bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 19:41:04 -05:00

Author	SHA1	Message	Date
Mark Andrews	c7463967db	4119. [func] Allow dig to set the message opcode. [RT #39550 ]	2015-05-19 12:46:06 +10:00
Evan Hunt	d9aefcf5cb	[master] there are now 98 automatic zones	2015-05-16 10:07:17 -07:00
Tinderbox User	9ae1588020	update copyright notice / whitespace	2015-05-08 23:45:24 +00:00
Mukund Sivaraman	b947e1a521	Fix a bug in RPZ that could cause unwanted recursion (#39229 ) Conflicts: doc/arm/notes.xml	2015-05-07 08:29:36 +05:30
Tinderbox User	012142bbe0	update copyright notice / whitespace	2015-05-06 23:45:24 +00:00
Mark Andrews	fe76a64294	restore is_zone on return from redirect lookup [RT #37989b] (cherry picked from commit 1d405c1412b3a2e5aafb37ea55b332914246349e)	2015-05-07 08:32:42 +10:00
Tinderbox User	4e92a74ec4	update copyright notice / whitespace	2015-05-05 23:45:24 +00:00
Evan Hunt	9e804040a2	[master] add "rndc -r" to print result code 4115. [func] "rndc -r" now prints the result code (e.g., ISC_R_SUCCESS, ISC_R_TIMEOUT, etc) after running the requested command. [RT #38913]	2015-05-05 16:39:09 -07:00
Evan Hunt	d4ed608e0c	[master] Allow some tests to run partially if Net::DNS is unavailable	2015-05-05 08:33:09 -07:00
Mukund Sivaraman	8f25faf972	Fix a regression in radix tree implementation introduced by ECS code (#38983 )	2015-05-05 13:11:23 +05:30
Tinderbox User	6376559cd3	update copyright notice / whitespace	2015-05-04 23:45:23 +00:00
Evan Hunt	dc877b38a0	[master] check for Net::DNS 4113. [test] Check for Net::DNS is some system test prerequisites. [RT #39369]	2015-05-04 12:51:38 -07:00
Evan Hunt	1c02dd9dd9	[master] fix root-delegation-only without exclude 4112. [bug] Named failed to load when "root-delegation-only" was used without a list of domains to exclude. [RT #39380]	2015-05-04 12:44:10 -07:00
Tinderbox User	b299727c2e	update copyright notice / whitespace	2015-04-23 23:45:22 +00:00
Mark Andrews	c82b378115	4108. [func] A additional nxdomain redirect (nxdomain-redirect) method is now supported. [RT #37989]	2015-04-23 16:57:15 +10:00
Tinderbox User	37873c28de	update copyright notice / whitespace	2015-04-21 23:45:21 +00:00
Jeremy C. Reed	ae6b7bcd92	add some more files to cleanup after successful system test runs	2015-04-21 08:42:09 -04:00
Jeremy C. Reed	6c1e7a347f	add gitignore file	2015-04-21 08:37:12 -04:00
Mark Andrews	f1a261ba2d	4104. [bug] Address uninitialized elements. [RT #39252 ]	2015-04-17 14:04:47 +10:00
Mark Andrews	e834b30f7c	use awk for line count rather that wc -l which may space pad	2015-04-16 12:17:59 +10:00
Mark Andrews	c855e7170a	4100. [bug] Inherited owernames on the line immediately following a $INCLUDE were not working. [RT #39268]	2015-04-15 12:47:57 +10:00
Tinderbox User	a269ca51cc	update copyright notice / whitespace	2015-04-14 23:45:21 +00:00
Mukund Sivaraman	ac31adc3b7	Add additional logging about xfrin transfer status (#39170 )	2015-04-14 12:16:26 +05:30
Tinderbox User	1b0b6d7325	update copyright notice / whitespace	2015-04-07 23:45:23 +00:00
Evan Hunt	f28e5058c3	[master] dig can now learn the SIT value when retrying 4093. [func] Dig now learns the SIT value from truncated responses when it retries over TCP. [RT #39047]	2015-04-06 23:16:54 -07:00
Mark Andrews	febb020dce	4092. [bug] 'in-view' didn't work for zones beneath a empty zone. [RT #39173]	2015-04-07 13:21:33 +10:00
Tinderbox User	6e61135f10	update copyright notice / whitespace	2015-03-27 23:45:21 +00:00
Mukund Sivaraman	f9f81abff0	Fix a crash while parsing malformed CAA RRs in presentation format (#39003 )	2015-03-27 10:32:03 +05:30
Tinderbox User	811acf52b8	update copyright notice / whitespace	2015-03-04 23:45:21 +00:00
Mark Andrews	1b05d22789	4082. [bug] Incrementally sign large inline zone deltas. [RT #37927]	2015-03-05 09:59:29 +11:00
Mark Andrews	012ce6857e	use unique query names	2015-03-04 17:12:37 +11:00
Mark Andrews	2e0d8d74d7	handle daylight savings changes	2015-03-04 15:51:31 +11:00
Evan Hunt	7ae96d8823	[master] add "lock-file" and fix up singleton code 4080. [func] Completed change #4022, adding a "lock-file" option to named.conf to override the default lock file, in addition to the "named -X <filename>" command line option. Setting the lock file to "none" using either method disables the check completely. [RT #37908]	2015-03-02 19:27:54 -08:00
Tinderbox User	3d787a1213	update copyright notice / whitespace	2015-03-02 23:45:21 +00:00
Mukund Sivaraman	10dd5f62f2	Add support for Valgrind's helgrind tool (#38706 ) Also fix one locking issue that helgrind found: Maintain stats->lock while stats->reference is used.	2015-03-02 13:42:20 +05:30
Tinderbox User	5e93bad21b	update copyright notice / whitespace	2015-03-01 23:45:20 +00:00
Mark Andrews	0be58dd2da	add $DESCRIPTION	2015-02-28 00:10:56 +11:00
Mark Andrews	0382684a06	add $DESCRIPTION	2015-02-28 00:09:25 +11:00
Mark Andrews	326b84f20e	fix version tests	2015-02-27 17:01:25 +11:00
Mark Andrews	a8da00ef95	4079. [func] Preserve the case of the ownername of records to the RRset level. [RT #37442]	2015-02-27 15:08:38 +11:00
Mark Andrews	be9720ae2c	4077. [test] Add static-stub regression test for DS NXDOMAIN return making the static stub disappear. [RT #38564]	2015-02-27 12:46:45 +11:00
Tinderbox User	f159b7b5c7	update copyright notice / whitespace	2015-02-25 23:45:22 +00:00
Mukund Sivaraman	5a505fc4c2	Add facility to run system test nameds under Valgrind (#38546 )	2015-02-25 09:06:45 +05:30
Evan Hunt	bfc11b9c65	[master] additional mkeys tests 4065. [test] Additional RFC 5011 tests. [RT #38569]	2015-02-23 21:07:26 -08:00
Mark Andrews	2b4860c4dc	rt38571: handle Time::Piece not being supported by perl	2015-02-18 23:49:33 +11:00
Mark Andrews	82c6bce26a	ignore dig's result when expecting 'connection timed out'	2015-02-12 13:44:30 +11:00
Tinderbox User	f6bc0a8608	update copyright notice / whitespace	2015-02-11 23:45:25 +00:00
Mark Andrews	2ff2145ff5	4061. [bug] Handle timeout in legacy system test. [RT #38573 ]	2015-02-11 16:53:39 +11:00
Tinderbox User	d481ce8bba	update copyright notice / whitespace	2015-02-09 23:45:20 +00:00
Mark Andrews	dd06dbd512	add named.conf	2015-02-08 23:12:44 +11:00
Tinderbox User	8a1d7e8e8f	update copyright notice / whitespace	2015-02-07 23:45:20 +00:00
Mark Andrews	e10d453eb4	add crypto prerequisite	2015-02-08 08:16:54 +11:00
Tinderbox User	29756974c5	update copyright notice / whitespace	2015-02-06 23:45:21 +00:00
Evan Hunt	29beab1340	[master] fix "initialize with revoked key" test, add missing newline	2015-02-05 23:53:36 -08:00
Mark Andrews	b1de3a999c	use $PERL	2015-02-06 16:58:39 +11:00
Evan Hunt	591389c7d4	[master] 5011 tests and fixes 4056. [bug] Expanded automatic testing of trust anchor management and fixed several small bugs including a memory leak and a possible loss of key state information. [RT #38458] 4055. [func] "rndc managed-keys" can be used to check status of trust anchors or to force keys to be refreshed, Also, the managed keys data file has easier-to-read comments. [RT #38458]	2015-02-05 17:18:15 -08:00
Tinderbox User	39f68d7b64	update copyright notice / whitespace	2015-01-21 23:45:24 +00:00
Evan Hunt	2817aa56ca	[master] "rndc modzone" 4043. [func] "rndc modzone" can be used to modify the configuration of an existing zone, using similar syntax to "rndc addzone". [RT #37895]	2015-01-20 22:34:16 -08:00
Evan Hunt	ff62d4458a	[master] allow shared TCP sockets when connecting 4041. [func] TCP sockets can now be shared while connecting. (This will be used to enable client-side support of pipelined queries.) [RT #38231]	2015-01-20 17:22:31 -08:00
Evan Hunt	761d135ed6	[master] add TCP pipelining support 4040. [func] Added server-side support for pipelined TCP queries. TCP connections are no longer closed after the first query received from a client. (The new "keep-response-order" option allows clients to be specified for which the old behavior will still be used.) [RT #37821]	2015-01-20 16:14:09 -08:00
Tinderbox User	c110d61b17	update copyright notice / whitespace	2015-01-20 23:45:26 +00:00
Mark Andrews	f8eb4e5bfd	4037. [bug] also-notify was ignoring the tsig key when checking for duplicates resulting in some expected notify messages not being sent. [RT #38369]	2015-01-20 16:42:56 +11:00
Tinderbox User	2dd6ffb5cb	update copyright notice / whitespace	2015-01-12 23:45:21 +00:00
Mukund Sivaraman	a6f0e9c985	Add NTA persistence (#37087 ) 4034. [func] When added, negative trust anchors (NTA) are now saved to files (viewname.nta), in order to persist across restarts of the named server. [RT #37087]	2015-01-12 09:07:48 +05:30
Tinderbox User	f0cbe180f0	update copyright notice / whitespace	2015-01-10 23:45:22 +00:00
Mark Andrews	7952156995	4032. [bug] Built-in "empty" zones did not correctly inherit the "allow-transfer" ACL from the options or view. [RT #38310]	2015-01-10 22:01:42 +11:00
Tinderbox User	63b0524b96	update copyright notice / whitespace	2015-01-08 23:45:22 +00:00
Mark Andrews	d1f1f13c7f	4031. [bug] named-checkconf -z failed to report a missing file with a hint zone. [RT #38294]	2015-01-08 19:19:12 +11:00
Tinderbox User	b129f72d95	update copyright notice / whitespace	2015-01-07 23:45:22 +00:00
Evan Hunt	74eb2f5cbc	[master] rndc showzone / rndc delzone of non-added zones 4030. [func] "rndc delzone" is now applicable to zones that were configured in named.conf, as well as zones that were added via "rndc addzone". (Note, however, that if named.conf is not also modified, the deleted zone will return when named is reloaded.) [RT #37887] 4029. [func] "rndc showzone" displays the current configuration of a specified zone. [RT #37887]	2015-01-06 22:57:57 -08:00
Mark Andrews	b0c18fffd3	4028. [bug] $GENERATE with a zero step was not being caught as a error. A $GENERATE with a / but no step was not being caught as a error. [RT #38262]	2015-01-06 11:31:34 +11:00
Mark Andrews	511ec77fca	4027. [port] Net::DNS 0.81 compatibility. [RT #38165	2014-12-23 08:37:46 +11:00
Tinderbox User	84d939b211	update copyright notice / whitespace	2014-12-21 23:45:20 +00:00
Evan Hunt	5deda448e8	[master] fixes for singleton on hpux - hpux returns EADDRINUSE when listening on UDP sockets, so we need to check for that - also need to ensure that subsidiary named processes are shut down in the runtime system test	2014-12-20 00:31:54 -08:00
Evan Hunt	6963c6048f	[master] still needed another -X	2014-12-19 16:57:24 -08:00
Evan Hunt	8249f11121	[master] add -X to lwresd	2014-12-18 22:52:44 -08:00
Mark Andrews	ae454ec746	update copyrights	2014-12-19 10:35:15 +11:00
Mukund Sivaraman	47d837a499	Make named a singleton process [RT#37908] Conflicts: bin/tests/system/conf.sh.in lib/dns/win32/libdns.def.in lib/isc/win32/file.c The merge also needed to update files in legacy and tcp system tests (newly introduced in master after branch was created) to introduce use of lockfile.	2014-12-18 12:31:25 +05:30
Evan Hunt	be7fba8019	[master] adjust max-recursion-queries 4021. [bug] Adjust max-recursion-queries to accommodate the need for more queries when the cache is empty. [RT #38104]	2014-12-15 22:28:06 -08:00
Mukund Sivaraman	d225dec89f	Clean up after reclimit system test	2014-12-08 21:37:53 +05:30
Mark Andrews	39a5e136fb	skip subtest if cryptography not compiled in	2014-12-06 00:48:52 +11:00
Mark Andrews	017aa9aef6	4019. [func] If named is not configured to validate the answer then allow fallback to plain DNS on timeout even when we know the server supports EDNS. [RT #37978]	2014-12-05 17:47:26 +11:00
Mark Andrews	12065c231e	clean up intermediates	2014-12-05 08:28:15 +11:00
Mark Andrews	76b242bb77	pre-sign the zones	2014-12-05 07:28:29 +11:00
Tinderbox User	b9097be03b	update copyright notice / whitespace	2014-12-03 23:45:24 +00:00
Mark Andrews	693d70f96f	4017. [testing] Add system test to check lookups to legacy servers with broken DNS behaviour. [RT #37965]	2014-12-04 07:01:52 +11:00
Mark Andrews	ea3aa401bc	4015. [bug] Nameservers that are skipped due to them being CNAMEs were not being logged. They are now logged to category 'cname' as per BIND 8. [RT #37935]	2014-12-03 11:34:07 +11:00
Tinderbox User	a3d2295829	update copyright notice / whitespace	2014-12-02 23:45:23 +00:00
Mark Andrews	6444de08d1	4014. [bug] When including a master file origin_changed was not being properly set leading to a potentially spurious 'inherited owner' warning. [RT #37919]	2014-12-03 09:42:30 +11:00
Evan Hunt	aafd2f2637	[master] remove obsolete 'relay' test	2014-12-02 13:57:35 -08:00
Francis Dupont	5c5c6d289d	Add a TCP only option to server/peer	2014-12-02 14:17:59 +01:00
Tinderbox User	523ad879ce	update copyright notice / whitespace	2014-11-24 23:53:16 +00:00
Mark Andrews	d040fa2f1c	4011. [bug] master's list port and dscp inheritance was not properly implemented. [RT #37792]	2014-11-24 11:25:06 +11:00
Mark Andrews	7301df07cf	extend the permissible number of queries to 25 from 24	2014-11-24 10:20:39 +11:00
Evan Hunt	92384667ff	[master] delv +tcp 4009. [func] delv: added a +tcp option. [RT #37855]	2014-11-21 09:42:04 -08:00
Mark Andrews	d65fb496fb	use perl not awk to do serial additions	2014-11-21 18:08:04 +11:00
Tinderbox User	5d35f07318	update copyright notice / whitespace	2014-11-20 23:45:24 +00:00
Evan Hunt	05e448935c	[master] refactor max-recursion-queries - the counters weren't set correctly when fetches timed out. instead we now pass down a counter object.	2014-11-19 18:21:02 -08:00
Tinderbox User	4ccffa13aa	update copyright notice / whitespace	2014-11-19 23:45:22 +00:00
Mukund Sivaraman	077350a407	Add .gitignore	2014-11-19 15:03:01 +05:30
Evan Hunt	c4f54e5bd1	[master] add max-recursion-queries also fixes and documentation for max-recursion-depth	2014-11-18 22:02:02 -08:00
Mark Andrews	f9ee67d9ce	%zu is not universally available	2014-11-19 12:10:06 +11:00
Tinderbox User	e208712faa	update copyright notice / whitespace	2014-11-18 23:45:22 +00:00
Evan Hunt	3230429e17	[master] limit recursion depth and iterative queries 4006. [security] A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500). The recursion depth limit is configured via the "max-recursion-depth" option. [RT #35780]	2014-11-17 23:24:44 -08:00
Tinderbox User	11dc1b1508	update copyright notice	2014-11-17 23:45:20 +00:00
Evan Hunt	0ada3802ea	[master] awk portability fix	2014-11-17 12:22:18 -08:00
Evan Hunt	a0b4f6d952	[master] geoip security fixes 4003. [security] When geoip-directory was reconfigured during named run-time, the previously loaded GeoIP data could remain, potentially causing wrong ACLs to be used or wrong results to be served based on geolocation. [RT #37720] 4002. [security] Lookups in GeoIP databases that were not loaded could cause an assertion failure. [RT #37679] 4001. [security] The caching of GeoIP lookups did not always handle address families correctly, potentially resulting in an assertion failure. [RT #37672]	2014-11-16 08:43:22 -08:00
Evan Hunt	e32d354f75	[master] allow arbitrary-size rndc output 4005. [func] The buffer used for returning text from rndc commands is now dynamically resizable, allowing arbitrarily large amounts of text to be sent back to the client. (Prior to this change, it was possible for the output of "rndc tsig-list" to be truncated.) [RT #37731]	2014-11-14 15:58:54 -08:00
Mukund Sivaraman	16c86a4980	Update .gitgnore files (ISC-Bugs #37773 )	2014-11-11 11:47:02 +05:30
Tinderbox User	6d0a639bd0	update copyright notice	2014-11-06 23:45:21 +00:00
Evan Hunt	3cc8c7d630	[master] fix nxrrset in nxdomain redirection 4000. [bug] NXDOMAIN redirection incorrectly handled NXRRSET from the redirect zone. [RT #37722]	2014-11-04 23:49:56 -08:00
Evan Hunt	ce96d4326c	[master] new mkeys and nzf naming format 3999. [func] "mkeys" and "nzf" files are now named after their corresponding views, unless the view name contains characters that would be incompatible with use in a filename (i.e., slash, backslash, or capital letters). If a view name does contain these characters, the files will still be named using a cryptographic hash of the view name. Regardless of this, if a file using the old name format is found to exist, it will continue to be used. [RT #37704]	2014-11-04 19:43:27 -08:00
Mark Andrews	1feee79e1f	3997. [protocol] Add OPENGPGKEY record. [RT# 37671]	2014-11-04 12:24:39 +11:00
Tinderbox User	12b386e1a6	update copyright notice	2014-10-30 23:45:21 +00:00
Mark Andrews	0f5144163c	3993. [func] Dig now supports EDNS negotiation by default. (dig +[no]ednsnegotiation). [RT #37604]	2014-10-30 23:13:12 +11:00
Mark Andrews	00fb0253c9	3991. [func] Add the ability to buffer logging output by specifying "buffered yes;" when defining a channel. [RT #26561]	2014-10-30 11:37:05 +11:00
Mark Andrews	a5c7cfbac4	3990. [testing] Add tests for unknown DNSSEC algorithm handling. [RT #37541]	2014-10-30 11:05:26 +11:00
Tinderbox User	6932de75ef	update copyright notice	2014-10-21 23:45:24 +00:00
Mark Andrews	4140a96f22	3987. [func] Allow the zone serial of a dynamically updatable zone to be updated via rndc. [RT #37404]	2014-10-21 18:15:42 +11:00
Evan Hunt	498b061031	[master] allow 1-week nta-lifetime/nta-recheck 3983. [bug] Change #3940 was incomplete: negative trust anchors could be set to last up to a week, but the "nta-lifetime" and "nta-recheck" options were still limted to one day. [RT #37522]	2014-10-20 13:40:17 -07:00
Evan Hunt	7cf2122e0d	[master] change 3977 altered expected linecount from secroots	2014-10-18 16:50:32 -07:00
Mark Andrews	72775a79fe	3981. [bug] Cache DS/NXDOMAIN independently of other query types. [RT #37467]	2014-10-18 13:09:09 +11:00
Mark Andrews	44ef2206d7	allow for the set of ttls to be empty	2014-10-16 14:46:44 +11:00
Mark Andrews	d9aaf7acce	make test more robust in the face of server failures	2014-10-16 12:34:12 +11:00
Evan Hunt	1cbc394e7c	[master] add redirect zone to checkconf -z test	2014-10-09 18:30:34 -07:00
Evan Hunt	ca0ee90361	[master] turn off servfail cache in masterformat test	2014-10-09 09:30:46 -07:00
Mark Andrews	c81d56c03e	3971. [bug] Reduce the cascasding failures due to a bad $TTL line in named-checkconf / named-checkzone. [RT #37138]	2014-10-05 08:29:34 +11:00
Mark Andrews	39fb5f2a5d	verifying inline zones work with views requires crypto to be configured	2014-10-04 18:06:04 +10:00
Evan Hunt	12002ea49e	[master] add delv system test 3969. [test] Added 'delv' system test. [RT #36901]	2014-10-02 22:37:20 -07:00
Tinderbox User	7a3f584cfc	update copyright notice	2014-10-02 23:45:25 +00:00
Mark Andrews	b24061719c	3967. [test] Add test for inlined signed zone in multiple views with different DNSKEY sets. [RT #35759]	2014-10-03 07:59:44 +10:00
Mark Andrews	a837c939c4	SIG(0) update forwarding testing requires crypto be configured	2014-10-02 11:07:01 +10:00
Mark Andrews	ed1c845c1d	3964. [func] nsupdate now performs check-names processing. [RT #36266]	2014-10-02 09:35:43 +10:00
Evan Hunt	7b04216015	[master] improve dlzexternal test 3963. [test] Added NXRRSET test cases to the "dlzexternal" system test. [RT #37344]	2014-09-30 17:08:12 -07:00
Tinderbox User	be484acb22	update copyright notice	2014-09-30 23:45:22 +00:00
Mark Andrews	ffeaac1d82	3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with BADSIG. [RT #37216]	2014-10-01 07:24:16 +10:00
Mark Andrews	c83b91fb63	3960. [bug] 'dig +sigchase' could loop forever. [RT #37220 ]	2014-10-01 07:06:20 +10:00
Tinderbox User	2fb35a6d59	update copyright notice	2014-09-29 23:45:24 +00:00
Mark Andrews	4bc581ca31	use RANDFILE rather than /dev/urandom	2014-09-29 23:39:07 +10:00
Mark Andrews	1c5990c2f9	3958. [bug] Detect when writeable files have multiple references in named.conf. [RT #37172]	2014-09-29 12:10:10 +10:00
Mark Andrews	80169c379d	3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384. [RT #37183]	2014-09-29 10:18:54 +10:00
Mark Andrews	10c12aa549	3956. [func] Notify messages are now rate limited by notify-rate and startup-notify-rate instead of serial-query-rate. [RT #24454] 3955. [bug] Notify messages due to changes are no longer queued behind startup notify messages. [RT #24454]	2014-09-29 10:01:08 +10:00
Mark Andrews	9a36fb86f5	3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159 ]	2014-09-27 12:14:20 +10:00
Mark Andrews	27cd03a21c	use more portable awk	2014-09-19 15:00:18 +10:00
Mark Andrews	06e28e50bd	give the nameserver a little longer to response	2014-09-18 10:06:48 +10:00
Mark Andrews	1a5f84d56a	UNTESTED -> SKIPPED	2014-09-16 23:49:52 +10:00
Mark Andrews	3867312e4c	3951. [func] Add the ability to set yet-to-be-defined EDNS flags to dig (+ednsflags=#). [RT #37142]	2014-09-13 19:13:59 +10:00
Tinderbox User	2c69f767d6	update copyright notice	2014-09-10 23:45:21 +00:00
Mark Andrews	947cf282a7	3949. [experimental] Experimental support for draft-andrews-edns1 by sending EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when building). Add support for limiting the EDNS version advertised to servers: server { edns-version 0; }; Log the EDNS version received in the query log. [RT #35864]	2014-09-10 15:31:40 +10:00
Mark Andrews	5c420ccc29	drop 'I:send many simultaneous updates via a update forwarder' test until re-written using perl	2014-09-07 22:08:45 +10:00
Mark Andrews	76a17033db	also fix the expected count	2014-09-07 20:24:59 +10:00
Mark Andrews	48179343c2	reduce number of nsupdates being simultaeously forked	2014-09-07 20:24:14 +10:00
Mark Andrews	8aa098c633	update copyrights	2014-09-06 09:38:48 +10:00
Evan Hunt	c9e976dc43	[master] [rt37057] server-id tests 3944. [test] Added a regression test for "server-id". [RT #37057]	2014-09-04 18:18:36 -07:00
Tinderbox User	948c80ffa8	update copyright notice	2014-09-04 23:45:24 +00:00
Evan Hunt	a878301981	[master] servfail cache 3943. [func] SERVFAIL responses can now be cached for a limited time (configured by "servfail-ttl", default 10 seconds, limit 30). This can reduce the frequency of retries when an authoritative server is known to be failing, e.g., due to ongoing DNSSEC validation problems. [RT #21347]	2014-09-03 23:28:14 -07:00
Mark Andrews	fec7998314	3942. [bug] Wildcard responses from a optout range should be marked as insecure. [RT #37072]	2014-09-04 13:57:50 +10:00
Evan Hunt	c3d0221104	[master] oops, nta lifetime change broke dnssec test	2014-09-03 20:51:32 -07:00
Evan Hunt	3d066288ad	[master] [rt37069] update NTA limit to a week 3940. [func] "rndc nta" now allows negative trust anchors to be set for up to one week. [RT #37069]	2014-09-03 19:00:03 -07:00
Mark Andrews	74717eef53	3939. [func] Improve UPDATE forwarding performance by allowing TCP connections to be shared. [RT #37039]	2014-09-04 10:37:45 +10:00
Mark Andrews	1a63fb1d14	update copyrights	2014-08-30 12:27:49 +10:00
Tinderbox User	3278ff814d	update copyright notice	2014-08-29 23:45:22 +00:00
Evan Hunt	d46855caed	[master] ECS authoritative support 3936. [func] Added authoritative support for the EDNS Client Subnet (ECS) option. ACLs can now include "ecs" elements which specify an address or network prefix; if an ECS option is included in a DNS query, then the address encoded in the option will be matched against "ecs" ACL elements. Also, if an ECS address is included in a query, then it will be used instead of the client source address when matching "geoip" ACL elements. This behavior can be overridden with "geoip-use-ecs no;". When "ecs" or "geoip" ACL elements are used to select a view for a query, the response will include an ECS option to indicate which client network the answer is valid for. (Thanks to Vincent Bernat.) [RT #36781]	2014-08-28 22:05:57 -07:00
Evan Hunt	180319f572	[master] fix geoip asnum matching 3935. [bug] "geoip asnum" ACL elements would not match unless the full organization name was specified. They can now match against the AS number alone (e.g., AS1234). [RT #36945]	2014-08-28 21:40:32 -07:00
Mark Andrews	7c73ac5e13	3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve sit-secrets documentation. [RT #36980]	2014-08-29 14:35:21 +10:00
Evan Hunt	0c2313eb36	[master] fixes to checkconf test, HIP casecompare 3933. [bug] Corrected the implementation of dns_rdata_casecompare() for the HIP rdata type. [RT #36911] 3932. [test] Improved named-checkconf tests. [RT #36911]	2014-08-27 21:36:13 -07:00
Evan Hunt	74745c760c	[master] "rndc nta -r" could hang 3930. [bug] "rndc nta -r" could cause a server hang if the NTA was not found. [RT #36909]	2014-08-25 18:01:26 -07:00
Tinderbox User	fea81a5e0e	update copyright notice	2014-08-22 23:45:27 +00:00
Evan Hunt	087b3e8d90	[master] add to rndc test 3928. [test] Improve rndc system test. [RT #36898]	2014-08-22 16:41:57 -07:00
Mark Andrews	840d6a4614	3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917	2014-08-22 16:32:19 +10:00
Mark Andrews	cef76ee5bd	3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833 ]	2014-08-22 15:45:40 +10:00
Tinderbox User	5165c59007	update copyright notice	2014-08-21 23:45:22 +00:00
Mark Andrews	f5695ad0e1	3917. [bug] dig, nslookup and host now continue on names that are too long after applying a search list elements. [RT #36892]	2014-08-21 18:05:55 +10:00
Tinderbox User	aebd0e85bf	update copyright notice	2014-08-15 23:45:20 +00:00
Jeremy C. Reed	821350367e	fix typos or misspellings	2014-08-15 10:35:31 -05:00
Tinderbox User	cd14665cdf	update copyright notice	2014-08-07 23:45:19 +00:00
Evan Hunt	cfe32752a6	[master] [36737] allow zero-length URI and CAA fields 3914. [bug] Allow the URI target and CAA value fields to be zero length. [RT #36737]	2014-08-06 17:40:42 -07:00
Tinderbox User	1e7501fe07	update copyright notice	2014-08-06 23:45:23 +00:00
Mark Andrews	43b9737b11	3911. [func] Implement EDNS EXPIRE option client side. [RT #35925 ]	2014-08-06 11:50:40 +10:00
Tinderbox User	79bb509936	update copyright notice	2014-08-02 23:45:21 +00:00
Mark Andrews	c38341ec43	3908. [bug] rndc now differentiates between a zone in multiple views and a zone that doesn't exist at all. [RT #36691]	2014-08-02 14:43:26 +10:00
Mark Andrews	f2a91da02e	adjust range	2014-07-31 20:32:50 +10:00
Tinderbox User	d1b499c827	update copyright notice	2014-07-29 23:45:20 +00:00
Evan Hunt	2383eb5272	[master] add CAA rdata support 3056. [protocol] Added support for CAA record type (RFC 6844). [RT #36625]	2014-07-29 08:40:35 -07:00
Mark Andrews	275a8affe7	3899. [bug] "request-ixfr" is only applicable to slave and redirect zones. [RT #36608]	2014-07-25 14:23:14 +10:00
Mark Andrews	ac5ed74860	3897. [bug] RPZ summary information was not properly being updated after a AXFR resulting in changes sometimes being ignored. [RT #35885]	2014-07-22 10:57:58 +10:00
Mark Andrews	39cad8fb7d	update copyrights	2014-07-08 12:40:40 +10:00
Mark Andrews	fce704e751	rename dnssec/ns7/split-rrsig.in	2014-07-08 11:12:32 +10:00
Mark Andrews	3c13af3759	3892. [bug] Setting '-t aaaa' in .digrc had unintended side effects. [RT #36452]	2014-07-08 02:00:28 +10:00
Mark Andrews	63e1ac1e09	3890. [bug] RRSIG sets that were not loaded in a single transaction at start up where not being correctly added to re-signing heaps. [RT #36302]	2014-07-07 12:05:01 +10:00
Mark Andrews	6f6b7781d5	save the output of rndc nta so that it can be analysed if there is a failure; more cleanups	2014-06-30 11:41:09 +10:00
Mark Andrews	62275d5306	make test for nsec3param more robust	2014-06-27 15:50:51 +10:00
Mark Andrews	b05ef7092f	update nta failure messages	2014-06-27 11:53:39 +10:00
Mark Andrews	284f6435c2	adjust NTA test timing windows to support slower machines; self tune sleeps bases of actual elapsed time;	2014-06-26 13:37:50 +10:00
Tinderbox User	9f8df2d75c	update copyright notice	2014-06-25 23:45:21 +00:00
Mark Andrews	7205cd2db7	cleanup nsupdate.out	2014-06-25 16:16:34 +10:00
Mark Andrews	eca15167ac	dump unexpected update failures	2014-06-25 16:12:25 +10:00
Mark Andrews	33399d6a14	3888. [func] 'rndc status' now reports the number of automatic zones. [RT #36015]	2014-06-25 13:17:03 +10:00
Mark Andrews	70ee770c69	Net::DNS 0.78 should work when it is released as it contains: Fix rt.cpan.org #96439 Uninitialised decoding object when printing packet	2014-06-25 01:01:50 +10:00
Mark Andrews	1c95f67232	use $PERL	2014-06-24 13:50:14 +10:00
Tinderbox User	5a31767b09	update copyright notice	2014-06-19 23:45:23 +00:00
Evan Hunt	cac2181160	[master] CDS/CDNSKEY rrtypes 3884. [protocol] Add CDS and CDNSKEY record types. [RT #36333]	2014-06-19 00:35:11 -07:00
Evan Hunt	b8a9632333	[master] complete NTA work 3882. [func] By default, negative trust anchors will be tested periodically to see whether data below them can be validated, and if so, they will be allowed to expire early. The "rndc nta -force" option overrides this behvaior. The default NTA lifetime and the recheck frequency can be configured by the "nta-lifetime" and "nta-recheck" options. [RT #36146]	2014-06-18 16:50:38 -07:00
Tinderbox User	636aadbfe4	update copyright notice	2014-06-17 23:45:20 +00:00
Evan Hunt	a4e76a630e	[master] update gitignore files; use rev-parse to get srcid	2014-06-17 13:49:30 -07:00
Mark Andrews	a0d411c05f	3880. [test] Update ans.pl to work with new TSIG support in Net::DNS; add additional Net::DNS version prerequisite checks. [RT #36327]	2014-06-17 10:35:46 +10:00
Evan Hunt	56510cd031	[master] null terminate strings for coverity	2014-06-16 15:30:11 -07:00
Mark Andrews	48789995c1	use $NSUPDATE	2014-06-15 18:35:19 +10:00
Mark Andrews	f9e47cfe4f	Net::DNS 0.76 broke the handling of some packets	2014-06-14 10:11:06 +10:00
Mark Andrews	1881aea774	fix test to see if $PERL is set (cherry picked from commit 44f0f310d41acc5c772d38353fe35ddacb3fee80)	2014-06-13 11:47:23 +10:00
Mark Andrews	d4a98c0fb7	die if $Net::DNS::VERSION >= 0.73	2014-06-13 11:25:32 +10:00
Evan Hunt	fb710168ef	[master] use correct shared library suffix	2014-06-12 17:06:23 -07:00
Tinderbox User	4ded8003e3	update copyright notice	2014-06-12 23:45:22 +00:00
Evan Hunt	06e0d6bb12	[master] address rpz bugs 3877. [bug] Inserting and deleting parent and child nodes in response policy zones could trigger an assertion failure. [RT #36272]	2014-06-11 20:00:19 -07:00
Mark Andrews	9c2cf9e201	update copyrights	2014-06-11 10:28:09 +10:00
Evan Hunt	8d8f9f7f86	[master] suppress unnecessary db lookups in DLZ redirect zones 3876. [bug] Improve efficiency of DLZ redirect zones by suppressing unnecessary database lookups. [RT #35835]	2014-06-10 16:25:26 -07:00
Mark Andrews	20dec973da	4. [test] Check that only "check-names master" is needed for updates to be accepted.	2014-06-10 13:48:57 +10:00
Mark Andrews	32a1fd3dd2	update spf check	2014-06-10 12:28:33 +10:00
Mark Andrews	3b187cad7a	3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210 ]	2014-06-10 09:32:43 +10:00
Mukund Sivaraman	79d27f505a	[35063] Don't publish an activated key automatically before its publish time	2014-06-04 14:31:42 +05:30
Mark Andrews	ab6fd5e892	initialise matches	2014-06-02 13:53:59 +10:00
Mark Andrews	5360986092	set max	2014-06-02 13:42:58 +10:00
Mark Andrews	3a26e75e3c	accept a range of stats values	2014-06-02 08:15:47 +10:00
Evan Hunt	0cfb247368	[master] rndc nta 3867. [func] "rndc nta" can now be used to set a temporary negative trust anchor, which disables DNSSEC validation below a specified name for a specified period of time (not exceeding 24 hours). This can be used when validation for a domain is known to be failing due to a configuration error on the part of the domain owner rather than a spoofing attack. [RT #29358]	2014-05-29 22:22:53 -07:00
Mark Andrews	536da846f6	update copyrights	2014-05-30 09:41:33 +10:00
Mark Andrews	44b0e0b1d5	More changes for: 3864. [bug] RPZ didn't work well when being used as forwarder. [RT #36060]	2014-05-30 08:41:27 +10:00
Mark Andrews	3d75189141	3864. [bug] RPZ didn't work well when being used as forwarder. [RT #36060]	2014-05-29 17:02:10 +10:00
Mark Andrews	4694229f60	make a explict edns query so this subtest is independent of other tests	2014-05-29 10:46:44 +10:00
Mark Andrews	800d25b848	3863. [bug] The "E" flag was missing from the query log as a unintended side effect of code rearrangement to support EDNS EXPIRE. [RT #36117]	2014-05-29 08:04:55 +10:00
Tinderbox User	284d5252c1	update copyright notice	2014-05-15 23:45:22 +00:00
Mark Andrews	01f881c1c5	3849. [bug] Disabling forwarding could trigger a REQUIRE assertion. [RT #35979]	2014-05-15 16:54:32 +10:00
Mark Andrews	69530009f1	use portable awk	2014-05-15 00:34:17 +10:00
Mark Andrews	05816676bb	3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP ixfr query. [RT #35980]	2014-05-14 09:59:02 +10:00
Mark Andrews	733898cffe	use sub second sleeps for prefetch disabled test	2014-05-09 15:00:36 +10:00
Mark Andrews	151759e7b7	address suspected race in system test for 'named -L'	2014-05-08 11:10:04 +10:00
Tinderbox User	c381ccf794	update copyright notice	2014-05-07 23:45:21 +00:00
Evan Hunt	60988462e5	[master] use posix-compatible shell in system tests 3839. [test] Use only posix-compatible shell in system tests. [RT #35625]	2014-05-06 22:06:04 -07:00
Mark Andrews	b36fc8294e	3837. [security] A NULL pointer is passed to query_prefetch resulting a REQUIRE assertion failure when a fetch is actually initiated. [ RT #35899] Squashed commit of the following: commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00 Author: Mukund Sivaraman <muks@isc.org> Date: Sun May 4 22:34:34 2014 +0530 Fix a comment commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03 Author: Mark Andrews <marka@isc.org> Date: Sun May 4 23:34:25 2014 +1000 pass the correct name to query_prefetch	2014-05-05 10:12:12 +10:00
Evan Hunt	c0c4512020	[master] fixed geoip elements in named ACLs 3835. [bug] Geoip ACL elements didn't work correctly when referenced via named or nested ACLs. [RT #35879]	2014-04-30 20:21:56 -07:00
Mark Andrews	f09f1bf18e	fix filter-aaaa system test to work when crypto is disabled	2014-05-01 12:28:50 +10:00
Mark Andrews	5b56f2e3cc	zero pad date and month fields	2014-05-01 11:41:32 +10:00
Mark Andrews	c2abd6efeb	update copyrights	2014-05-01 10:00:00 +10:00
Mark Andrews	96f07724d6	use SKIPPED exit code (255)	2014-05-01 00:33:11 +10:00
Mark Andrews	0172c9fc2c	use +nottlid	2014-04-30 15:53:37 +10:00
Evan Hunt	44613d4d86	[master] named -L option for default logfile 3832. [func] "named -L <filename>" causes named to send log messages to the specified file by default instead of to the system log. (Thanks to Tony Finch.) [RT #35845]	2014-04-29 17:17:03 -07:00
Tinderbox User	f6ea2b1d09	update copyright notice	2014-04-29 23:45:21 +00:00
Evan Hunt	b4ba66ba1e	[master] "dnssec-signzone -N date" 3827. [func] "dnssec-signzone -N date" updates serial number to the current date in YYYYMMDDNN format. [RT #35800]	2014-04-29 16:29:20 -07:00
Mark Andrews	e54767a3c9	change exit code	2014-04-29 22:57:15 +10:00
Mark Andrews	1a158ef6ee	fix testsock6.pl (cherry picked from commit `660195a82c`)	2014-04-29 19:15:55 +10:00
Evan Hunt	54267016bc	[master] add geoip and filter-aaaa to SUBDIRS	2014-04-28 22:41:13 -07:00
Tinderbox User	06081a0d61	update copyright notice	2014-04-25 23:45:21 +00:00
Evan Hunt	aefb3e308b	[master] better DDNS in DLZ; mysqldyn 3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic update and transaction support. Thanks to Marty Lee for the contribution. [RT #35656] 3820. [func] The DLZ API doesn't pass the database version to the lookup() function; this can cause DLZ modules that allow dynamic updates to mishandle prerequisite checks. This has been corrected by adding a 'dbversion' field to the dns_clientinfo_t structure. [RT #35656]	2014-04-25 13:06:30 -07:00
Mark Andrews	36e5ac0033	3819. [bug] NSEC3 hashes need to be able to be entered and displayed without padding. This is not a issue for currently defined algorithms but may be for future hash algorithms. [RT #27925]	2014-04-24 18:58:03 +10:00
Evan Hunt	2ae159b376	[master] globally rename "delve" to "delv" 3817. [func] The "delve" command is now spelled "delv" to avoid a namespace collision with the Xapian project. [RT #35801]	2014-04-23 11:14:12 -07:00
Tinderbox User	953189d30e	update copyright notice	2014-04-22 23:45:19 +00:00
Evan Hunt	ec3b216506	[master] masterfile-style 3814. [func] The "masterfile-style" zone option controls the formatting of dumped zone files. Options are "relative" (multiline format) and "full" (one record per line). The default is "relative". [RT #20798]	2014-04-17 17:10:29 -07:00
Evan Hunt	7318bbc262	[master] serial-update-method date; 3811. [func] "serial-update-method date;" sets serial number on dynamic update to today's date in YYYYMMDDNN format. (Thanks to Bradley Forschinger.) [RT #24903]	2014-04-17 16:05:50 -07:00
Evan Hunt	92fe6db3e4	[master] use test -r in system tests 3806. [test] Improved system test portability. [RT #35625]	2014-04-09 20:29:52 -07:00
Evan Hunt	baad8d9fd8	[master] allow null "file" for DLZ or alternate db zones 3803. [bug] "named-checkconf -z" incorrectly rejected zones using alternate data sources for not having a "file" option. [RT #35685]	2014-04-07 13:29:56 -07:00
Mark Andrews	5b60bde47b	use perl	2014-04-07 21:53:47 +10:00
Mark Andrews	a4941d6b5e	update check the correct resigning time is reported in zonestatus test to be more portable	2014-04-07 11:50:50 +10:00
Mark Andrews	0dfd942409	3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing time. [RT #35659]	2014-04-04 11:33:49 +11:00
Tinderbox User	180d8b0eec	update copyright notice	2014-03-30 23:46:03 +00:00
Mukund Sivaraman	ef9334d745	3795. [bug] Make named-checkconf detect raw masterfiles for hint zones and reject them. [RT #35268] Squashed commit of the following: commit 5b0254711d6b77940d6217b9131b9d401df8a866 Author: Mukund Sivaraman <muks@isc.org> Date: Fri Mar 28 02:09:01 2014 +0530 Remove redundant helper function commit a4341c1a2ba830c8cee1def57a533f987f67c3dc Author: Mark Andrews <marka@isc.org> Date: Thu Jan 30 10:08:17 2014 +1100 error out if masterfile-format raw is specified for a hint zone.	2014-03-31 04:55:37 +05:30
Evan Hunt	22e29471c7	[master] check allow-update in view/options 3787. [bug] The code that checks whether "auto-dnssec" is allowed was ignoring "allow-update" ACLs set at the options or view level. [RT #29536]	2014-03-12 21:36:01 -07:00
Mark Andrews	6f49db82ab	calling $TSIGKEYGEN doesn't work with libtool.	2014-03-13 15:11:46 +11:00
Tinderbox User	0add14467b	update copyright notice	2014-03-12 23:46:05 +00:00
Evan Hunt	89740699cd	[master] fixed 'fixed' 3784. [bug] Using "rrset-order fixed" when it had not been enabled at compile time caused inconsistent results. It now works as documented, defaulting to cyclic mode. [RT #28104]	2014-03-12 08:45:44 -07:00
Evan Hunt	46bc64f4b1	[master] tsig-keygen 3783. [func] "tsig-keygen" is now available as an alternate command name for "ddns-confgen". It generates a TSIG key in named.conf format without comments. [RT #35503]	2014-03-12 08:29:15 -07:00
Mark Andrews	bab2bf7dfd	expr length arg is not portable	2014-03-12 13:59:41 +11:00
Evan Hunt	62258ada48	[master] auto-generate salt 3781. [func] Specifying "auto" as the salt when using "rndc signing -nsec3param" causes named to generate a 64-bit salt at random. [RT #35322]	2014-03-11 08:46:58 -07:00
Evan Hunt	7b46a4aa41	[master] fix negative numbers in $GENERATE 3780. [bug] $GENERATE handled negative numbers incorrectly. [RT #25528]	2014-03-10 11:55:32 -07:00
Tinderbox User	e9c7fe450e	update copyright notice	2014-03-06 23:46:08 +00:00
Evan Hunt	741dfd3ccd	[master] tests directory cleanup	2014-03-06 11:11:27 -08:00
Tinderbox User	8ab8cd1fa6	update copyright notice	2014-03-01 23:46:15 +00:00
Evan Hunt	ec88c1fdff	[master] capture stderr in systests.output - also tidied up runall.sh summary output	2014-02-28 21:59:28 -08:00
Evan Hunt	98922b2b2b	[master] merge several interdependent fixes 3760. [bug] Improve SIT with native PKCS#11 and on Windows. [RT #35433] 3759. [port] Enable delve on Windows. [RT #35441] 3758. [port] Enable export library APIs on windows. [RT #35382]	2014-02-26 19:00:05 -08:00
Evan Hunt	061f61dd3b	[master] add files omitted from coverage test	2014-02-26 08:54:21 -08:00
Evan Hunt	3a01ded15d	[master] enable windows python tools 3757. [port] Enable Python tools (dnssec-coverage, dnssec-checkds) to run on Windows. [RT #34355]	2014-02-26 08:43:50 -08:00
Mark Andrews	cc00679829	wait for zone to transfer	2014-02-23 14:06:15 +11:00
Evan Hunt	999926955b	[master] fix test error	2014-02-21 08:05:40 -08:00
Tinderbox User	20a96edbf9	update copyright notice	2014-02-20 23:46:35 +00:00
Mark Andrews	caac342072	add @ISC_OPENSSL_LIBS@	2014-02-21 00:35:22 +11:00
Mark Andrews	16134801ce	3750. [experimental] Partially implement EDNS EXPIRE option as described in draft-andrews-dnsext-expire-00. Retrivial of remaining time to expiry from slave zones is supported. EXPIRE uses an experimental option code (65002) and is subject to change. [RT #35416]	2014-02-20 14:56:20 +11:00
Mark Andrews	86a85a3bbd	don't error on rpz percentage checks as they fail inconsistently on virtual machines	2014-02-20 12:22:14 +11:00
Mark Andrews	e676a59686	update copyrights	2014-02-20 10:53:11 +11:00
Mark Andrews	7e2e41df67	3748. [func] Use delve to test dns_client interfaces. [RT #35383 ]	2014-02-19 19:33:21 +11:00
Evan Hunt	35f6a21f5f	[master] max-zone-ttl 3746. [func] New "max-zone-ttl" option enforces maximum TTLs for zones. If loading a zone containing a higher TTL, the load fails. DDNS updates with higher TTLs are accepted but the TTL is truncated. (Note: Currently supported for master zones only; inline-signing slaves will be added.) [RT #38405]	2014-02-18 23:26:50 -08:00
Mark Andrews	b5f6271f4d	3744. [experimental] SIT: send and process Source Identity Tokens (which are similar to DNS Cookies by Donald Eastlake) and are designed to help clients detect off path spoofed responses and for servers to detect legitimate clients. SIT use a experimental EDNS option code (65001). SIT can be enabled via --enable-developer or --enable-sit. It is on by default in Windows. RRL processing as been updated to know about SIT with legitimate clients not being rate limited. [RT #35389]	2014-02-19 12:53:42 +11:00
Tinderbox User	3fd910dec5	update copyright notice	2014-02-17 23:46:29 +00:00
Evan Hunt	5efcb3a3e2	[master] fix test errors - require 5.006_001 - cut off the least significant figures of rrsig dates before comparison to avoid integer overflow	2014-02-17 08:40:02 -08:00
Evan Hunt	7ba88e2a95	[master] fix dnssec test errors	2014-02-16 14:14:56 -08:00
Evan Hunt	72fd845d5a	[master] remove accidentally committed changes	2014-02-16 13:59:19 -08:00
Evan Hunt	792915beb0	[master] fix accidental dig breakage	2014-02-16 13:42:42 -08:00
Evan Hunt	dbb012765c	[master] merge libiscpk11 to libisc 3735. [cleanup] Merged the libiscpk11 library into libisc to simplify dependencies. [RT #35205]	2014-02-11 21:20:28 -08:00
Tinderbox User	6874b16e4a	update copyright notice	2014-02-10 23:46:26 +00:00
Mark Andrews	d7729155df	3734. [bug] Improve building with libtool. [RT #35314 ]	2014-02-10 15:01:06 +11:00
Tinderbox User	81f58902eb	update copyright notice	2014-02-07 23:46:39 +00:00
Mark Andrews	2870ee1fe5	use exit 255	2014-02-08 09:43:16 +11:00
Mark Andrews	0584ab7e9c	#include <isc/util.h>	2014-02-07 16:46:11 +11:00
Evan Hunt	7983f6f77a	[master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2014-02-06 19:41:48 -08:00
Evan Hunt	166341d554	[master] add no-case-compress 3731. [func] Added a "no-case-compress" ACL, which causes named to use case-insensitive compression (disabling change #3645) for specified clients. (This is useful when dealing with broken client implementations that use case-sensitive name comparisons, rejecting responses that fail to match the capitalization of the query that was sent.) [RT #35300]	2014-02-06 19:37:26 -08:00
Mark Andrews	a928b54fa9	silence unused parameter	2014-02-07 11:47:32 +11:00
Evan Hunt	a165a17a81	[master] dnssec-keygen fixes 3730. [cleanup] Added "never" as a synonym for "none" when configuring key event dates in the dnssec tools. [RT #35277] 3729. [bug] dnssec-kegeyn could set the publication date incorrectly when only the activation date was specified on the command line. [RT #35278]	2014-02-06 15:59:14 -08:00
Tinderbox User	7fa75f8e0e	update copyright notice	2014-02-06 23:46:25 +00:00
Tinderbox User	0666e6db54	update copyright notice	2014-01-31 23:46:22 +00:00
Evan Hunt	d0803df331	[master] fixed geoip in blackhole ACLs 3722. [bug] Using geoip ACLs in a blackhole statement could cause a segfault. [RT #35272]	2014-01-30 17:03:32 -08:00
Tinderbox User	04b5785fde	update copyright notice	2014-01-29 23:46:19 +00:00
Mark Andrews	75d747e1c5	3719. [bug] Address memory leak in in peer.c. [RT #35255 ]	2014-01-30 07:54:52 +11:00
Mark Andrews	61932ed917	copyright cleanups	2014-01-29 14:05:46 +11:00
Tinderbox User	aa7b16ec2a	update copyright notice	2014-01-21 23:46:16 +00:00
Evan Hunt	d58e33bfab	[master] testcrypto.sh in system tests 3714. [test] System tests that need to test for cryptography support before running can now use a common "testcrypto.sh" script to do so. [RT #35213]	2014-01-20 16:08:09 -08:00
Evan Hunt	e45d0508c3	[master] skip unnecesary also-notify data 3713. [bug] Save memory by not storing "also-notify" addresses in zone objects that are configured not to send notify requests. [RT #35195]	2014-01-20 15:53:51 -08:00
Tinderbox User	dfd5f3b388	update copyright notice	2014-01-18 23:46:13 +00:00
Evan Hunt	12bf5d4796	[master] address several issues with native pkcs11	2014-01-18 11:51:07 -08:00
Tinderbox User	c0682c2367	update copyright notice	2014-01-17 23:46:32 +00:00
Francis Dupont	e02659b241	applied emacs filled-paragraph (ESC-q) to reindent SUBDIRS	2014-01-17 14:14:30 +01:00
Tinderbox User	1633aead67	update copyright notice	2014-01-16 23:46:28 +00:00
Mark Andrews	db8938c993	3710. [bug] Address double dns_zone_detach when switching to using automatic empty zones from regular zones. [RT #35177]	2014-01-17 10:04:16 +11:00
Evan Hunt	5760095601	[master] skip xfer test with Net::DNS 0.73	2014-01-16 09:50:23 -08:00
Francis Dupont	6080262ffe	add iscpk11 dep in lwresd system test	2014-01-16 16:06:04 +01:00
Mark Andrews	e20788e121	update copyrights	2014-01-16 15:19:24 +11:00
Tinderbox User	bf0266f286	update copyright notice	2014-01-14 23:46:22 +00:00
Evan Hunt	ba751492fc	[master] native PKCS#11 support 3705. [func] "configure --enable-native-pkcs11" enables BIND to use the PKCS#11 API for all cryptographic functions, so that it can drive a hardware service module directly without the need to use a modified OpenSSL as intermediary (so long as the HSM's vendor provides a complete-enough implementation of the PKCS#11 interface). This has been tested successfully with the Thales nShield HSM and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031]	2014-01-14 15:40:56 -08:00
Mark Andrews	07fb9b8330	3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185 ]	2014-01-14 16:12:30 +11:00
Tinderbox User	2cf1d5b098	update copyright notice	2014-01-12 23:46:23 +00:00
Mark Andrews	fb756ba304	3703. [func] Prefetch about to expire records if they are queried for, see prefetch option for details. [RT #35041]	2014-01-12 21:29:15 +11:00
Tinderbox User	f70a10508f	update copyright notice	2014-01-11 23:46:17 +00:00
Evan Hunt	7d2b185f16	[master] new dnssec-coverage options 3702. [func] 'dnssec-coverage -l' option specifies a length of time to check for coverage; events further into the future are ignored. 'dnssec-coverage -z' checks only ZSK events, and 'dnssec-coverage -k' checks only KSK events. (Thanks to Peter Palfrader.) [RT #35168]	2014-01-10 17:53:21 -08:00
Mark Andrews	a7c412f37c	update copyrights	2014-01-11 07:07:56 +11:00
Mark Andrews	ff6de396a9	3701. [func] named-checkconf can now suppress the printing of shared secrets by specifying '-x'. [RT #34465]	2014-01-10 16:56:36 +11:00
Tinderbox User	431a83fb29	update copyright notice	2014-01-09 23:46:35 +00:00
Mark Andrews	d4eb30fa2d	stop spamming system logs	2014-01-09 16:23:40 +11:00
Tinderbox User	e8914b47a2	update copyright notice	2014-01-05 23:46:12 +00:00
Mark Andrews	e9649ece3b	3696. [bug] dig failed to handle AXFR style IXFR responses which span multiple messages. [RT #35137]	2014-01-06 06:22:30 +11:00
Tinderbox User	9c61ab2c99	update copyright notice	2013-12-21 23:46:16 +00:00
Evan Hunt	c14ba71070	[master] warn if key-directory doesn't exist 3694. [bug] Warn when a key-directory is configured for a zone, but does not exist or is not a directory. [RT #35109]	2013-12-20 14:57:03 -08:00
Tinderbox User	7c329be7c0	update copyright notice	2013-12-15 23:46:14 +00:00
Tinderbox User	eade480b33	update copyright notice	2013-12-13 23:46:17 +00:00
Evan Hunt	0606c47750	[master] correct dispatch address/port check 3690. [bug] Iterative responses could be missed when the source port for an upstream query was the same as the listener port (53). [RT #34925]	2013-12-12 22:39:12 -08:00
Evan Hunt	9b895f30f1	[master] fix insecure delegation across static-stub zones 3689. [bug] Fixed a bug causing an insecure delegation from one static-stub zone to another to fail with a broken trust chain. [RT #35081]	2013-12-12 22:19:33 -08:00
Tinderbox User	de77dcc2c1	update copyright notice	2013-12-11 23:47:38 +00:00
Evan Hunt	4e1d84a33c	typo	2013-12-11 14:00:07 -08:00
Evan Hunt	0bbe3273a2	[master] dnssec-signzone -Q 3686. [func] "dnssec-signzone -Q" drops signatures from keys that are still published but no longer active. [RT #34990]	2013-12-11 13:25:21 -08:00
Tinderbox User	79812068ff	update copyright notice	2013-12-06 23:47:28 +00:00
Mark Andrews	7d65cbaca0	3684. [bug] The list of included files would grow on reload. [RT 35090]	2013-12-07 09:44:45 +11:00
Curtis Blackburn	8009525601	3682. [bug] Correct the behavior of rndc retransfer to allow inline-signing slave zones to retain NSEC3 parameters instead of reverting to NSEC [RT #34745]	2013-12-04 12:26:20 -06:00
Evan Hunt	d999ca28d4	[master] check hint files in named-checkconf -z 3676. [bug] "named-checkconf -z" now checks zones of type hint and redirect as well as master. [RT #35046]	2013-11-25 12:26:53 -08:00
Mark Andrews	225146b2c8	3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026 ]	2013-11-18 11:22:59 +11:00
Mark Andrews	ced4f794cf	check expected responses	2013-11-15 13:22:48 +11:00
Mark Andrews	3ac9ef6a6d	move forwarder server to 10.53.0.5	2013-11-15 13:16:51 +11:00
Tinderbox User	432d8fa3b4	update copyright notice	2013-11-14 23:46:24 +00:00
Evan Hunt	434bfc3dfa	[master] "in-view" zone option 3673. [func] New "in-view" zone option allows direct sharing of zones between views. [RT #32968]	2013-11-13 20:35:40 -08:00
Evan Hunt	0618287859	[master] allow setting local addr in dns_client 3672. [func] Local address can now be specified when using dns_client API. [RT #34811]	2013-11-13 10:52:22 -08:00
Mark Andrews	c4004ada2a	adjust sync point	2013-11-13 15:44:54 +11:00
Mark Andrews	6b0434299b	3671. [bug] Don't allow dnssec-importkey overwrite a existing non-imported private key.	2013-11-13 12:01:09 +11:00
Mark Andrews	015f044f7f	remove copyright noticed	2013-11-09 13:55:49 +11:00
Tinderbox User	97c299486a	update copyright notice	2013-11-08 23:46:19 +00:00
Mark Andrews	2048955015	3667. [func] dig: add support to keep the TCP socket open between successive queries (+[no]keepopen). [RT #34918]	2013-11-07 10:50:01 +11:00
Mark Andrews	49c1e0d18d	3666. [func] Add a tool, named-rrchecker, for checking the syntax of individual resource records. This tool is intended to be called by provisioning systems so that the front end does not need to be upgraded to support new DNS record types. [RT #34778]	2013-11-07 10:41:47 +11:00
Mark Andrews	50c67f588e	remove blank (cherry picked from commit 75aa3c6f2ada5dcc657d0858ee4544c7997d9840)	2013-09-23 09:47:30 +10:00
Mark Andrews	9fa2a0deed	3652. [bug] Address bug with rpz-drop policy. [RT #34816 ]	2013-09-21 17:27:43 +10:00
Tinderbox User	bcbb556868	update copyright notice	2013-09-19 23:46:20 +00:00
Evan Hunt	c7965f84c2	[master] comment nzf files 3649. [cleanup] Include a comment in .nzf files, giving the name of the associated view. [RT #34765]	2013-09-19 15:37:09 -07:00
Mark Andrews	88a6dc33b7	only generate DSA/ECDSA signatures in named if we have a source of randomness and only on specific platforms	2013-09-19 10:40:38 +10:00
Mark Andrews	7667dd1a03	call zone_settimer; sub test failure was not being detected (cherry picked from commit `ebd7900670`)	2013-09-18 12:57:46 +10:00
Mark Andrews	2c089bf6d2	whitspace	2013-09-16 10:14:07 +10:00
Tinderbox User	a989ffdbb3	update copyright notice	2013-09-10 23:46:14 +00:00
Evan Hunt	78f20eda3c	[master] clean up tests, update .gitignore	2013-09-09 19:37:17 -07:00
Mark Andrews	3d3aa9cde6	use -r rather then -f	2013-09-09 12:19:30 +10:00
Mark Andrews	23c73a1848	only test dsa if we have a random device	2013-09-09 11:42:58 +10:00
Tinderbox User	63737247d1	update copyright notice	2013-09-05 23:46:16 +00:00
Mark Andrews	cb69994ff8	3645. [protocol] Use case sensitive compression when responding to queries. [RT #34737]	2013-09-05 12:22:34 +10:00
Evan Hunt	690bd6bf5d	[master] fix inline test, add importkey to win32 build	2013-09-04 18:56:50 -07:00
Mark Andrews	5b9469c0db	test for ECDSAP256SHA256 support	2013-09-04 22:33:31 +10:00
Mark Andrews	0c91911b4d	3642. [func] Allow externally generated DNSKEY to be imported into the DNSKEY management framework. A new tool dnssec-importkey is used to this. [RT #34698]	2013-09-04 13:53:02 +10:00
Mark Andrews	b5f4cc132e	3641. [bug] Handle changes to sig-validity-interval settings better. [RT #34625]	2013-09-04 13:45:00 +10:00
Mark Andrews	d6f99498d6	3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used in a key zone. [RT #34238]	2013-09-04 13:14:06 +10:00
Tinderbox User	4b2c089cd8	update copyright notice	2013-08-19 23:46:14 +00:00
Mark Andrews	997c2c5116	3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583]	2013-08-19 09:18:28 +10:00
Tinderbox User	33d6c4a086	update copyright notice	2013-08-16 23:46:11 +00:00
Mark Andrews	e548e07a9a	3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583]	2013-08-16 13:54:23 +10:00
Tinderbox User	377b774598	update copyright notice	2013-08-15 23:46:17 +00:00
Mark Andrews	d1e22676de	3635. [bug] Signatures were not being removed from a zone with only KSK keys for a algorithm. [RT #24439]	2013-08-15 13:37:07 +10:00
Mark Andrews	7ace327795	3632. [bug] Signature from newly inactive keys were not being removed. [RT #32178]	2013-08-15 10:48:05 +10:00
Mark Andrews	75ae74f8fd	3629. [func] Allow the printing of cryptographic fields in DNSSEC records by dig to be suppressed (dig +nocrypto). [RT #34534]	2013-08-12 15:37:51 +10:00
Mark Andrews	16bd30ae69	3628. [func] Report DNSKEY key id's when dumping the cache. [RT #34533]	2013-08-12 14:38:26 +10:00
Mark Andrews	df0892aea6	3627. [bug] RPZ changes were not effective on slaves. [RT #34450 ]	2013-08-09 13:23:01 +10:00
Tinderbox User	f378953f3b	update copyright notice	2013-08-07 23:46:12 +00:00
Mark Andrews	f45f654185	3625. [bug] Don't send notify messages to machines outside of the test setup.	2013-08-07 15:48:55 +10:00
Evan Hunt	3cea62e3df	[master] fix bad test output when server fails	2013-07-25 11:15:53 -07:00
Tinderbox User	44c016134f	update copyright notice	2013-07-13 23:46:06 +00:00
Evan Hunt	9a32b8d8f8	[master] add a sleep to prevent intermittent test failure	2013-07-13 15:30:56 -07:00
Evan Hunt	421d4a0647	[master] rpz work 3620. [func] Added "rpz-client-ip" policy triggers, enabling RPZ responses to be configured on the basis of the client IP address; this can be used, for example, to blacklist misbehaving recursive or stub resolvers. [RT #33605] 3619. [bug] Fixed a bug in RPZ with "recursive-only no;" [RT #33776]	2013-07-12 14:46:47 -07:00
Evan Hunt	0b4ed61d20	[master] added missing file	2013-07-12 00:01:33 -07:00
Evan Hunt	0949306cb9	[master] check include file mtimes 3618. [func] "rndc reload" now checks modification times of include files as well as master files to determine whether to skip reloading a zone. [RT #33936]	2013-07-11 16:32:36 -07:00
Evan Hunt	964bdcd7ad	[master] don't go nonresponsive during "rndc reload" 3617. [bug] Named was failing to answer queries during "rndc reload" [RT #34098]	2013-07-11 10:54:21 -07:00
Tinderbox User	77b1d950a6	update copyright notice	2013-07-10 23:46:10 +00:00
Evan Hunt	1d26c6b9b8	[master] count the test cases correctly	2013-07-09 22:52:43 -07:00
Evan Hunt	927e4c9fec	[master] address race conditions with removing inline zones 3513. [bug] named could crash when deleting inline-signing zones with "rndc delzone". [RT #34066]	2013-07-09 17:39:21 -07:00
Evan Hunt	4ba84a5bdb	[master] use egrep as solaris doesn't like grep -E	2013-07-01 14:08:31 -07:00
Evan Hunt	9d4ec6d2c5	[master] "flushtree -all" no longer optional Updated CHANGES note: 3606. [func] "rndc flushtree" now flushes matching records in the address database and bad cache as well as the DNS cache. (Previously only the DNS cache was flushed.) [RT #33970]	2013-06-30 18:53:48 -07:00
Evan Hunt	9fa5a723e1	[master] "rndc flushtree -all <name>" 3606. [func] "rndc flushtree -all" flushes matching records in the ADB and bad cache as well as the DNS cache. (Without the "-all" option, flushtree will still only flush records from the DNS cache.) [RT #33970]	2013-06-26 14:59:32 -07:00
Mark Andrews	945ce145e0	Use extended regular expression as HPUX doesn't like grep -w '$TXT\\|ANY$'	2013-06-17 12:59:50 +10:00
Evan Hunt	be3f14af79	[master] fix system test failure - needed to specify session key file	2013-06-15 01:39:23 -07:00
Tinderbox User	53e8ebc8f0	update copyright notice	2013-06-14 23:46:13 +00:00
Evan Hunt	b7e40659ef	[master] rebuild resigning heaps when loading map files 3597. [bug] Ensure automatic-resigning heaps are reconstructed when loading zones in map format. [RT #33381]	2013-06-14 10:16:10 -07:00
Tinderbox User	1443158c11	update copyright notice	2013-06-13 23:46:13 +00:00
Mark Andrews	8e15d5eb3a	3593. [func] Update EDNS processing to better track remote server capabilities. [RT #30655]	2013-06-12 11:31:30 +10:00
Tinderbox User	1ec9fe2c3c	update copyright notice	2013-06-08 23:46:57 +00:00
Evan Hunt	89be55dc90	[master] improve RRL handling of deferrals and slipped NXDOMAIN 3590. [bug] When using RRL on recursive servers, defer rate-limiting until after recursion is complete; also, use correct rcode for slipped NXDOMAIN responses. [RT #33604]	2013-06-08 13:17:33 -07:00
Mark Andrews	c6eb92beb1	3589. [func] Report serial numbers in when starting zone transfers. Report accepted NOTIFY requests including serial. [RT# 33037]	2013-06-08 09:49:03 +10:00
Mark Andrews	8144dc702b	3587. [func] 'named -g' now checks the logging configuration but does not use it. [RT #33473]	2013-06-06 11:08:16 +10:00
Tinderbox User	099fa63e55	update copyright notice	2013-06-05 23:46:14 +00:00
Evan Hunt	5f1dc0d505	[master] add "-clean" option to "rndc delzone" 3585. [func] "rndc delzone -clean" option removes zone files when deleting a zone. [RT #33570]	2013-06-04 21:26:29 -07:00
Mark Andrews	1e34fe9044	3582. [bug] Silence false positive warning regarding missing file directive for inline slave zones. [RT #33662]	2013-06-04 11:34:03 +10:00
Tinderbox User	6d4487398e	update copyright notice	2013-05-29 23:46:19 +00:00
Mark Andrews	5f238c3c64	3577. [bug] Handle zero TTL values better. [RT #33411 ]	2013-05-29 18:10:11 +10:00
Tinderbox User	be899a549d	update copyright notice	2013-05-10 23:46:06 +00:00
Curtis Blackburn	428dd5c588	3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled zone names containing punctuation marks and other nonstandard characters. [RT #33419]	2013-05-10 16:12:27 -05:00
Tinderbox User	2147c42301	update copyright notice	2013-05-03 23:46:12 +00:00
Evan Hunt	34f3693b93	[master] log forwarded updates 3566. [func] Log when forwarding updates to master. [RT #33240]	2013-05-03 14:05:32 -07:00
Evan Hunt	1a076410c2	[master] fix corrupt map file handling 3564. [bug] Improved handling of corrupted map files. [RT #33380]	2013-05-03 14:00:12 -07:00
Evan Hunt	03b5d2689d	[master] add hash to map files 3562. [func] Update map file header format to include a SHA-1 hash of the database content, so that corrupted map files can be rejected at load time. [RT #32459]	2013-05-01 22:20:02 -07:00
Tinderbox User	7105104b6e	update copyright notice	2013-04-30 06:39:16 +00:00
Tinderbox User	055fd5fcba	update copyright notice	2013-04-30 05:03:43 +00:00
Tinderbox User	954e43e605	update copyright notice	2013-04-30 04:51:59 +00:00
Mark Andrews	26bb3b7a67	3559. [func] Check that both forms of Sender Policy Framework records exist or do not exist. [RT #33355]	2013-04-30 13:49:41 +10:00
Tinderbox User	5655174c2c	update copyright notice	2013-04-29 23:46:13 +00:00
Mark Andrews	9a785712f1	3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331 ]	2013-04-29 15:46:54 +10:00
Mark Andrews	ec8a802114	3557. [bug] Reloading redirect zones was broken. [RT #33292 ]	2013-04-29 15:20:09 +10:00
Evan Hunt	0e932023c4	[master] resume overriding rrl test failures	2013-04-25 20:02:59 -07:00
Evan Hunt	a6d43d18b1	[master] fixed several RRL issues 3554. [bug] RRL failed to correctly rate-limit upward referrals and failed to count dropped error responses in the statistics. [RT #33225]	2013-04-25 14:42:44 -07:00
Mark Andrews	78e179da20	egrep was not precise enough	2013-04-13 22:34:35 +10:00
Evan Hunt	b99bfa184b	[master] unify internal and export libraries 3550. [func] Unified the internal and export versions of the BIND libraries, allowing external clients to use the same libraries as BIND. [RT #33131]	2013-04-10 13:49:57 -07:00
Mark Andrews	cc444c73d5	add sleep 1 to loop	2013-04-10 21:35:36 +10:00
Tinderbox User	526cc7c2c0	update copyright notice	2013-04-09 23:46:07 +00:00
Mark Andrews	1cc4695f0d	3547. [bug] Some malformed unknown rdata records were not properly detected and rejected. [RT #33129]	2013-04-08 09:55:14 +10:00
Mark Andrews	3a6d62c59f	3546. [func] Add EUI48 and EUI64 types. [RT #33082 ]	2013-04-05 09:07:28 +11:00
Mark Andrews	c2838610c6	s/-e/-x/	2013-04-05 07:37:40 +11:00
Tinderbox User	f9adb48aea	update copyright notice	2013-04-03 23:46:07 +00:00
Mark Andrews	085496379f	add SAMPLE to the list of varables to be exported (cherry picked from commit `cf3e838fd3`)	2013-04-04 07:27:21 +11:00
Mark Andrews	8013077aa7	3541. [bug] The parts if libdns was not being properly initialized in when built in libexport mode. [RT #33028]	2013-04-03 17:27:40 +11:00
Tinderbox User	313b0ea9f2	update copyright notice	2013-03-23 23:46:06 +00:00
Evan Hunt	67adc03ef8	[master] add DSCP support 3535. [func] Add support for setting Differentiated Services Code Point (DSCP) values in named. Most configuration options which take a "port" option (e.g., listen-on, forwarders, also-notify, masters, notify-source, etc) can now also take a "dscp" option specifying a code point for use with outgoing traffic, if supported by the underlying OS. [RT #27596]	2013-03-22 14:05:33 -07:00
Evan Hunt	4bf686cf5d	[master] zone parsing broken with embedded null 3534. [bug] Extra text after an embedded NULL was ignored when parsing zone files. [RT #32699]	2013-03-21 19:30:10 -07:00
Tinderbox User	ad67363430	update copyright notice	2013-03-21 23:46:12 +00:00
Mark Andrews	15d970cb23	remove broken redundant test	2013-03-21 12:38:16 +11:00
Evan Hunt	831f59eb43	[master] add dnssec-coverage tool 3528. [func] New "dnssec-coverage" command scans the timing metadata for a set of DNSSEC keys and reports if a lapse in signing coverage has been scheduled inadvertently. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28098]	2013-03-20 14:39:13 -07:00
Tinderbox User	cfa2326b5c	update copyright notice	2013-03-14 23:46:11 +00:00
Evan Hunt	4eb998928b	[master] algorithm flexibility for rndc 3525. [func] Support for additional signing algorithms in rndc: hmac-sha1, -sha224, -sha256, -sha384, and -sha512. The -A option to rndc-confgen can be used to select the algorithm for the generated key. (The default is still hmac-md5; this may change in a future release.) [RT #20363]	2013-03-13 17:53:11 -07:00
Evan Hunt	21a7fde6ba	[master] handle servfail at DLZ zone apex 3522. [bug] DLZ lookups could fail to return SERVFAIL when they ought to. [RT #32685]	2013-03-11 15:54:03 -07:00
Mark Andrews	fae66f41c5	wait for upstream transfer to complete	2013-03-08 17:14:03 +11:00
Tinderbox User	40b42978b9	update copyright notice	2013-03-05 23:46:17 +00:00
Mark Andrews	ab8ea5c51e	check that the lwresd server has started before querying it (cherry picked from commit 661f1197a200bdd3d2411e9b02a46b93fb1fb083)	2013-03-05 17:24:19 +11:00
Mark Andrews	8e5fce1f9c	update copyrights	2013-03-01 10:39:29 +11:00
Evan Hunt	2a184ff865	[master] accept >4g max-{,a}cache-size 3506. [func] When setting "max-cache-size" and "max-acache-size", the keyword "unlimited" is no longer defined as equal to 4 gigabytes (except on 32-bit platforms); it means literally unlimited. [RT #32358] 3505. [bug] When setting "max-cache-size" and "max-acache-size", larger values than 4 gigabytes could not be set explicitly, though larger sizes were available when setting cache size to 0. This has been corrected; the full range is now available. [RT #32358]	2013-02-28 09:29:12 -08:00
Evan Hunt	501941f0b6	[master] add geoip support 3504. [func] Add support for ACLs based on geographic location, using MaxMind GeoIP databases. Based on code contributed by Ken Brownfield <kb@slide.com>. [RT #30681]	2013-02-27 17:19:39 -08:00
Tinderbox User	bea3baa50c	update copyright notice	2013-02-27 23:46:03 +00:00
Mark Andrews	90e1d62889	check that inlineslave.bk and inlineslave.bk.signed exist	2013-02-28 09:01:16 +11:00
Evan Hunt	40a7e85f3e	[master] better zone-statistics syntax 3501. [func] zone-statistics now takes three options: full, terse, and none. "yes" and "no" are retained as synonyms for full and terse, respectively. [RT #29165]	2013-02-27 11:53:58 -08:00
Mark Andrews	b3d3dd301b	ensure test starting conditions are met	2013-02-27 17:02:16 +11:00
Evan Hunt	68357e5241	[master] avoid double-free in rrl - RRL could assert when freeing qname - also, changed test addresses from 192.168/16 to 192.0/16	2013-02-26 19:15:11 -08:00
Evan Hunt	d654c95c96	[master] force 0 exit status from rrl system test RRL system test seems to be highly dependent on system speed. We are leaving it running and reporting results, but forcing it to return PASS unless one or more of the servers crashed or could not start.	2013-02-26 18:46:57 -08:00
Mark Andrews	609b8d0817	update copyrights	2013-02-27 12:27:58 +11:00
Mark Andrews	30314ce9c5	'!' is not portable.	2013-02-26 23:11:43 +11:00
Mark Andrews	118bdfd8c4	3497. [func] When deleting a slave/stub zone using 'rndc delzone' report the files that were being used so they can be cleaned up if desired. [RT #27899] Squashed commit of the following: commit 0e4e69d0c3153fe94aaa375b908cf7e3e45b5059 Author: Mark Andrews <marka@isc.org> Date: Thu Feb 21 17:01:44 2013 +1100 report the zones to be removed rather than removing them commit 5d247ac592eef64c4c467d99af4983b8c1ff998f Author: Mark Andrews <marka@isc.org> Date: Wed Feb 20 15:05:47 2013 +1100 remove slave/stub files when deleting a zone using delzone	2013-02-26 14:48:21 +11:00
Tinderbox User	f97d56e757	update copyright notice	2013-02-25 23:46:03 +00:00
Evan Hunt	94315060c2	[master] RPZ speedup (phase 2, multiple RPZ's) 3495. [func] Support multiple response-policy zones, while improving RPZ performance. [RT #32476]	2013-02-25 12:46:51 -08:00
Evan Hunt	55e5c51e66	[master] DNS RRL 3494. [func] DNS RRL: Blunt the impact of DNS reflection and amplification attacks by rate-limiting substantially- identical responses. [RT #28130]	2013-02-25 12:45:56 -08:00
Tinderbox User	573d78f3d5	update copyright notice	2013-02-21 23:45:56 +00:00
Evan Hunt	a81ae06ed3	[master] forbid inline-signing slave with no file 3491. [bug] Slave zones using inline-signing must specify a file name. [RT #31946]	2013-02-20 14:01:31 -08:00
Evan Hunt	2425d8bb7c	[master] truncate logged rdata if too long 3490. [bug] When logging RDATA during update, truncate if it's too long. [RT #32365] cherry picked from: commit 16ddb566e5a5b57bf925adef2b5543dddc1de49b commit cd97e0c23b09f38aac49aabab66ee13c68b7a3f3 commit d087fa982649c081d58c5bb16e63da3428e2b89d commit d0795bdffef57612dd7654ffd09c9f4216eee2c8	2013-02-20 13:54:52 -08:00
Mark Andrews	3c7df84b20	3488. [bug] Use after free error with DH generated keys. [RT #32649 ]	2013-02-18 20:26:26 +11:00
Tinderbox User	32dc577940	update copyright notice	2013-02-16 23:46:02 +00:00
Mark Andrews	c9297d3759	3487. [bug] Change 3444 was not complete. There was a additional place where the NOQNAME proof needed to be saved. [RT #32629] Squashed commit of the following: commit cdef844f57bd3eb30b1f77135b89b6f9360e8bee Author: Mark Andrews <marka@isc.org> Date: Sat Feb 16 00:27:14 2013 +1100 whitespace commit 60eb7e3f6cdd102d6aaf0fb4ada8c552576e4502 Author: Mark Andrews <marka@isc.org> Date: Sat Feb 16 00:19:51 2013 +1100 return noqname proof with +cd and dlv	2013-02-16 07:45:43 +11:00
Evan Hunt	0b8bd3a4ae	[master] address TKEY bugs 3486. [bug] named could crash when using TKEY-negotiated keys that had been deleted and then recreated. [RT #32506] commit 6a48b9999766d26cddc7cef275cd984b7d53c014 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 14:59:46 2013 -0800 [rt32506] don't dump key if dump is unimplemented commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 14:42:25 2013 -0800 [rt32506] make sure LRU needs adjusting before adjusting it commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 12:28:28 2013 -0800 [rt32506] demonstrate bugs in tkey test	2013-02-15 10:19:50 -08:00
Tinderbox User	17131a9459	update copyright notice	2013-01-25 23:45:56 +00:00
Evan Hunt	c9611b4573	[master] change "fast" to "map" 3475. [cleanup] Changed name of 'map' zone file format (previously 'fast'). [RT #32458]	2013-01-24 14:20:48 -08:00
Evan Hunt	8f7d23a25c	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2013-01-23 15:48:47 -08:00
Tinderbox User	3aaa526a94	update copyright notice	2013-01-23 23:45:55 +00:00
Evan Hunt	ffff5d6792	[master] fix dns_request_createvia assert 3474. [bug] nsupdate could assert when the local and remote address families didn't match. [RT #22897]	2013-01-23 15:39:05 -08:00
Evan Hunt	9a0dd99a75	[master] fix incorrect nsec3 check - check for NSEC3 in empty nodes when not due to optout delegations - fixed typo in output ("Bad record NSEC record") - incidentally fixed an error in signzone that caused an incorrect warning about missing DNSKEYs when using -S and -3 together 3473. [bug] dnssec-signzone/verify could incorrectly report an error condition due to an empty node above an opt-out delegation lacking an NSEC3. [RT #32072]	2013-01-23 14:56:00 -08:00
Evan Hunt	214836c184	[master] dump masterfile after successful xfrin 3470. [bug] Slave zones could fail to dump when successfully refreshing after an initial failure. [RT #31276]	2013-01-22 15:49:50 -08:00
Evan Hunt	cbd1fa092e	[master] DLZ fixes - handle malformed answers from DLZ better: - handle dlz_lookup errors better: when the first lookup of a name returns an unexpected failure code, we return it to the caller rather than continuing on to look up the wildcard. we now only continue processing if the return from the first lookup was either ISC_R_SUCCESS or ISC_R_NOTFOUND. - improved backward-compatibility for dlz_version: added a DLZ_DLOPEN_AGE value indicating how many versions back from the current DLZ_DLOPEN_VERSION named will support	2013-01-22 15:13:08 -08:00
Tinderbox User	0a8a14d513	update copyright notice	2013-01-21 23:45:48 +00:00
Evan Hunt	a631c8d9b8	[master] prevent ixfr/ns1 being removed	2013-01-21 14:16:15 -08:00
Evan Hunt	30a7cf3957	[master] add 10.53.0.8 address	2013-01-21 12:36:41 -08:00
Tinderbox User	5ac5300fdf	update copyright notice	2013-01-17 23:46:25 +00:00
Evan Hunt	71f8edccba	[master] fix DNS64 with RPZ-remapped A records 3468. [security] RPZ rules to generate A records (but not AAAA records) could trigger an assertion failure when used in conjunction with DNS64. [RT #32141]	2013-01-17 11:23:30 -08:00
Curtis Blackburn	c8803902d6	[bug] Added checks in dnssec-keygen and dnssec-settime to check for delete date < inactive date. [RT #31719]	2013-01-17 10:59:16 -06:00
Tinderbox User	dc3d68d6fe	update copyright notice	2013-01-11 23:46:02 +00:00
Evan Hunt	b3d116c299	[master] fixed clientinfo version check 3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check in DLZ example driver. [RT #32275]	2013-01-10 19:57:21 -08:00
Tinderbox User	5c6b95ba1b	update copyright notice	2013-01-10 23:46:00 +00:00
Mark Andrews	4801931443	3461. [bug] Negative responses could incorrectly have AD=1 set. [RT #32237]	2013-01-10 23:09:08 +11:00
Evan Hunt	578e319607	[master] add -J option to checkzone/compilezone 3459. [func] Added -J option to named-checkzone/named-compilezone to specify the path to the journal file. [RT #30958]	2013-01-09 16:56:46 -08:00
Tinderbox User	b941edbeb5	update copyright notice	2013-01-09 23:45:53 +00:00
Mark Andrews	c07c2a862e	3458. [bug] Return FORMERR when presented with a overly long domain named in a request. [RT #29682]	2013-01-10 10:30:15 +11:00
Mark Andrews	f1c1aab2c9	3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836 ]	2013-01-10 08:26:31 +11:00
Mark Andrews	1a592aae29	test eighth interface	2013-01-09 19:08:59 +11:00
Tinderbox User	afe7d4b934	update copyright notice	2013-01-08 23:45:50 +00:00
Mark Andrews	fc0bfa07c7	3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;' failed. [RT #31960]	2013-01-09 07:40:27 +11:00
Tinderbox User	49503f1d9f	update copyright notice	2013-01-05 23:45:47 +00:00
Mark Andrews	25b95d31ce	3450. [bug] Stop logfileconfig system test spam system logs. [RT #32315] Squashed commit of the following: commit ad40744e2c7dc253b70857bb229def5dd194b418 Author: Mark Andrews <marka@isc.org> Date: Fri Jan 4 17:24:45 2013 +1100 logfileconfig spams the system log files	2013-01-06 07:56:10 +11:00
Tinderbox User	6fe42ff85c	update copyright notice	2013-01-04 23:45:53 +00:00
Evan Hunt	cb0a74fd8d	[master] show signzone errors in pkcs11 test	2013-01-03 19:55:34 -08:00
Evan Hunt	222d38735f	[master] allow-query-on works now 3448. [bug] The allow-query-on ACL was not processed correctly. [RT #29486]	2013-01-03 15:13:45 -08:00
Tinderbox User	d91e5a75df	update copyright notice	2013-01-02 23:45:51 +00:00
Tinderbox User	024cf50d12	update copyright notice	2013-01-01 23:45:47 +00:00
Mark Andrews	ae395e5f97	remove extranous rdata in nxrrset call as it is not ingnored in Net::DNS 0.70	2012-12-21 14:16:41 +11:00
Mark Andrews	ab91ece513	sign_tcp_continuation doesn't work with the newer versions of Net:DNS. Code has been submitted so we don't need to use the sign_tcp_continuation hack in future.	2012-12-21 12:58:58 +11:00
Tinderbox User	9191b6c9e8	update copyright notice	2012-12-20 23:45:48 +00:00
Mark Andrews	b372587363	TSIG no longer has a mac_size method; arcount no longer need to be adjusted	2012-12-21 00:30:14 +11:00
Mark Andrews	f127a35b6c	adjust test to account for blank owner after origin now being rejected	2012-12-19 14:37:56 +11:00
Mark Andrews	4040ff974c	-H not -i sets iterations	2012-12-19 14:18:05 +11:00
Mark Andrews	58c543d840	remove redundant $ORIGINs	2012-12-19 13:34:31 +11:00
Mark Andrews	8462dfb880	3443. [bug] The NOQNAME proof was not being returned from cached insecure responses. [RT #21409]	2012-12-19 09:55:02 +11:00
Mark Andrews	03958ad4b9	3442. [port] Net::DNS 0.69 introduced a non backwards compatible change. [RT #32216]	2012-12-19 08:46:36 +11:00
Mark Andrews	b6f22cc32f	Net::DNS 0.{70,71} doesn't force the TTL to zero for yxrrset, nxrrset and rr_del	2012-12-18 11:43:46 +11:00
Mark Andrews	6301757d64	don't wipe out named.run when restarting	2012-12-14 17:39:22 +11:00
Tinderbox User	b8e2e5dd86	update copyright notice	2012-12-08 23:45:51 +00:00
Mark Andrews	fe898ea0ee	DIG -> $DIG	2012-12-08 15:35:01 +11:00
Mark Andrews	e85702ce5b	3438. [bug] Don't accept unknown data escape in quotes. [RT #32031 ] Squashed commit of the following: commit 7ad3daade513c94a1c92ee7c91c112f161d13ef4 Author: Mark Andrews <marka@isc.org> Date: Mon Dec 3 15:03:44 2012 +1100 look at the second token to determine if a TXT record in of unknown format or not commit 7df32138462646f6aee84ffa56d02ac24ec8d672 Author: Mark Andrews <marka@isc.org> Date: Mon Dec 3 12:42:18 2012 +1100 '"\#"' was incorrectly being treated as a unknown data escape sequence.	2012-12-08 14:05:32 +11:00
Mark Andrews	6f7abb89ec	3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialise buffers with constant data. [RT #32064] Squashed commit of the following: commit 3433b96bf11f8c90ccbe412f01d02a6d8bbc2d33 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:41:16 2012 +1100 isc_buffer_init -> isc_buffer_constinit commit c22dbcc1122a0a44f7b46068e0ccbc25353a57d5 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:38:39 2012 +1100 isc_buffer_init -> isc_buffer_constinit commit 900820416c45c1887d0d22d7a010df60a903bd56 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:24:19 2012 +1100 remove isc_buffer_reconstinit commit f815711c17b05f9961786a90b9bae902d3c01494 Author: Mark Andrews <marka@isc.org> Date: Wed Dec 5 15:42:57 2012 +1100 add isc_buffer_constinit	2012-12-08 12:48:57 +11:00
Tinderbox User	aae306e914	update copyright notice	2012-12-07 23:45:48 +00:00
Evan Hunt	abff0f462a	[master] pass client info to DLZ findzone method 3434. [bug] Pass client info to the DLZ findzone() entry point in addition to lookup(). This makes it possible for a database to answer differently whether it's authoritative for a name depending on the address of the client. [RT #31775]	2012-12-06 12:59:36 -08:00
Evan Hunt	177be355d4	[master] handle ISC_R_NOMORE correctly 3433. [bug] dlz_findzone() did not correctly handle ISC_R_NOMORE. [RT #31172]	2012-12-06 12:41:58 -08:00
Evan Hunt	2b8bed6681	[master] multiple-dlz/dlz-nxdomain 3432. [func] Multiple DLZ databases can now be configured. DLZ databases are searched in the order configured, unless set to "search no", in which case a zone can be configured to be retrieved from a particular DLZ database by using a "dlz <name>" option in the zone statement. DLZ databases can support type "master" and "redirect" zones. [RT #27597]	2012-12-06 12:39:52 -08:00
Evan Hunt	de5890da9b	[master] support all algorithms in ddns-confgen 3431. [bug] ddns-confgen: Some valid key algorithms were not accepted. [RT #31927]	2012-12-05 16:36:58 -08:00
Mark Andrews	3ff483ed84	loop 'I:checking expired signatures were updated' test	2012-12-03 09:30:38 +11:00
Mark Andrews	bde9e26d13	add -U 4	2012-11-29 08:12:51 +11:00
Mark Andrews	53e52b463e	adjust looping threshold from 10 to 15	2012-11-28 12:05:56 +11:00
Evan Hunt	8f9a5ae817	[master] correct checkds test	2012-11-27 15:03:55 -08:00
Mark Andrews	b13b452020	3424. [func] dnssec-dsfromkey now emits the hash without spaces. [RT #31951] Squashed commit of the following: commit 7369da0369e1de1fe6c5b5f84df8848b9a0984eb Author: Mark Andrews <marka@isc.org> Date: Fri Nov 23 17:24:04 2012 +1100 dupped/created reversed in log message commit 0cef5faaf3ac22b00ed0f95b6bb7a146cf4cac15 Author: Mark Andrews <marka@isc.org> Date: Fri Nov 23 13:40:14 2012 +1100 remove space from DS hash	2012-11-27 14:22:28 +11:00
Mark Andrews	c22f43b829	limit the number of udp dispatches when testing to 4	2012-11-26 22:11:27 +11:00
ckb	2786b6c53f	3422. [bug] Added a clear error message for when the SOA does not match the referral. [RT #31281]	2012-11-21 16:44:34 -06:00
Mark Andrews	20b95f5ff6	3421. [bug] Named loops when re-signing if all keys are offline. [RT #31916] Squashed commit of the following: commit f47af0ca6793687b9c8d08fd44b0c091ba5a4f9a Author: Mark Andrews <marka@isc.org> Date: Wed Nov 21 17:45:21 2012 +1100 dns_dns_zonediff_t -> dns_zonediff_t, clarify comment commit 344edefc3ee90856a7ff990abe7971925ba843b2 Author: Mark Andrews <marka@isc.org> Date: Tue Nov 20 13:12:26 2012 +1100 commit the zone changes if a keep was marked as being offline commit cad2c2446ebfc20b6d8c4f6dd0d6596d7106cc0f Author: Mark Andrews <marka@isc.org> Date: Tue Nov 20 13:08:29 2012 +1100 check for looping when re-signing expiring.example	2012-11-21 17:48:57 +11:00
Mark Andrews	8737e0d006	HPUX doesn't support 128 threads	2012-11-18 00:25:39 +11:00
Mark Andrews	c3c30fc43c	force integer output	2012-11-17 23:58:50 +11:00
Mark Andrews	55670a1e55	3416. [bug] Named could die on shutdown if running with 128 UDP dispatches per interface. [RT #31743] Squashed commit of the following: commit 1a97c755f8496f65024af0f634c1acf59a0a4252 Author: Mark Andrews <marka@isc.org> Date: Wed Nov 7 07:14:36 2012 +1100 add regression test for RT31743 commit 7b16b5f77fad39478168aac25742823f2fcd825b Author: Mark Andrews <marka@isc.org> Date: Fri Nov 2 23:57:24 2012 +1100 array bounds error when shutting down interface	2012-11-14 07:47:58 +11:00
Mark Andrews	4326ea8b66	use stop.pl to ensure old server is fully shutdown before starting new server	2012-11-08 07:38:13 +11:00
Mark Andrews	30a86ca430	add missing ARPANAME definition	2012-11-06 15:29:01 +11:00
Mark Andrews	e7d8a61783	More for: 3410. [bug] Addressed Coverity warnings. [RT #31626 Squashed commit of the following: commit d94f5463f508773a7b027230cd81b61cf8c9cfce Author: Mark Andrews <marka@isc.org> Date: Tue Oct 30 11:52:32 2012 +1100 <string.h> -> <isc/string.h> commit d707d6fb739c6e6df90a864141b418a13d3bccc8 Author: Mark Andrews <marka@isc.org> Date: Tue Oct 30 11:48:20 2012 +1100 address coverity warnings	2012-10-30 12:01:39 +11:00
Evan Hunt	f46168b879	[master] allow dnssec options in inline-signing slaves 3408. [bug] Some DNSSEC-related options (update-check-ksk, dnssec-loadkeys-interval, dnssec-dnskey-kskonly) are now legal in slave zones as long as inline-signing is in use. [RT #31078]	2012-10-26 16:14:59 -07:00
Evan Hunt	9c659b618f	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2012-10-24 18:03:54 -07:00
Tinderbox User	a3fb84bd1b	update copyright notice	2012-10-24 23:46:51 +00:00
Evan Hunt	4b3d727d96	[master] remove spurious signatures from glue 3404. [bug] dnssec-signzone: When re-signing a zone, remove RRSIG and NSEC records from nodes that used to be in-zone but are now below a zone cut. [RT #31556]	2012-10-24 15:46:59 -07:00
ckb	24d8211904	[rt25085] 3402. [bug] Correct interface numbers for IPv4 and IPv6 interfaces. [RT #25085]	2012-10-24 14:47:29 -05:00
Evan Hunt	47c5b8af92	[master] silence coverity warnings 3401. [bug] Addressed Coverity warnings. [RT #31484]	2012-10-23 22:04:06 -07:00
Tinderbox User	c37fbb91e3	update copyright notice	2012-10-18 23:46:07 +00:00
Mark Andrews	de0fd68097	3398. [bug] SOA parameters were not being updated with inline signed zones if the zone was modified while the server was offline. [RT #29272]	2012-10-19 10:25:06 +11:00
Mark Andrews	0fbd29837a	3396. [bug] OPT records were incorrectly removed from signed, truncated responses. [RT #31439]	2012-10-18 13:25:06 +11:00
Mark Andrews	415df3c9c0	test for directory existance before calling find	2012-10-16 10:56:42 +11:00
Mark Andrews	4b17401c9c	add test support for dropping edns messages (-T dropedns); ignoring edns in queries (-T noedns); variable max UDP (-T maxudp=value)	2012-10-16 10:23:08 +11:00
Mark Andrews	1721e1f2a6	Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9	2012-10-07 11:35:56 +11:00
Tinderbox User	15c7a1bf20	update copyright notice	2012-10-06 23:46:11 +00:00
Mark Andrews	20783a3baf	remove empty directories when cleaning	2012-10-06 17:27:38 +10:00
Mark Andrews	dbf693fdfd	3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262 ]	2012-10-06 14:56:33 +10:00
Mark Andrews	611dc88768	3390. [bug] Silence clang compiler warnings. [RT #30417 ]	2012-10-06 14:20:45 +10:00
Mark Andrews	ecd851b832	add dsdigest	2012-10-03 14:04:48 +10:00
Mark Andrews	22a711df5e	add bin/tests/system/dsdigest/prereq.sh.in	2012-10-03 13:59:50 +10:00
Mark Andrews	058e44186b	3387. [func] Support for a DS digest can be disabled at runtime with disable-ds-digests. [RT #21581]	2012-10-03 12:38:43 +10:00
Tinderbox User	8e3eb3600a	update copyright notice	2012-10-02 23:46:09 +00:00
Mark Andrews	aa49af836c	3385. [bug] named-checkconf didn't detect missing master lists in also-notify clauses. [RT #30810]	2012-10-02 13:06:02 +10:00
Mark Andrews	2d68e392f3	copyright style	2012-09-20 10:42:24 +10:00
Mark Andrews	953414e971	make tests less timing sensitive by spining	2012-09-18 14:49:58 +10:00
Mark Andrews	5f26ffc2b4	3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808 ]	2012-09-14 07:53:19 +10:00
Mark Andrews	d0522678a1	don't call out to the internet when running test	2012-08-30 13:53:41 +10:00
Mark Andrews	26dde51a93	silence warning	2012-08-24 10:42:44 +10:00
Mark Andrews	d1f43359e4	3379. [bug] nsupdate terminated unexpectedly in interactive mode if built with readline support. [RT #29550]	2012-08-22 13:38:51 +10:00
Mark Andrews	076bda8c2e	we didn't catch a zero option at the global level when views are active	2012-08-17 13:40:17 +10:00
Tinderbox User	36a3d08a72	update copyright notice	2012-08-15 23:46:02 +00:00
Evan Hunt	85705b4b5a	allow "forward" and "forwarders" in static-stub 3363. [bug] Need to allow "forward" and "fowarders" options in static-stub zones; this had been overlooked. [RT #30482]	2012-08-15 13:08:15 -07:00
Tinderbox User	23554e8479	update copyright notice	2012-08-14 23:46:02 +00:00
Evan Hunt	820fdd61dd	properly range-check fields that do not allow 0 3362. [bug] Setting some option values to 0 in named.conf could trigger an assertion failure on startup. [RT #27730]	2012-08-13 22:39:42 -07:00
Evan Hunt	8f6d6d72e8	support '-' salt in rndc signing -nsec3param 3361. [bug] "rndc signing -nsec3param" didn't work correctly when salt was set to '-' (no salt). [RT #30099]	2012-08-13 22:24:36 -07:00
Evan Hunt	3f755529ee	address memory leak with bad tsig secret 3359. [bug] An improperly-formed TSIG secret could cause a memory leak. [RT #30607]	2012-08-10 20:15:59 -07:00
Tinderbox User	953692fa1e	update copyright notice	2012-07-25 23:46:04 +00:00
ckb	e7857b5ee0	3356. [bug] Cap the TTL of signed RRsets when RRSIGs are approaching their expiry, so they don't remain in caches after expiry. [RT #26429]	2012-07-25 17:06:34 -05:00
Mark Andrews	3ce2018dfa	3355. [port] Use more portable awk in verify system test.	2012-07-25 12:59:45 +10:00
Mark Andrews	6eb6af6732	3354. [func] Improve OpenSSL error logging. [RT #29932 ]	2012-07-23 15:08:21 +10:00
Mark Andrews	16de4bca76	add verify system test	2012-07-19 13:11:42 +10:00
Evan Hunt	b123be9195	fix copyrights in checkds test	2012-07-06 14:24:24 -07:00
ckb	14d4dd1053	added cleanup of test files	2012-07-06 10:00:45 -05:00
ckb	c514f38c80	Conflicts: lib/dns/dst_parse.c lib/isc/win32/file.c	2012-07-05 16:07:31 -05:00
Tinderbox User	a3128c1995	update copyright notice	2012-06-29 23:45:57 +00:00
Tinderbox User	54f04323c0	update copyright notice	2012-06-29 01:49:43 +00:00
Mark Andrews	bf8267aa45	reverse bad copyright update	2012-06-29 11:39:47 +10:00
Tinderbox User	247bf37860	update copyright notice	2012-06-29 01:22:18 +00:00
Mark Andrews	66dddd906a	make the checkds system test dependent on the result of python discovery	2012-06-28 23:08:07 +10:00
Mark Andrews	1cefb9df3f	3344. [func] New "dnssec-checkds" command checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099]	2012-06-28 17:06:00 +10:00
Tinderbox User	da5d53fb14	update copyright notice	2012-06-26 23:45:56 +00:00
Mark Andrews	c41c261fc7	3342. [bug] Change #3314 broke saving of stub zones to disk resulting in excessive cpu usage in some cases. [RT #29952]	2012-06-27 09:21:09 +10:00
Mark Andrews	ad127d839d	3341. [func] New "dnssec-verify" command checks a signed zone to ensure correctness of signatures and of NSEC/NSEC3 chains. [RT #23673]	2012-06-25 13:57:32 +10:00
Tinderbox User	3b398443f0	update copyright notice	2012-06-21 23:46:36 +00:00
Evan Hunt	6686505e3a	fix secondkey test, properly	2012-06-20 22:44:06 -07:00
Evan Hunt	8566c18b02	fixed second-key test to use correct rndc.conf	2012-06-20 15:07:24 -07:00
ckb	5f5f8b1dd4	removed .cvsignore files	2012-06-20 14:23:12 -05:00
ckb	7829fad409	merging fast format zone files Conflicts: .gitignore bin/named/zoneconf.c bin/tests/.gitignore bin/tests/system/autosign/tests.sh bin/tests/system/masterformat/clean.sh bin/tests/system/masterformat/ns1/compile.sh bin/tests/system/masterformat/tests.sh configure lib/dns/db.c lib/dns/include/dns/db.h lib/dns/include/dns/types.h lib/dns/master.c lib/dns/masterdump.c lib/dns/rbt.c lib/dns/rbtdb.c lib/dns/sdb.c lib/dns/sdlz.c lib/dns/tests/.cvsignore lib/dns/tests/Makefile.in lib/dns/win32/libdns.def lib/dns/xfrin.c lib/dns/zone.c lib/export/dns/Makefile.in lib/isc/include/isc/file.h lib/isc/unix/file.c lib/isc/win32/file.c lib/isccfg/namedconf.c	2012-06-20 14:13:12 -05:00
Tinderbox User	ef1963d83d	update copyright notice	2012-06-15 23:45:49 +00:00
Mark Andrews	6190ede04a	use a pre-computed key if the OpenSSL version doesn't support generating rsa keys with exponents > 32 bits	2012-06-15 10:41:31 +10:00
Mark Andrews	df6a295e43	temporarially pull rsabigexponent	2012-06-15 09:55:50 +10:00
Tinderbox User	fd5b3eb81a	update copyright notice	2012-06-14 23:45:57 +00:00
Mark Andrews	7865ea9545	3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228 ]	2012-06-14 15:44:20 +10:00
Mark Andrews	c298583db5	3337. [bug] Change #3294 broke support for the multiple keys in controls. [RT #29694]	2012-06-13 16:25:42 +10:00
Mark Andrews	1ff22ac042	Don't restart ns5 after killing it	2012-06-07 14:37:58 +10:00
Mark Andrews	ba16ade5f8	kill and restart the nameserver after running: perf 'without rpz' norpz	2012-06-04 16:25:25 +10:00
Tinderbox User	0ecbe41b6b	update copyright notice	2012-06-01 23:46:03 +00:00
Evan Hunt	3787f2ec8a	fix solaris portability problem	2012-06-01 11:40:52 -07:00
Evan Hunt	a2cd182a83	add a test for non-inline slaves	2012-06-01 08:29:06 -07:00
Mark Andrews	735ca24fa6	3321. [security] dns_rdataslab_fromrdataset could produce bad rdataslabs. [RT #29644]	2012-06-01 23:33:16 +10:00
Tinderbox User	7a440c4300	update copyright notice	2012-05-31 23:46:01 +00:00
Vernon Schryver	afaa290bb6	Squashed commit of the following: commit aea73609ac5d41ed091360e94370798965f28f05 commit eef7f44c57a060b24a426eb8888e16176a0a69b1 commit a88a26d864ad399fa2d40e3b9659b4d26f454ca1 commit 1b90d59568e7e3b65690c6bd075cf4d60b03e454 Merge: 74d8f73 `cd02924` commit 74d8f73ed553bb64a305e284905762f7ff0029aa commit 9a59ef6bbd4befe91e5691e8b85afe1cb7ab0706 commit c63606a53b4f1bb7066b37d3cfe588e9dc21a119 commit 2c392a840c8838455d144ce163bd873bee400c97 commit 0241f53563e6e7bed462a883d98a8931f01e0980 commit 79fe22b5d6f04bdaa3073cf54d41952194e879e1 commit 351b3049625f2edd39729dd85413e961b97d4b3b commit 7207674fc77c9a10d84c0cb94e36d1c09bb31459 commit 543ad34cf08f901c20b438c9d2f45482cff13d5e commit fc45b99ce4438627fdcbeb4365695ba0065fa46f commit c425207f57e0a5157372aa7edbb79b13170563e5 commit ef8c5e23ca284e0ea02f69ce1f356d537c19d93b commit ba0d4e3aa51efe412cfa1d031651f949442d1802 commit 41c7969c7cb6884b93011f7ace3fd9522efc021e and more from CVS for rt26172 Add - optional "recursive-only yes\|no" to the response-policy statement - optional max-policy-ttl to limit the lies that "recursive-only no" can introduce into resolvers' caches - test that queries with RD=0 are not rewritten by default - performance smoke test Change encoding of PASSTHRU action to "rpz-passthru". (The old encoding is still accepted.) Fix rt26180 assert botch in zone_findrdataset() in this branch as well. Fix missing signatures on NOERROR results despite RPZ hits when there are signatures and the client asks for DNSSEC,	2012-05-31 02:03:34 +00:00
Tinderbox User	e5d117e83f	update copyright notice	2012-05-21 23:45:46 +00:00
Mark Andrews	9caed807dc	redirect stderr to /dev/null	2012-05-21 16:02:46 +10:00
Mark Andrews	1b786cf46f	check for Net::DNS	2012-05-21 10:33:05 +10:00
Mark Andrews	9b6e76e5e7	awk and toupper is not portable, use sed instead	2012-05-21 10:13:08 +10:00
Tinderbox User	a847a4bcd6	update copyright notice	2012-05-17 23:46:03 +00:00
Evan Hunt	a40c338eaf	add ecdsa to system tests	2012-05-17 16:11:13 -07:00
Evan Hunt	26833735d3	Handle RRSIG signer case consistently 3329. [bug] Handle RRSIG signer-name case consistently: We generate RRSIG records with the signer-name in lower case. We accept them with any case, but if they fail to validate, we try again in lower case. [RT #27451]	2012-05-17 10:44:16 -07:00
Tinderbox User	633c5dc507	update copyright notice	2012-05-14 23:45:48 +00:00
Evan Hunt	d878b8d87c	merged filter-aaaa-on-v6 (ATT SoW) 3327. [func] Added 'filter-aaaa-on-v6' option; this is similar to 'filter-aaaa-on-v4' but applies to IPv6 connections. (Use "configure --enable-filter-aaaa" to enable this option.) [RT #27308]	2012-05-14 11:50:00 -07:00
Evan Hunt	bc626b81d7	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2012-05-14 10:07:34 -07:00
Evan Hunt	dd2a0a6d2d	Merge statistics code (ATT SoW, rt24117) This includes the following changes: 3326. [func] Added task list statistics: task model, worker threads, quantum, tasks running, tasks ready. [RT #27678] 3325. [func] Report cache statistics: memory use, number of nodes, number of hash buckets, hit and miss counts. [RT #27056] 3324. [test] Add better tests for ADB stats [RT #27057] 3323. [func] Report the number of buckets the resolver is using. [RT #27020] 3322. [func] Monitor the number of active TCP and UDP dispatches. [RT #27055] 3321. [func] Monitor the number of recursive fetches and the number of open sockets, and report these values in the statistics channel. [RT #27054] 3320. [func] Added support for monitoring of recursing client count. [RT #27009] 3319. [func] Added support for monitoring of ADB entry count and hash size. [RT #27057]	2012-05-14 10:06:05 -07:00
Francis Dupont	6a2ebd69b5	fix key name variable in autosign	2012-05-12 07:54:45 +02:00
Tinderbox User	99d8f5a704	update copyright notice	2012-05-02 23:45:44 +00:00
Mark Andrews	aaaf8d4f48	3317. [func] Add ECDSA support (RFC 6605). [RT #21918 ]	2012-05-02 23:20:17 +10:00
Tinderbox User	aa64e902a0	update copyright notice	2012-04-26 23:45:49 +00:00
Mark Andrews	393fd55d91	3313. [protocol] Add TLSA record type. [RT #28989 ]	2012-04-26 12:22:49 +10:00
Mark Andrews	7e9d6c7075	3312. [bug] named-checkconf didn't detect a bad dns64 clients acl. [RT #27631]	2012-04-26 11:42:39 +10:00
Evan Hunt	8c2a1d6b0b	fix .gitignore files	2012-04-23 08:17:26 -07:00
Tinderbox User	3fb95bfcb2	update copyright notice	2012-04-11 23:45:52 +00:00
Mark Andrews	75582adac7	3306. [bug] Improve DNS64 reverse zone performance. [RT #28563 ] 3305. [func] Add wire format lookup method to sdb. [RT #28563]	2012-04-11 12:17:57 +10:00
Tinderbox User	c922066e77	update copyright notice	2012-03-14 23:45:43 +00:00
Mark Andrews	021ea88ee5	ignore more test artifacts	2012-03-14 16:03:42 +11:00
Mark Andrews	25291eb87a	additional cleanup	2012-03-14 16:02:52 +11:00
Mark Andrews	dea3eb8eac	properly redirect stderr to stdout	2012-03-14 16:02:15 +11:00
Tinderbox User	5fa46bc916	update copyright notice	2012-03-10 23:45:53 +00:00
Mark Andrews	39bd69da32	empty directory	2012-03-10 08:45:46 +11:00
Evan Hunt	207845805e	set $Id$	2012-03-07 08:18:20 -08:00
Evan Hunt	2d7f41d66c	Revert "Re-created rt27597a for ongoing DLZ work" This reverts commit `d731ee9121`.	2012-03-05 15:42:52 -08:00
Evan Hunt	d731ee9121	Re-created rt27597a for ongoing DLZ work	2012-03-05 14:45:30 -08:00
Evan Hunt	632c0f1e91	Revert accidental merge of unfinished DLZ work	2012-03-05 14:44:21 -08:00
Mark Andrews	e214e8728a	Merge branches 'rt28261' and 'rt27597' of repo.isc.org:/proj/git/prod/bind9	2012-03-06 00:16:04 +11:00
Mark Andrews	f5b7359c57	Allow nsupdate to report which types it knows the internal structure to.	2012-03-05 11:38:07 +11:00
Evan Hunt	e41d5a00bc	added gitignore, removed cvsignore	2012-03-03 23:10:05 -08:00
Evan Hunt	43cf20e3e4	created	2012-03-03 22:47:40 -08:00
Evan Hunt	954501715d	checkpoint: multiple-DLZ functionality - multiple DLZ's can be specified, including multiple DLZ's using the same driver; e.g., two different back-ends both loaded by the dlopen driver - new "search" option can be specified in a DLZ indicating whether this DLZ database should be searched for unknown zones. The default is "yes". If "no", then the zone can only be found by named if it's registered in the zone table, which happens if the zone is configured for dynamic updates, or if "dlz <dlzname>" is specified in the zone statement. (The latter functionality is incomplete in this commit).	2012-03-03 22:43:38 -08:00
Automatic Updater	3484552b1b	update copyright notice	2012-02-23 07:09:29 +00:00
Mark Andrews	1864400107	3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036 ]	2012-02-23 06:53:15 +00:00
Automatic Updater	6c6ccd6b33	update copyright notice	2012-02-22 23:47:35 +00:00
Evan Hunt	261543671b	3288. [bug] dlz_destroy() function wasn't correctly registered by the DLZ dlopen driver. [RT #28056]	2012-02-22 21:45:20 +00:00
Mark Andrews	490b05960c	3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028 ]	2012-02-22 14:22:54 +00:00
Evan Hunt	89069e6b3a	3286. [bug] Managed key maintenance timer could fail to start after 'rndc reconfig'. [RT #26786]	2012-02-22 00:37:54 +00:00
Mark Andrews	5e501f3a87	Loop 'I:checking that large rdatasets loaded' in case the zone transfer has not yet completed	2012-02-15 00:50:59 +00:00
Automatic Updater	d03bc586b9	update copyright notice	2012-02-14 23:47:15 +00:00
Mark Andrews	4c34112a69	3283. [bug] Raw zones with with more than 512 records in a RRset failed to load. [RT #27863]	2012-02-13 23:46:24 +00:00
Automatic Updater	09b46c3945	update copyright notice	2012-02-09 23:47:18 +00:00
Mark Andrews	77eca24a29	move keygeneration out of the timing critical section	2012-02-09 21:10:45 +00:00
Mark Andrews	fb604d1cee	3282. [bug] Restrict the TTL of NS RRset to no more than that of the old NS RRset when replacing it. [RT #27792]	2012-02-09 20:54:46 +00:00
Automatic Updater	da5a7b29e9	update copyright notice	2012-02-07 23:47:24 +00:00
Evan Hunt	f4bd753e0b	fixed a test error that caused autosign to fail on freebsd	2012-02-07 00:33:19 +00:00
Mark Andrews	9181e8a056	rt27739: make ixfr test more robust	2012-02-07 00:19:45 +00:00
Automatic Updater	2f4561bc9c	update copyright notice	2012-02-06 23:46:49 +00:00
Mark Andrews	f91db44ab9	verify server is answering before starting next server	2012-02-06 23:20:38 +00:00
Evan Hunt	99f6179191	3277. [bug] Make sure automatic key maintenance is started when "auto-dnssec maintain" is turned on during "rndc reconfig". [RT #26805]	2012-02-06 21:33:50 +00:00
Automatic Updater	bb2d9d7aec	update copyright notice	2012-02-03 23:46:58 +00:00
Mark Andrews	ca92b02363	I:waiting for nameserver to load, ok'd by Evan	2012-02-03 04:44:17 +00:00
Automatic Updater	c2f843fc2b	update copyright notice	2012-02-02 23:47:33 +00:00
Mark Andrews	92a83eeb2d	portable code, ok'd bu Evan	2012-02-02 03:47:39 +00:00
Mark Andrews	912920eace	leave a better forensics trail on failure, ok'd by Evan	2012-02-02 03:26:55 +00:00
Mark Andrews	53d4f17eac	spin waiting for load/transfer to complete, ok'd by Evan	2012-02-02 03:08:02 +00:00
Automatic Updater	fe910f9d17	update copyright notice	2012-02-01 23:46:51 +00:00
Mark Andrews	23370a7eb2	more robust I:waiting for transfers to complete	2012-02-01 22:07:23 +00:00
Automatic Updater	41f1164438	update copyright notice	2012-01-31 23:47:33 +00:00
Evan Hunt	93143fd81a	3273. [bug] AAAA responses could be returned in the additional section even when filter-aaaa-on-v4 was in use. [RT #27292]	2012-01-31 06:58:39 +00:00
Evan Hunt	2855e27723	3271. [func] New "rndc zonestatus" command prints information about the specified zone. [RT #21671]	2012-01-31 03:35:41 +00:00
Evan Hunt	c54dadd853	3270. [bug] "rndc reload" didn't reuse existing zones correctly when inline-signing was in use. [RT #27650]	2012-01-31 01:13:10 +00:00
Automatic Updater	4a8adb51da	update copyright notice	2012-01-23 23:46:48 +00:00
Mark Andrews	3f7ad9656c	test for Net::DNS	2012-01-23 11:58:12 +00:00
Mark Andrews	bfe720adb5	reverse accidental commit	2012-01-17 08:26:03 +00:00
Automatic Updater	0d1cf4f5bc	update copyright notice	2012-01-16 23:46:46 +00:00
Mark Andrews	00164c8db2	fetches in progress/buckets	2012-01-16 08:35:09 +00:00
Evan Hunt	a06e0a14cc	use test -f; solaris doesn't support test -e	2012-01-12 00:37:18 +00:00
Automatic Updater	edb4393ef5	update copyright notice	2012-01-10 23:46:58 +00:00
Evan Hunt	9a02019889	3264. [bug] Automatic regeneration of signatures in an inline-signing zone could stall when the server was restarted. [RT #27344] 3263. [bug] "rndc sync" did not affect the unsigned side of an inline-signing zone. [RT #27337]	2012-01-10 18:13:37 +00:00
Automatic Updater	1b428fd3a7	update copyright notice	2012-01-07 23:46:53 +00:00
Evan Hunt	c19cfefe7e	3262. [bug] Signed responses were handled incorrectly by RPZ. [RT #27316]	2012-01-07 00:19:59 +00:00
Automatic Updater	f76bddd50b	update copyright notice	2012-01-04 23:46:49 +00:00
Evan Hunt	56c9fcf075	3260. [bug] "rrset-order cyclic" could appear not to rotate for some query patterns. [RT #27170/27185]	2012-01-04 03:06:51 +00:00
Automatic Updater	045e92d425	update copyright notice	2011-12-23 23:47:13 +00:00
Mark Andrews	7caaa75cbf	--enable-fixed-rrset uses reversed order for cyclic	2011-12-23 01:06:42 +00:00
Mark Andrews	6643b0dd91	3260. [bug] "rrset-order cyclic" could appears to not rotate for some query patterns. [RT #27170]	2011-12-23 00:38:23 +00:00
Mark Andrews	eacd6ec4e4	use binmode	2011-12-22 12:01:43 +00:00
Mark Andrews	9892bae7b7	forcing full sign with unreadable keys	2011-12-22 11:57:30 +00:00
Mark Andrews	354cb3ea67	use binmode	2011-12-22 11:56:07 +00:00
Evan Hunt	f30785f506	3252. [bug] When master zones using inline-signing were updated while the server was offline, the source zone could fall out of sync with the signed copy. They can now resynchronize. [RT #26676]	2011-12-22 07:32:41 +00:00
Mark Andrews	281a31ad37	+/- 500ms was too small a fudge factor (-582ms seen in testing), raise to +/- 1000ms	2011-12-22 02:15:24 +00:00
Mark Andrews	67dc2f0536	3249. [bug] Update log message when saving slave zones files for analysis after load failures. [RT #27087] 3248. [bug] Configure options --enable-fixed-rrset and --enable-exportlib were incompatible with each other. [RT #27087] 3247. [bug] 'raw' format zones failed to preserve load order breaking 'fixed' sort order. [RT #27087] 3246. [bug] Named failed to start with a empty also-notify list. [RT #27087]	2011-12-20 00:06:54 +00:00
Mark Andrews	b290d10fc4	3245. [bug] Don't report a error unchanged serials unless there were other changes when thawing a zone with ixfr-fromdifferences. [RT #26845]	2011-12-19 23:46:13 +00:00
Mark Andrews	d884e8ee4d	set status to 1 on R:FAIL	2011-12-19 23:08:50 +00:00
Evan Hunt	1d32b1df37	3244. [func] Added readline support to nslookup and nsupdate. Also simplified nsupdate syntax to make "update" and "prereq" optional. [RT #24659]	2011-12-16 23:01:17 +00:00
Mark Andrews	91013b0e19	join line for old awk	2011-12-12 12:08:09 +00:00
Mark Andrews	6c1a778723	chech that the final time is within 10 seconds but no greater than the expected interval	2011-12-12 06:51:12 +00:00
Automatic Updater	339d2a4d4b	update copyright notice	2011-12-09 23:47:05 +00:00
Mark Andrews	e238ebd9b3	Backout accident commit to head	2011-12-09 22:09:26 +00:00
Mark Andrews	5ccf5eac0f	ixfr-from-differences backup file	2011-12-09 13:32:42 +00:00
Evan Hunt	b4d8192d21	3241. [func] Extended the header of raw-format master files to include the serial number of the zone from which they were generated, if different (as in the case of inline-signing zones). This is to be used in inline-signing zones, to track changes between the unsigned and signed versions of the zone, which may have different serial numbers. (Note: raw zonefiles generated by this version of BIND are no longer compatble with prior versions. To generate a backward-compatible raw zonefile using dnssec-signzone or named-compilezone, specify output format "raw=0" instead of simply "raw".) [RT #26587]	2011-12-08 16:07:22 +00:00
Evan Hunt	4122abdc3c	Back out changes #3182 and #3202	2011-12-05 17:10:51 +00:00
Mark Andrews	f5f868ca4f	loop waiting for the zone to transfer	2011-12-02 04:14:33 +00:00
Mark Andrews	56dc4c6730	3233. [bug] 'rndc freeze/thaw' didn't work for inline zones. [RT #26632]	2011-12-02 02:44:01 +00:00
Automatic Updater	55313f60d8	update copyright notice	2011-12-01 23:46:51 +00:00
Mark Andrews	553197e288	3231. [bug] named could fail to send a uncompressable zone. [RT #26796] 3230. [bug[ 'dig axfr' failed to properly handle a multi-message axfr with a serial of 0. [RT #26796]	2011-12-01 00:53:58 +00:00
Mark Andrews	411d2914ad	3226. [bug] Address minor resource leakages. [RT #26624 ]	2011-11-30 00:48:51 +00:00
Mark Andrews	9bd876a683	3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684 ]	2011-11-29 00:49:26 +00:00
Mark Andrews	374b677c50	make grep more precise	2011-11-27 12:04:27 +00:00
Evan Hunt	75c622f53b	add regression test for rbtdb.c version-mismatch issue	2011-11-18 19:32:13 +00:00
Evan Hunt	6fb6f8a226	3217. [cleanup] Fix build problem with --disable-static. [RT #26476 ]	2011-11-16 00:42:07 +00:00
Evan Hunt	d9eebc0849	3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full" option prints in single-line-per-record format. [RT #20287]	2011-11-07 23:16:31 +00:00
Mark Andrews	ac43690858	3209. [func] Add "dnssec-lookaside 'off'". [RT #24858 ]	2011-11-07 00:14:11 +00:00
Automatic Updater	2e8694f4db	update copyright notice	2011-11-06 23:46:40 +00:00
Mark Andrews	19ae9cbb28	3208. [bug] 'dig -y' handle unknown tsig alorithm better. [RT #25522]	2011-11-06 23:18:07 +00:00
Automatic Updater	af42579df6	update copyright notice	2011-11-04 23:46:15 +00:00
Mark Andrews	3fb5bccf59	3205. [func] Upgrade dig's defaults to better reflect modern nameserver behaviour. Enable "dig +adflag" and "dig +edns=0" by default. Enable "+dnssec" when running "dig +trace". [RT #23497]	2011-11-04 10:41:38 +00:00
Evan Hunt	25845da41a	3203. [bug] Increase log level to 'info' for validation failures from expired or not-yet-valid RRSIGs. [RT #21796]	2011-11-04 05:36:28 +00:00
Automatic Updater	0b85ae70e9	update copyright notice	2011-11-03 23:46:26 +00:00
Evan Hunt	6150d3cb66	3200. [doc] Some rndc functions were undocumented or were missing from 'rndc -h' output. [RT #25555]	2011-11-03 22:06:21 +00:00
Automatic Updater	1ab9944f6b	update copyright notice	2011-11-02 23:46:24 +00:00
Mark Andrews	46c7b71b4d	improve error diagnostics	2011-11-02 13:59:07 +00:00
Mark Andrews	e223d4bb26	loop waiting for stub zone to transfer	2011-11-02 08:17:01 +00:00
Mark Andrews	fe3472c80b	3191. [bug] Print NULL records using unknown format. [RT #26392 ]	2011-11-02 01:01:52 +00:00
Automatic Updater	89d1324270	update copyright notice	2011-11-01 23:47:00 +00:00
Evan Hunt	e2271ee953	3189. [test] Added a summary report after system tests. [RT #25517 ]	2011-11-01 18:35:53 +00:00
Automatic Updater	f308b3c2e0	update copyright notice	2011-10-30 23:46:15 +00:00
Evan Hunt	695ccee03b	added cvsignore files	2011-10-30 23:14:31 +00:00
Evan Hunt	81443179e5	missing files from clean.sh	2011-10-30 23:14:23 +00:00
Evan Hunt	74c46f605f	file missing from clean.sh	2011-10-30 23:11:24 +00:00
Evan Hunt	094672b313	some files were missing from clean.sh	2011-10-30 23:05:13 +00:00
Evan Hunt	3718adf753	some files were missing from clean.sh	2011-10-30 22:59:45 +00:00
Evan Hunt	0422d7c531	Need to clear db-* files in clean.sh.	2011-10-30 22:55:12 +00:00
Automatic Updater	98a7e53914	update copyright notice	2011-10-28 12:20:31 +00:00
Mark Andrews	7b4b6f361b	3186. [bug] Version/db mis-match in rpz code. [RT #26180 ]	2011-10-28 11:46:50 +00:00
Evan Hunt	9c03f13e18	3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]	2011-10-28 06:20:07 +00:00
Mark Andrews	30574fa9ad	exit 255 for SKIPPED	2011-10-28 03:15:05 +00:00
Scott Mann	376444d40b	add test for recent Net::DNS module.	2011-10-28 02:18:56 +00:00
Automatic Updater	96f5a19c12	update copyright notice	2011-10-27 23:46:31 +00:00
Scott Mann	b91b288f92	fix edns0 retry issues (rt #23393/24964).	2011-10-27 20:18:42 +00:00
Automatic Updater	8826a72394	update copyright notice	2011-10-26 23:46:15 +00:00
Mark Andrews	24ef32426d	3181. [func] Inline-signing is now supported for master zones. [RT #26224]	2011-10-26 20:56:45 +00:00
Evan Hunt	9570ddcd41	3180. [func] Local copies of slave zones are now saved in raw format by default, to improve startup performance. 'masterfile-format text;' can be used to override the default, if desired. [RT #25867]	2011-10-26 15:23:37 +00:00
Mark Andrews	aa0777cfb6	spin waiting for zone transfer to complete	2011-10-26 05:32:56 +00:00
Automatic Updater	329eb05c12	update copyright notice	2011-10-25 23:46:58 +00:00
Mark Andrews	ad94465154	improve failure reports	2011-10-25 03:57:08 +00:00
Mark Andrews	b1c6de5456	3177. [func] 'rndc keydone', remove the indicator record that named has finished signing the zone with the corresponding key. [RT #26206]	2011-10-25 01:54:22 +00:00
Automatic Updater	dfc015bc7e	update copyright notice	2011-10-20 23:46:51 +00:00
Mark Andrews	ada40193c8	3175. [bug] Fix how DNSSEC positive wildcard responses from a NSEC3 signed zone are validated. Stop sending a unnecessary NSEC3 record when generating such responses. [RT #26200]	2011-10-20 21:42:11 +00:00
Mark Andrews	1946c596b4	3174. [bug] Always compute to revoked key tag from scratch. [RT #24711]	2011-10-20 21:20:02 +00:00
Automatic Updater	e87f494810	update copyright notice	2011-10-17 23:46:33 +00:00
Mark Andrews	ca890c0aa8	sleep 1 # allow lwresd to finish starting.	2011-10-17 05:40:11 +00:00
Mark Andrews	2da036f231	The notify system test was using a dynamic zone for reload testing so it was just a plain fluke that it ever succeeded. * use a normal (non-dynamic) zone. * check that reloads of the master zone actually occur. * remove example3 test from tests.sh as it wasn't testing notify. * add a "sleep 1" so that the copied file will have a newer timestamp. * improve system test logging. * using seperate output files for each test so that it is possible to work out what went wrong if the system test fails.	2011-10-17 01:33:28 +00:00
Mark Andrews	020c4484fe	3173. [port] Correctly validate root DS responses. [RT #25726 ]	2011-10-15 05:00:15 +00:00
Automatic Updater	2d45eb7acb	update copyright notice	2011-10-14 23:46:34 +00:00
Mark Andrews	baabfdc0d9	wait for test zones to have loaded	2011-10-14 12:02:12 +00:00
Automatic Updater	304a539c59	update copyright notice	2011-10-13 22:48:24 +00:00
Mark Andrews	c28bc44028	waiting for servers to be ready for testing	2011-10-13 22:18:05 +00:00
Mark Andrews	88112d5fcb	'test -e' is not portable, use 'test -f'	2011-10-13 13:03:51 +00:00
Mark Andrews	abea1710a7	new	2011-10-13 04:53:07 +00:00
Mark Andrews	24ae404aca	'grep' -> 'grep -w' when checking for keyids	2011-10-13 03:55:01 +00:00
Mark Andrews	89d7808786	'grep' -> 'grep -w' when checking for keyids	2011-10-13 03:46:41 +00:00
Vernon Schryver	9fee08f655	Commit rt25172 changes to HEAD including - fix precedence among competing rules - improve ARM text including documenting rule precedence - try to rewrite CNAME chains until first hit - new "rpz" logging channel - same fix for "NS ." as in RT 24985	2011-10-13 01:32:34 +00:00
Mark Andrews	dc2e627239	3167. [bug] Negative answers from forwarders were not being correctly tagged making them appear to not be cached. [RT #25380]	2011-10-12 00:18:11 +00:00
Mark Andrews	02286522fb	3166. [bug] Upgrading a zone to support inline-signing failed. [RT #26014 ]	2011-10-12 00:10:20 +00:00
Evan Hunt	653a78de95	3165. [bug] dnssec-signzone could generate new signatures when resigning, even when valid signatures were already present. [RT #26025]	2011-10-11 19:26:06 +00:00
Mark Andrews	25500a1d9f	add missing break;	2011-10-11 13:36:12 +00:00
Mark Andrews	be7772a59c	#include <isc/print.h>	2011-10-11 00:53:15 +00:00
Evan Hunt	793814f807	3164. [func] Enable DLZ modules to retrieve client information, so that responses can be changed depending on the source address of the query. [RT #25768]	2011-10-11 00:09:03 +00:00
Scott Mann	07dc62785b	Change s/\R//g to chomp().	2011-10-10 23:18:17 +00:00
Evan Hunt	b2086d798b	3163. [bug] Use finer-grained locking in client.c to address concurrency problems with large numbers of threads. [RT #26044]	2011-10-10 22:57:14 +00:00
Scott Mann	db715e6d83	fix directory path for subdirs	2011-10-10 19:06:05 +00:00
Mark Andrews	d60fb3a58c	use index rather than match as it is more portable	2011-10-10 00:34:57 +00:00
Scott Mann	aab0b9cd3b	added ability to set named params through "named.args" file	2011-10-09 22:47:15 +00:00
Mark Andrews	17dfbab847	handle getline errors/eof	2011-10-07 21:32:35 +00:00
Mark Andrews	dc2cbfdafe	handle multi-line NSEC3 record better	2011-10-06 22:11:39 +00:00
Automatic Updater	65df0ad698	update copyright notice	2011-09-07 23:46:28 +00:00
Mark Andrews	35540d8b32	add missing files from request-ixfr test	2011-09-07 01:30:13 +00:00
Automatic Updater	cb3168cec7	update copyright notice	2011-09-06 23:46:27 +00:00
Scott Mann	fad5116b3d	Remove the ixfr-from-differences side-effect which causes an AXFR and extend request-ixfr to the zone level.	2011-09-06 22:29:33 +00:00
Automatic Updater	ca894e53b5	update copyright notice	2011-09-02 23:46:33 +00:00
Evan Hunt	9e4afc9b39	3151. [bug] Queries for type RRSIG or SIG could be handled incorrectly. [RT #21050]	2011-09-02 21:55:16 +00:00
Mark Andrews	56a520ef3a	don't use a expired slave zone	2011-09-02 02:25:07 +00:00
Mark Andrews	cd49e1ec2f	handle flushing of entries just before a second ticks over, speed up priming of the cache	2011-09-01 05:28:14 +00:00
Automatic Updater	a6ab2774bc	update copyright notice	2011-08-31 23:46:44 +00:00
Mark Andrews	2c35c68236	3148. [bug] Processing of normal queries could be stalled when forwarding a UPDATE message. [RT #24711]	2011-08-31 06:49:10 +00:00
Automatic Updater	4e68c7c87c	update copyright notice	2011-08-30 23:46:53 +00:00
Mark Andrews	9198ab377b	3147. [func] Initial inline signing support. [RT #23657 ]	2011-08-30 05:16:15 +00:00
Mark Andrews	31ad3f3aa4	split out subtests of 'another leaf node, with both positive and negative cache entries'	2011-08-29 03:31:29 +00:00
Evan Hunt	5a75f61dd4	3144. [bug] dns_dbiterator_seek() could trigger an assert when used with a nonexistent database node. [RT #25358]	2011-08-23 00:59:23 +00:00
Automatic Updater	17d33346d7	update copyright notice	2011-08-09 04:12:25 +00:00
Mark Andrews	772dfb90be	3141. [bug] Silence spurious "zone serial (0) unchanged" messages associated with empty zones. [RT #25079]	2011-08-09 02:24:28 +00:00
Automatic Updater	44931133ff	update copyright notice	2011-08-03 23:47:48 +00:00

... 14 15 16 17 18 ...

2403 commits