24 +00:00
Tinderbox User
4e92a74ec4 update copyright notice / whitespace 2015-05-05 23:45:24 +00:00
Evan Hunt
9e804040a2 [master] add "rndc -r" to print result code 
4115.	[func]		"rndc -r" now prints the result code (e.g.,
			ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after
			running the requested command. [RT #38913]
 2015-05-05 16:39:09 -07:00
Mark Andrews
675900780a 150 ->160 2015-05-06 09:24:16 +10:00
Mark Andrews
5e73a8d791 set initial values for 9.11.x 2015-05-06 08:27:49 +10:00
Mukund Sivaraman
8f25faf972 Fix a regression in radix tree implementation introduced by ECS code (#38983) 2015-05-05 13:11:23 +05:30
Tinderbox User
452a29e62c update copyright notice / whitespace 2015-04-28 23:45:24 +00:00
Mark Andrews
b292230ab8 4110. [bug] Address memory leaks / null pointer dereferences 
on out of memory. [RT #39310]
 2015-04-29 03:16:50 +10:00
Mark Andrews
e77e449549 4109. [port] linux: support reading the local port range from 
net.ipv4.ip_local_port_range. [RT # 39379]
 2015-04-25 08:25:42 +10:00
Mark Andrews
c82b378115 4108. [func] A additional nxdomain redirect (nxdomain-redirect) 
method is now supported. [RT #37989]
 2015-04-23 16:57:15 +10:00
Mark Andrews
ef0e674456 4107. [bug] Address potential deadlock when updating zone content. 
[RT #39269]
 2015-04-18 13:45:03 +10:00
Tinderbox User
1413616670 update copyright notice / whitespace 2015-04-17 23:45:24 +00:00
Mark Andrews
def6608a44 don't set rdh_ttl in init_rdataset 2015-04-17 23:09:05 +10:00
Francis Dupont
ab973ec40c misc x64 VS 2015 CTP fixes [#39308] 2015-04-17 11:39:26 +02:00
Mark Andrews
f1a261ba2d 4104. [bug] Address uninitialized elements. [RT #39252] 2015-04-17 14:04:47 +10:00
Francis Dupont
bcb68be0a8 misc fixes for VS 2015 CTP #39267 2015-04-17 02:57:02 +02:00
Tinderbox User
ace0b8d470 update copyright notice / whitespace 2015-04-15 23:45:22 +00:00
Evan Hunt
c03fe78ef5 [master] use after free in resquery_destroy() 
4102.	[bug]		Fix a use after free bug introduced in change
			#4094.  [RT #39281]
 2015-04-15 15:38:14 -07:00
Mark Andrews
c855e7170a 4100. [bug] Inherited owernames on the line immediately following 
a $INCLUDE were not working.  [RT #39268]
 2015-04-15 12:47:57 +10:00
Tinderbox User
a269ca51cc update copyright notice / whitespace 2015-04-14 23:45:21 +00:00
Mukund Sivaraman
ac31adc3b7 Add additional logging about xfrin transfer status (#39170) 2015-04-14 12:16:26 +05:30
Mukund Sivaraman
2c4d5faf7f Don't use query->sendevent after it's been destroyed (#39132) 2015-04-13 15:04:41 +05:30
Mark Andrews
54fe1d05b6 4095. [bug] zone->options2 was not being properly initalized. 
[RT #39228]
 2015-04-11 08:04:02 +10:00
Evan Hunt
d9b37259f3 [master] hold a reference on fetch context during query 
4094.	[bug]		A race during shutdown or reconfiguration could
			cause an assertion in mem.c. [RT #38979]
 2015-04-08 14:33:45 -07:00
Tinderbox User
6e61135f10 update copyright notice / whitespace 2015-03-27 23:45:21 +00:00
Mukund Sivaraman
fba894c98b Some cleanups in isc mem code (#38896) 2015-03-27 23:12:11 +05:30
Mukund Sivaraman
f9f81abff0 Fix a crash while parsing malformed CAA RRs in presentation format (#39003) 2015-03-27 10:32:03 +05:30
Mukund Sivaraman
9a7532f836 Send notifies immediately for slave zones during startup (#38843) 2015-03-25 10:55:55 +05:30
Tinderbox User
3e2bfb151a update copyright notice / whitespace 2015-03-23 23:45:21 +00:00
Mark Andrews
cef65f9409 @ISC_OPENSSL_INC@ needs to not be by itself 
(cherry picked from commit a5885354413d503105521b7bf4cd603927f81814)
 2015-03-24 07:54:51 +11:00
Evan Hunt
e89972afcb [master] fixed build errors with libressl 
4088.	[port]		Fixed errors when building with libressl. [RT #38899]
 2015-03-23 13:34:56 -05:00
Mukund Sivaraman
ebeb4b3e09 Fix a crash due to use-after-free (#38495) 2015-03-18 06:42:54 +05:30
Mukund Sivaraman
24f2cc7d06 Fix a possible race in updating stats counters (#38826) 
and do some other isc mem cleanups.
 2015-03-09 10:30:47 +05:30
Mukund Sivaraman
f5a62d97e3 Fix -Wshadow warnings (#38762) 
These happen due to ntohs()/htons() macro expansion in glibc.
 2015-03-09 09:23:46 +05:30
Evan Hunt
da4a7772eb [master] improve thread support reporting 
4083.	[cleanup]	Print of the number of CPUs and UDP listeners
			in the log and in "rndc status" output; indicate
			whether threads are supported in "named -V" output.
			[RT #38811]
 2015-03-04 15:56:33 -08:00
Mark Andrews
f2f3880223 add missing defs 2015-03-05 10:48:04 +11:00
Tinderbox User
811acf52b8 update copyright notice / whitespace 2015-03-04 23:45:21 +00:00
Mark Andrews
1b05d22789 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]
 2015-03-05 09:59:29 +11:00
Mark Andrews
29d52c001f 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 2015-03-03 16:43:42 +11:00
Evan Hunt
7ae96d8823 [master] add "lock-file" and fix up singleton code 
4080.	[func]		Completed change #4022, adding a "lock-file" option
			to named.conf to override the default lock file,
			in addition to the "named -X <filename>" command
			line option.  Setting the lock file to "none"
			using either method disables the check completely.
			[RT #37908]
 2015-03-02 19:27:54 -08:00
Tinderbox User
3d787a1213 update copyright notice / whitespace 2015-03-02 23:45:21 +00:00
Mukund Sivaraman
10dd5f62f2 Add support for Valgrind's helgrind tool (#38706) 
Also fix one locking issue that helgrind found: Maintain stats->lock
while stats->reference is used.
 2015-03-02 13:42:20 +05:30
Mukund Sivaraman
0ea9f8037d Remove more wider memset() over control now that it's handled below (#38621) 2015-03-02 12:52:41 +05:30
Tinderbox User
5e93bad21b update copyright notice / whitespace 2015-03-01 23:45:20 +00:00
Evan Hunt
ed57645433 [master] add 64-bit symbols for ownercase functions 2015-02-27 17:36:29 -08:00
Tinderbox User
34eab435ac update copyright notice / whitespace 2015-02-27 23:45:24 +00:00
Evan Hunt
2bbf69e1e2 [master] add missing externals 2015-02-26 21:58:19 -08:00
Mark Andrews
4677223a53 address -Wshadow warning 2015-02-27 16:46:54 +11:00
Mark Andrews
a8da00ef95 4079. [func] Preserve the case of the ownername of records to 
the RRset level. [RT #37442]
 2015-02-27 15:08:38 +11:00
Mark Andrews
b5edc023a1 4078. [bug] Hand the case where CMSG_SPACE(sizeof(int)) != 
CMSG_SPACE(sizeof(int)). [RT #38621.
 2015-02-27 14:52:26 +11:00
Mark Andrews
bb5df338d9 4076. [bug] Named could crash on shutdown with outstanding 
reload / reconfig events. [RT #38622]
 2015-02-27 12:34:43 +11:00
Mark Andrews
42580072de protect with #ifdef HAVE_PTHREAD_MUTEX_ADAPTIVE_NP 2015-02-27 11:37:35 +11:00
Mark Andrews
af669cb4fd 4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708] 2015-02-27 10:55:55 +11:00
Tinderbox User
c10fda07d6 update copyright notice / whitespace 2015-02-26 23:45:22 +00:00
Mukund Sivaraman
1783676a64 Add a --enable-querytrace configure switch for very verbose query tracelogging (#37520) 2015-02-26 16:51:07 +05:30
Mukund Sivaraman
ebeb668f86 Remove unused functions (#38547) 2015-02-26 14:47:03 +05:30
Mukund Sivaraman
07dd40e8ee Initialize pthread_mutexattrs just once (#38547) 2015-02-26 14:43:45 +05:30
Mukund Sivaraman
db93c0def5 Fix a segfault when running nslookup (#38548) 2015-02-26 14:03:35 +05:30
Tinderbox User
f159b7b5c7 update copyright notice / whitespace 2015-02-25 23:45:22 +00:00
Mukund Sivaraman
5a505fc4c2 Add facility to run system test nameds under Valgrind (#38546) 2015-02-25 09:06:45 +05:30
Evan Hunt
bfc11b9c65 [master] additional mkeys tests 
4065.	[test]		Additional RFC 5011 tests. [RT #38569]
 2015-02-23 21:07:26 -08:00
Tinderbox User
c3854e9cd3 update copyright notice / whitespace 2015-02-23 23:45:20 +00:00
Evan Hunt
7acc2f2156 [master] fix LOADPENDING issues 
4063.	[bug]		Asynchronous zone loads were not handled
			correctly when the zone load was already in
			progress; this could trigger a crash in zt.c.
			[RT #37573]
 2015-02-22 20:43:39 -08:00
Evan Hunt
07229d51a6 [master] report library version numbers on win32 2015-02-20 23:23:59 -08:00
Mark Andrews
072ce62d23 used unsigned zero 2015-02-19 15:42:29 +11:00
Tinderbox User
a70b865da3 update copyright notice / whitespace 2015-02-18 23:45:23 +00:00
Mark Andrews
6a837e5121 address race condition with multiple isc_socket_connect calls in change 4041 2015-02-18 23:32:31 +11:00
Mukund Sivaraman
e58eb371a0 RPZ: Don't diff keys out of bounds, found via Valgrind (#38559) 2015-02-18 12:49:56 +05:30
Tinderbox User
8f0427f11b update copyright notice / whitespace 2015-02-17 23:45:20 +00:00
Evan Hunt
1f81c9e1e2 [master] silence warning 2015-02-17 11:37:26 -08:00
Tinderbox User
c8a55dfd0a update copyright notice / whitespace 2015-02-12 23:45:23 +00:00
Mukund Sivaraman
ffc393dd18 Remove canary code from hash destroy function (#38602) 
This triggers a Valgrind out-of-bounds read report. It was introduced by
commit 5d7849ad7f.

No CHANGES entry necessary as it doesn't have any user-visible or
behavioral change. It removes an out-of-bounds read issue that went
undetected when allocated through isc_mem as the memory was present.
The memory read was compared to itself, so it has no behavioral change.
 2015-02-12 18:14:34 +05:30
Mark Andrews
f4102ab13e 4060. [bug] dns_rdata_freestruct could be call on a uninitialised 
structure when handling a error. [RT #38568]
 2015-02-11 16:50:11 +11:00
Evan Hunt
8fa6f39c85 [master] oops, win32 data exports work differently now 2015-02-10 17:26:09 -08:00
Evan Hunt
82a42fe81e [master] export dns_zone_mkey_{month,day,hour} 2015-02-10 16:59:09 -08:00
Tinderbox User
f3affbe2ff update copyright notice / whitespace 2015-02-10 23:45:23 +00:00
Evan Hunt
a98f70acc8 [master] address valgrind warnings 
4059.	[bug]		Addressed valgrind warnings. [RT #38549]
 2015-02-10 14:01:38 -08:00
Evan Hunt
2616cb6944 [master] fix PRNG selection in dispatch.c 
4058.	[bug]		UDP dispatches could use the wrong psuedorandom
			number generator context. [RT #38578]
 2015-02-10 13:54:48 -08:00
Tinderbox User
29756974c5 update copyright notice / whitespace 2015-02-06 23:45:21 +00:00
Evan Hunt
82843574c9 [master] fix keytable test 2015-02-06 14:08:28 -08:00
Mark Andrews
29fc1a4197 <isc/print.h> 2015-02-06 13:30:22 +11:00
Evan Hunt
591389c7d4 [master] 5011 tests and fixes 
4056.	[bug]		Expanded automatic testing of trust anchor
			management and fixed several small bugs including
			a memory leak and a possible loss of key state
			information. [RT #38458]

4055.	[func]		"rndc managed-keys" can be used to check status
			of trust anchors or to force keys to be refreshed,
			Also, the managed keys data file has easier-to-read
			comments.  [RT #38458]
 2015-02-05 17:18:15 -08:00
Mark Andrews
d2a50c9ba8 cast to (unsigned long) to silence format warning 2015-02-05 07:50:24 +11:00
Francis Dupont
1059bc2e42 added mdig tool 2015-02-04 14:22:32 +01:00
Evan Hunt
801fb8b894 [master] avoid crash due to managed-key rollover 
4053.	[security]	Revoking a managed trust anchor and supplying
			an untrusted replacement could cause named
			to crash with an assertion failure.
			(CVE-2015-1349) [RT #38344]
 2015-02-03 18:25:28 -08:00
Tinderbox User
92059a966a update copyright notice / whitespace 2015-02-03 23:46:29 +00:00
Mukund Sivaraman
2696ceb4d4 Fix a Valgrind warning about use of uninitialized memory (as part of #38454) 2015-02-03 11:43:34 +05:30
Mukund Sivaraman
fe12a8f107 Fix a leak of pthread_mutexattr_t (#38454) 
4051.	[bug]		Fix a leak of pthread_mutexattr_t. [RT #38454]
 2015-02-03 11:42:06 +05:30
Tinderbox User
f72460c717 update copyright notice / whitespace 2015-01-30 23:45:24 +00:00
Mark Andrews
e77ef50a57 4049. [bug] CDS and CDNSKEY had the wrong attributes. [RT #38491] 2015-01-30 21:48:28 +11:00
Tinderbox User
59e7a41eaf update copyright notice / whitespace 2015-01-29 23:45:24 +00:00
Mark Andrews
7865bb3549 copy COPYRIGHT and OpenSSL Licence to Build\Release 2015-01-29 14:36:09 +11:00
Mark Andrews
4b36b9c1ff 4048. [bug] adb hash table was not being grown. [RT #38470] 2015-01-29 11:50:30 +11:00
Tinderbox User
be755f4725 update copyright notice / whitespace 2015-01-22 23:45:26 +00:00
Evan Hunt
84ee90b52d [master] fix 'total use' accounting 
4046.   [bug]           Accounting of "total use" in memory context
                        statistics was not correct. [RT #38370]
 2015-01-22 09:44:24 -08:00
Evan Hunt
f885a6172e [master] silence warning 2015-01-22 09:03:24 -08:00
Mark Andrews
875574f1e4 4045. [bug] Skip to next master on dns_request_createvia4 failure. 
[RT #25185]
 2015-01-22 15:56:50 +11:00
Tinderbox User
39f68d7b64 update copyright notice / whitespace 2015-01-21 23:45:24 +00:00
Mark Andrews
17dc146c7c 4044. [bug] Change 3955 was not complete resulting is a assertion 
failure is the timing was just right. [RT #38352]
 2015-01-22 10:38:40 +11:00
Evan Hunt
e91c70668e [master] restored accidentally removed externals 2015-01-20 22:38:27 -08:00
Mark Andrews
22e3e00ac9 4042. [bug] zone.c:iszonesecure was being called too late. 
[RT #38371]
 2015-01-21 13:18:30 +11:00
Mark Andrews
83b9e799df #ifdef protect 'b' 2015-01-21 13:07:50 +11:00
Evan Hunt
ff62d4458a [master] allow shared TCP sockets when connecting 
4041.	[func]		TCP sockets can now be shared while connecting.
			(This will be used to enable client-side support
			of pipelined queries.) [RT #38231]
 2015-01-20 17:22:31 -08:00
Evan Hunt
761d135ed6 [master] add TCP pipelining support 
4040.	[func]		Added server-side support for pipelined TCP
			queries. TCP connections are no longer closed after
			the first query received from a client. (The new
			"keep-response-order" option allows clients to be
			specified for which the old behavior will still be
			used.) [RT #37821]
 2015-01-20 16:14:09 -08:00
Evan Hunt
b77ae24e3e [master] more windows VS14 compatibility work 
(completes change #3987)
 2015-01-20 15:45:38 -08:00
Tinderbox User
c110d61b17 update copyright notice / whitespace 2015-01-20 23:45:26 +00:00
Evan Hunt
11463c0ac2 [master] clean up gcc -Wshadow warnings 
4039.	[cleanup]	Cleaned up warnings from gcc -Wshadow. [RT #37381]
 2015-01-20 13:29:18 -08:00
Mark Andrews
cc0a48a381 4038. [bug] Add 'rpz' flag to node and use it to determine whether 
to call dns_rpz_delete.  This should prevent unbalanced
                        add / delete calls. [RT #36888
 2015-01-20 16:57:42 +11:00
Mark Andrews
f8eb4e5bfd 4037. [bug] also-notify was ignoring the tsig key when checking 
for duplicates resulting in some expected notify
                        messages not being sent. [RT #38369]
 2015-01-20 16:42:56 +11:00
Evan Hunt
59c489552d [master] remove a potentially misleading log message 2015-01-19 20:15:01 -08:00
Tinderbox User
b624001e36 update copyright notice / whitespace 2015-01-16 23:45:22 +00:00
Mukund Sivaraman
b05a50c852 Make call to open a temporary file name safe during NZF creation (#38331) 
Based on a patch sent in by Tony Finch <dot@dotat.at>.

Also fix win32 implementation of isc_file_openunique() to use a random
filename instead of using the process id.
 2015-01-16 18:29:23 +05:30
Tinderbox User
2dd6ffb5cb update copyright notice / whitespace 2015-01-12 23:45:21 +00:00
Mukund Sivaraman
4716d844c4 Add missing symbols to libdns.def.in 2015-01-12 09:55:56 +05:30
Mukund Sivaraman
a6f0e9c985 Add NTA persistence (#37087) 
4034.   [func]          When added, negative trust anchors (NTA) are now
                        saved to files (viewname.nta), in order to
                        persist across restarts of the named server.
                        [RT #37087]
 2015-01-12 09:07:48 +05:30
Tinderbox User
f0cbe180f0 update copyright notice / whitespace 2015-01-10 23:45:22 +00:00
Mark Andrews
f4dda9cf28 4033. [bug] Missing out of memory check in request.c:req_send. 
[RT #38311]
 2015-01-11 09:24:33 +11:00
Evan Hunt
4b52ac401d [master] remove unhelpful comment, revise change note 
3973.	[test]		Added hooks for Google Performance Tools
			CPU profiler, including real-time/wall-clock
			profiling. [RT #37339]
 2015-01-10 00:17:57 -08:00
Tinderbox User
63b0524b96 update copyright notice / whitespace 2015-01-08 23:45:22 +00:00
Mark Andrews
d1f1f13c7f 4031. [bug] named-checkconf -z failed to report a missing file 
with a hint zone. [RT #38294]
 2015-01-08 19:19:12 +11:00
Tinderbox User
b129f72d95 update copyright notice / whitespace 2015-01-07 23:45:22 +00:00
Evan Hunt
f784ce7523 [master] add missing functions 2015-01-07 00:22:31 -08:00
Evan Hunt
74eb2f5cbc [master] rndc showzone / rndc delzone of non-added zones 
4030.	[func]		"rndc delzone" is now applicable to zones that were
			configured in named.conf, as well as zones that
			were added via "rndc addzone". (Note, however, that
			if named.conf is not also modified, the deleted zone
			will return when named is reloaded.) [RT #37887]

4029.	[func]		"rndc showzone" displays the current configuration
			of a specified zone. [RT #37887]
 2015-01-06 22:57:57 -08:00
Tinderbox User
651c5a50f4 update copyright notice / whitespace 2015-01-06 23:45:23 +00:00
Mark Andrews
b0c18fffd3 4028. [bug] $GENERATE with a zero step was not being caught as a 
error.  A $GENERATE with a / but no step was not being
                        caught as a error. [RT #38262]
 2015-01-06 11:31:34 +11:00
Tinderbox User
055f6517b4 update copyright notice / whitespace 2014-12-19 23:45:22 +00:00
Mark Andrews
d8f2dd46cb 4025. [port] bsdi: failed to build. [RT #38047] 2014-12-19 12:06:35 +11:00
Mark Andrews
1e0ed0c6f5 4024. [bug] dns_rdata_opt_first, dns_rdata_opt_next, 
dns_rdata_opt_current, dns_rdata_txt_first,
                        dns_rdata_txt_next and dns_rdata_txt_current were
                        documented but not implemented.  These have now been
                        implemented.

                        dns_rdata_spf_first, dns_rdata_spf_next and
                        dns_rdata_spf_current were document but not
                        implemented.  The prototypes for these
                        functions have been removed. [RT #38068]

4023.   [bug]           win32: socket handling with explict ports and
                        invoking named with -4 was broken for some
                        configurations. [RT #38068]
 2014-12-19 11:35:07 +11:00
Mukund Sivaraman
47d837a499 Make named a singleton process [RT#37908] 
Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/win32/libdns.def.in
	lib/isc/win32/file.c

The merge also needed to update files in legacy and tcp system tests
(newly introduced in master after branch was created) to introduce use
of lockfile.
 2014-12-18 12:31:25 +05:30
Evan Hunt
9fcbc46062 [master] more missing entry points 2014-12-16 14:40:33 -08:00
Evan Hunt
fc12d18471 [master] typos 2014-12-16 12:42:05 -08:00
Evan Hunt
25ee607cf5 [master] add more missing entry points 2014-12-16 12:09:09 -08:00
Mark Andrews
eb690e00e7 add missing entry points 2014-12-17 00:27:17 +11:00
Mark Andrews
2efb444806 add missing entry points 2014-12-16 23:46:15 +11:00
Mark Andrews
f5c22df82b win32 build 2014-12-16 23:36:44 +11:00
Evan Hunt
be7fba8019 [master] adjust max-recursion-queries 
4021.	[bug]		Adjust max-recursion-queries to accommodate
			the need for more queries when the cache is
			empty. [RT #38104]
 2014-12-15 22:28:06 -08:00
Mark Andrews
132410d33f add/sort 2014-12-16 14:49:17 +11:00
Mark Andrews
7799a5edea add missing entries 2014-12-16 14:41:25 +11:00
Mark Andrews
2e98ab2c9d remove non null check 2014-12-09 19:51:32 +11:00
Mark Andrews
017aa9aef6 4019. [func] If named is not configured to validate the answer 
then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]
 2014-12-05 17:47:26 +11:00
Mark Andrews
ea3aa401bc 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]
 2014-12-03 11:34:07 +11:00
Mark Andrews
6444de08d1 4014. [bug] When including a master file origin_changed was 
not being properly set leading to a potentially
                        spurious 'inherited owner' warning. [RT #37919]
 2014-12-03 09:42:30 +11:00
Francis Dupont
5c5c6d289d Add a TCP only option to server/peer 2014-12-02 14:17:59 +01:00
Francis Dupont
fc63119c8b Hardened OpenSSL digest/HMAC calls [RT #37944] 2014-12-02 12:41:01 +01:00
Mark Andrews
401f7510d7 use the actual header 2014-11-28 19:17:26 +11:00
Mark Andrews
7554ff1619 add #define rdataset_clearprefetch rdataset_clearprefetch64 2014-11-25 12:06:23 +11:00
Tinderbox User
523ad879ce update copyright notice / whitespace 2014-11-24 23:53:16 +00:00
Mark Andrews
092d3b76db 4010. [cleanup] Clear the prefetchable state when initiating a prefetch. 
[RT #37399]
 2014-11-24 11:18:30 +11:00
Evan Hunt
92384667ff [master] delv +tcp 
4009.	[func]		delv: added a +tcp option. [RT #37855]
 2014-11-21 09:42:04 -08:00
Mark Andrews
70bceacc80 silence signed/unsigned warning 2014-11-21 20:28:17 +11:00
Evan Hunt
3e5b4176d8 [master] win32 build fix 2014-11-20 15:55:43 -08:00
Evan Hunt
c6b699b58e [master] remove inadvertently-retained content from quota.h 2014-11-20 12:55:01 -08:00
Evan Hunt
05e448935c [master] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.
 2014-11-19 18:21:02 -08:00
Evan Hunt
c4f54e5bd1 [master] add max-recursion-queries 
also fixes and documentation for max-recursion-depth
 2014-11-18 22:02:02 -08:00
Evan Hunt
3230429e17 [master] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:24:44 -08:00
Evan Hunt
c325ff9c79 [master] complete coverity fixes 2014-11-17 17:39:00 -08:00
Mark Andrews
4ac862fa96 only execute additional tests if create call succeeds 2014-11-18 12:19:37 +11:00
Evan Hunt
a0b4f6d952 [master] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:43:22 -08:00