bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00

Author	SHA1	Message	Date
Evan Hunt	a27dc50157	[master] copyrights	2016-04-28 22:30:53 -07:00
Evan Hunt	f6096b958c	[master] dnssec-keymgr 4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211]	2016-04-28 00:16:01 -07:00
Evan Hunt	5ecfee97ba	[master] copyrights	2016-04-14 19:12:13 -07:00
Evan Hunt	3cd204c4a4	[master] fixed revoked key regression 4436. [bug] Fixed a regression introduced in change #4337 which caused signed domains with revoked KSKs to fail validation. [RT #42147]	2016-04-14 18:52:52 -07:00
Mark Andrews	7f79448198	remove unnecessary return	2016-04-08 04:24:47 +10:00
Tinderbox User	c19f42a378	update copyright notice / whitespace	2016-03-24 23:45:21 +00:00
Mark Andrews	6214c3c93a	4341. [bug] 'rndc flushtree' could fail to clean the tree if there wasn't a node at the specified name. [RT #41846]	2016-03-24 11:31:25 +11:00
Tinderbox User	a63461cc4b	update copyright notice / whitespace	2016-03-23 23:45:22 +00:00
Evan Hunt	7fa4c18451	[master] ECS family 0 handling was still broken	2016-03-23 15:00:30 -07:00
Evan Hunt	ddf3342cca	[master] test pipelining with mdig 4339. [test] Use "mdig" to test pipelined queries. [RT #41929]	2016-03-22 17:26:38 -07:00
Evan Hunt	132a571179	[master] fix mkeys TTL 0 issue 4337. [bug] The previous change exposed a latent flaw in key refresh queries for managed-keys when a cached DNSKEY had TTL 0. [RT #41986]	2016-03-22 12:12:32 -07:00
Tinderbox User	27def92931	update copyright notice / whitespace	2016-03-21 23:45:22 +00:00
Mark Andrews	0993cd5f22	4336. [bug] Don't emit records with zero ttl unless the records were learnt with a zero ttl. [RT #41687]	2016-03-21 13:22:21 +11:00
Tinderbox User	b1aac28027	update copyright notice / whitespace	2016-03-16 23:45:17 +00:00
Jeremy C. Reed	e12c78ebf6	add comments about why the configuration is bad I didn't get review. This is trivial.	2016-03-16 15:42:56 -04:00
Jeremy C. Reed	81780ffd74	use -r $RANDFILE for test using keygen stops hang this is for ticket #41898	2016-03-11 09:27:15 -05:00
Tinderbox User	4a7004f3ce	update copyright notice / whitespace	2016-03-10 23:45:16 +00:00
Mark Andrews	7c52595464	4331. [func] When loading managed signed zones detect if the RRSIG's inception time is in the future and regenerate the RRSIG immediately. [RT #41808]	2016-03-10 17:01:08 +11:00
Mark Andrews	93ca5ee4c4	update copyrights	2016-03-08 16:21:19 +11:00
Mark Andrews	d6357f09aa	4329. [func] Warn about a common misconfiguration when forwarding RFC 1918 zones. [RT #41441]	2016-03-08 10:11:23 +11:00
Tinderbox User	220ba6da87	update copyright notice / whitespace	2016-03-04 23:45:23 +00:00
Mark Andrews	8398f00156	4326. [protocol] Add support for AVC. [RT #41819	2016-03-04 18:11:41 +11:00
Evan Hunt	023ba1e6ef	[master] add OS details to rndc status 4325. [func] Add a line to "rndc status" indicating the hostname and operating system details. [RT #41610]	2016-03-03 22:02:52 -08:00
Tinderbox User	f254ab049e	update copyright notice / whitespace	2016-03-02 23:45:17 +00:00
Mark Andrews	ce7216c40a	4223. [bug] Improve HTTP header processing on statschannel. [RT #41674]	2016-03-02 11:04:59 +11:00
Mark Andrews	7f514657e2	update copyrights	2016-02-25 10:55:40 +11:00
Mark Andrews	f9da4a8e54	4321. [bug] Zones using mapped files containing out-of-zone data could return SERVFAIL instead of the expected NODATA or NXDOMAIN results. [RT #41596]	2016-02-24 11:13:24 +11:00
Tinderbox User	62735fcde3	update copyright notice / whitespace	2016-02-23 23:45:35 +00:00
Mukund Sivaraman	293a9e9978	Fix allocation for "none" ACL that caused assertion failure (#41745 )	2016-02-23 12:51:34 +05:30
Tinderbox User	27424c351d	update copyright notice / whitespace	2016-02-20 23:45:16 +00:00
Mark Andrews	c968a257c1	fix subnet prefix	2016-02-20 12:01:30 +11:00
Tinderbox User	53ba272721	update copyright notice / whitespace	2016-02-18 23:45:32 +00:00
Mark Andrews	37176663e0	don't used class in grep e.g. [:space:]	2016-02-17 13:17:40 +11:00
Evan Hunt	93c211afc9	[master] fixed a regression in dyndb due to change #4277	2016-02-12 00:22:45 -08:00
Mark Andrews	b91d11bfcc	copyrights / whitespace	2016-02-11 10:44:21 +11:00
Mukund Sivaraman	79a55d4f4d	Add option to tools to print RRs in unknown presentation format (#41595 )	2016-02-09 15:39:02 +05:30
Mukund Sivaraman	0c29904b27	Check that configured view class isn't a meta class (#41572 )	2016-02-08 13:58:01 +05:30
Mark Andrews	08913705e9	specify what to copy (cherry picked from commit `88624c9c32`)	2016-02-05 13:54:47 +11:00
Tinderbox User	d83a9a980a	update copyright notice / whitespace	2016-02-02 23:45:23 +00:00
Mukund Sivaraman	f9b167290a	Remove 45 second sleeps from notify system test (#41248 ) No CHANGES entry required.	2016-02-02 09:46:57 +05:30
Mark Andrews	8d00c5ab2c	4312. [bug] dig's unknown dns and edns flags (MBZ value) logging was not consistent. [RT #41600]	2016-02-02 14:19:22 +11:00
Mark Andrews	e370cdf4ba	capture rndc output (cherry picked from commit `2d58f4aee2`)	2016-02-02 12:26:23 +11:00
Tinderbox User	8b074bef0c	update copyright notice / whitespace	2016-02-01 23:45:25 +00:00
Evan Hunt	ec450fde7c	[master] disallow delzone on policiy zones 4311. [bug] Prevent "rndc delzone" from being used on response-policy zones. [RT #41593]	2016-02-01 09:49:49 -08:00
Evan Hunt	df9a49ee07	[master] dig/mdig could send misformatted ECS options 4307. [bug] "dig +subnet" and "mdig +subnet" could send incorrectly-formatted Client Subnet options if the prefix length was not divisble by 8. Also fixed a memory leak in "mdig". [RT #45178]	2016-01-29 17:41:29 -08:00
Tinderbox User	b7f3400f3b	update copyright notice / whitespace	2016-01-28 23:45:29 +00:00
Mark Andrews	832ab79d1f	4305. [bug] dnssec-signzone was not removing unnecessary rrsigs from the zone's apex. [RT #41483]	2016-01-28 15:42:34 +11:00
Mark Andrews	9d85a77382	4304. [port] xfer system test failed as 'tail -n +value' is not portable. [RT #41315]	2016-01-28 15:38:06 +11:00
Evan Hunt	8ede7a974b	[master] fix dig=+subnet zero-length prefix 4303. [bug] "dig +subnet" was unable to send a prefix length of zero, as it was incorrectly changed to 32 for v4 prefixes or 128 for v6 prefixes. In addition to fixing this, "dig +subnet=0" has been added as a short form for 0.0.0.0/0. The same changes have also been made in "mdig". [RT #41553]	2016-01-27 19:03:54 -08:00
Tinderbox User	4df65ccfec	update copyright notice / whitespace	2016-01-25 23:45:24 +00:00
Mark Andrews	9478de25bb	4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534 ]	2016-01-26 00:27:44 +11:00
Tinderbox User	7d4f45f6bd	update copyright notice / whitespace	2016-01-21 23:45:23 +00:00
Evan Hunt	9b789c54f8	[master] add regression test for RT #41518 4297. [test] Ensure delegations in RPZ zones fail robustly. [RT #41518]	2016-01-20 17:44:11 -08:00
Evan Hunt	d40154cab7	[master] cacluate TCP packet sizes correctly 4296. [bug] TCP packet sizes were calculated incorrectly in the stats channel; they could be counted in the wrong histogram bucket. [RT #40587]	2016-01-20 17:30:27 -08:00
Tinderbox User	16201b15a6	update copyright notice / whitespace	2016-01-17 23:45:21 +00:00
Curtis Blackburn	3948d9c7c6	rrl test was failing on some systems because not all versions of perl understand '-E'. changed to '-e'	2016-01-15 14:35:12 -08:00
Curtis Blackburn	a66619fe32	[rt39196] Added a new nameserver to test rrl "log-only yes". Added test for RT #39197. Made the rrl test more tolerant of minor differences in results due to timing. Removed the failure override for the rrl test. commit 01a15bc80ef4c20171ddfe9b5ceb2ebe008c8e0d Author: Curtis Blackburn <ckb@isc.org> Date: Tue Dec 15 15:08:03 2015 -0800 added a new nameserver to the rrl test	2016-01-11 19:37:17 -08:00
Tinderbox User	7321d8df7b	update copyright notice / whitespace	2015-12-27 23:45:24 +00:00
Evan Hunt	fbed5f0f44	[master] fix geoip options 4284. [bug] Some GeoIP options were incorrectly documented using abbreviated forms which were not accepted by named. The code has been updated to allow both long and abbreviated forms. [RT #41381]	2015-12-26 10:50:32 -08:00
Curtis Blackburn	df59681bd2	[rt40109] added a test for +dscp to the digdelv tests	2015-12-21 14:13:03 -08:00
Mark Andrews	49762dffc4	4282. [func] 'dig +[no]mapped' determine whether the use of mapped IPv4 addresses over IPv6 is permitted or not. The default is +mapped. [RT #41307]	2015-12-19 09:47:11 +11:00
Tinderbox User	4688741c5c	update copyright notice / whitespace	2015-12-16 23:45:26 +00:00
Mark Andrews	f1fcadccc4	remove named.conf	2015-12-16 21:37:21 +11:00
Mark Andrews	1583a214cd	check for non removed files	2015-12-16 21:25:04 +11:00
Mark Andrews	ecfedec0e0	perform a more complete cleanup after running system tests [rt41255]	2015-12-16 11:29:18 +11:00
Tinderbox User	ea2ea0914c	update copyright notice / whitespace	2015-12-15 23:45:23 +00:00
Evan Hunt	0321aa184e	[master] reclimit test was broken with v6	2015-12-15 15:01:58 -08:00
Curtis Blackburn	9effea437d	[rt41269] additional tests for dig and delv, fix for --disable-ipv6 on osx, fixes for tests with --disable-ipv6	2015-12-15 11:58:28 -08:00
Mark Andrews	f647c0df9f	4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257 ]	2015-12-15 19:49:40 +11:00
Mukund Sivaraman	ecc06cbc32	Use optimal message sizes to improve compression in AXFRs (#40996 )	2015-12-15 13:24:14 +05:30
Evan Hunt	b96366252b	[master] add +nocookie and use perl for query burst	2015-12-14 21:27:49 -08:00
Evan Hunt	362d2d46aa	[master] fixed an incorrect test case in rpzrecurse	2015-12-13 14:15:47 -08:00
Curtis Blackburn	21c6e49a77	[rt40106] add tests for dig +[no]ttlunits	2015-12-10 12:08:57 -08:00
Mark Andrews	505d311709	4278. [bug] 'delv +short +[no]split[=##]' didn't work as expected. [RT #41238]	2015-12-10 12:43:50 +11:00
Curtis Blackburn	6fe5cc5aea	[rt41263] add a system test for dig +qr +ednsopt<invalid>	2015-12-09 16:21:02 -08:00
Tinderbox User	2a37470065	update copyright notice / whitespace	2015-12-09 23:45:23 +00:00
Mukund Sivaraman	5d79b60fc5	Improve performance of RBT (#41165 )	2015-12-09 19:10:55 +05:30
Curtis Blackburn	aeb7b6e145	[rt40105] add a system test for dig +zflag	2015-12-08 16:06:39 -08:00
Curtis Blackburn	ce0d8b1c0e	[rt40104] changed one occurrence of +noednsneg to +noednsnegotiation	2015-12-08 16:03:01 -08:00
Curtis Blackburn	4d1ea2336c	[rt40107] add system tests for dig +header-only	2015-12-08 15:57:53 -08:00
Curtis Blackburn	ab94dd50e8	[rt40181] added tests for dig +short +nosplit/+rrcomments (see rt39291)	2015-12-08 15:13:52 -08:00
Mark Andrews	322e6b5be7	4276. [protocol] Add support for SMIMEA. [RT #40513 ]	2015-12-08 08:16:41 +11:00
Evan Hunt	464c2c673b	[master] fix dig +norrcomments 4272. [bug] dig: the +norrcomments option didn't work with +multi. [RT #41234]	2015-12-04 16:16:59 -08:00
Tinderbox User	8c20f8635a	update copyright notice / whitespace	2015-12-03 23:45:24 +00:00
Mark Andrews	26177be294	4267. [test] Check sdlz error handling. [RT #41142 ]	2015-12-02 13:00:42 +11:00
Mark Andrews	c8821d124c	4260. [security] Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #4098]	2015-11-16 13:12:20 +11:00
Tinderbox User	3ebda3f46b	update copyright notice / whitespace	2015-11-12 23:45:23 +00:00
Mark Andrews	d0afc2d1c4	use a test key	2015-11-12 10:54:59 +11:00
Tinderbox User	4949f39716	update copyright notice / whitespace	2015-11-11 23:45:23 +00:00
Mukund Sivaraman	53cf70ef7d	Cleanup *.nta files after rndc system test	2015-11-11 13:49:21 +05:30
Mukund Sivaraman	58f7af60e7	Allow non-destructive control channel access using a "read-only" clause (#40498 )	2015-11-11 13:46:57 +05:30
Tinderbox User	3865e18d3d	update copyright notice / whitespace	2015-11-09 23:45:22 +00:00
Evan Hunt	e13d04fda9	[master] fix python script versions 4257. [cleanup] Python scripts reported incorrect version. [RT #41080]	2015-11-08 21:34:24 -08:00
Tinderbox User	dae43e88b7	update copyright notice / whitespace	2015-11-06 23:45:24 +00:00
Evan Hunt	b513918481	[master] allow spaces in rndc arguments 4256. [bug] Allow rndc command arguments to be quoted so as to allow spaces. [RT #36665]	2015-11-05 19:51:54 -08:00
Tinderbox User	4ba2689c1f	update copyright notice / whitespace	2015-11-05 23:45:25 +00:00
Witold Krecicki	bfd4b9e11a	4255. [func] Add 'message-compression' option to disable DNS compression in responses. [RT #40726 ]	2015-11-05 12:19:04 +01:00
Mark Andrews	e939674d53	4252. [func] Add support for automating the generation CDS and CDNSKEY rrsets to named and dnssec-signzone. [RT #40424]	2015-11-05 12:09:48 +11:00
Evan Hunt	6b8519147a	[master] NTAs did not survive reoad/reconfig 4251. [bug] NTAs were deleted when the server was reconfigured or reloaded. [RT #41058]	2015-11-04 10:34:28 -08:00
Evan Hunt	aa9b64060f	[master] fix statschannel with no libjson 4246. [test] Ensure the statschannel system test runs when BIND is not built with libjson. [RT #40944]	2015-10-28 20:19:31 -07:00
Mark Andrews	a70fc47e9d	4243. [func] Improved stats reporting from Timothe Litt. [RT #38941 ]	2015-10-28 09:45:46 +11:00
Francis Dupont	638e82b134	spelling	2015-10-07 14:49:51 +02:00
Evan Hunt	b66b333f59	[master] dnstap 4235. [func] Added support in named for "dnstap", a fast method of capturing and logging DNS traffic, and a new command "dnstap-read" to read a dnstap log file. Use "configure --enable-dnstap" to enable this feature (note that this requires libprotobuf-c and libfstrm). See the ARM for configuration details. Thanks to Robert Edmonds of Farsight Security. [RT #40211]	2015-10-02 12:32:42 -07:00
Witold Krecicki	a239044323	4234. [func] Add deflate compression in statistics channel HTTP server. [RT #40861]	2015-10-02 10:45:10 +02:00
Tinderbox User	e13c3286a5	update copyright notice / whitespace	2015-10-01 23:45:31 +00:00
Mark Andrews	3ed714b961	emit "E:TESTNAME:DATE" when we can't start a server	2015-10-01 16:01:34 +10:00
Tinderbox User	551e0d486d	update copyright notice / whitespace	2015-09-30 23:45:36 +00:00
Mark Andrews	65d59a4307	4232. [test] Add tests for CDS and CDNSKEY with delegation-only. [RT #40597]	2015-09-30 15:55:14 +10:00
Mark Andrews	0d990f57ae	silence compiler warnings	2015-09-30 14:04:28 +10:00
Mark Andrews	1a0e5b0504	address linking issues	2015-09-30 12:38:07 +10:00
Tinderbox User	55cfbf322d	update copyright notice / whitespace	2015-09-29 23:45:32 +00:00
Mark Andrews	ab8b419a79	#include <isc/string.h> for memset	2015-09-30 00:46:33 +10:00
Mark Andrews	ac6bb3dd36	add missing libraries	2015-09-30 00:44:49 +10:00
Evan Hunt	a00f9e2f50	[master] merge dyndb 4224. [func] Added support for "dyndb", a new interface for loading zone data from an external database, developed by Red Hat for the FreeIPA project. DynDB drivers fully implement the BIND database API, and are capable of significantly better performance and functionality than DLZ drivers, while taking advantage of advanced database features not available in BIND such as multi-master replication. Thanks to Adam Tkac and Petr Spacek of Red Hat. [RT #35271]	2015-09-28 23:12:35 -07:00
Witold Krecicki	e6d0a391f5	4223. [func] Add support for setting max-cache-size to percentage of available physical memory, set default to 90%. [RT #38442]	2015-09-28 11:08:50 +02:00
Mark Andrews	f6e45a5c54	4217. [protocol] Add support for CSYNC. [RT #40532 ]	2015-09-18 23:45:12 +10:00
Tinderbox User	7dbeeeaa1e	update copyright notice / whitespace	2015-09-17 23:45:24 +00:00
Mark Andrews	e0a30050c8	4214. [protocol] Add support for TALINK. [RT #40544 ]	2015-09-18 07:43:43 +10:00
Mark Andrews	dd1bcab25c	4213. [bug] Don't reuse a cache across multiple classes. [RT #40205]	2015-09-17 14:51:21 +10:00
Mark Andrews	1d5ebfc05f	address race condition in ecdsa system test leading to differing authority sections. [RT #40283 ]; no CHANGES entry.	2015-09-17 14:23:44 +10:00
Mark Andrews	0f2ecf4b5c	4207. [bug] Handle class mismatches with raw zone files. [RT #40746]	2015-09-16 10:43:22 +10:00
Evan Hunt	226339ed43	[master] spurious spaces in named-checkconf -p 4205. [bug] 'named-checkconf -p' could include unwanted spaces when printing tuples with unset optional fields. [RT #40731]	2015-09-14 08:50:17 -07:00
Tinderbox User	96f6f5dfc2	update copyright notice / whitespace	2015-09-11 23:45:36 +00:00
Mark Andrews	5a49f61ca9	4199. [protocol] Add support for NINFO, RKEY, SINK, TA. [RT #40545] [RT #40547] [RT #40561] [RT #40563]	2015-09-11 17:35:01 +10:00
Evan Hunt	aec8a3b7cf	[master] improve rrchecker test 4203. [test] The rrchecker system test now tests conversion to and from unkonwn-type format. [RT #40584]	2015-09-11 00:24:47 -07:00
Tinderbox User	f28c6dc514	update copyright notice / whitespace	2015-09-10 23:46:28 +00:00
Mark Andrews	3dd63ba00f	4199. [protocol] Add support for NINFO, RKEY, TA. [RT #40545] [RT #40547] [RT #40563]	2015-09-10 17:58:29 +10:00
Mark Andrews	63874956de	4199. [protocol] Add support for NINFO, RKEY. [RT #40547 ] [RT #40563 ]	2015-09-10 17:07:05 +10:00
Mark Andrews	8b29fc0b7a	4199. [protocol] Add support for RKEY. [RT #40563 ]	2015-09-10 14:50:20 +10:00
Mark Andrews	5be3128599	address race condition rt40242	2015-09-09 18:12:05 +10:00
Mark Andrews	075a3d60c2	4197. [bug] 'named-checkconf -z' didn't handle 'in-view' clauses. [RT #40603]	2015-09-09 17:56:23 +10:00
Mark Andrews	4ca7391e64	4196. [doc] Improve how "enum + other" types are documented. [RT #40608] 4195. [bug] 'max-zone-ttl unlimited;' was broken. [RT #40608]	2015-09-09 17:02:11 +10:00
Mark Andrews	fbd9aaa58c	4194. [bug] named-checkconf -p failed to properly print a port range. [RT #40634]	2015-09-09 16:49:11 +10:00
Tinderbox User	0d5b7ed79d	update copyright notice / whitespace	2015-08-25 23:45:27 +00:00
Mark Andrews	9b956d342e	4192. [bug] The default rrset-order of random was not always being applied. [RT #40456]	2015-08-25 14:52:27 +10:00
Mark Andrews	5855fd79e3	4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones as per RFC 6763. [RT #37889]	2015-08-25 14:46:06 +10:00
Tinderbox User	5d68969ab3	update copyright notice / whitespace	2015-08-22 23:45:23 +00:00
Mark Andrews	dc3912f3ca	4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as valid with check-names. <forest> still needs to be LDH. [RT #40399]	2015-08-22 15:27:33 +10:00
Mark Andrews	416265e4d4	add / (cherry picked from commit `820a9517ad`)	2015-08-20 14:02:08 +10:00
Mark Andrews	b5caf98644	ignore xmlstats	2015-08-20 14:00:23 +10:00
Tinderbox User	161b5249b9	update copyright notice / whitespace	2015-08-19 23:45:23 +00:00
Mark Andrews	5c1c62cd8a	awk on solaris doesn't like // as a pattern	2015-08-19 08:35:12 +10:00
Mukund Sivaraman	bf350c9f1a	Fix RPZ bugs related to wildcard triggers (#40357 )	2015-08-18 19:39:53 +05:30
Mark Andrews	1a38ba7b41	add statistics	2015-08-18 22:31:13 +10:00
Mark Andrews	d9aeaf35ea	check for libxml2	2015-08-18 22:29:35 +10:00
Mark Andrews	486c763015	use grep rather than xmllint	2015-08-18 10:03:58 +10:00
Mark Andrews	bce42685ab	add missing echo	2015-08-18 09:37:14 +10:00
Mark Andrews	55df11d4e1	use sed instead of count	2015-08-18 00:35:06 +10:00
Mark Andrews	5f7540f12f	improve failure diagnostics	2015-08-17 17:42:58 +10:00
Mark Andrews	741c65c4d8	ignore leading zeros of revoked keyid	2015-08-17 17:10:46 +10:00
Mukund Sivaraman	984d2bb9e5	Fix assertion failure in parsing UNSPEC(103) RR from text (#40274 )	2015-08-14 13:30:52 +05:30
Mukund Sivaraman	474921d733	Fix assertion failure in parsing NSAP records from text	2015-08-14 13:11:26 +05:30
Tinderbox User	ed91aca9e6	update copyright notice / whitespace	2015-08-12 23:45:25 +00:00
Mark Andrews	c631ff56bf	Updated CHANGES note to include require-server-cookie: 4152. [func] Implement DNS COOKIE option. This replaces the experimental SIT option of BIND 9.10. The following named.conf directives are available: send-cookie, cookie-secret, cookie-algorithm, nocookie-udp-size and require-server-cookie. The following dig options are available: +[no]cookie[=value] and +[no]badcookie. [RT #39928]	2015-08-13 08:26:23 +10:00
Mark Andrews	151f1bcd5e	4172. [bug] Named / named-checkconf didn't handle a view of CLASS0. [RT #40265]	2015-08-12 19:06:00 +10:00
Evan Hunt	05b1684791	[master] fix an awk portability issue	2015-08-03 14:21:16 -07:00
Tinderbox User	f3cbd0e029	update copyright notice / whitespace	2015-08-02 23:45:22 +00:00
Evan Hunt	68116c5a5f	[master] add +nocookie options where needed	2015-08-02 11:18:12 -07:00
Evan Hunt	a3b21effd7	[master] missing 'use' caused test failure	2015-07-21 13:49:54 -07:00
Evan Hunt	a32ca13d12	[master] statschannel test failed when only JSON was available	2015-07-20 19:09:22 -07:00
Evan Hunt	9501aa9d5a	[master] portability	2015-07-20 19:01:29 -07:00
Tinderbox User	35af5049f8	update copyright notice / whitespace	2015-07-10 23:45:23 +00:00
Evan Hunt	b716b9cddc	[master] add JSON and more XML tests 4161. [test] Add JSON test for traffic size stats; also test for consistency between "rndc stats" and the XML and JSON statistics channel contents. [RT #38700]	2015-07-09 21:18:42 -07:00
Tinderbox User	f16a6bfb6c	update copyright notice / whitespace	2015-07-09 23:45:22 +00:00
Evan Hunt	1479200aa0	[master] DDoS mitigation features 3938. [func] Added quotas to be used in recursive resolvers that are under high query load for names in zones whose authoritative servers are nonresponsive or are experiencing a denial of service attack. - "fetches-per-server" limits the number of simultaneous queries that can be sent to any single authoritative server. The configured value is a starting point; it is automatically adjusted downward if the server is partially or completely non-responsive. The algorithm used to adjust the quota can be configured via the "fetch-quota-params" option. - "fetches-per-zone" limits the number of simultaneous queries that can be sent for names within a single domain. (Note: Unlike "fetches-per-server", this value is not self-tuning.) - New stats counters have been added to count queries spilled due to these quotas. See the ARM for details of these options. [RT #37125]	2015-07-08 22:53:39 -07:00
Tinderbox User	9ab5a7d83c	update copyright notice / whitespace	2015-07-07 23:45:22 +00:00
Evan Hunt	70d987def5	[master] traffic size stats 4156. [func] Added statistics counters to track the sizes of incoming queries and outgoing responses in histogram buckets, as specified in RSSAC002. [RT #39049]	2015-07-06 22:29:06 -07:00
Mukund Sivaraman	33ca26968b	Allow RPZ rewrite logging to be configured on a per-zone basis (#39754 )	2015-07-06 08:57:51 +05:30
Mark Andrews	3e33f4198d	4154. [bug] A OPT record should be included with the FORMERR response when there is a malformed EDNS option. [RT #39647] 4153. [bug] Dig should zero non significant +subnet bits. Check that non significant ECS bits are zero on receipt. [RT #39647]	2015-07-06 12:52:37 +10:00
Mark Andrews	ce67023ae3	4152. [func] Implement DNS COOKIE option. This replaces the experimental SIT option of BIND 9.10. The following named.conf directives are avaliable: send-cookie, cookie-secret, cookie-algorithm and nocookie-udp-size. The following dig options are available: +[no]cookie[=value] and +[no]badcookie. [RT #39928]	2015-07-06 09:44:24 +10:00
Tinderbox User	337d408adb	update copyright notice / whitespace	2015-06-29 23:45:23 +00:00
Mukund Sivaraman	08f0129732	Fix a bug printing zone names with '/' character in XML and JSON stats (#39873 )	2015-06-29 18:33:18 +05:30
Mark Andrews	4a61eae651	4147. [bug] Filter-aaaa / filter-aaaa-on-v4 / filter-aaaa-on-v6 was returning referrals rather than nodata responses when the AAAA records were filtered. [RT #39843]	2015-06-29 15:48:41 +10:00
Witold Krecicki	f10a67dad2	Add statistics counters for nxdomain redirections. [RT #39790 ]	2015-06-25 09:21:50 +02:00
Tinderbox User	e0ba64bdd2	update copyright notice / whitespace	2015-06-23 23:45:21 +00:00
Mukund Sivaraman	0439bfedd9	Fix parsing of NZFs saved by rndc addzone with view specified (#39845 )	2015-06-23 14:19:48 +05:30
Mukund Sivaraman	b4e114e3cd	Print unsigned values for serial, etc. in rndc zonestatus output (#39854 )	2015-06-23 13:57:33 +05:30
Witold Krecicki	af3770ed93	rndc reconfig reports configuration errors the same way rndc reload does [RT #39635 ]	2015-06-12 10:19:29 +02:00
Witold Krecicki	f85deb5154	log expired NTA at startup	2015-06-08 13:57:24 +02:00
Mark Andrews	8c74b6a9a1	use sed as tail -n +# is not portable	2015-05-30 11:05:57 +10:00
Tinderbox User	431e5c81db	update copyright notice / whitespace	2015-05-28 23:45:24 +00:00
Mark Andrews	52a487f71a	link against ISC_OPENSSL_LIBS	2015-05-28 11:06:39 +10:00
Mark Andrews	598b502695	4127. [protocol] CDS and CDNSKEY need to be signed by the key signing key as per RFC 7344, Section 4.1. [RT #37215]	2015-05-27 15:25:45 +10:00
Evan Hunt	a32b6291aa	[master] address regression 4126. [bug] Addressed a regression introduced in change #4121. [RT #39611]	2015-05-26 19:11:08 -07:00
Tinderbox User	b7b835bfb0	update copyright notice / whitespace	2015-05-24 23:45:24 +00:00
Mark Andrews	83622f9a4c	link against libisc	2015-05-24 12:50:56 +10:00
Mark Andrews	cb9b145f39	don't include <isc/print.h>	2015-05-24 12:50:20 +10:00
Mark Andrews	936adc1282	link against libisc	2015-05-24 11:58:15 +10:00
Tinderbox User	d70dac20d2	update copyright notice / whitespace	2015-05-23 23:45:25 +00:00
Mark Andrews	2ac85d943b	specfiy where libisc is (cherry picked from commit c907e7b512e88b641595d514790e2b41575f149e)	2015-05-24 06:03:08 +10:00
Mark Andrews	e6e7de5cda	link against ISCLIBS	2015-05-24 05:42:44 +10:00
Francis Dupont	850cfa4e86	Added isc in includes (print.h requires it)	2015-05-23 15:51:34 +02:00
Francis Dupont	3759f10fc5	added print.h includes, updated copyrights	2015-05-23 14:21:51 +02:00
Tinderbox User	46ee7c3260	update copyright notice / whitespace	2015-05-22 23:45:24 +00:00
Curtis Blackburn	717c2b9655	4125. [test] Added tests for dig, renamed delv test to digdelv. [RT #39490]	2015-05-22 11:47:17 -07:00
Evan Hunt	c55a1da4fc	[master] log parsing errors from default config or addzone/modzone 4124. [func] Log errors or warnings encountered when parsing the internal default configuration. Clarify the logging of errors and warnings encountered in rndc addzone or modzone parameters. [RT #39440]	2015-05-21 23:04:29 -07:00
Tinderbox User	0dfc0745c4	update copyright notice / whitespace	2015-05-21 23:45:26 +00:00
Mukund Sivaraman	705cea35a8	Fix RPZ radix tree search() for CLIENT-IP triggers (#39481 )	2015-05-21 11:10:49 +05:30
Evan Hunt	7e6cf6fc6e	[master] address a possible policy update race 4120. [bug] A bug in RPZ could cause the server to crash if policy zones were updated while recursion was pending for RPZ processing of an active query. [RT #39415]	2015-05-19 15:47:42 -07:00
Jeremy C. Reed	20914534e6	add a space after shell here-document name <<END> foo.out to <<END > foo.out to be consistent with shell style discussed via jabber in bind9 room	2015-05-19 13:22:36 -04:00
Mark Andrews	c7463967db	4119. [func] Allow dig to set the message opcode. [RT #39550 ]	2015-05-19 12:46:06 +10:00
Evan Hunt	d9aefcf5cb	[master] there are now 98 automatic zones	2015-05-16 10:07:17 -07:00
Tinderbox User	9ae1588020	update copyright notice / whitespace	2015-05-08 23:45:24 +00:00
Mukund Sivaraman	b947e1a521	Fix a bug in RPZ that could cause unwanted recursion (#39229 ) Conflicts: doc/arm/notes.xml	2015-05-07 08:29:36 +05:30
Tinderbox User	012142bbe0	update copyright notice / whitespace	2015-05-06 23:45:24 +00:00
Mark Andrews	fe76a64294	restore is_zone on return from redirect lookup [RT #37989b] (cherry picked from commit 1d405c1412b3a2e5aafb37ea55b332914246349e)	2015-05-07 08:32:42 +10:00
Tinderbox User	4e92a74ec4	update copyright notice / whitespace	2015-05-05 23:45:24 +00:00
Evan Hunt	9e804040a2	[master] add "rndc -r" to print result code 4115. [func] "rndc -r" now prints the result code (e.g., ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after running the requested command. [RT #38913]	2015-05-05 16:39:09 -07:00
Evan Hunt	d4ed608e0c	[master] Allow some tests to run partially if Net::DNS is unavailable	2015-05-05 08:33:09 -07:00
Mukund Sivaraman	8f25faf972	Fix a regression in radix tree implementation introduced by ECS code (#38983 )	2015-05-05 13:11:23 +05:30
Tinderbox User	6376559cd3	update copyright notice / whitespace	2015-05-04 23:45:23 +00:00
Evan Hunt	dc877b38a0	[master] check for Net::DNS 4113. [test] Check for Net::DNS is some system test prerequisites. [RT #39369]	2015-05-04 12:51:38 -07:00
Evan Hunt	1c02dd9dd9	[master] fix root-delegation-only without exclude 4112. [bug] Named failed to load when "root-delegation-only" was used without a list of domains to exclude. [RT #39380]	2015-05-04 12:44:10 -07:00
Tinderbox User	b299727c2e	update copyright notice / whitespace	2015-04-23 23:45:22 +00:00
Mark Andrews	c82b378115	4108. [func] A additional nxdomain redirect (nxdomain-redirect) method is now supported. [RT #37989]	2015-04-23 16:57:15 +10:00
Tinderbox User	37873c28de	update copyright notice / whitespace	2015-04-21 23:45:21 +00:00
Jeremy C. Reed	ae6b7bcd92	add some more files to cleanup after successful system test runs	2015-04-21 08:42:09 -04:00
Jeremy C. Reed	6c1e7a347f	add gitignore file	2015-04-21 08:37:12 -04:00
Mark Andrews	f1a261ba2d	4104. [bug] Address uninitialized elements. [RT #39252 ]	2015-04-17 14:04:47 +10:00
Mark Andrews	e834b30f7c	use awk for line count rather that wc -l which may space pad	2015-04-16 12:17:59 +10:00
Mark Andrews	c855e7170a	4100. [bug] Inherited owernames on the line immediately following a $INCLUDE were not working. [RT #39268]	2015-04-15 12:47:57 +10:00
Tinderbox User	a269ca51cc	update copyright notice / whitespace	2015-04-14 23:45:21 +00:00
Mukund Sivaraman	ac31adc3b7	Add additional logging about xfrin transfer status (#39170 )	2015-04-14 12:16:26 +05:30
Tinderbox User	1b0b6d7325	update copyright notice / whitespace	2015-04-07 23:45:23 +00:00
Evan Hunt	f28e5058c3	[master] dig can now learn the SIT value when retrying 4093. [func] Dig now learns the SIT value from truncated responses when it retries over TCP. [RT #39047]	2015-04-06 23:16:54 -07:00
Mark Andrews	febb020dce	4092. [bug] 'in-view' didn't work for zones beneath a empty zone. [RT #39173]	2015-04-07 13:21:33 +10:00
Tinderbox User	6e61135f10	update copyright notice / whitespace	2015-03-27 23:45:21 +00:00
Mukund Sivaraman	f9f81abff0	Fix a crash while parsing malformed CAA RRs in presentation format (#39003 )	2015-03-27 10:32:03 +05:30
Tinderbox User	811acf52b8	update copyright notice / whitespace	2015-03-04 23:45:21 +00:00
Mark Andrews	1b05d22789	4082. [bug] Incrementally sign large inline zone deltas. [RT #37927]	2015-03-05 09:59:29 +11:00
Mark Andrews	012ce6857e	use unique query names	2015-03-04 17:12:37 +11:00
Mark Andrews	2e0d8d74d7	handle daylight savings changes	2015-03-04 15:51:31 +11:00
Evan Hunt	7ae96d8823	[master] add "lock-file" and fix up singleton code 4080. [func] Completed change #4022, adding a "lock-file" option to named.conf to override the default lock file, in addition to the "named -X <filename>" command line option. Setting the lock file to "none" using either method disables the check completely. [RT #37908]	2015-03-02 19:27:54 -08:00
Tinderbox User	3d787a1213	update copyright notice / whitespace	2015-03-02 23:45:21 +00:00
Mukund Sivaraman	10dd5f62f2	Add support for Valgrind's helgrind tool (#38706 ) Also fix one locking issue that helgrind found: Maintain stats->lock while stats->reference is used.	2015-03-02 13:42:20 +05:30
Tinderbox User	5e93bad21b	update copyright notice / whitespace	2015-03-01 23:45:20 +00:00
Mark Andrews	0be58dd2da	add $DESCRIPTION	2015-02-28 00:10:56 +11:00
Mark Andrews	0382684a06	add $DESCRIPTION	2015-02-28 00:09:25 +11:00
Mark Andrews	326b84f20e	fix version tests	2015-02-27 17:01:25 +11:00
Mark Andrews	a8da00ef95	4079. [func] Preserve the case of the ownername of records to the RRset level. [RT #37442]	2015-02-27 15:08:38 +11:00
Mark Andrews	be9720ae2c	4077. [test] Add static-stub regression test for DS NXDOMAIN return making the static stub disappear. [RT #38564]	2015-02-27 12:46:45 +11:00
Tinderbox User	f159b7b5c7	update copyright notice / whitespace	2015-02-25 23:45:22 +00:00
Mukund Sivaraman	5a505fc4c2	Add facility to run system test nameds under Valgrind (#38546 )	2015-02-25 09:06:45 +05:30
Evan Hunt	bfc11b9c65	[master] additional mkeys tests 4065. [test] Additional RFC 5011 tests. [RT #38569]	2015-02-23 21:07:26 -08:00
Mark Andrews	2b4860c4dc	rt38571: handle Time::Piece not being supported by perl	2015-02-18 23:49:33 +11:00
Mark Andrews	82c6bce26a	ignore dig's result when expecting 'connection timed out'	2015-02-12 13:44:30 +11:00
Tinderbox User	f6bc0a8608	update copyright notice / whitespace	2015-02-11 23:45:25 +00:00
Mark Andrews	2ff2145ff5	4061. [bug] Handle timeout in legacy system test. [RT #38573 ]	2015-02-11 16:53:39 +11:00
Tinderbox User	d481ce8bba	update copyright notice / whitespace	2015-02-09 23:45:20 +00:00
Mark Andrews	dd06dbd512	add named.conf	2015-02-08 23:12:44 +11:00
Tinderbox User	8a1d7e8e8f	update copyright notice / whitespace	2015-02-07 23:45:20 +00:00
Mark Andrews	e10d453eb4	add crypto prerequisite	2015-02-08 08:16:54 +11:00
Tinderbox User	29756974c5	update copyright notice / whitespace	2015-02-06 23:45:21 +00:00
Evan Hunt	29beab1340	[master] fix "initialize with revoked key" test, add missing newline	2015-02-05 23:53:36 -08:00
Mark Andrews	b1de3a999c	use $PERL	2015-02-06 16:58:39 +11:00
Evan Hunt	591389c7d4	[master] 5011 tests and fixes 4056. [bug] Expanded automatic testing of trust anchor management and fixed several small bugs including a memory leak and a possible loss of key state information. [RT #38458] 4055. [func] "rndc managed-keys" can be used to check status of trust anchors or to force keys to be refreshed, Also, the managed keys data file has easier-to-read comments. [RT #38458]	2015-02-05 17:18:15 -08:00
Tinderbox User	39f68d7b64	update copyright notice / whitespace	2015-01-21 23:45:24 +00:00
Evan Hunt	2817aa56ca	[master] "rndc modzone" 4043. [func] "rndc modzone" can be used to modify the configuration of an existing zone, using similar syntax to "rndc addzone". [RT #37895]	2015-01-20 22:34:16 -08:00
Evan Hunt	ff62d4458a	[master] allow shared TCP sockets when connecting 4041. [func] TCP sockets can now be shared while connecting. (This will be used to enable client-side support of pipelined queries.) [RT #38231]	2015-01-20 17:22:31 -08:00
Evan Hunt	761d135ed6	[master] add TCP pipelining support 4040. [func] Added server-side support for pipelined TCP queries. TCP connections are no longer closed after the first query received from a client. (The new "keep-response-order" option allows clients to be specified for which the old behavior will still be used.) [RT #37821]	2015-01-20 16:14:09 -08:00
Tinderbox User	c110d61b17	update copyright notice / whitespace	2015-01-20 23:45:26 +00:00
Mark Andrews	f8eb4e5bfd	4037. [bug] also-notify was ignoring the tsig key when checking for duplicates resulting in some expected notify messages not being sent. [RT #38369]	2015-01-20 16:42:56 +11:00
Tinderbox User	2dd6ffb5cb	update copyright notice / whitespace	2015-01-12 23:45:21 +00:00
Mukund Sivaraman	a6f0e9c985	Add NTA persistence (#37087 ) 4034. [func] When added, negative trust anchors (NTA) are now saved to files (viewname.nta), in order to persist across restarts of the named server. [RT #37087]	2015-01-12 09:07:48 +05:30
Tinderbox User	f0cbe180f0	update copyright notice / whitespace	2015-01-10 23:45:22 +00:00
Mark Andrews	7952156995	4032. [bug] Built-in "empty" zones did not correctly inherit the "allow-transfer" ACL from the options or view. [RT #38310]	2015-01-10 22:01:42 +11:00
Tinderbox User	63b0524b96	update copyright notice / whitespace	2015-01-08 23:45:22 +00:00
Mark Andrews	d1f1f13c7f	4031. [bug] named-checkconf -z failed to report a missing file with a hint zone. [RT #38294]	2015-01-08 19:19:12 +11:00
Tinderbox User	b129f72d95	update copyright notice / whitespace	2015-01-07 23:45:22 +00:00
Evan Hunt	74eb2f5cbc	[master] rndc showzone / rndc delzone of non-added zones 4030. [func] "rndc delzone" is now applicable to zones that were configured in named.conf, as well as zones that were added via "rndc addzone". (Note, however, that if named.conf is not also modified, the deleted zone will return when named is reloaded.) [RT #37887] 4029. [func] "rndc showzone" displays the current configuration of a specified zone. [RT #37887]	2015-01-06 22:57:57 -08:00
Mark Andrews	b0c18fffd3	4028. [bug] $GENERATE with a zero step was not being caught as a error. A $GENERATE with a / but no step was not being caught as a error. [RT #38262]	2015-01-06 11:31:34 +11:00
Mark Andrews	511ec77fca	4027. [port] Net::DNS 0.81 compatibility. [RT #38165	2014-12-23 08:37:46 +11:00
Tinderbox User	84d939b211	update copyright notice / whitespace	2014-12-21 23:45:20 +00:00
Evan Hunt	5deda448e8	[master] fixes for singleton on hpux - hpux returns EADDRINUSE when listening on UDP sockets, so we need to check for that - also need to ensure that subsidiary named processes are shut down in the runtime system test	2014-12-20 00:31:54 -08:00
Evan Hunt	6963c6048f	[master] still needed another -X	2014-12-19 16:57:24 -08:00
Evan Hunt	8249f11121	[master] add -X to lwresd	2014-12-18 22:52:44 -08:00
Mark Andrews	ae454ec746	update copyrights	2014-12-19 10:35:15 +11:00
Mukund Sivaraman	47d837a499	Make named a singleton process [RT#37908] Conflicts: bin/tests/system/conf.sh.in lib/dns/win32/libdns.def.in lib/isc/win32/file.c The merge also needed to update files in legacy and tcp system tests (newly introduced in master after branch was created) to introduce use of lockfile.	2014-12-18 12:31:25 +05:30
Evan Hunt	be7fba8019	[master] adjust max-recursion-queries 4021. [bug] Adjust max-recursion-queries to accommodate the need for more queries when the cache is empty. [RT #38104]	2014-12-15 22:28:06 -08:00
Mukund Sivaraman	d225dec89f	Clean up after reclimit system test	2014-12-08 21:37:53 +05:30
Mark Andrews	39a5e136fb	skip subtest if cryptography not compiled in	2014-12-06 00:48:52 +11:00
Mark Andrews	017aa9aef6	4019. [func] If named is not configured to validate the answer then allow fallback to plain DNS on timeout even when we know the server supports EDNS. [RT #37978]	2014-12-05 17:47:26 +11:00
Mark Andrews	12065c231e	clean up intermediates	2014-12-05 08:28:15 +11:00
Mark Andrews	76b242bb77	pre-sign the zones	2014-12-05 07:28:29 +11:00
Tinderbox User	b9097be03b	update copyright notice / whitespace	2014-12-03 23:45:24 +00:00
Mark Andrews	693d70f96f	4017. [testing] Add system test to check lookups to legacy servers with broken DNS behaviour. [RT #37965]	2014-12-04 07:01:52 +11:00
Mark Andrews	ea3aa401bc	4015. [bug] Nameservers that are skipped due to them being CNAMEs were not being logged. They are now logged to category 'cname' as per BIND 8. [RT #37935]	2014-12-03 11:34:07 +11:00
Tinderbox User	a3d2295829	update copyright notice / whitespace	2014-12-02 23:45:23 +00:00
Mark Andrews	6444de08d1	4014. [bug] When including a master file origin_changed was not being properly set leading to a potentially spurious 'inherited owner' warning. [RT #37919]	2014-12-03 09:42:30 +11:00
Evan Hunt	aafd2f2637	[master] remove obsolete 'relay' test	2014-12-02 13:57:35 -08:00
Francis Dupont	5c5c6d289d	Add a TCP only option to server/peer	2014-12-02 14:17:59 +01:00
Tinderbox User	523ad879ce	update copyright notice / whitespace	2014-11-24 23:53:16 +00:00
Mark Andrews	d040fa2f1c	4011. [bug] master's list port and dscp inheritance was not properly implemented. [RT #37792]	2014-11-24 11:25:06 +11:00
Mark Andrews	7301df07cf	extend the permissible number of queries to 25 from 24	2014-11-24 10:20:39 +11:00
Evan Hunt	92384667ff	[master] delv +tcp 4009. [func] delv: added a +tcp option. [RT #37855]	2014-11-21 09:42:04 -08:00
Mark Andrews	d65fb496fb	use perl not awk to do serial additions	2014-11-21 18:08:04 +11:00
Tinderbox User	5d35f07318	update copyright notice / whitespace	2014-11-20 23:45:24 +00:00
Evan Hunt	05e448935c	[master] refactor max-recursion-queries - the counters weren't set correctly when fetches timed out. instead we now pass down a counter object.	2014-11-19 18:21:02 -08:00
Tinderbox User	4ccffa13aa	update copyright notice / whitespace	2014-11-19 23:45:22 +00:00
Mukund Sivaraman	077350a407	Add .gitignore	2014-11-19 15:03:01 +05:30
Evan Hunt	c4f54e5bd1	[master] add max-recursion-queries also fixes and documentation for max-recursion-depth	2014-11-18 22:02:02 -08:00
Mark Andrews	f9ee67d9ce	%zu is not universally available	2014-11-19 12:10:06 +11:00
Tinderbox User	e208712faa	update copyright notice / whitespace	2014-11-18 23:45:22 +00:00
Evan Hunt	3230429e17	[master] limit recursion depth and iterative queries 4006. [security] A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500). The recursion depth limit is configured via the "max-recursion-depth" option. [RT #35780]	2014-11-17 23:24:44 -08:00
Tinderbox User	11dc1b1508	update copyright notice	2014-11-17 23:45:20 +00:00
Evan Hunt	0ada3802ea	[master] awk portability fix	2014-11-17 12:22:18 -08:00
Evan Hunt	a0b4f6d952	[master] geoip security fixes 4003. [security] When geoip-directory was reconfigured during named run-time, the previously loaded GeoIP data could remain, potentially causing wrong ACLs to be used or wrong results to be served based on geolocation. [RT #37720] 4002. [security] Lookups in GeoIP databases that were not loaded could cause an assertion failure. [RT #37679] 4001. [security] The caching of GeoIP lookups did not always handle address families correctly, potentially resulting in an assertion failure. [RT #37672]	2014-11-16 08:43:22 -08:00
Evan Hunt	e32d354f75	[master] allow arbitrary-size rndc output 4005. [func] The buffer used for returning text from rndc commands is now dynamically resizable, allowing arbitrarily large amounts of text to be sent back to the client. (Prior to this change, it was possible for the output of "rndc tsig-list" to be truncated.) [RT #37731]	2014-11-14 15:58:54 -08:00
Mukund Sivaraman	16c86a4980	Update .gitgnore files (ISC-Bugs #37773 )	2014-11-11 11:47:02 +05:30
Tinderbox User	6d0a639bd0	update copyright notice	2014-11-06 23:45:21 +00:00
Evan Hunt	3cc8c7d630	[master] fix nxrrset in nxdomain redirection 4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET from the redirect zone. [RT #37722]	2014-11-04 23:49:56 -08:00
Evan Hunt	ce96d4326c	[master] new mkeys and nzf naming format 3999. [func] "mkeys" and "nzf" files are now named after their corresponding views, unless the view name contains characters that would be incompatible with use in a filename (i.e., slash, backslash, or capital letters). If a view name does contain these characters, the files will still be named using a cryptographic hash of the view name. Regardless of this, if a file using the old name format is found to exist, it will continue to be used. [RT #37704]	2014-11-04 19:43:27 -08:00
Mark Andrews	1feee79e1f	3997. [protocol] Add OPENGPGKEY record. [RT# 37671]	2014-11-04 12:24:39 +11:00
Tinderbox User	12b386e1a6	update copyright notice	2014-10-30 23:45:21 +00:00
Mark Andrews	0f5144163c	3993. [func] Dig now supports EDNS negotiation by default. (dig +[no]ednsnegotiation). [RT #37604]	2014-10-30 23:13:12 +11:00
Mark Andrews	00fb0253c9	3991. [func] Add the ability to buffer logging output by specifying "buffered yes;" when defining a channel. [RT #26561]	2014-10-30 11:37:05 +11:00
Mark Andrews	a5c7cfbac4	3990. [testing] Add tests for unknown DNSSEC algorithm handling. [RT #37541]	2014-10-30 11:05:26 +11:00
Tinderbox User	6932de75ef	update copyright notice	2014-10-21 23:45:24 +00:00
Mark Andrews	4140a96f22	3987. [func] Allow the zone serial of a dynamically updatable zone to be updated via rndc. [RT #37404]	2014-10-21 18:15:42 +11:00
Evan Hunt	498b061031	[master] allow 1-week nta-lifetime/nta-recheck 3983. [bug] Change #3940 was incomplete: negative trust anchors could be set to last up to a week, but the "nta-lifetime" and "nta-recheck" options were still limted to one day. [RT #37522]	2014-10-20 13:40:17 -07:00
Evan Hunt	7cf2122e0d	[master] change 3977 altered expected linecount from secroots	2014-10-18 16:50:32 -07:00
Mark Andrews	72775a79fe	3981. [bug] Cache DS/NXDOMAIN independently of other query types. [RT #37467]	2014-10-18 13:09:09 +11:00
Mark Andrews	44ef2206d7	allow for the set of ttls to be empty	2014-10-16 14:46:44 +11:00
Mark Andrews	d9aaf7acce	make test more robust in the face of server failures	2014-10-16 12:34:12 +11:00
Evan Hunt	1cbc394e7c	[master] add redirect zone to checkconf -z test	2014-10-09 18:30:34 -07:00
Evan Hunt	ca0ee90361	[master] turn off servfail cache in masterformat test	2014-10-09 09:30:46 -07:00
Mark Andrews	c81d56c03e	3971. [bug] Reduce the cascasding failures due to a bad $TTL line in named-checkconf / named-checkzone. [RT #37138]	2014-10-05 08:29:34 +11:00
Mark Andrews	39fb5f2a5d	verifying inline zones work with views requires crypto to be configured	2014-10-04 18:06:04 +10:00
Evan Hunt	12002ea49e	[master] add delv system test 3969. [test] Added 'delv' system test. [RT #36901]	2014-10-02 22:37:20 -07:00
Tinderbox User	7a3f584cfc	update copyright notice	2014-10-02 23:45:25 +00:00
Mark Andrews	b24061719c	3967. [test] Add test for inlined signed zone in multiple views with different DNSKEY sets. [RT #35759]	2014-10-03 07:59:44 +10:00
Mark Andrews	a837c939c4	SIG(0) update forwarding testing requires crypto be configured	2014-10-02 11:07:01 +10:00
Mark Andrews	ed1c845c1d	3964. [func] nsupdate now performs check-names processing. [RT #36266]	2014-10-02 09:35:43 +10:00
Evan Hunt	7b04216015	[master] improve dlzexternal test 3963. [test] Added NXRRSET test cases to the "dlzexternal" system test. [RT #37344]	2014-09-30 17:08:12 -07:00
Tinderbox User	be484acb22	update copyright notice	2014-09-30 23:45:22 +00:00
Mark Andrews	ffeaac1d82	3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with BADSIG. [RT #37216]	2014-10-01 07:24:16 +10:00
Mark Andrews	c83b91fb63	3960. [bug] 'dig +sigchase' could loop forever. [RT #37220 ]	2014-10-01 07:06:20 +10:00
Tinderbox User	2fb35a6d59	update copyright notice	2014-09-29 23:45:24 +00:00
Mark Andrews	4bc581ca31	use RANDFILE rather than /dev/urandom	2014-09-29 23:39:07 +10:00
Mark Andrews	1c5990c2f9	3958. [bug] Detect when writeable files have multiple references in named.conf. [RT #37172]	2014-09-29 12:10:10 +10:00
Mark Andrews	80169c379d	3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384. [RT #37183]	2014-09-29 10:18:54 +10:00
Mark Andrews	10c12aa549	3956. [func] Notify messages are now rate limited by notify-rate and startup-notify-rate instead of serial-query-rate. [RT #24454] 3955. [bug] Notify messages due to changes are no longer queued behind startup notify messages. [RT #24454]	2014-09-29 10:01:08 +10:00
Mark Andrews	9a36fb86f5	3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159 ]	2014-09-27 12:14:20 +10:00
Mark Andrews	27cd03a21c	use more portable awk	2014-09-19 15:00:18 +10:00
Mark Andrews	06e28e50bd	give the nameserver a little longer to response	2014-09-18 10:06:48 +10:00
Mark Andrews	1a5f84d56a	UNTESTED -> SKIPPED	2014-09-16 23:49:52 +10:00
Mark Andrews	3867312e4c	3951. [func] Add the ability to set yet-to-be-defined EDNS flags to dig (+ednsflags=#). [RT #37142]	2014-09-13 19:13:59 +10:00
Tinderbox User	2c69f767d6	update copyright notice	2014-09-10 23:45:21 +00:00
Mark Andrews	947cf282a7	3949. [experimental] Experimental support for draft-andrews-edns1 by sending EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when building). Add support for limiting the EDNS version advertised to servers: server { edns-version 0; }; Log the EDNS version received in the query log. [RT #35864]	2014-09-10 15:31:40 +10:00
Mark Andrews	5c420ccc29	drop 'I:send many simultaneous updates via a update forwarder' test until re-written using perl	2014-09-07 22:08:45 +10:00
Mark Andrews	76a17033db	also fix the expected count	2014-09-07 20:24:59 +10:00
Mark Andrews	48179343c2	reduce number of nsupdates being simultaeously forked	2014-09-07 20:24:14 +10:00
Mark Andrews	8aa098c633	update copyrights	2014-09-06 09:38:48 +10:00
Evan Hunt	c9e976dc43	[master] [rt37057] server-id tests 3944. [test] Added a regression test for "server-id". [RT #37057]	2014-09-04 18:18:36 -07:00
Tinderbox User	948c80ffa8	update copyright notice	2014-09-04 23:45:24 +00:00
Evan Hunt	a878301981	[master] servfail cache 3943. [func] SERVFAIL responses can now be cached for a limited time (configured by "servfail-ttl", default 10 seconds, limit 30). This can reduce the frequency of retries when an authoritative server is known to be failing, e.g., due to ongoing DNSSEC validation problems. [RT #21347]	2014-09-03 23:28:14 -07:00
Mark Andrews	fec7998314	3942. [bug] Wildcard responses from a optout range should be marked as insecure. [RT #37072]	2014-09-04 13:57:50 +10:00
Evan Hunt	c3d0221104	[master] oops, nta lifetime change broke dnssec test	2014-09-03 20:51:32 -07:00
Evan Hunt	3d066288ad	[master] [rt37069] update NTA limit to a week 3940. [func] "rndc nta" now allows negative trust anchors to be set for up to one week. [RT #37069]	2014-09-03 19:00:03 -07:00
Mark Andrews	74717eef53	3939. [func] Improve UPDATE forwarding performance by allowing TCP connections to be shared. [RT #37039]	2014-09-04 10:37:45 +10:00
Mark Andrews	1a63fb1d14	update copyrights	2014-08-30 12:27:49 +10:00
Tinderbox User	3278ff814d	update copyright notice	2014-08-29 23:45:22 +00:00
Evan Hunt	d46855caed	[master] ECS authoritative support 3936. [func] Added authoritative support for the EDNS Client Subnet (ECS) option. ACLs can now include "ecs" elements which specify an address or network prefix; if an ECS option is included in a DNS query, then the address encoded in the option will be matched against "ecs" ACL elements. Also, if an ECS address is included in a query, then it will be used instead of the client source address when matching "geoip" ACL elements. This behavior can be overridden with "geoip-use-ecs no;". When "ecs" or "geoip" ACL elements are used to select a view for a query, the response will include an ECS option to indicate which client network the answer is valid for. (Thanks to Vincent Bernat.) [RT #36781]	2014-08-28 22:05:57 -07:00
Evan Hunt	180319f572	[master] fix geoip asnum matching 3935. [bug] "geoip asnum" ACL elements would not match unless the full organization name was specified. They can now match against the AS number alone (e.g., AS1234). [RT #36945]	2014-08-28 21:40:32 -07:00
Mark Andrews	7c73ac5e13	3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve sit-secrets documentation. [RT #36980]	2014-08-29 14:35:21 +10:00
Evan Hunt	0c2313eb36	[master] fixes to checkconf test, HIP casecompare 3933. [bug] Corrected the implementation of dns_rdata_casecompare() for the HIP rdata type. [RT #36911] 3932. [test] Improved named-checkconf tests. [RT #36911]	2014-08-27 21:36:13 -07:00
Evan Hunt	74745c760c	[master] "rndc nta -r" could hang 3930. [bug] "rndc nta -r" could cause a server hang if the NTA was not found. [RT #36909]	2014-08-25 18:01:26 -07:00
Tinderbox User	fea81a5e0e	update copyright notice	2014-08-22 23:45:27 +00:00
Evan Hunt	087b3e8d90	[master] add to rndc test 3928. [test] Improve rndc system test. [RT #36898]	2014-08-22 16:41:57 -07:00
Mark Andrews	840d6a4614	3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917	2014-08-22 16:32:19 +10:00
Mark Andrews	cef76ee5bd	3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833 ]	2014-08-22 15:45:40 +10:00
Tinderbox User	5165c59007	update copyright notice	2014-08-21 23:45:22 +00:00
Mark Andrews	f5695ad0e1	3917. [bug] dig, nslookup and host now continue on names that are too long after applying a search list elements. [RT #36892]	2014-08-21 18:05:55 +10:00
Tinderbox User	aebd0e85bf	update copyright notice	2014-08-15 23:45:20 +00:00
Jeremy C. Reed	821350367e	fix typos or misspellings	2014-08-15 10:35:31 -05:00
Tinderbox User	cd14665cdf	update copyright notice	2014-08-07 23:45:19 +00:00
Evan Hunt	cfe32752a6	[master] [36737] allow zero-length URI and CAA fields 3914. [bug] Allow the URI target and CAA value fields to be zero length. [RT #36737]	2014-08-06 17:40:42 -07:00
Tinderbox User	1e7501fe07	update copyright notice	2014-08-06 23:45:23 +00:00
Mark Andrews	43b9737b11	3911. [func] Implement EDNS EXPIRE option client side. [RT #35925 ]	2014-08-06 11:50:40 +10:00
Tinderbox User	79bb509936	update copyright notice	2014-08-02 23:45:21 +00:00
Mark Andrews	c38341ec43	3908. [bug] rndc now differentiates between a zone in multiple views and a zone that doesn't exist at all. [RT #36691]	2014-08-02 14:43:26 +10:00
Mark Andrews	f2a91da02e	adjust range	2014-07-31 20:32:50 +10:00
Tinderbox User	d1b499c827	update copyright notice	2014-07-29 23:45:20 +00:00
Evan Hunt	2383eb5272	[master] add CAA rdata support 3056. [protocol] Added support for CAA record type (RFC 6844). [RT #36625]	2014-07-29 08:40:35 -07:00
Mark Andrews	275a8affe7	3899. [bug] "request-ixfr" is only applicable to slave and redirect zones. [RT #36608]	2014-07-25 14:23:14 +10:00
Mark Andrews	ac5ed74860	3897. [bug] RPZ summary information was not properly being updated after a AXFR resulting in changes sometimes being ignored. [RT #35885]	2014-07-22 10:57:58 +10:00
Mark Andrews	39cad8fb7d	update copyrights	2014-07-08 12:40:40 +10:00
Mark Andrews	fce704e751	rename dnssec/ns7/split-rrsig.in	2014-07-08 11:12:32 +10:00
Mark Andrews	3c13af3759	3892. [bug] Setting '-t aaaa' in .digrc had unintended side effects. [RT #36452]	2014-07-08 02:00:28 +10:00
Mark Andrews	63e1ac1e09	3890. [bug] RRSIG sets that were not loaded in a single transaction at start up where not being correctly added to re-signing heaps. [RT #36302]	2014-07-07 12:05:01 +10:00
Mark Andrews	6f6b7781d5	save the output of rndc nta so that it can be analysed if there is a failure; more cleanups	2014-06-30 11:41:09 +10:00
Mark Andrews	62275d5306	make test for nsec3param more robust	2014-06-27 15:50:51 +10:00
Mark Andrews	b05ef7092f	update nta failure messages	2014-06-27 11:53:39 +10:00
Mark Andrews	284f6435c2	adjust NTA test timing windows to support slower machines; self tune sleeps bases of actual elapsed time;	2014-06-26 13:37:50 +10:00
Tinderbox User	9f8df2d75c	update copyright notice	2014-06-25 23:45:21 +00:00
Mark Andrews	7205cd2db7	cleanup nsupdate.out	2014-06-25 16:16:34 +10:00
Mark Andrews	eca15167ac	dump unexpected update failures	2014-06-25 16:12:25 +10:00
Mark Andrews	33399d6a14	3888. [func] 'rndc status' now reports the number of automatic zones. [RT #36015]	2014-06-25 13:17:03 +10:00
Mark Andrews	70ee770c69	Net::DNS 0.78 should work when it is released as it contains: Fix rt.cpan.org #96439 Uninitialised decoding object when printing packet	2014-06-25 01:01:50 +10:00
Mark Andrews	1c95f67232	use $PERL	2014-06-24 13:50:14 +10:00
Tinderbox User	5a31767b09	update copyright notice	2014-06-19 23:45:23 +00:00
Evan Hunt	cac2181160	[master] CDS/CDNSKEY rrtypes 3884. [protocol] Add CDS and CDNSKEY record types. [RT #36333]	2014-06-19 00:35:11 -07:00
Evan Hunt	b8a9632333	[master] complete NTA work 3882. [func] By default, negative trust anchors will be tested periodically to see whether data below them can be validated, and if so, they will be allowed to expire early. The "rndc nta -force" option overrides this behvaior. The default NTA lifetime and the recheck frequency can be configured by the "nta-lifetime" and "nta-recheck" options. [RT #36146]	2014-06-18 16:50:38 -07:00
Tinderbox User	636aadbfe4	update copyright notice	2014-06-17 23:45:20 +00:00
Evan Hunt	a4e76a630e	[master] update gitignore files; use rev-parse to get srcid	2014-06-17 13:49:30 -07:00
Mark Andrews	a0d411c05f	3880. [test] Update ans.pl to work with new TSIG support in Net::DNS; add additional Net::DNS version prerequisite checks. [RT #36327]	2014-06-17 10:35:46 +10:00
Evan Hunt	56510cd031	[master] null terminate strings for coverity	2014-06-16 15:30:11 -07:00
Mark Andrews	48789995c1	use $NSUPDATE	2014-06-15 18:35:19 +10:00
Mark Andrews	f9e47cfe4f	Net::DNS 0.76 broke the handling of some packets	2014-06-14 10:11:06 +10:00
Mark Andrews	1881aea774	fix test to see if $PERL is set (cherry picked from commit 44f0f310d41acc5c772d38353fe35ddacb3fee80)	2014-06-13 11:47:23 +10:00
Mark Andrews	d4a98c0fb7	die if $Net::DNS::VERSION >= 0.73	2014-06-13 11:25:32 +10:00
Evan Hunt	fb710168ef	[master] use correct shared library suffix	2014-06-12 17:06:23 -07:00
Tinderbox User	4ded8003e3	update copyright notice	2014-06-12 23:45:22 +00:00
Evan Hunt	06e0d6bb12	[master] address rpz bugs 3877. [bug] Inserting and deleting parent and child nodes in response policy zones could trigger an assertion failure. [RT #36272]	2014-06-11 20:00:19 -07:00
Mark Andrews	9c2cf9e201	update copyrights	2014-06-11 10:28:09 +10:00
Evan Hunt	8d8f9f7f86	[master] suppress unnecessary db lookups in DLZ redirect zones 3876. [bug] Improve efficiency of DLZ redirect zones by suppressing unnecessary database lookups. [RT #35835]	2014-06-10 16:25:26 -07:00
Mark Andrews	20dec973da	4. [test] Check that only "check-names master" is needed for updates to be accepted.	2014-06-10 13:48:57 +10:00
Mark Andrews	32a1fd3dd2	update spf check	2014-06-10 12:28:33 +10:00
Mark Andrews	3b187cad7a	3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210 ]	2014-06-10 09:32:43 +10:00
Mukund Sivaraman	79d27f505a	[35063] Don't publish an activated key automatically before its publish time	2014-06-04 14:31:42 +05:30
Mark Andrews	ab6fd5e892	initialise matches	2014-06-02 13:53:59 +10:00
Mark Andrews	5360986092	set max	2014-06-02 13:42:58 +10:00
Mark Andrews	3a26e75e3c	accept a range of stats values	2014-06-02 08:15:47 +10:00
Evan Hunt	0cfb247368	[master] rndc nta 3867. [func] "rndc nta" can now be used to set a temporary negative trust anchor, which disables DNSSEC validation below a specified name for a specified period of time (not exceeding 24 hours). This can be used when validation for a domain is known to be failing due to a configuration error on the part of the domain owner rather than a spoofing attack. [RT #29358]	2014-05-29 22:22:53 -07:00
Mark Andrews	536da846f6	update copyrights	2014-05-30 09:41:33 +10:00
Mark Andrews	44b0e0b1d5	More changes for: 3864. [bug] RPZ didn't work well when being used as forwarder. [RT #36060]	2014-05-30 08:41:27 +10:00
Mark Andrews	3d75189141	3864. [bug] RPZ didn't work well when being used as forwarder. [RT #36060]	2014-05-29 17:02:10 +10:00
Mark Andrews	4694229f60	make a explict edns query so this subtest is independent of other tests	2014-05-29 10:46:44 +10:00
Mark Andrews	800d25b848	3863. [bug] The "E" flag was missing from the query log as a unintended side effect of code rearrangement to support EDNS EXPIRE. [RT #36117]	2014-05-29 08:04:55 +10:00
Tinderbox User	284d5252c1	update copyright notice	2014-05-15 23:45:22 +00:00
Mark Andrews	01f881c1c5	3849. [bug] Disabling forwarding could trigger a REQUIRE assertion. [RT #35979]	2014-05-15 16:54:32 +10:00
Mark Andrews	69530009f1	use portable awk	2014-05-15 00:34:17 +10:00
Mark Andrews	05816676bb	3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP ixfr query. [RT #35980]	2014-05-14 09:59:02 +10:00
Mark Andrews	733898cffe	use sub second sleeps for prefetch disabled test	2014-05-09 15:00:36 +10:00
Mark Andrews	151759e7b7	address suspected race in system test for 'named -L'	2014-05-08 11:10:04 +10:00
Tinderbox User	c381ccf794	update copyright notice	2014-05-07 23:45:21 +00:00
Evan Hunt	60988462e5	[master] use posix-compatible shell in system tests 3839. [test] Use only posix-compatible shell in system tests. [RT #35625]	2014-05-06 22:06:04 -07:00
Mark Andrews	b36fc8294e	3837. [security] A NULL pointer is passed to query_prefetch resulting a REQUIRE assertion failure when a fetch is actually initiated. [ RT #35899] Squashed commit of the following: commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00 Author: Mukund Sivaraman <muks@isc.org> Date: Sun May 4 22:34:34 2014 +0530 Fix a comment commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03 Author: Mark Andrews <marka@isc.org> Date: Sun May 4 23:34:25 2014 +1000 pass the correct name to query_prefetch	2014-05-05 10:12:12 +10:00
Evan Hunt	c0c4512020	[master] fixed geoip elements in named ACLs 3835. [bug] Geoip ACL elements didn't work correctly when referenced via named or nested ACLs. [RT #35879]	2014-04-30 20:21:56 -07:00
Mark Andrews	f09f1bf18e	fix filter-aaaa system test to work when crypto is disabled	2014-05-01 12:28:50 +10:00
Mark Andrews	5b56f2e3cc	zero pad date and month fields	2014-05-01 11:41:32 +10:00
Mark Andrews	c2abd6efeb	update copyrights	2014-05-01 10:00:00 +10:00
Mark Andrews	96f07724d6	use SKIPPED exit code (255)	2014-05-01 00:33:11 +10:00
Mark Andrews	0172c9fc2c	use +nottlid	2014-04-30 15:53:37 +10:00
Evan Hunt	44613d4d86	[master] named -L option for default logfile 3832. [func] "named -L <filename>" causes named to send log messages to the specified file by default instead of to the system log. (Thanks to Tony Finch.) [RT #35845]	2014-04-29 17:17:03 -07:00
Tinderbox User	f6ea2b1d09	update copyright notice	2014-04-29 23:45:21 +00:00
Evan Hunt	b4ba66ba1e	[master] "dnssec-signzone -N date" 3827. [func] "dnssec-signzone -N date" updates serial number to the current date in YYYYMMDDNN format. [RT #35800]	2014-04-29 16:29:20 -07:00
Mark Andrews	e54767a3c9	change exit code	2014-04-29 22:57:15 +10:00
Mark Andrews	1a158ef6ee	fix testsock6.pl (cherry picked from commit `660195a82c`)	2014-04-29 19:15:55 +10:00
Evan Hunt	54267016bc	[master] add geoip and filter-aaaa to SUBDIRS	2014-04-28 22:41:13 -07:00
Tinderbox User	06081a0d61	update copyright notice	2014-04-25 23:45:21 +00:00
Evan Hunt	aefb3e308b	[master] better DDNS in DLZ; mysqldyn 3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic update and transaction support. Thanks to Marty Lee for the contribution. [RT #35656] 3820. [func] The DLZ API doesn't pass the database version to the lookup() function; this can cause DLZ modules that allow dynamic updates to mishandle prerequisite checks. This has been corrected by adding a 'dbversion' field to the dns_clientinfo_t structure. [RT #35656]	2014-04-25 13:06:30 -07:00
Mark Andrews	36e5ac0033	3819. [bug] NSEC3 hashes need to be able to be entered and displayed without padding. This is not a issue for currently defined algorithms but may be for future hash algorithms. [RT #27925]	2014-04-24 18:58:03 +10:00
Evan Hunt	2ae159b376	[master] globally rename "delve" to "delv" 3817. [func] The "delve" command is now spelled "delv" to avoid a namespace collision with the Xapian project. [RT #35801]	2014-04-23 11:14:12 -07:00
Tinderbox User	953189d30e	update copyright notice	2014-04-22 23:45:19 +00:00
Evan Hunt	ec3b216506	[master] masterfile-style 3814. [func] The "masterfile-style" zone option controls the formatting of dumped zone files. Options are "relative" (multiline format) and "full" (one record per line). The default is "relative". [RT #20798]	2014-04-17 17:10:29 -07:00
Evan Hunt	7318bbc262	[master] serial-update-method date; 3811. [func] "serial-update-method date;" sets serial number on dynamic update to today's date in YYYYMMDDNN format. (Thanks to Bradley Forschinger.) [RT #24903]	2014-04-17 16:05:50 -07:00
Evan Hunt	92fe6db3e4	[master] use test -r in system tests 3806. [test] Improved system test portability. [RT #35625]	2014-04-09 20:29:52 -07:00
Evan Hunt	baad8d9fd8	[master] allow null "file" for DLZ or alternate db zones 3803. [bug] "named-checkconf -z" incorrectly rejected zones using alternate data sources for not having a "file" option. [RT #35685]	2014-04-07 13:29:56 -07:00
Mark Andrews	5b60bde47b	use perl	2014-04-07 21:53:47 +10:00
Mark Andrews	a4941d6b5e	update check the correct resigning time is reported in zonestatus test to be more portable	2014-04-07 11:50:50 +10:00
Mark Andrews	0dfd942409	3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing time. [RT #35659]	2014-04-04 11:33:49 +11:00
Tinderbox User	180d8b0eec	update copyright notice	2014-03-30 23:46:03 +00:00
Mukund Sivaraman	ef9334d745	3795. [bug] Make named-checkconf detect raw masterfiles for hint zones and reject them. [RT #35268] Squashed commit of the following: commit 5b0254711d6b77940d6217b9131b9d401df8a866 Author: Mukund Sivaraman <muks@isc.org> Date: Fri Mar 28 02:09:01 2014 +0530 Remove redundant helper function commit a4341c1a2ba830c8cee1def57a533f987f67c3dc Author: Mark Andrews <marka@isc.org> Date: Thu Jan 30 10:08:17 2014 +1100 error out if masterfile-format raw is specified for a hint zone.	2014-03-31 04:55:37 +05:30
Evan Hunt	22e29471c7	[master] check allow-update in view/options 3787. [bug] The code that checks whether "auto-dnssec" is allowed was ignoring "allow-update" ACLs set at the options or view level. [RT #29536]	2014-03-12 21:36:01 -07:00
Mark Andrews	6f49db82ab	calling $TSIGKEYGEN doesn't work with libtool.	2014-03-13 15:11:46 +11:00
Tinderbox User	0add14467b	update copyright notice	2014-03-12 23:46:05 +00:00
Evan Hunt	89740699cd	[master] fixed 'fixed' 3784. [bug] Using "rrset-order fixed" when it had not been enabled at compile time caused inconsistent results. It now works as documented, defaulting to cyclic mode. [RT #28104]	2014-03-12 08:45:44 -07:00
Evan Hunt	46bc64f4b1	[master] tsig-keygen 3783. [func] "tsig-keygen" is now available as an alternate command name for "ddns-confgen". It generates a TSIG key in named.conf format without comments. [RT #35503]	2014-03-12 08:29:15 -07:00
Mark Andrews	bab2bf7dfd	expr length arg is not portable	2014-03-12 13:59:41 +11:00
Evan Hunt	62258ada48	[master] auto-generate salt 3781. [func] Specifying "auto" as the salt when using "rndc signing -nsec3param" causes named to generate a 64-bit salt at random. [RT #35322]	2014-03-11 08:46:58 -07:00
Evan Hunt	7b46a4aa41	[master] fix negative numbers in $GENERATE 3780. [bug] $GENERATE handled negative numbers incorrectly. [RT #25528]	2014-03-10 11:55:32 -07:00
Tinderbox User	e9c7fe450e	update copyright notice	2014-03-06 23:46:08 +00:00
Evan Hunt	741dfd3ccd	[master] tests directory cleanup	2014-03-06 11:11:27 -08:00
Tinderbox User	8ab8cd1fa6	update copyright notice	2014-03-01 23:46:15 +00:00
Evan Hunt	ec88c1fdff	[master] capture stderr in systests.output - also tidied up runall.sh summary output	2014-02-28 21:59:28 -08:00
Evan Hunt	98922b2b2b	[master] merge several interdependent fixes 3760. [bug] Improve SIT with native PKCS#11 and on Windows. [RT #35433] 3759. [port] Enable delve on Windows. [RT #35441] 3758. [port] Enable export library APIs on windows. [RT #35382]	2014-02-26 19:00:05 -08:00
Evan Hunt	061f61dd3b	[master] add files omitted from coverage test	2014-02-26 08:54:21 -08:00
Evan Hunt	3a01ded15d	[master] enable windows python tools 3757. [port] Enable Python tools (dnssec-coverage, dnssec-checkds) to run on Windows. [RT #34355]	2014-02-26 08:43:50 -08:00
Mark Andrews	cc00679829	wait for zone to transfer	2014-02-23 14:06:15 +11:00
Evan Hunt	999926955b	[master] fix test error	2014-02-21 08:05:40 -08:00
Tinderbox User	20a96edbf9	update copyright notice	2014-02-20 23:46:35 +00:00
Mark Andrews	caac342072	add @ISC_OPENSSL_LIBS@	2014-02-21 00:35:22 +11:00
Mark Andrews	16134801ce	3750. [experimental] Partially implement EDNS EXPIRE option as described in draft-andrews-dnsext-expire-00. Retrivial of remaining time to expiry from slave zones is supported. EXPIRE uses an experimental option code (65002) and is subject to change. [RT #35416]	2014-02-20 14:56:20 +11:00
Mark Andrews	86a85a3bbd	don't error on rpz percentage checks as they fail inconsistently on virtual machines	2014-02-20 12:22:14 +11:00
Mark Andrews	e676a59686	update copyrights	2014-02-20 10:53:11 +11:00
Mark Andrews	7e2e41df67	3748. [func] Use delve to test dns_client interfaces. [RT #35383 ]	2014-02-19 19:33:21 +11:00
Evan Hunt	35f6a21f5f	[master] max-zone-ttl 3746. [func] New "max-zone-ttl" option enforces maximum TTLs for zones. If loading a zone containing a higher TTL, the load fails. DDNS updates with higher TTLs are accepted but the TTL is truncated. (Note: Currently supported for master zones only; inline-signing slaves will be added.) [RT #38405]	2014-02-18 23:26:50 -08:00
Mark Andrews	b5f6271f4d	3744. [experimental] SIT: send and process Source Identity Tokens (which are similar to DNS Cookies by Donald Eastlake) and are designed to help clients detect off path spoofed responses and for servers to detect legitimate clients. SIT use a experimental EDNS option code (65001). SIT can be enabled via --enable-developer or --enable-sit. It is on by default in Windows. RRL processing as been updated to know about SIT with legitimate clients not being rate limited. [RT #35389]	2014-02-19 12:53:42 +11:00
Tinderbox User	3fd910dec5	update copyright notice	2014-02-17 23:46:29 +00:00
Evan Hunt	5efcb3a3e2	[master] fix test errors - require 5.006_001 - cut off the least significant figures of rrsig dates before comparison to avoid integer overflow	2014-02-17 08:40:02 -08:00
Evan Hunt	7ba88e2a95	[master] fix dnssec test errors	2014-02-16 14:14:56 -08:00
Evan Hunt	72fd845d5a	[master] remove accidentally committed changes	2014-02-16 13:59:19 -08:00
Evan Hunt	792915beb0	[master] fix accidental dig breakage	2014-02-16 13:42:42 -08:00
Evan Hunt	dbb012765c	[master] merge libiscpk11 to libisc 3735. [cleanup] Merged the libiscpk11 library into libisc to simplify dependencies. [RT #35205]	2014-02-11 21:20:28 -08:00
Tinderbox User	6874b16e4a	update copyright notice	2014-02-10 23:46:26 +00:00
Mark Andrews	d7729155df	3734. [bug] Improve building with libtool. [RT #35314 ]	2014-02-10 15:01:06 +11:00
Tinderbox User	81f58902eb	update copyright notice	2014-02-07 23:46:39 +00:00
Mark Andrews	2870ee1fe5	use exit 255	2014-02-08 09:43:16 +11:00
Mark Andrews	0584ab7e9c	#include <isc/util.h>	2014-02-07 16:46:11 +11:00
Evan Hunt	7983f6f77a	[master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2014-02-06 19:41:48 -08:00
Evan Hunt	166341d554	[master] add no-case-compress 3731. [func] Added a "no-case-compress" ACL, which causes named to use case-insensitive compression (disabling change #3645) for specified clients. (This is useful when dealing with broken client implementations that use case-sensitive name comparisons, rejecting responses that fail to match the capitalization of the query that was sent.) [RT #35300]	2014-02-06 19:37:26 -08:00
Mark Andrews	a928b54fa9	silence unused parameter	2014-02-07 11:47:32 +11:00
Evan Hunt	a165a17a81	[master] dnssec-keygen fixes 3730. [cleanup] Added "never" as a synonym for "none" when configuring key event dates in the dnssec tools. [RT #35277] 3729. [bug] dnssec-kegeyn could set the publication date incorrectly when only the activation date was specified on the command line. [RT #35278]	2014-02-06 15:59:14 -08:00
Tinderbox User	7fa75f8e0e	update copyright notice	2014-02-06 23:46:25 +00:00
Tinderbox User	0666e6db54	update copyright notice	2014-01-31 23:46:22 +00:00
Evan Hunt	d0803df331	[master] fixed geoip in blackhole ACLs 3722. [bug] Using geoip ACLs in a blackhole statement could cause a segfault. [RT #35272]	2014-01-30 17:03:32 -08:00
Tinderbox User	04b5785fde	update copyright notice	2014-01-29 23:46:19 +00:00
Mark Andrews	75d747e1c5	3719. [bug] Address memory leak in in peer.c. [RT #35255 ]	2014-01-30 07:54:52 +11:00
Mark Andrews	61932ed917	copyright cleanups	2014-01-29 14:05:46 +11:00
Tinderbox User	aa7b16ec2a	update copyright notice	2014-01-21 23:46:16 +00:00
Evan Hunt	d58e33bfab	[master] testcrypto.sh in system tests 3714. [test] System tests that need to test for cryptography support before running can now use a common "testcrypto.sh" script to do so. [RT #35213]	2014-01-20 16:08:09 -08:00
Evan Hunt	e45d0508c3	[master] skip unnecesary also-notify data 3713. [bug] Save memory by not storing "also-notify" addresses in zone objects that are configured not to send notify requests. [RT #35195]	2014-01-20 15:53:51 -08:00
Tinderbox User	dfd5f3b388	update copyright notice	2014-01-18 23:46:13 +00:00
Evan Hunt	12bf5d4796	[master] address several issues with native pkcs11	2014-01-18 11:51:07 -08:00
Tinderbox User	c0682c2367	update copyright notice	2014-01-17 23:46:32 +00:00
Francis Dupont	e02659b241	applied emacs filled-paragraph (ESC-q) to reindent SUBDIRS	2014-01-17 14:14:30 +01:00
Tinderbox User	1633aead67	update copyright notice	2014-01-16 23:46:28 +00:00
Mark Andrews	db8938c993	3710. [bug] Address double dns_zone_detach when switching to using automatic empty zones from regular zones. [RT #35177]	2014-01-17 10:04:16 +11:00
Evan Hunt	5760095601	[master] skip xfer test with Net::DNS 0.73	2014-01-16 09:50:23 -08:00
Francis Dupont	6080262ffe	add iscpk11 dep in lwresd system test	2014-01-16 16:06:04 +01:00
Mark Andrews	e20788e121	update copyrights	2014-01-16 15:19:24 +11:00
Tinderbox User	bf0266f286	update copyright notice	2014-01-14 23:46:22 +00:00
Evan Hunt	ba751492fc	[master] native PKCS#11 support 3705. [func] "configure --enable-native-pkcs11" enables BIND to use the PKCS#11 API for all cryptographic functions, so that it can drive a hardware service module directly without the need to use a modified OpenSSL as intermediary (so long as the HSM's vendor provides a complete-enough implementation of the PKCS#11 interface). This has been tested successfully with the Thales nShield HSM and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031]	2014-01-14 15:40:56 -08:00
Mark Andrews	07fb9b8330	3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185 ]	2014-01-14 16:12:30 +11:00
Tinderbox User	2cf1d5b098	update copyright notice	2014-01-12 23:46:23 +00:00
Mark Andrews	fb756ba304	3703. [func] Prefetch about to expire records if they are queried for, see prefetch option for details. [RT #35041]	2014-01-12 21:29:15 +11:00
Tinderbox User	f70a10508f	update copyright notice	2014-01-11 23:46:17 +00:00
Evan Hunt	7d2b185f16	[master] new dnssec-coverage options 3702. [func] 'dnssec-coverage -l' option specifies a length of time to check for coverage; events further into the future are ignored. 'dnssec-coverage -z' checks only ZSK events, and 'dnssec-coverage -k' checks only KSK events. (Thanks to Peter Palfrader.) [RT #35168]	2014-01-10 17:53:21 -08:00
Mark Andrews	a7c412f37c	update copyrights	2014-01-11 07:07:56 +11:00
Mark Andrews	ff6de396a9	3701. [func] named-checkconf can now suppress the printing of shared secrets by specifying '-x'. [RT #34465]	2014-01-10 16:56:36 +11:00
Tinderbox User	431a83fb29	update copyright notice	2014-01-09 23:46:35 +00:00
Mark Andrews	d4eb30fa2d	stop spamming system logs	2014-01-09 16:23:40 +11:00
Tinderbox User	e8914b47a2	update copyright notice	2014-01-05 23:46:12 +00:00
Mark Andrews	e9649ece3b	3696. [bug] dig failed to handle AXFR style IXFR responses which span multiple messages. [RT #35137]	2014-01-06 06:22:30 +11:00
Tinderbox User	9c61ab2c99	update copyright notice	2013-12-21 23:46:16 +00:00
Evan Hunt	c14ba71070	[master] warn if key-directory doesn't exist 3694. [bug] Warn when a key-directory is configured for a zone, but does not exist or is not a directory. [RT #35109]	2013-12-20 14:57:03 -08:00
Tinderbox User	7c329be7c0	update copyright notice	2013-12-15 23:46:14 +00:00
Tinderbox User	eade480b33	update copyright notice	2013-12-13 23:46:17 +00:00
Evan Hunt	0606c47750	[master] correct dispatch address/port check 3690. [bug] Iterative responses could be missed when the source port for an upstream query was the same as the listener port (53). [RT #34925]	2013-12-12 22:39:12 -08:00
Evan Hunt	9b895f30f1	[master] fix insecure delegation across static-stub zones 3689. [bug] Fixed a bug causing an insecure delegation from one static-stub zone to another to fail with a broken trust chain. [RT #35081]	2013-12-12 22:19:33 -08:00
Tinderbox User	de77dcc2c1	update copyright notice	2013-12-11 23:47:38 +00:00
Evan Hunt	4e1d84a33c	typo	2013-12-11 14:00:07 -08:00
Evan Hunt	0bbe3273a2	[master] dnssec-signzone -Q 3686. [func] "dnssec-signzone -Q" drops signatures from keys that are still published but no longer active. [RT #34990]	2013-12-11 13:25:21 -08:00
Tinderbox User	79812068ff	update copyright notice	2013-12-06 23:47:28 +00:00
Mark Andrews	7d65cbaca0	3684. [bug] The list of included files would grow on reload. [RT 35090]	2013-12-07 09:44:45 +11:00
Curtis Blackburn	8009525601	3682. [bug] Correct the behavior of rndc retransfer to allow inline-signing slave zones to retain NSEC3 parameters instead of reverting to NSEC [RT #34745]	2013-12-04 12:26:20 -06:00
Evan Hunt	d999ca28d4	[master] check hint files in named-checkconf -z 3676. [bug] "named-checkconf -z" now checks zones of type hint and redirect as well as master. [RT #35046]	2013-11-25 12:26:53 -08:00
Mark Andrews	225146b2c8	3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026 ]	2013-11-18 11:22:59 +11:00
Mark Andrews	ced4f794cf	check expected responses	2013-11-15 13:22:48 +11:00
Mark Andrews	3ac9ef6a6d	move forwarder server to 10.53.0.5	2013-11-15 13:16:51 +11:00
Tinderbox User	432d8fa3b4	update copyright notice	2013-11-14 23:46:24 +00:00
Evan Hunt	434bfc3dfa	[master] "in-view" zone option 3673. [func] New "in-view" zone option allows direct sharing of zones between views. [RT #32968]	2013-11-13 20:35:40 -08:00
Evan Hunt	0618287859	[master] allow setting local addr in dns_client 3672. [func] Local address can now be specified when using dns_client API. [RT #34811]	2013-11-13 10:52:22 -08:00
Mark Andrews	c4004ada2a	adjust sync point	2013-11-13 15:44:54 +11:00
Mark Andrews	6b0434299b	3671. [bug] Don't allow dnssec-importkey overwrite a existing non-imported private key.	2013-11-13 12:01:09 +11:00
Mark Andrews	015f044f7f	remove copyright noticed	2013-11-09 13:55:49 +11:00
Tinderbox User	97c299486a	update copyright notice	2013-11-08 23:46:19 +00:00
Mark Andrews	2048955015	3667. [func] dig: add support to keep the TCP socket open between successive queries (+[no]keepopen). [RT #34918]	2013-11-07 10:50:01 +11:00
Mark Andrews	49c1e0d18d	3666. [func] Add a tool, named-rrchecker, for checking the syntax of individual resource records. This tool is intended to be called by provisioning systems so that the front end does not need to be upgraded to support new DNS record types. [RT #34778]	2013-11-07 10:41:47 +11:00
Mark Andrews	50c67f588e	remove blank (cherry picked from commit 75aa3c6f2ada5dcc657d0858ee4544c7997d9840)	2013-09-23 09:47:30 +10:00
Mark Andrews	9fa2a0deed	3652. [bug] Address bug with rpz-drop policy. [RT #34816 ]	2013-09-21 17:27:43 +10:00
Tinderbox User	bcbb556868	update copyright notice	2013-09-19 23:46:20 +00:00
Evan Hunt	c7965f84c2	[master] comment nzf files 3649. [cleanup] Include a comment in .nzf files, giving the name of the associated view. [RT #34765]	2013-09-19 15:37:09 -07:00
Mark Andrews	88a6dc33b7	only generate DSA/ECDSA signatures in named if we have a source of randomness and only on specific platforms	2013-09-19 10:40:38 +10:00
Mark Andrews	7667dd1a03	call zone_settimer; sub test failure was not being detected (cherry picked from commit `ebd7900670`)	2013-09-18 12:57:46 +10:00
Mark Andrews	2c089bf6d2	whitspace	2013-09-16 10:14:07 +10:00
Tinderbox User	a989ffdbb3	update copyright notice	2013-09-10 23:46:14 +00:00
Evan Hunt	78f20eda3c	[master] clean up tests, update .gitignore	2013-09-09 19:37:17 -07:00
Mark Andrews	3d3aa9cde6	use -r rather then -f	2013-09-09 12:19:30 +10:00
Mark Andrews	23c73a1848	only test dsa if we have a random device	2013-09-09 11:42:58 +10:00
Tinderbox User	63737247d1	update copyright notice	2013-09-05 23:46:16 +00:00
Mark Andrews	cb69994ff8	3645. [protocol] Use case sensitive compression when responding to queries. [RT #34737]	2013-09-05 12:22:34 +10:00
Evan Hunt	690bd6bf5d	[master] fix inline test, add importkey to win32 build	2013-09-04 18:56:50 -07:00
Mark Andrews	5b9469c0db	test for ECDSAP256SHA256 support	2013-09-04 22:33:31 +10:00
Mark Andrews	0c91911b4d	3642. [func] Allow externally generated DNSKEY to be imported into the DNSKEY management framework. A new tool dnssec-importkey is used to this. [RT #34698]	2013-09-04 13:53:02 +10:00
Mark Andrews	b5f4cc132e	3641. [bug] Handle changes to sig-validity-interval settings better. [RT #34625]	2013-09-04 13:45:00 +10:00
Mark Andrews	d6f99498d6	3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used in a key zone. [RT #34238]	2013-09-04 13:14:06 +10:00
Tinderbox User	4b2c089cd8	update copyright notice	2013-08-19 23:46:14 +00:00
Mark Andrews	997c2c5116	3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583]	2013-08-19 09:18:28 +10:00
Tinderbox User	33d6c4a086	update copyright notice	2013-08-16 23:46:11 +00:00
Mark Andrews	e548e07a9a	3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583]	2013-08-16 13:54:23 +10:00
Tinderbox User	377b774598	update copyright notice	2013-08-15 23:46:17 +00:00
Mark Andrews	d1e22676de	3635. [bug] Signatures were not being removed from a zone with only KSK keys for a algorithm. [RT #24439]	2013-08-15 13:37:07 +10:00
Mark Andrews	7ace327795	3632. [bug] Signature from newly inactive keys were not being removed. [RT #32178]	2013-08-15 10:48:05 +10:00
Mark Andrews	75ae74f8fd	3629. [func] Allow the printing of cryptographic fields in DNSSEC records by dig to be suppressed (dig +nocrypto). [RT #34534]	2013-08-12 15:37:51 +10:00
Mark Andrews	16bd30ae69	3628. [func] Report DNSKEY key id's when dumping the cache. [RT #34533]	2013-08-12 14:38:26 +10:00
Mark Andrews	df0892aea6	3627. [bug] RPZ changes were not effective on slaves. [RT #34450 ]	2013-08-09 13:23:01 +10:00
Tinderbox User	f378953f3b	update copyright notice	2013-08-07 23:46:12 +00:00
Mark Andrews	f45f654185	3625. [bug] Don't send notify messages to machines outside of the test setup.	2013-08-07 15:48:55 +10:00
Evan Hunt	3cea62e3df	[master] fix bad test output when server fails	2013-07-25 11:15:53 -07:00
Tinderbox User	44c016134f	update copyright notice	2013-07-13 23:46:06 +00:00
Evan Hunt	9a32b8d8f8	[master] add a sleep to prevent intermittent test failure	2013-07-13 15:30:56 -07:00
Evan Hunt	421d4a0647	[master] rpz work 3620. [func] Added "rpz-client-ip" policy triggers, enabling RPZ responses to be configured on the basis of the client IP address; this can be used, for example, to blacklist misbehaving recursive or stub resolvers. [RT #33605] 3619. [bug] Fixed a bug in RPZ with "recursive-only no;" [RT #33776]	2013-07-12 14:46:47 -07:00
Evan Hunt	0b4ed61d20	[master] added missing file	2013-07-12 00:01:33 -07:00
Evan Hunt	0949306cb9	[master] check include file mtimes 3618. [func] "rndc reload" now checks modification times of include files as well as master files to determine whether to skip reloading a zone. [RT #33936]	2013-07-11 16:32:36 -07:00
Evan Hunt	964bdcd7ad	[master] don't go nonresponsive during "rndc reload" 3617. [bug] Named was failing to answer queries during "rndc reload" [RT #34098]	2013-07-11 10:54:21 -07:00
Tinderbox User	77b1d950a6	update copyright notice	2013-07-10 23:46:10 +00:00
Evan Hunt	1d26c6b9b8	[master] count the test cases correctly	2013-07-09 22:52:43 -07:00
Evan Hunt	927e4c9fec	[master] address race conditions with removing inline zones 3513. [bug] named could crash when deleting inline-signing zones with "rndc delzone". [RT #34066]	2013-07-09 17:39:21 -07:00

... 10 11 12 13 14 ...

2403 commits