upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 20:11:12 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
39860 commits 18 branches 854 tags 440 MiB
Commit graph

2916 commits

Author SHA1 Message Date
Mark Andrews
5a0cea31c4 Document resolver-use-dns64 2023-09-13 14:33:05 +10:00
Ondřej Surý
9e0b348a2b
Deprecate 'dnssec-must-be-secure' option 
The dnssec-must-be-secure feature was added in the early days of BIND 9
and DNSSEC and it makes sense only as a debugging feature.

Remove the feature to simplify the code.
 2023-09-04 13:38:14 +02:00
Matthijs Mekking
b5a757c452 Explain lifetime format 
Add the text "TTL-style unit suffixes or ISO 8601 duration formats",
just like we do at other places that are duration option types.

Also, in the dnssec-policy "keys" example, use a TTL-style unit too.
 2023-08-31 17:42:52 +02:00
Matthijs Mekking
cc122d22b4 Add a glossary definition for duration 
We don't yet explain the syntax of TTL-style suffixes or ISO 8601
duration formats.
 2023-08-31 17:42:52 +02:00
Matthijs Mekking
07c70ea2bd Fix keys reference link in ARM 
There's a statement that says: "Here is an example (for illustration
purposes only) of some possible entries in a [keys] list:", and that
links to the wrong "keys" statement (it links to the TSIG keys section).

Remove the reference, as we are already in the right section.
 2023-08-31 17:42:52 +02:00
Timo Teräs
38df202cdb Update PKCS#11 section in the ARM 
Add instructions for pkcs11-provider and generalize common sections.
 2023-08-31 15:41:39 +00:00
Michal Nowak
520e97e2fc
Install Sphinx tools versions from BIND 9 repository 
The doc/arm/requirements.txt file is the single source of truth when it
comes to Sphinx tools versions used to build documentation via
util/release-tarball-comparison.sh.
 2023-08-31 14:31:57 +02:00
Tom Krizek
92143fa960
Update sphinx_rtd_theme 
To resolve the version select and search issue on readthedocs.org,
sphinx_rtd_theme>=1.2.1 is required.

Related https://github.com/readthedocs/sphinx_rtd_theme/issues/1452
 2023-08-29 10:07:05 +02:00
Ondřej Surý
db94c7526c
Split the CPU architectures into more categories 
Move i386 and other less common or ancient CPU architectures to
Community-Maintened category.  Move armhf and arm64 to the Best-Effort
category as we do test them as part of development work (new MacBooks
are all arm64), we don't really do full set of tests in the CI.
 2023-08-23 16:54:22 +02:00
Michal Nowak
5e1120d9a3
Reintroduce Debian 11 "bullseye" Clang and GCC jobs 2023-08-21 16:35:52 +02:00
Michal Nowak
2d18c57c54
Make Debian 12 "bookworm" the base image 
Just replace "bullseye" with "bookworm" and reintroduce Debian 11
"bullseye" later.
 2023-08-21 16:35:52 +02:00
Michał Kępień
e27a33e621 Merge tag 'v9.19.16' 2023-08-17 14:10:53 +02:00
Michał Kępień
89617cd3d6
Prepare release notes for BIND 9.19.16 2023-08-04 11:17:54 +02:00
Evan Hunt
eeeccec67c deprecate "dialup" and "heartbeat-interval" 
these options concentrate zone maintenance actions into
bursts for the benefit of servers with intermittent connections.
that's no longer something we really need to optimize.
 2023-08-01 18:10:44 -07:00
Matthijs Mekking
1e0f77b349 Remove redundant inline-signing lines from docs 
Now that inline-signing is explicitly set in dnssec-policy, remove
the redundant "inline-signing yes;" lines from the documentation.
 2023-08-01 06:55:48 +00:00
Matthijs Mekking
042c89ac69 Obsolete dnssec-update-mode 
We no longer support 'no-resign' and thus the configuration option
becomes obsolete. Remove the corresponding dnssec system test cases.
 2023-07-20 12:44:19 +02:00
Matthijs Mekking
3e49223a67 Obsolete dnssec-dnskey-kskonly update-check-ksk 
These two configuration options worked in conjunction with 'auto-dnssec'
to determine KSK usage, and thus are now obsoleted.

However, in the code we keep KSK processing so that when a zone is
reconfigured from using 'dnssec-policy' immediately to 'none' (without
going through 'insecure'), the zone is not immediately made bogus.

Add one more test case for going straight to none, now with a dynamic
zone (no inline-signing).
 2023-07-20 12:40:54 +02:00
Matthijs Mekking
88a687106f Obsolete sig-validity-interval dnskey-sig-validity 
These two configuration options worked in conjunction with 'auto-dnssec'
to set the signature validity, and thus are now obsoleted.
 2023-07-20 11:04:24 +02:00
Matthijs Mekking
10bb8f92a1 Remove auto-dnssec from documentation 
Update the ARM and DNSSEC guide, removing references to 'auto-dnssec',
replacing them with 'dnssec-policy' if needed.

The section "Alternative Ways" of signing has to be refactored, since
we now only focus on one alternative way, that is manual signing.
 2023-07-20 11:04:24 +02:00
Tom Krizek
5b5d5f9f22 Merge tag 'v9.19.15' 2023-07-19 14:16:32 +02:00
Michał Kępień
bc8ad4e807
Prepare release notes for BIND 9.19.15 2023-07-06 15:38:48 +02:00
Michał Kępień
09a4ffa1c8
Update sample query log excerpt in the ARM 2023-07-06 15:38:48 +02:00
Michał Kępień
13c35ab0b3 Add Google Site Verification tag to the TOC page 
This should allow tracking HTTP 404 errors for Read the Docs using the
Google Search Console.
 2023-06-29 18:32:50 +02:00
Mark Andrews
dd00b3c50b Use NS rather than A records for qname-minimization relaxed 
Remove all references to DNS_FETCHOPT_QMIN_USE_A and adjust
the expected tests results in the qmin system test.
 2023-06-28 11:45:59 +10:00
Michal Nowak
71439d0c3a BIND 9.19.14 
-----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBANamVSTMToLcHCXRu1f52e
 tTJWV3T1GSVrPYXwAGe6EVC7m9CTl06FZ9ZG/ymn1S1++dk4ByVZXf6dODe2Mu0RuqGmyf
 MUEMKXVdj3cEQhgRaMjBXvIZoYAsQlbHO2BEttomq8PhrpLRizDBq4Bv2aThM0XN2QqSGS
 ozwYMcPiGUoMVNcVrC4ZQ+Cptb5C4liqAcpRqrSo8l1vcNg5b1Hk6r7NFPdx542gsGMLae
 wZrnKn3LWz3ZXTGeK2cRmBxm/bydiVSCsc9XjB+tWtIGUpQsfaXqZ7Hs6t+1f1vsnu88oJ
 oi1dRBo3YNRl49UiCukXWayQrPJa8wwxURS9W28JMAAAADZ2l0AAAAAAAAAAZzaGE1MTIA
 AAEUAAAADHJzYS1zaGEyLTUxMgAAAQAu10jzUEy+7ZqX04XsavbHCyBwIB35UXbDL4NdRR
 wxRd/9Fjid0bCKw87eWzf1xpJWjeVDHIiMFLVpMwizh63vZ2l2YqgU6hTjSqficY+KH8FQ
 xY4Vi3RlERGbe/HEy0elmXA1NL0WAlVfl/2obdS/cbOCQU8tozjUOWwHS7tKZAmAErJUyT
 vjPjwBkW1crAO6iM7DrzGe8Hy+1FFCpJzp1mAp7YHc7qD2eguRdNWe88UOb2Rq/vZz3YPJ
 6xj5LgqIr5QmzEli31GkDdqNFAdikZWvGKViYMIo4aFw/+agnn3QrnMcskUPESoY65IIT0
 FFa6kgzLQmCQqqopY98Byl
 -----END SSH SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBANamVSTMToLcHCXRu1f52e
 tTJWV3T1GSVrPYXwAGe6EVC7m9CTl06FZ9ZG/ymn1S1++dk4ByVZXf6dODe2Mu0RuqGmyf
 MUEMKXVdj3cEQhgRaMjBXvIZoYAsQlbHO2BEttomq8PhrpLRizDBq4Bv2aThM0XN2QqSGS
 ozwYMcPiGUoMVNcVrC4ZQ+Cptb5C4liqAcpRqrSo8l1vcNg5b1Hk6r7NFPdx542gsGMLae
 wZrnKn3LWz3ZXTGeK2cRmBxm/bydiVSCsc9XjB+tWtIGUpQsfaXqZ7Hs6t+1f1vsnu88oJ
 oi1dRBo3YNRl49UiCukXWayQrPJa8wwxURS9W28JMAAAADZ2l0AAAAAAAAAAZzaGE1MTIA
 AAEUAAAADHJzYS1zaGEyLTUxMgAAAQBnBEXJLIDrP/GdkUqz7Ni02bzO5/bIppEPfUefvN
 F4Nf0ltG8Vq8IHbh9FNG2mLDXONMFc5wO7ArT5YQfLBMMrh/SQ8m3saKxXJLo7/k4sAKn1
 A4W84NkXl3anAwRcZzITwBlKEl48GJcMGWFKLpfwxmOvsy1kBX1kGgnYvQmZnunIfSBYpf
 Xh4MIZz1QIlcJDBSMe6AnYTOvvN1CSrPeWBDbG5za5qu4TdIlTSA6zcqfSw8pOOzDnVMxt
 0hD38e9mkPnpAyS2OOI0eRQ3GMMF6kRY7F7elc6zVbG+PeoJOKBx79IoBe4fUq/632Husi
 OmT32VXIIEEkejnr0gxENA
 -----END SSH SIGNATURE-----

Merge tag 'v9.19.14'

BIND 9.19.14
 2023-06-21 19:31:57 +02:00
Tom Krizek
5893debf46
Remove trailing whitespace from all text files 
I've used the following command to remove the trailing whitespace for
all tracked text files:

git grep -Il '' | xargs sed -i 's/[ \t]*$//'
 2023-06-13 15:05:40 +02:00
Michał Kępień
1f48e1c998
Prepare release notes for BIND 9.19.14 2023-06-09 11:53:33 +02:00
Michal Nowak
1afde574e9
Set max-cache-size expectations for low values 2023-06-08 12:11:09 +02:00
Aram Sargsyan
27c30fe8a4 QryDropped stats counter documentation update 
Document which dropped queries are calculated by the QryDropped
statistics counter.
 2023-06-07 13:06:58 +00:00
Michal Nowak
ddb846454d
Add Alpine Linux 3.18 2023-05-31 12:01:26 +02:00
Aram Sargsyan
08ebf39d1e Update the documentation of the resolver statistics counters 
The reference manual doesn't document all the available resolver
statistics counters. Add information about the missing counters.
 2023-05-31 09:08:58 +00:00
Michal Nowak
2e0550970b
Add Fedora 38 2023-05-19 13:47:53 +02:00
Michał Kępień
ddbbb8612d BIND 9.19.13 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmRY+ukPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFksoP/Rx7KTI4Htbh7+oE630S23Yi5NpxUVJWLEtV
 0fL97kg3Yq3/AIwYXs+Gr3GzsTOYGZAxYi/n7q+OyLBQjsigAegmdHGwyUzzr9yY
 o3WRi3GH/PH3CUg/Be6wh2y747b1O/aXRAAFf429Qe4IVX2iLcNveqVx6Z6otI9B
 pf7ZrqhK2Na5FCms58XfMbMLNDdZGaJ0/oWjtwnnbKEtAzMqsiAfLH67FfLL8L5H
 rymlHSpMSOZpBFv0m8aHMsf7tfFqL4ouOvOhiSpuyDLAkuvF5LUoKKpYUQOp7kj/
 9Bem2Yf1zCq8o2YdKGF/zPkK4sjga15JIC+E6qLY6gXPhyGiTwUJLocvx47nLds3
 PN9Q9y/AA79MOTN5yRD0EC/gkTYDolfZg0nkM6K3aM00DccUl0OeNZMj1dxYT3Vn
 JQxnoL9VPlKyaKxuqcDwl0IX7FSguYn6BPwVsSSHOfGqq6+MFHLdEOtxlSBVgV+2
 gnCMp3YkSwGs1rVu+zxr9DT0Gr2x+E5/Zv75Xaz1/z81FxZdYyyHTwR8MU+fSz/c
 yxD4TIOEhsaeuhwvzMIvHKwbQ68/vnKIesRPao+jtkrtQ+3l5b/XohWtPPqDGFtK
 rZ88HsnLVnL8BT0294/yYM/WJQaD7gKYSj0/VJkw3xslBW2JJiWzz9cseo0hLrTp
 52sp68Bt
 =sw5x
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg25GGAuUyFX1gxo7QocNm8V6J/8
 frHSduYX7Aqk4iJLwAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
 AAAAQItgB8Uzd8nX/JAJsnR7vqOIyPjMA4+mq730TN43PBT/CFnQngS1ARI6VuXym/i4Mg
 a68t/1QoApXb4/5ESrwwA=
 -----END SSH SIGNATURE-----

Merge tag 'v9.19.13'

BIND 9.19.13
 2023-05-18 14:06:04 +02:00
Michal Nowak
ff52cd9604
Add OpenBSD 7.3 2023-05-15 18:55:38 +02:00
Michal Nowak
81ad645d7d
Add FreeBSD 13.2 2023-05-15 18:31:07 +02:00
Matthijs Mekking
8be61d1845 Add configuration option 'cdnskey' 
Add the 'cdnskey' configuration option to 'dnssec-policy'.
 2023-05-11 17:07:51 +02:00
Michał Kępień
dce2e72f1e
Prepare release notes for BIND 9.19.13 2023-05-08 15:29:07 +02:00
Petr Špaček
585fde0474
Synchronize Sphinx package version on ReadTheDocs with our CI 
Related: isc-projects/images!235
 2023-05-02 15:35:29 +02:00
JP Mens
7bfffa1bd8 Fix typo in the ARM - missed -> missing 2023-04-24 16:09:48 +01:00
Ondřej Surý
d2377f8e04
Implement maximum global and idle time for incoming XFR 
After the dns_xfrin was changed to use network manager, the maximum
global (max-transfer-time-in) and idle (max-transfer-idle-in) times for
incoming transfers were turned inoperational because of missing
implementation.

Restore this functionality by implementing the timers for the incoming
transfers.
 2023-04-21 12:53:02 +02:00
Michał Kępień
4fcbb078c1 BIND 9.19.12 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmQ1dmoACgkQq9WHzfBl
 ga77wQ/+NosmQxR4e13UmjGwG0tseiYqLRd46Lnuk5ukXKu/TwiDwXb2ZeIDBwQb
 QOx+pQK4Ljj3n7YlrOsys+WVTGwnKc5txpBiJHadeJew5Jt4hcMA2xNRRRwS32Qf
 ogjYhPLquhbzAiPuF/0g4CAnm+Ggj7v2GwEqbg86T5t4iBx1fbPQH42szKTp3ePJ
 FdpI6fWA9mGExLC6D1jUaP/auzoeHYEna0cTNlfkW2aIQXR8TA8gztjZ/Oyc8lFt
 yEKIrQL9mfA711q9vqkz3aI7NcSxoRFgOkYGrUBxqtOQ3sEDQ58qtkNQw6Fm1+LI
 3GrVOnnlkggxm2l+bZQ2oHNc0KVuEPvTEW/pS/PAxsjqTquLUNJJuH19dEpe4Yub
 d5B9Yyy7rhBWDp8MMUrJyTeKzhIhCwshccjKVZlzKpajvxZ41nehHHVWw3p5Vjto
 bfnX2v9uoVXv+PF1Ind6Xhv630E0FwXDc4/9xrnDI4RR+b5Drcjuz9LzKK7qTBLA
 10D5f/ZdHWnCXx6s9IPro+9+wMh4E6CHq5pQbCw8CKiguhcX1TWwXCK0ufupx5YT
 YFd+SSZkdD/smRLAML6dvR8Fn5cNdK6Q5aG2iUvwAS/H3SYih1JuolAbjaGyzaOM
 RiWK07K8o5E5A96WaMcoOUO9r+QuL+9w6qkBHeDqlT2z7wpztx0=
 =PKKd
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg25GGAuUyFX1gxo7QocNm8V6J/8
 frHSduYX7Aqk4iJLwAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
 AAAAQHGiZv5ZHATcbhYCM8GJvmtZj50JTI1eB/rkHxvRGnCBDZWgMMZkIph+GCQjst4FI7
 2S0czN/Nil60YZQs097wY=
 -----END SSH SIGNATURE-----

Merge tag 'v9.19.12'

BIND 9.19.12
 2023-04-20 12:43:46 +02:00
Petr Špaček
b06c5ad471
Prepare release notes for BIND 9.19.12 2023-04-11 16:29:22 +02:00
Petr Špaček
1dada31187
Remove erroneous cross-references to suffix statement 
Logging section referenced to "suffix" statement definition for dns64.
 2023-04-05 15:59:06 +02:00
Matthijs Mekking
03f9e40d1b Determine checkds default from config 
If the 'checkds' option is not explicitly set, check if there are
'parental-agents' for the zone configured. If so, default to "explicit",
otherwise default to "yes".
 2023-04-03 14:01:22 +00:00
Matthijs Mekking
92577eaf7e Make checkds yes the default 
This seems to be the more common case.
 2023-04-03 14:01:22 +00:00
Matthijs Mekking
d842adb23f Update documenation for 'checkds' option 
Add text about the 'checkds' option in the ARM reference and
DNSSEC guide.
 2023-04-03 14:01:22 +00:00
Ondřej Surý
61f276d5a4 Clarify the documentation about DF-flag 
Remove the reference to setting the DF-flag as we don't do that right
now.  Rephrase the paragraph that the default value should not be
causing fragmentation.
 2023-04-03 10:28:43 +00:00
Evan Hunt
f2855cb664 allow configuration of dnsrps library path 
for testing purposes, we need to be able to specify a library path from
which to load the dnsrps implementation. this can now be done with the
"dnsrps-library" option.

DNSRPS can now be enabled in configure regardless of whether librpz.so
is currently installed on the system.
 2023-03-28 15:44:31 -07:00
Tom Krizek
36a5c098bd
Apply suppress_grammar directive in ARM docs 
With a newline before the :suppress_grammar: directive, it wasn't
actually interpreted as a directive, but rather as node content.
Therefore, the directive was ignored and the grammar was incorrectly
printed out.
 2023-03-27 16:51:12 +02:00
Tom Krizek
1849c02606
Add missing newline in documentation code example 2023-03-27 16:51:10 +02:00