upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 03:51:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
26645 commits 18 branches 854 tags 440 MiB
Commit graph

8425 commits

Author SHA1 Message Date
Tinderbox User
1c3b9b7666 update copyright notice / whitespace 2017-08-14 23:48:00 +00:00
Michał Kępień
b55ec74eaa [master] Fix master address failover when GSS-API is used 
4680.	[bug]		Fix failing over to another master server address when
			nsupdate is used with GSS-API. [RT #45380]
 2017-08-14 15:00:25 +02:00
Michał Kępień
877c264edc [master] Make dnssec-verify suggest using -o when appropriate 
4679.	[cleanup]	Suggest using -o when dnssec-verify finds a SOA record
			not at top of zone and -o is not used. [RT #45519]
 2017-08-14 14:01:27 +02:00
Mark Andrews
00f067539a sort options 2017-08-14 21:40:59 +10:00
Evan Hunt
b2bf8de2a3 [master] split up main and add callback function pointers to support iOS 
4677.	[port]		Split up the main function in dig to better support
			the iOS app version. [RT #45508]
 2017-08-10 22:51:24 -07:00
Mukund Sivaraman
b9532d9cf3 Turn on glue-cache by default 
- We decided to do this on the weekly BIND dev meeting
- Mark reviewed patch on Jabber
 2017-08-10 09:06:54 +05:30
Tinderbox User
20809d0a5a regen master 2017-08-10 01:11:49 +00:00
Tinderbox User
f4eb664ce3 update copyright notice / whitespace 2017-08-09 23:47:50 +00:00
Mark Andrews
ff8d856db0 4675. [cleanup] Don't use C++ keyword class. [RT #45726] 2017-08-10 08:42:04 +10:00
Evan Hunt
c8b76b0168 [master] remove sigchase reference in system test 2017-08-09 13:25:15 -07:00
Evan Hunt
c4cfb0b4dc [master] remove dig +sigchase 
4674.   [func]          "dig +sigchase", and related options "+topdown" and
                        "+trusted-keys", have been removed. Use "delv" for
                        queries with DNSSEC validation. [RT #42793]
 2017-08-09 11:03:27 -07:00
Evan Hunt
cdacec1dcb [master] silence gcc 7 warnings 
4673.	[port]		Silence GCC 7 warnings. [RT #45592]
 2017-08-09 00:17:44 -07:00
Evan Hunt
0ad72b96d2 [master] ensure verified_sig 
4670.	[cleanup]	Ensure that a request MAC is never sent back
			in an XFR response unless the signature was
                        verified. [RT #45494]
 2017-08-07 18:54:05 -07:00
Tinderbox User
12ed5d34b9 update copyright notice / whitespace 2017-08-04 23:46:19 +00:00
Evan Hunt
61367c604c [master] refactor resquery_response() and related functions 
4669.	[func]		Iterative query logic in resolver.c has been
			refactored into smaller functions and commented,
			for improved readability, maintainability and
			testability. [RT #45362]
 2017-08-04 16:08:11 -07:00
Tinderbox User
be33f4ead1 update copyright notice / whitespace 2017-08-03 23:46:14 +00:00
Mark Andrews
2019cf29e2 4668. [bug] Use localtime_r and gmtime_r for thread safety. 
[RT #45664]
 2017-08-03 08:42:27 +10:00
Tinderbox User
7f18709b08 regen master 2017-08-02 01:09:18 +00:00
Tinderbox User
b74e1c3b50 update copyright notice / whitespace 2017-08-01 23:46:29 +00:00
Michał Kępień
712825d755 [master] Refactor RDATA unit tests 
4667.	[cleanup]	Refactor RDATA unit tests. [RT #45610]
 2017-08-01 12:15:21 +02:00
Tinderbox User
8cc38b581c regen master 2017-08-01 01:08:53 +00:00
Evan Hunt
681deaaa39 [master] parse numeric domain names correctly 
4666.	[bug]		dnssec-keymgr: Domain names beginning with digits (0-9)
			could cause a parser error when reading the policy
			file. This now works correctly so long as the domain
			name is quoted. [RT #45641]
 2017-07-31 10:43:57 -07:00
Francis Dupont
9b9182fe00 Added Ed25519 support (#44696) 2017-07-31 15:26:00 +02:00
Tinderbox User
93ae9a09a9 regen master 2017-07-29 01:10:15 +00:00
Tinderbox User
9edeb0f922 update copyright notice / whitespace 2017-07-28 23:46:10 +00:00
Evan Hunt
268cea9c12 [master] glue-cache option 
4664.	[func]		Add a "glue-cache" option to enable or disable the
			glue cache. The default is "no" to reduce memory
			usage, but enabling this option will improve
			performance in delegation-heavy zones. [RT #45125]
 2017-07-28 12:57:50 -07:00
Evan Hunt
cee0d603a3 [master] remove unnecessary acronym expansions 2017-07-28 12:22:31 -07:00
Michał Kępień
c150f68609 [master] Clarify error message printed by dnssec-dsfromkey 
4663.	[cleanup]	Clarify error message printed by dnssec-dsfromkey.
			[RT #21731]
 2017-07-28 10:29:22 +02:00
Mark Andrews
71cd6910ba 4659. [bug] Remove spurious log message about lmdb-mapsize 
not being supported when parsing builtin
                        configuration file. [RT #45618]
 2017-07-28 16:02:52 +10:00
Mark Andrews
c91e61f57e add semicolon 2017-07-28 15:59:22 +10:00
Mark Andrews
e54f256bb4 4658. [bug] Clean up build directory created by "setup.py install" 
immediately.  [RT #45628]
 2017-07-28 15:54:45 +10:00
Tinderbox User
f192875d12 update copyright notice / whitespace 2017-07-26 23:46:18 +00:00
Michał Kępień
984a28c771 [master] Properly handle errors in rrchecker system test 
4657.	[bug]		rrchecker system test result could be improperly
			determined. [RT #45602]
 2017-07-26 10:40:06 +02:00
Michał Kępień
383240d572 [master] Process "port" and "dscp" for "default-masters" 
4656.	[bug]		Apply "port" and "dscp" values specified in catalog
			zone's "default-masters" option to the generated
			configuration of its member zones. [RT #45545]
 2017-07-26 09:28:28 +02:00
Tinderbox User
9ab5ec1d72 update copyright notice / whitespace 2017-07-21 23:46:06 +00:00
Mark Andrews
4bf32aa587 4654. [cleanup] Don't use C++ keywords delete, new and namespace. 
[RT #45538]
 2017-07-21 11:52:24 +10:00
Tinderbox User
0297ebcc89 update copyright notice / whitespace 2017-07-20 23:45:27 +00:00
Mark Andrews
124712666e 4653. [bug] Reorder includes to move @DST_OPENSSL_INC@ and 
@ISC_OPENSSL_INC@ after shipped include directories.
                        [RT #45581]
 2017-07-20 11:52:03 +10:00
Tinderbox User
b55ae9abd2 update copyright notice / whitespace 2017-07-19 23:45:23 +00:00
Mark Andrews
a5a4cf96c6 4653. [bug] Reorder includes in bin/nsupdate/Makefile.in. 
[RT #45581]
 2017-07-20 09:34:23 +10:00
Mark Andrews
cda91a09e4 4651. [bug] Nsupdate could attempt to use a zeroed address on 
server timeout. [RT #45417]

(cherry picked from commit dac36869f3)
 2017-07-19 15:36:41 +10:00
Mark Andrews
6375d42bae 4651. [bug] Nsupdate could attempt to use a zeroed address on 
server timeout. [RT #45417]

(cherry picked from commit 38edf586f9)
 2017-07-19 15:36:41 +10:00
Tinderbox User
a9404a04a5 update copyright notice / whitespace 2017-07-11 01:46:41 +00:00
Mark Andrews
abe5cf42b3 4649. [bug] The wrong zone was logged when a catalog zone is added. 
[RT #45520]
 2017-07-10 10:36:56 +10:00
Mark Andrews
1e9b39fe26 4648. [bug] "rndc reconfig" on a slave no longer causes all member 
zones of configured catalog zones to be removed from
                        configuration. [RT #45310]
 2017-07-10 09:06:13 +10:00
Ray Bellis
70676a01eb fixed new warning with previous iOS patch 2017-07-04 12:12:11 +01:00
Ray Bellis
03a4e4381e fix warnings from iOS build of dig 2017-07-04 11:51:36 +01:00
Mark Andrews
f7a22ae512 loop waiting for ns4/managed-keys.bind to be written 2017-07-04 15:53:12 +10:00
Tinderbox User
67fa096a59 update copyright notice / whitespace 2017-06-30 23:45:35 +00:00
Evan Hunt
b05b3fab3c [master] fix RSA parsing when md5 disabled 
4645.	[bug]		Fix PKCS#11 RSA parsing when MD5 is disabled.
			[RT #45300]
 2017-06-29 15:53:35 -07:00
Evan Hunt
0d90835d2a [master] enhanced rfc 5011 logging 
4642.	[cleanup]	Add more logging of RFC 5011 events affecting the
			status of managed keys: newly observed keys,
			deletion of revoked keys, etc. [RT #45354]
 2017-06-27 10:49:43 -07:00
Mark Andrews
b551ee14bd 4640. [bug] If query_findversion failed in query_getdb due to 
memory failure the error status was incorrectly
                        discarded. [RT #45331]
 2017-06-23 17:17:28 +10:00
Mark Andrews
5aa648e8f4 add const 2017-06-17 16:13:27 +10:00
Mark Andrews
94eff196e4 4637 broke old style command line with a salt of '-' [RT #45388] 2017-06-16 12:45:36 +10:00
Tinderbox User
d6b626e9a7 regen master 2017-06-14 01:08:21 +00:00
Tinderbox User
a00838da96 update copyright notice / whitespace 2017-06-13 23:45:34 +00:00
Evan Hunt
19a72397da [master] put in a missing #ifdef section 2017-06-13 14:50:49 -07:00
Evan Hunt
bf05e66bb3 [master] prevent reload failure due to LMDB database perms 
4638.	[bug]		Reloading or reconfiguring named could fail on
			some platforms when LMDB was in use. [RT #45203]
 2017-06-13 10:15:34 -07:00
Evan Hunt
0471530aae [master] nsec3hash -r 
4637.	[func]		"nsec3hash -r" option ("rdata order") takes arguments
			in the same order as they appear in NSEC3 or
			NSEC3PARAM records, so that NSEC3 parameters can
			be cut and pasted from an existing record. Thanks
			to Tony Finch for the contribution. [RT #45183]
 2017-06-13 00:39:10 -07:00
Mark Andrews
e85e95c19e 4636. [bug] Normalize rpz policy zone names when checking for 
existence. [RT #45358]
 2017-06-13 13:06:47 +10:00
Mukund Sivaraman
2c11da8441 Don't log NSDNAME failures as NSIP (#45052) 2017-06-12 14:04:15 +05:30
Tinderbox User
3e7ed60f99 update copyright notice / whitespace 2017-06-08 23:45:23 +00:00
Michał Kępień
9e94f388a7 Revert "4634. [test] Avoid races in mkeys test. [RT #45293]" 
This reverts commit 54d4737b7f.
 2017-06-08 14:19:36 +02:00
Michał Kępień
54d4737b7f 4634. [test] Avoid races in mkeys test. [RT #45293] 2017-06-08 13:40:27 +02:00
Tinderbox User
bb01fced12 update copyright notice / whitespace 2017-05-30 23:45:32 +00:00
Evan Hunt
967a3b9419 [master] quote service registry paths 
4532.	[security]	The BIND installer on Windows used an unquoted
                        service path, which can enable privilege escalation.
			(CVE-2017-3141) [RT #45229]
 2017-05-30 13:35:59 -07:00
Evan Hunt
2648c49be7 [master] fix rpz formerr loop 
4531.	[security]	Some RPZ configurations could go into an infinite
			query loop when encountering responses with TTL=0.
			(CVE-2017-3140) [RT #45181]
 2017-05-30 12:30:28 -07:00
Mark Andrews
aa3a8979bc 4530. [bug] "dyndb" is dependent on dlopen existing / being 
enabled. [RT #45291]
 2017-05-30 11:34:37 +10:00
Mark Andrews
e51d62ecae 4629. [bug] dns_client_startupdate could not be called with a 
running client. [RT #45277]
 2017-05-30 09:47:41 +10:00
Tinderbox User
f8d33c2b2a update copyright notice / whitespace 2017-05-28 23:45:39 +00:00
Evan Hunt
594eadcc34 [master] Add DLZ db version to activeversions 
4628.	[bug]		Fixed a potential reference leak in query_getdb().
			[RT #45247]
 2017-05-28 14:26:54 -07:00
Evan Hunt
5f6aa5954c [master] Use 127.0.0.1 as interface for rndc in logfileconfig test 2017-05-28 14:23:06 -07:00
Mark Andrews
0a78894304 test crypto support 2017-05-26 16:03:49 +10:00
Tinderbox User
e085a5fc5e update copyright notice / whitespace 2017-05-24 23:45:29 +00:00
Mark Andrews
b9c5b37e0c make chain system test work with python 3 2017-05-24 21:40:41 +10:00
Mark Andrews
a5dc0d5066 use 'python -u' to run python scripts 2017-05-24 15:09:39 +10:00
Evan Hunt
0221bfed7d [master] copyrights 2017-05-23 16:40:42 -07:00
Evan Hunt
6d7693c4af [master] add chain ordering tests 
4626.	[test]		Added more tests for handling of different record
			ordering in CNAME and DNAME responses. [QA #430]
 2017-05-22 17:05:55 -07:00
Evan Hunt
03a7a952c0 [master] don't keep an LMDB transaction open across an exclusive section 
4625.	[bug]		Running "rndc addzone" and "rndc delzone" at close
			to the same time could trigger a deadlock if using
			LMDB. [RT #45209]
 2017-05-16 08:47:20 -07:00
Mark Andrews
1611ceb8b2 4622. [bug] Remove unnecessary escaping of semicolon in CAA and 
URI records. [RT #45216]
 2017-05-11 10:54:52 +10:00
Mark Andrews
0c18eb4783 4619. [bug] Call isc_mem_put instead of isc_mem_free in 
bin/named/server.c:setup_newzones. [RT #45202]
 2017-05-10 11:10:43 +10:00
Tinderbox User
b439455672 update copyright notice / whitespace 2017-05-08 23:45:33 +00:00
Mark Andrews
31f4fb98e2 4617. [test] Update rndc system test to be more delay tolerant. 
[RT #45177]
 2017-05-09 04:07:48 +10:00
Evan Hunt
3a554a444c [master] fix lmdb delzone 
4616.	[bug]		When using LMDB, zones deleted using "rndc delzone"
			were not correctly removed from the new-zone
			database. [RT #45185]
 2017-05-04 12:32:32 -07:00
Tinderbox User
b168f3f805 update copyright notice / whitespace 2017-05-02 23:45:36 +00:00
Mark Andrews
33e94f501f 4615. [bug] AD could be set on truncated answer with no records 
present in the answer and authority sections.
                        [RT #45140]
 2017-05-03 07:51:41 +10:00
Mark Andrews
78551a3f2c remove unused assignments [RT #45147] 2017-05-03 07:45:18 +10:00
Evan Hunt
d39ab7440e [master] automatically tune max-journal-size 
4613.	[func]		By default, the maximum size of a zone journal file
			is now twice the size of the zone's contents (there
			is little benefit to a journal larger than this).
			This can be overridden by setting "max-journal-size"
			to "unlimited" or to an explicit value up to 2G.
			Thanks to Tony Finch. [RT #38324]
 2017-05-02 13:23:08 -07:00
Tinderbox User
57994a07f7 regen master 2017-04-27 00:43:03 +00:00
Tinderbox User
08e0f8fcfa update copyright notice / whitespace 2017-04-26 23:45:32 +00:00
Mukund Sivaraman
241b49e611 Set a LMDB mapsize and also provide a config option to control it (#44954) 2017-04-26 23:51:26 +05:30
Tinderbox User
c118d16a1c regen master 2017-04-25 01:06:00 +00:00
Tinderbox User
18b7760b29 update copyright notice / whitespace 2017-04-24 23:45:33 +00:00
Evan Hunt
2dfb992349 [master] new-zones-directory option 
4610.	[func]		The "new-zones-directory" option specifies the
			location of NZF or NZD files for storing
			configuration of zones added by "rndc addzone".
			Thanks to Petr Menšík. [RT #44853]
 2017-04-23 23:16:53 -07:00
Mark Andrews
7ef453bf43 4608. [func] DiG now warns about .local queries which are reserved 
for Multicast DNS. [RT #44783]
 2017-04-24 11:56:22 +10:00
Mark Andrews
a14562e120 4606. [port] Stop using experimental "Experimental keys on scalar" 
feature of perl as it has been removed. [RT #45012]
 2017-04-24 11:17:18 +10:00
Tinderbox User
70698c6d17 regen master 2017-04-24 01:06:39 +00:00
Evan Hunt
6ce8a05f6c [master] update copyrights that had been missed recently 2017-04-23 17:06:00 -07:00
Tinderbox User
f5fa655319 regen master 2017-04-23 01:06:11 +00:00
Tinderbox User
1f6505a424 update copyright notice / whitespace 2017-04-22 23:45:41 +00:00
Mukund Sivaraman
03be5a6b4e Improve performance for delegation heavy answers and also general query performance (#44029) 2017-04-22 09:22:44 +05:30
Evan Hunt
8e12350a6f [master] Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9 2017-04-21 16:45:43 -07:00
Tinderbox User
3618b965d1 update copyright notice / whitespace 2017-04-21 23:45:41 +00:00
Evan Hunt
8a28d9f1d4 [master] auto-generate named.conf.docbook 
4603.	[doc]		Automatically generate named.conf(5) man page
			from doc/misc/options. Thanks to Tony Finch.
			[RT #43525]
 2017-04-21 16:27:56 -07:00
Evan Hunt
b9e736f4f6 [master] typo in rndc doc 2017-04-21 13:16:40 -07:00
Mukund Sivaraman
f7c66b31d4 Update fuzzing support to test validating resolver (#44787) 2017-04-21 16:33:18 +05:30
Mukund Sivaraman
b0dbcba2d2 Validate glue before adding it to the additional section (#45062) 2017-04-21 14:51:24 +05:30
Mukund Sivaraman
dd7d1df874 Increase minimum RSA keygen size to 1024 bits (#36895) 2017-04-21 12:00:40 +05:30
Evan Hunt
f5c39b072c [master] hex output mode for dnstap-read 
4594.	[func]		"dnstap-read -x" prints a hex dump of the wire
			format of each logged DNS message. [RT #44816]
 2017-04-20 20:22:19 -07:00
Tinderbox User
2d863323b6 regen master 2017-04-21 01:05:18 +00:00
Evan Hunt
6d19d975c6 [master] python 3 compatibility 
4591.	[port]		Addressed some python 3 compatibility issues.
			Thanks to Ville Skytta. [RT #44955] [RT #44956]
 2017-04-20 17:30:35 -07:00
Tinderbox User
3b443e87a0 update copyright notice / whitespace 2017-04-20 23:45:39 +00:00
Evan Hunt
bdbdc69a75 [master] correct a mistake in nsupdate help 2017-04-20 16:17:19 -07:00
Evan Hunt
66b71679b7 [master] nsupdate: send tkey queries to the right server 
4588.	[bug]		nsupdate could send queries for TKEY to the wrong
			server when using GSSAPI. Thanks to Tomas Hozza.
			[RT #39893]
 2017-04-20 09:28:37 -07:00
Mark Andrews
706c6ac5e2 fix 'minimal-any yes;' to force TCP / UDP 2017-04-20 17:59:45 +10:00
Mark Andrews
600b027731 4587. [bug] named-checkzone failed to handle occulted data below 
DNAMEs correctly. [RT #44877]
 2017-04-20 13:28:48 +10:00
Mark Andrews
033a59090c 4586. [func] dig, host and nslookup now use TCP for ANY queries. 
[RT #44687]
 2017-04-20 13:20:41 +10:00
Mark Andrews
3742338a7b 4585. [port] win32: Set CompileAS value. [RT #42474] 2017-04-20 12:41:40 +10:00
Tinderbox User
e67fe90a1f regen master 2017-04-12 01:05:15 +00:00
Tinderbox User
b4099ed035 update copyright notice / whitespace 2017-04-11 23:45:37 +00:00
Evan Hunt
a477a025d5 [master] correct -M in synopsis 2017-04-11 12:24:10 -07:00
Tinderbox User
38704ecee9 regen master 2017-03-26 01:05:14 +00:00
Tinderbox User
0d9aa35cac update copyright notice / whitespace 2017-03-25 23:45:38 +00:00
Evan Hunt
39eb1d0353 [master] host -A 
4593.	[func]		"host -A" returns most records for a name but
			omits RRSIG, NSEC and NSEC3. (Thanks to Tony Finch.)
			[RT #43032]
 2017-03-25 12:49:25 -07:00
Evan Hunt
db93f3d4b3 [master] document that delv should be used instead of sigchase 2017-03-25 12:22:51 -07:00
Mark Andrews
8e8dfc5941 4582. [security] 'rndc ""' could trigger a assertion failure in named. 
(CVE-2017-3138) [RT #44924]
 2017-03-25 02:00:17 +11:00
Tinderbox User
0fbf291dad update copyright notice / whitespace 2017-03-16 23:46:35 +00:00
Mark Andrews
f94f3e2791 4581. [port] Linux: Add getpid and getrandom to the list of system 
calls named uses for seccomp. [RT #44883]
 2017-03-16 11:21:18 +11:00
Tinderbox User
db1010fe82 update copyright notice / whitespace 2017-03-10 23:46:18 +00:00
Evan Hunt
612b2e2c0d [master] timestamp suffixes for log files 
4579.	[func]		Logging channels and dnstap output files can now
			be configured with a "suffix" option, set to
			either "increment" or "timestamp", indicating
			whether to use incrementing numbers or timestamps
			as the file suffix when rolling over a log file.
			[RT #42838]
 2017-03-08 23:20:40 -08:00
Mark Andrews
9301c35ae6 adjust range 2017-03-02 12:32:04 +11:00
Mark Andrews
d411448ceb allow more time for the IPv6 transfer attemt to timeout and fall over to IPv4 2017-03-02 12:19:10 +11:00
Tinderbox User
02716f97c1 regen master 2017-03-02 01:05:06 +00:00
Tinderbox User
1baa50950b update copyright notice / whitespace 2017-03-01 01:52:56 +00:00
Mark Andrews
f240f4a5de Reimplement: 
4578.   [security]      Some chaining (CNAME or DNAME) responses to upstream
                        queries could trigger assertion failures.
                        (CVE-2017-3137) [RT #44734]
 2017-03-01 12:01:16 +11:00
Tinderbox User
ed5bf0e581 update copyright notice / whitespace 2017-02-28 23:45:28 +00:00
Mark Andrews
02fa49a4d8 fix nsupdate reference 2017-03-01 08:33:09 +11:00
Tinderbox User
e04dff4bfd update copyright notice / whitespace 2017-02-21 23:45:37 +00:00
Witold Krecicki
0790f8a361 4577. [func] Make qtype of resolver fuzzing packet configurable via command line. [RT #43540] 2017-02-21 03:49:55 -08:00
Tinderbox User
e66aaccfd8 update copyright notice / whitespace 2017-02-20 23:45:32 +00:00
Witold Krecicki
fa9b4de716 4576. [func] The RPZ implementation has been substantially refactored for improved performance and reliability. [RT #43449] 2017-02-20 11:57:28 +01:00
Mark Andrews
3bce12e4b6 4575. [security] Dns64 with break-dnssec yes; can result in a 
assertion failure. (CVE-2017-3136) [RT #44653]
 2017-02-15 12:18:51 +11:00
Mark Andrews
af2b20ee3f 4574. [bug] Dig leaked memory with multiple +subnet options. 
[RT #44683]
 2017-02-14 15:52:40 +11:00
Evan Hunt
1df7a6fed6 [master] call flow description was incomplete 2017-02-09 13:52:45 -08:00
Evan Hunt
d16500cece [master] restore some code from change 4556 2017-02-08 17:33:13 -08:00
Tinderbox User
f929677ed8 update copyright notice / whitespace 2017-02-08 23:45:32 +00:00
wpk
96912e44b0 4573. [func] Query logic has been substantially refactored (e.g. query_find function has been split into smaller functions) for improved readability, maintainability 2017-02-08 22:15:01 +01:00
Evan Hunt
d8339932af [master] fix memory leak from dnstap-output parsing 2017-02-06 22:13:51 -08:00
Evan Hunt
c4e4bd6a09 [master] dnstap size and versions options 
4572.	[func]		The "dnstap-output" option can now take "size" and
			"versions" parameters to indicate the maximum size
			a dnstap log file can grow before rolling to a new
			file, and how many old files to retain. [RT #44502]
 2017-02-06 16:34:58 -08:00
Tinderbox User
88ee987de6 update copyright notice / whitespace 2017-02-06 02:58:07 +00:00
Mark Andrews
3e48466e0a 4571. [bug] Out-of-tree builds of backtrace_test failed. 2017-02-06 13:46:00 +11:00
Evan Hunt
0f91e968c7 [master] fall back to builtin keys if bind.keys is empty 
4570.	[cleanup]	named did not correctly fall back to the built-in
			initializing keys if the bind.keys file was present
			but empty. [RT #44531]
 2017-02-04 00:37:37 -08:00
Evan Hunt
650b5e7592 [master] store local and remote addresses in dnstap 
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]
 2017-02-03 17:05:58 -08:00
Tinderbox User
39f68aa480 update copyright notice / whitespace 2017-02-03 23:45:33 +00:00
Tinderbox User
2cd2e915c3 regen 2017-02-03 23:30:02 +00:00
Mark Andrews
8562f6f9f4 set copyright type to zone 2017-02-03 22:14:47 +11:00
Mark Andrews
04ed4dd4db wait longer for the transfer to complete 2017-02-03 17:51:16 +11:00
Tinderbox User
194f07c628 update copyright notice / whitespace 2017-02-02 23:45:47 +00:00
Evan Hunt
4ecfa356d1 [master] silence warning 2017-02-02 13:24:17 -08:00
Evan Hunt
aace5d0fb3 [master] include ECS in query logging 
4566.	[func]		Query logging now includes the ECS option if one
			was included in the query. [RT #44476]
 2017-02-02 11:54:28 -08:00
Mark Andrews
e5fe0d7823 fix not HAVE_LMDB case 2017-02-03 06:18:07 +11:00
Mark Andrews
2f5444972a perform more testing on rndc <op> -redirect 2017-02-02 17:25:54 +11:00
Mark Andrews
f783c2d579 4562. [func] Add additional memory statistics currently malloced 
and maxmalloced per memory context. [RT #43593]
 2017-02-02 15:36:38 +11:00
Tinderbox User
ed1f93cc24 update copyright notice / whitespace 2017-01-31 23:45:34 +00:00
Evan Hunt
cd668ea57f [master] change 4558 was incomplete 2017-01-30 14:10:30 -08:00
Tinderbox User
ff52f52a31 regen master 2017-01-25 01:04:56 +00:00
Tinderbox User
b5808abc69 update copyright notice / whitespace 2017-01-24 23:45:30 +00:00
Mark Andrews
25da687db7 4560. [bug] mdig: add -m option to enable memory debugging rather 
than have in on all the time. [RT #44509]

4559.   [bug]           Openssl_link.c didn't compile if ISC_MEM_TRACKLINES
                        was turned off.  [RT #44509]
 2017-01-24 17:48:31 +11:00
Mark Andrews
b1b5229a47 4556. [security] Combining dns64 and rpz can result in dereferencing 
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
 2017-01-24 09:55:51 +11:00
Tinderbox User
4502e3c5dd regen master 2017-01-21 01:04:48 +00:00
Tinderbox User
96f5064e3c update copyright notice / whitespace 2017-01-20 23:45:34 +00:00
Evan Hunt
4f744a027f [master] fix dig +ednsopt padding error 
4556.	[bug]		Sending an EDNS Padding option using "dig
			+ednsopt" could cause a crash in dig. [RT #44462]
 2017-01-19 23:52:41 -08:00
Evan Hunt
25a9b90369 [master] symbolic option names for dig +ednsopt 
4555.	[func]		dig +ednsopt: EDNS options can now be specified by
			name in addition to numeric value. [RT #44461]
 2017-01-19 23:46:37 -08:00
Tinderbox User
31c2480cd4 update copyright notice / whitespace 2017-01-19 23:45:37 +00:00
Mark Andrews
bf0b649993 whitespace 2017-01-19 13:16:04 +11:00
Tinderbox User
7b665158e9 update copyright notice / whitespace 2017-01-13 23:45:35 +00:00
Mark Andrews
bcfaac260a remove false negatives (add eol to grep patterns; add missing ret=0) 2017-01-13 15:59:52 +11:00
Tinderbox User
a9e8198788 update copyright notice / whitespace 2017-01-12 23:45:41 +00:00
Evan Hunt
66b61a029d [master] more specific date for DLV shutdown warning 2017-01-12 09:10:41 -08:00
Mark Andrews
434477aa02 --enable-developer now compiles bin/tests's XTARGETS [RT #44205] 2017-01-12 14:02:51 +11:00
Mark Andrews
0c43d50368 remove false positives due to bad grep [RT #44178] 2017-01-12 13:59:10 +11:00
Mark Andrews
750619b7a8 4551. [test] Add system tests for integrity checks of MX and 
SRV records. [RT #43953]
 2017-01-12 13:29:45 +11:00
Tinderbox User
2067cfdb46 regen master 2017-01-06 01:05:20 +00:00
Tinderbox User
f557aeef7c update copyright notice / whitespace 2017-01-05 23:45:24 +00:00
Tinderbox User
37ae137942 regen master 2017-01-05 01:05:07 +00:00
Evan Hunt
5804332588 [master] EDNS padding and keepalive support 
4549.	[func]		Added support for the EDNS TCP Keepalive option
			(RFC 7828). [RT #42126]

4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
			[RT #42094]
 2017-01-04 09:16:30 -08:00
Mark Andrews
1015ce24fc address discards const warnings; address shadow warning 2016-12-31 14:30:50 +11:00
Tinderbox User
ed07d7a8f5 update copyright notice / whitespace 2016-12-30 23:46:36 +00:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Mark Andrews
813ff2d277 remove #!/usr/bin/python 2016-12-29 23:37:53 +11:00
Mark Andrews
da40ddaeca add copyright notice 2016-12-29 23:10:37 +11:00
Mark Andrews
b789eec98c fix ProjectGuid 2016-12-29 19:47:07 +11:00
Mark Andrews
81ff80e0cd fix ProjectGuid 2016-12-29 19:46:42 +11:00
Mark Andrews
965c1e910e fix ProjectGuid 2016-12-29 19:45:56 +11:00
Tinderbox User
6ce6801f3f regen master 2016-12-29 01:05:39 +00:00
Tinderbox User
4ef83f4333 update copyright notice / whitespace 2016-12-28 23:48:39 +00:00
Mark Andrews
d376792dae 4531. [security] 'is_zone' was not being properly updated by redirect2 
and subsequently preserved leading to an assertion
                        failure. (CVE-2016-9778) [RT #43837]
 2016-12-29 10:25:01 +11:00
wpk
e910d18007 4545. [func] Make dnstap-read output more functionally usable. 
[RT #43642]

4544.	[func]		Add message/payload size to dnstap-read YAML output.
			[RT #43622]
 2016-12-28 11:57:28 +01:00
Tinderbox User
190ea9e6b8 regen master 2016-12-28 01:05:39 +00:00
Mark Andrews
5093e8d482 4542. [func] Allow rndc to manipulate redirect zones with using 
-redirect as the zone name (use "-redirect." to
                        manipulate a zone named "-redirect"). [RT #43971]
 2016-12-28 11:36:31 +11:00
Tinderbox User
d029dfe95c update copyright notice / whitespace 2016-12-27 23:46:44 +00:00
Mark Andrews
e20db12918 4541. [bug] rndc addzone should properly reject non master/slave 
zones. [RT #43665]
 2016-12-28 10:27:56 +11:00
Tinderbox User
c43f150d0a update copyright notice / whitespace 2016-12-26 23:46:20 +00:00
Mark Andrews
8e333f42ef 4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure. 
[RT #43601]
 2016-12-27 09:49:02 +11:00
Mark Andrews
762c4fc5a8 4539. [bug] Referencing a nonexistant zone with rpz could lead 
to a assertion failure when configuring. [RT #43787]
 2016-12-27 08:59:07 +11:00
Mark Andrews
6089c8df71 4537. [bug] Handle timouts better in dig/host/nslookup. [RT #43576] 2016-12-14 15:42:43 +11:00
Tinderbox User
29916e6d7c update copyright notice / whitespace 2016-12-13 23:46:28 +00:00
Mark Andrews
a678e70481 4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared 
when reusing the event structure. [RT #43885]
 2016-12-14 10:42:38 +11:00
Mark Andrews
def6b33bad 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] 2016-12-13 16:27:18 +11:00
Mark Andrews
8ca45ba01a 4533. [bug] dns_client_update should terminate on prerequiste 
failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
                        and also on BADZONE.  [RT #43865]
 2016-12-13 15:47:03 +11:00
Mark Andrews
4914e3ddc6 number all resolver tests 2016-12-13 15:02:32 +11:00
Evan Hunt
76a26842a9 [master] tweak logfileconfig test so it can pass on slower machines 2016-12-12 12:12:40 -08:00
Mark Andrews
60cb462c56 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME 
in responses resulting in SERVFAIL being returned.
                        [RT #43779]
 2016-12-09 12:50:18 +11:00
Tinderbox User
16fde7f0b3 regen master 2016-12-07 01:05:34 +00:00
Mark Andrews
1b8ce3b330 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831] 2016-12-07 10:49:55 +11:00
Mark Andrews
24b7aa3df5 look $UNLIMITEDFILE.4 as $UNLIMITEDFILE.5 may not exist yet 2016-12-05 18:20:31 +11:00
Mark Andrews
c9ee977f31 added -T keepstderr to keep stderr open when daemonizing [RT #43736] 2016-12-05 10:38:16 +11:00
Mark Andrews
cab871f1bc 4522. [bug] Handle big gaps in log file version numbers better. 
[RT #38688]
 2016-11-30 10:55:21 +11:00
Evan Hunt
6bdb70057d [master] log as error if entropy unavailable 
4521.	[cleanup]	Log it as an error if an entropy source is not
			found and there is no fallback available. [RT #43659]
 2016-11-29 11:30:31 -08:00
Mark Andrews
4352551d23 4520. [cleanup] Alphabetise more of the grammar when printing it 
out. Fix unbalanced indenting. [RT #43755]
 2016-11-29 15:28:28 +11:00
Mark Andrews
e0c102d9ee copyrights/whitespace 2016-11-24 11:04:30 +11:00
Evan Hunt
62c85a4a52 [master] allow different time formats: local, iso8601, iso8601-utc 
4518.	[func]		The "print-time" option in the logging configuration
			can now take arguments "local", "iso8601" or
			"iso8601-utc" to indicate the format in which the
			date and time should be logged. For backward
			compatibility, "yes" is a synonym for "local".
			[RT #42585]
 2016-11-22 23:34:47 -08:00
Curtis Blackburn
eb4ffd6685 4515. [port] FreeBSD: Find readline headers when they are in 
edit/readline/ instead of readline/. [RT #43658]
 2016-11-18 11:12:42 -08:00
Mark Andrews
28f344c18a check the value of s 2016-11-15 16:51:36 +11:00
Mark Andrews
415eeebda4 add --ipv6only=no test 2016-11-11 09:59:58 +11:00
Mark Andrews
69e77384fa 4514. [port] NetBSD: strip -WL, from ld command line. [RT #43204] 2016-11-10 11:31:21 +11:00
Mark Andrews
1106845b4e don't call dst_lib_destroy in t2_vfy 2016-11-09 17:03:34 +11:00
Mark Andrews
084d88f67b 4512. [bug] win32: @GEOIP_INC@ missing from delv.vcxproj.in. 
[RT #43556]
 2016-11-07 10:03:24 +11:00
Francis Dupont
7f56936dc7 Fixed filter-aaaa prereq.sh 2016-11-04 14:55:59 +01:00
Evan Hunt
1e2aca8d90 [master] make rrl system test more robust 
4509.	[test]		Make the rrl system test more reliable on slower
			machines by using mdig instead of dig. [RT #43280]
 2016-11-02 20:56:02 -07:00
Curtis Blackburn
66b00b1e06 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2016-11-02 18:11:06 -07:00
Curtis Blackburn
f621b255d9 corrected typo in nsupdate test (DIG-->$DIG) 2016-11-02 18:09:37 -07:00
Tinderbox User
8d8839b3a0 regen master 2016-11-03 01:06:32 +00:00
Tinderbox User
e37bc34b31 update copyright notice / whitespace 2016-11-02 23:46:39 +00:00
Mark Andrews
61747916ed 4506. [func] 'named-checkconf -l' will now list the zones found in 
named.conf. [RT #43154]
 2016-11-02 17:47:51 +11:00
Mark Andrews
5f8412a4cb 4504. [security] Allow the maximum number of records in a zone to 
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]
 2016-11-02 17:31:27 +11:00
Evan Hunt
6087f87afb [master] make uninstall 
4503.	[cleanup]	"make uninstall" now removes file installed by
			BIND. (This currently excludes Python files
			due to lack of support in setup.py.) [RT #42912]
 2016-11-01 19:17:07 -07:00
Mark Andrews
e1c93a0f58 'I:exit status: <value>' should be outsied of if 2016-11-02 09:11:40 +11:00
Evan Hunt
7960fc596b [master] clean up reporting of R:FAIL so it can't spuriously appear mid-test 2016-11-01 13:46:42 -07:00
Mark Andrews
9bfebc4a6a check for LIBRESSL_VERSION_NUMBER 
(cherry picked from commit b2c1d6f0a2)
 2016-11-01 12:49:23 +11:00
Evan Hunt
5480a74b70 [master] simplify prereq checks by using feature-test.c 
4498.	[test]		Simplify prerequisite checks in system tests.
			[RT #43516]
 2016-10-31 16:53:37 -07:00
Mark Andrews
1fce0951ed 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-10-31 10:04:37 +11:00
Tinderbox User
c970f162b6 regen master 2016-10-29 01:06:53 +00:00
Tinderbox User
e24f9b0a33 update copyright notice / whitespace 2016-10-28 23:45:58 +00:00
Mark Andrews
42470b0b87 4496. [func] dig: add +idnout to control whether labels are 
display in punycode or not.  Requires idn support
                        to be enabled at compile time. [RT #43398]
 2016-10-28 12:05:19 +11:00
Mark Andrews
6fbb2b51d8 4494. [bug] Look for <editline/readline.h>. [RT #43429] 2016-10-27 15:48:51 +11:00
Mark Andrews
c910fc24ce 4493. [bug] bin/tests/system/dyndb/driver/Makefile.in should use 
SO_TARGETS. [RT# 43336]
 2016-10-27 15:37:26 +11:00
Mark Andrews
ecd8e95bb5 change 4487 broke the cacheclean test with old version of perl. [RT #43476] 2016-10-27 00:09:21 +11:00
Mark Andrews
856c77cc40 s/,/;/ 2016-10-26 22:38:24 +11:00
Mark Andrews
bcbacc4045 copyrights 2016-10-20 11:03:20 +11:00
Mark Andrews
8d6fefac31 4488. [port] Darwin: use -framework for Kerberos. [RT #43418] 2016-10-20 10:26:05 +11:00
Witold Krecicki
358dfaee18 4487. [test] Make system tests work on Windows. [RT #42931] 2016-10-19 17:18:42 +02:00
Tinderbox User
0b15ee0705 regen master 2016-10-16 01:06:28 +00:00
Mark Andrews
7551ec1ebe add managed keys to view section 2016-10-16 08:15:15 +11:00
Evan Hunt
e91255b006 [master] gitignore python build directory 
Patch submitted by Tony Finch (dot@dotat.at)
 2016-10-11 13:15:24 -07:00
Mark Andrews
01862dfaa5 4485. [bug] Look in $prefix/lib/pythonX.Y/site-packages for 
the python modules we install. [RT #43330]
 2016-10-11 15:20:37 +11:00
Mark Andrews
c5d4cfc8aa 4483. [func] Check prefixes in acls to make sure the address and 
prefix lengths are consistent.  Warn only in
                        BIND 9.11 and earlier. [RT #43367]
 2016-10-11 14:52:28 +11:00
Evan Hunt
676ac3cc82 [master] add cfg_parse_buffer3() function with linenum parameter 
4482.	[cleanup]	Change #4455 was incomplete. [RT #43252]
 2016-10-10 17:11:21 -07:00
Mark Andrews
d3f29e7a4f sleep 2 to let in progress lookups complete 2016-10-10 14:35:36 +11:00
Tinderbox User
5e32012dcf regen master 2016-10-10 01:04:44 +00:00
Mark Andrews
3b6aba8dcb 4481. [func] dig: make +class, +crypto, +multiline, +rrcomments, 
+onesoa, +qr, +ttlid, +ttlunits and -u per lookup
                        rather than global. [RT #42450]
 2016-10-10 11:55:59 +11:00
Evan Hunt
af05768c0e [master] reset ret between NTA tests 2016-10-05 21:06:54 -07:00
Tinderbox User
f925373f21 regen master 2016-10-06 01:05:06 +00:00
Witold Krecicki
551f1e02e6 4478. [func] Add +continue option to mdig, allow continue on socket errors. [RT #43281] 2016-10-05 13:50:03 +02:00
Witold Krecicki
5aaf7e3a04 4477. [test] Fix mkeys test timing issues. [RT #41028] 2016-10-05 13:42:53 +02:00
Witold Krecicki
a0f9aaa103 4476. [test] Fix reclimit test on slower machines. [RT #43283] 2016-10-05 11:54:12 +02:00
Mark Andrews
67cdd2d3a4 4475. [doc] Update named-checkconf documentation. [RT #43153] 2016-10-05 14:21:41 +11:00
Mark Andrews
f77ee20a6c 4474. [bug] win32: call WSAStartup in fromtext_in_wks so that 
getprotobyname and getservbyname work.  [RT #43197]

(cherry picked from commit 82a50a619a)
 2016-10-05 12:29:23 +11:00
Mark Andrews
7fbe85c6d7 4472. [bug] Named could fail to find the correct NSEC3 records when 
a zone was update between looking for the answer and
                        looking for the NSEC3 records proving non-existance
                        of the answer. [RT #43247]
 2016-10-05 10:35:18 +11:00
Witold Krecicki
c5a80c9427 [master] Disable dig IPv4-to-IPv6 mapping system test on OpenBSD 2016-09-30 12:19:44 +02:00
Mark Andrews
966edc2775 make statschannel version number agnostic 
(cherry picked from commit 1477c19dd9)
 2016-09-29 17:01:53 +10:00
Tinderbox User
f1814f50c9 regen master 2016-09-29 01:05:10 +00:00
Evan Hunt
e9917a51d3 [master] minor cleanup/clarification in dnstap documentation 
Patch submitted by Tony Finch (dot@dotat.at).
 2016-09-27 20:45:58 -07:00
Evan Hunt
c4b7db4932 [master] render querylog format consistent, and add a release note 
4471.	[cleanup]	Render client/query logging format consistent for
			ease of log file parsing. (Note that this affects
			"querylog" format: there is now an additional field
			indicating the client object address.) [RT #43238]
 2016-09-22 14:48:56 -07:00
Tinderbox User
18c84f3b0b regen master 2016-09-14 01:04:44 +00:00
Mark Andrews
df17290113 4468. [bug] Address ECS option handling issues. [RT #43191] 2016-09-14 08:22:15 +10:00
Mark Andrews
f1977af0d3 4465. [bug] Don't use "%z" as Windows doesn't support it. 
[RT #43131]
 2016-09-08 14:16:56 +10:00
Mark Andrews
ed7097fc00 4463. [bug] The dnstap system test failed on some systems. 
[RT #43129]
 2016-09-08 11:40:24 +10:00
Francis Dupont
cfa20db199 Fixed obvious typo in t_atomic 2016-09-08 01:54:18 +02:00
Mark Andrews
8eceb0bffe 4461. [bug] win32: not all external data was properly marked 
as external data for windows dll. [RT #43161]
 2016-09-07 14:12:11 +10:00
Tinderbox User
4c60000629 update copyright notice / whitespace 2016-08-30 23:45:30 +00:00
Mark Andrews
3e1fa8411b 4460. [test] Add system test for dnstap using unix domain sockets. 
[RT #42926]
 2016-08-30 11:20:22 +10:00
Evan Hunt
a26a62cef2 [master] fix tcp client memory leak 
4459.	[bug]		TCP client objects created to handle pipeline queries
			were not cleaned up correctly, causing uncontrolled
			memory growth. [RT #43106]
 2016-08-29 11:56:36 -07:00
Mark Andrews
63fe88e8d8 4456. [doc] Add DOCTYPE and lang attribute to <html> tags. 
[RT #42587]
 2016-08-26 15:14:04 +10:00
Mark Andrews
e1f590a59a remove spurious 'i' 2016-08-26 13:41:57 +10:00
Evan Hunt
02fb764681 [master] pass source file and line to dyndb load function 
4455.	[cleanup]	Allow dyndb modules to correctly log the filename
			and line number when processing configuration text
			from named.conf. [RT #43050]
 2016-08-25 18:08:26 -07:00
Tinderbox User
fba207e51a update copyright notice / whitespace 2016-08-25 23:45:37 +00:00
Tinderbox User
5883460271 regen master 2016-08-25 01:04:54 +00:00
Mark Andrews
726cddb564 4454. [bug] 'rndc dnstap -reopen' had a race issue. [RT #43089] 2016-08-25 10:03:22 +10:00
Mark Andrews
f431bf02a6 4453. [bug] Prefetching of DS records failed to update their 
RRSIGs. [RT #42865]
 2016-08-25 09:51:31 +10:00
Mark Andrews
e09f18e349 4452. [bug] The default key manager policy file is now 
<sysdir>/dnssec-policy.conf (usually
                        /etc/dnssec-policy.conf). [RT #43064]
 2016-08-25 09:41:50 +10:00
Evan Hunt
1e50c0d857 [master] add dnssec-keygen and nslookup man page links to ARM 2016-08-24 20:39:03 +00:00
Mark Andrews
7bb9972a1f add signing -serial to rndc usage 2016-08-23 13:41:37 +10:00
Tinderbox User
b297f5cdd5 regen master 2016-08-19 01:04:52 +00:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Witold Krecicki
85342bec80 4449. [test] Fix catalog zones test on slower systems. [RT #42997] 2016-08-18 18:17:56 +02:00
Mark Andrews
934837913f 4447. [tuning] Allow the fstrm_iothr_init() options to be set using 
named.conf to control how dnstap manages the data
                        flow. [RT #42974]
 2016-08-18 11:16:06 +10:00
Tinderbox User
0967d759de update copyright notice / whitespace 2016-08-17 23:45:32 +00:00
Evan Hunt
3390d74e33 [master] fix dyndb issues; isc_errno_toresult() 
4445.	[cleanup]	isc_errno_toresult() can now be used to call the
			formerly private function isc__errno2result().
			[RT #43050]

4444.	[bug]		Fixed some issues related to dyndb: A bug caused
			braces to be omitted when passing configuration text
			from named.conf to a dyndb driver, and there was a
			use-after-free in the sample dyndb driver. [RT #43050]

Patch for dyndb driver submitted by Petr Spacek at Red Hat.
 2016-08-17 11:37:57 -07:00
Mark Andrews
8c2c6b8b42 update dyndb_init inline documentationi [RT #43050] 2016-08-17 14:11:57 +10:00
Tinderbox User
baa0e04675 update copyright notice / whitespace 2016-08-15 23:45:31 +00:00
Mukund Sivaraman
131307a70e Fix RPZ CIDR tree insertion bug (#43035) 2016-08-15 14:17:02 +05:30
Mark Andrews
f814343d1b add dnstap to help. [RT #42928] 2016-08-15 11:56:17 +10:00
Mark Andrews
8a98ea9e94 4441. [cleanup] Alphabetize host's help output. [RT #43031] 2016-08-15 11:21:52 +10:00
Mark Andrews
c7e021e2e6 4439. [bug] Address race conditions getting ownernames of nodes. 
[RT #43005]
 2016-08-12 14:08:48 +10:00
Tinderbox User
a7115b8b4d regen master 2016-08-12 01:04:57 +00:00
Mark Andrews
78e31dd187 4437. [func] Minimal-responses now has two additional modes 
no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]
 2016-08-12 10:48:51 +10:00
Mark Andrews
bb900e62bf 4436. [func] Return TLSA records as additional data for MX and SRV 
lookups. [RT #42894]
 2016-08-12 10:03:23 +10:00
Mark Andrews
31ffec1541 4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message 
will not fit into a single IPv4 encapsulated IPv6
                        UDP packet when transmitted over a Ethernet link.
                        [RT #42871]
 2016-08-12 09:41:59 +10:00
Mark Andrews
bf2238b064 4434. [protocol] Return EDNS EXPIRE option for master zones in addition 
to slave zones. [RT #43008]
 2016-08-12 09:31:41 +10:00
Evan Hunt
c38d989fdd [master] error on bad parameter to 'rndc dumpdb' 
4433.	[cleanup]	Report an error when passing an invalid option or
			view name to "rndc dumpdb". [RT #42958]
 2016-08-11 16:02:57 -07:00
Mark Andrews
12895c8d6f 4432. [testing] Hide rndc output on expected failures in logfileconfig 
system test. [RT #27996]
 2016-08-10 13:06:40 +10:00
Tinderbox User
2f77f658a0 update copyright notice / whitespace 2016-08-09 00:25:45 +00:00
Mark Andrews
632e67baa6 4431. [bug] named-checkconf now checks the rate-limit clause. 
[RT #42970]
 2016-08-08 23:52:40 +10:00
Mark Andrews
3146be6fd6 4430. [bug] Lwresd died if a search list was not defined. 
Found by 0x710DDDD At Alibaba Security. [RT #42895]
 2016-08-08 10:22:51 +10:00
Mark Andrews
c1915935cf 4429. [bug] Address potential use after free on fclose() error. 
[RT #42976]
 2016-08-08 09:50:34 +10:00
Evan Hunt
e9bd1496ed [master] fix dnstap query/response selectors 
4427.	[bug]		The "query" and "response" parameters to the
			"dnstap" option had their functions reversed.
 2016-08-06 00:21:04 -07:00
Witold Krecicki
2830b1d597 Remove spurious isc_stdio_open 2016-07-28 14:30:48 +02:00
Witold Krecicki
fe6db06ced 4426. [bug] Addressed Coverity warnings. [RT #42908] 2016-07-27 15:46:09 +02:00
Tinderbox User
49834f2f8d regen master 2016-07-27 01:07:09 +00:00
Witold Krecicki
29d1f6a781 Fix typos in nzd2nzf test 2016-07-26 21:15:18 +02:00
Witold Krecicki
aad10dd583 Fix merge error in bin/tests/system/conf.sh.in, add missing cleanups in tests 2016-07-26 20:29:12 +02:00
Mark Andrews
0408ceba1f add space in #error message 2016-07-26 11:28:47 +10:00
Mark Andrews
0ac94b80e8 remove comma 2016-07-26 11:17:37 +10:00
Tinderbox User
7ba3e5dc9e regen master 2016-07-26 01:07:05 +00:00
Mark Andrews
3fdd1a3462 named-rrchecker is also in ${prefix}/bin 2016-07-26 07:12:13 +10:00
Mark Andrews
711aff9fa7 4425. [bug] arpaname and dnstap-read were not being installed 
into ${prefix}/bin.  Tidy up installation issues
                        with CHANGE 4421. [RT #42910]
 2016-07-26 06:51:36 +10:00
Witold Krecicki
c854d9c7a8 Fix merge error in bin/tools/Makefile.in 2016-07-25 13:18:47 +02:00
Mark Andrews
f20179857a 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries 
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]
 2016-07-22 20:02:17 +10:00
Mark Andrews
9616761417 copyrights 2016-07-22 15:58:48 +10:00
Tinderbox User
2bc4d454e1 update copyright notice / whitespace 2016-07-21 23:46:03 +00:00
Evan Hunt
d20f0472df [master] silence clang warnings 
4422.	[port]		Silence clang warnings in dig.c and dighost.c.
			[RT #42451]
 2016-07-21 15:53:43 -07:00
Evan Hunt
6c81b492df [master] add missing file 2016-07-21 12:45:15 -07:00
Evan Hunt
7914f63011 [master] print.h 2016-07-21 11:25:19 -07:00
Evan Hunt
eca74c52c1 [master] store "addzone" zone config in a NZD database 
4421.	[func]		When built with LMDB (Lightning Memory-mapped
			Database), named will now use a database to store
			the configuration for zones added by "rndc addzone"
			instead of using a flat NZF file. This improves
			performance of "rndc delzone" and "rndc modzone"
			significantly. Existing NZF files will
			automatically by converted to NZD databases.
			To view the contents of an NZD or to roll back to
			NZF format, use "named-nzd2nzf". To disable
                        this feature, use "configure --without-lmdb".
                        [RT #39837]
 2016-07-21 11:13:37 -07:00
Mark Andrews
e7e7efe901 4420. [func] nslookup now looks for AAAA as well as A by default. 
[RT #40420]
 2016-07-22 03:27:49 +10:00
Witold Krecicki
e4d4de075a 4419. [bug] Don't cause undefined result if the label of an 
entry in catalog zone is changed. [RT #42708]
 2016-07-21 13:08:50 +02:00
Mark Andrews
592127b7fa more copyright cleanups 2016-07-21 19:16:05 +10:00
Mark Andrews
30e4fbdfb5 consolidate copyrights 2016-07-21 17:24:07 +10:00
Tinderbox User
6807a2dc3c regen master 2016-07-21 07:11:01 +00:00
Mark Andrews
813e9f7ee2 copyright 2016-07-21 17:00:44 +10:00
Evan Hunt
f7b5487474 [master] fix keymgr with low prepublication interval 
4417.	[bug]		dnssec-keymgr could fail to create successor keys
			if the prepublication interval was set to a value
			smaller than the default. [RT #42820]

Patch submitted by Nis Wechselberg (enbewe@enbewe.de).
 2016-07-20 15:12:56 -07:00
Evan Hunt
a870e4e773 [master] normalize domain names for trailing dots 
4416.	[bug]		dnssec-keymgr: Domain names in policy files could
			fail to match due to trailing dots. [RT #42807]

Patch submitted by Armin Pech (mail@arminpech.de).
 2016-07-20 14:35:10 -07:00
Evan Hunt
c4fa8b75c2 [master] deleted keys not correctly excluded 
4415.	[bug]		dnssec-keymgr: Expired/deleted keys were not always
			excluded. [RT #42884]

Patch submitted by Nis Wechselberg (enewe@enbewe.de).
 2016-07-20 14:28:15 -07:00
Mark Andrews
63e58ad048 4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED 
was returned. [RT #42733]
 2016-07-14 15:06:28 +10:00
Mark Andrews
d937f8e999 Visual Studio 2005 doesn't like named elements, construct addr using isc_netaddr_fromin6 2016-07-14 11:29:18 +10:00
Mark Andrews
fef0080f14 Windows doesn't like LLU use ULL instead 2016-07-14 11:15:46 +10:00
Tinderbox User
bc8c067281 regen master 2016-07-14 01:06:14 +00:00
Mukund Sivaraman
4116177ac4 Make fixes for GCC 6 (#42721) 2016-07-13 13:55:50 +05:30
Evan Hunt
ffa622d7a3 [master] rndc dnstap -roll 
4411.	[func]		"rndc dnstap -roll" automatically rolls the
			dnstap output file; the previous version is
			saved with ".0" suffix, and earlier versions
			with ".1" and so on. An optional numeric argument
			indicates how many prior files to save. [RT #42830]
 2016-07-13 01:12:47 -07:00
Mark Andrews
a2101037d9 4410. [bug] Address use after free and memory leak with dnstap. 
[RT #42746]
 2016-07-13 16:56:11 +10:00
Mark Andrews
af052fa2ed add more DNS64 default exclude acl tests 
(cherry picked from commit d147d56227)
 2016-07-13 10:58:53 +10:00
Tinderbox User
3e0b34d0ac update copyright notice / whitespace 2016-07-11 23:46:33 +00:00
Mark Andrews
557c7221fd 4409. [bug] DNS64 should exlude mapped addresses by default when 
a exclude acl is not defined. [RT #42810]
 2016-07-11 14:11:34 +10:00
Mark Andrews
ec5e01747a 4408. [func] Continue waiting for expected response when we the 
response we get does not match the request. [RT #41026]
 2016-07-11 13:36:16 +10:00
Mark Andrews
38cc2d14e2 4406. [bug] getrrsetbyname with a non absolute name could 
trigger a infinite recursion bug in lwresd
                        and named with lwres configured if when combined
                        with a search list entry the resulting name is
                        too long. [RT #42694]
 2016-07-07 12:52:47 +10:00
Mark Andrews
3c88f741c6 ignore bin/tests/system/rndc/ns4/named.conf 2016-07-07 09:55:51 +10:00
Tinderbox User
915994daa9 update copyright notice / whitespace 2016-07-06 23:46:37 +00:00
Tinderbox User
6aba65d9f0 regen master 2016-07-06 01:05:19 +00:00
Mark Andrews
d811a7d9ef 4405. [bug] Change 4342 introduced a regression where you could 
not remove a delegation in a NSEC3 signed zone using
                        OPTOUT via nsupdate. [RT #42702]
 2016-07-06 10:13:15 +10:00
Mark Andrews
27505a932f one -f the -D sync's should have been just -D 2016-07-06 08:33:02 +10:00
Mark Andrews
0dacb6efdf ignore configure generated files 2016-06-29 23:32:06 +10:00
Mark Andrews
cd734243d4 ignore configure generated files 2016-06-29 23:27:12 +10:00
Mark Andrews
ecfa005085 4403. [bug] Rename variables and arguments that shadow: basename, 
clone and gai_error.
 2016-06-28 21:25:30 -04:00
Witold Krecicki
dbb82fa26c Fix keymgr test for change 4400 [RT #42718] 2016-06-27 12:22:11 +02:00
Tinderbox User
33d0a7767d regen master 2016-06-27 05:29:38 +00:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
50a3eae6cf 4400. [bug] ttl policy was not being inherited in policy.py. 
[RT #42718]
 2016-06-27 13:07:45 +10:00
Mark Andrews
8d49a1a0d1 4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and 
'ECDSAP384SHA384' don't have settable keysize.
                        [RT #42718]
 2016-06-27 12:11:37 +10:00
Mark Andrews
97e13cc244 4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py. 
[RT #42718]
 2016-06-27 11:49:11 +10:00
Tinderbox User
05da080bbd regen master 2016-06-27 01:25:44 +00:00
Mark Andrews
2616416a67 add missing <para>/<para> tags 2016-06-27 10:53:23 +10:00
Tinderbox User
4677c85720 regen master 2016-06-25 01:05:37 +00:00
Mark Andrews
8927a982bd update copyrights / whitespace 2016-06-24 16:23:26 +10:00
Mark Andrews
9f5443280f 4397. [bug] Update Windows python support. [RT #42538] 2016-06-24 16:04:10 +10:00
Mark Andrews
c1a72112b2 4396. [func] dnssec-keymgr now takes a '-r randomfile' option. 
[RT #42455]
 2016-06-24 14:12:24 +10:00
Mark Andrews
b709d84755 distclean cleanup 2016-06-24 13:52:01 +10:00
Mark Andrews
4840ef4581 4395 [bug] Improve out-of-tree installation of python modules. 
[RT #42586]
 2016-06-24 12:20:37 +10:00
Tinderbox User
76cf91b5df regen master 2016-06-24 01:05:13 +00:00
Tinderbox User
b54c2849fb update copyright notice / whitespace 2016-06-23 23:45:21 +00:00
Mark Andrews
7d262a3647 4394. [func] Add rndc command "dnstap-reopen" to close and 
reopen dnstap output filed. [RT #41803]
 2016-06-24 09:37:04 +10:00
Jeremy C. Reed
e8300d7263 Use test random file for tsig test using keygen 
This is for #42565: tsig test hangs and KEYGEN and randomdev

It was okayed there and is a trivial fix. No changes log needed.
 2016-06-23 18:48:09 -04:00
Tinderbox User
601645a1e8 update copyright notice / whitespace 2016-06-22 23:45:21 +00:00
Mark Andrews
10966da999 4402. [func] Collect statistics for RSSAC02v3 traffic-volume, 
traffic-sizes and rcode-volume reporting. [RT #41475]
 2016-06-23 08:44:54 +10:00
Witold Krecicki
4681ab1fc2 4387. [test] Rewritten test suite for catalog zones. [RT #42676] 
4386.	[func]		Support for master entries with TSIG keys in catalog
			zones. [RT #42577]
 2016-06-22 10:50:09 +02:00
Mark Andrews
b56bd9b59f 4387. [bug] Change 4336 was not complete leading to SERVFAIL 
being return as NS records expired. [RT #42683]
 2016-06-22 15:26:38 +10:00
Mark Andrews
96beefd76f 4386.[bug]Remove shadowed overmem function/variable. [RT #42706] 2016-06-22 15:13:24 +10:00
Witold Krecicki
3f06b888ae 4385. [func] Add support for allow-query and allow-transfer ACLs 
to catalog zones. [RT #42578]
 2016-06-20 13:39:44 +02:00
Mark Andrews
c1bf332c7c silence rm error message 2016-06-20 14:33:33 +10:00
Mark Andrews
eff62988e6 checking that default nta's were lifted due to lifetime were not robust 2016-06-20 14:29:11 +10:00
Mark Andrews
bcd6666984 silence compiler warning 2016-06-19 22:59:58 +10:00
Mark Andrews
948fe5822b 4384. [bug] Change 4256 accidentally disabled logging of the 
rndc command. [RT #42654]
 2016-06-18 00:10:51 +10:00
Mark Andrews
3f0de196f7 report subtest number 2016-06-17 10:50:33 +10:00
Tinderbox User
3939cc42d8 update copyright notice / whitespace 2016-06-16 23:45:22 +00:00
Mark Andrews
caf7c2fd25 style 2016-06-17 07:13:12 +10:00
Tinderbox User
dce54b9b5c update copyright notice / whitespace 2016-06-14 23:45:25 +00:00
Mark Andrews
3635d8f910 do not overflow exit status. [RT #42643] 2016-06-14 13:48:39 +10:00
Mark Andrews
ecff557eeb 4383. [bug] Correct spelling error in stats channel description of 
"EDNS client subnet option received". [RT #42633]
 2016-06-14 11:31:17 +10:00
Francis Dupont
985d2d1b71 Updated OpenSSL patches for 1.0.[12] (active/supported) 2016-06-13 18:05:33 +02:00
Mark Andrews
eb6d8d7a48 silence coverity warnings 2016-06-12 00:08:31 +10:00
Tinderbox User
ffaab41a01 update copyright notice / whitespace 2016-06-10 23:45:19 +00:00
Evan Hunt
eb3195d211 [master] add a test for dig +subnet with various prefix lengths 2016-06-09 22:49:52 -07:00
Mark Andrews
fbc50678e1 4382. [bug] rndc {addzone,modzone,delzone,showzone} should all 
compare the zone name using a canonical format.
                        [RT #42630]
 2016-06-10 11:03:53 +10:00
Mark Andrews
eb54bc33a2 also cleanup node 2016-06-03 18:04:37 +10:00
Mark Andrews
92ddd7ad2c detach before restore 2016-06-03 17:23:08 +10:00
Mark Andrews
b4750b5991 reset zversion on restart 2016-06-03 14:33:16 +10:00
Witold Krecicki
c2afbab9dc 4381. [bug] Missing "zone-directory" option in catalog zone 
definition caused BIND to crash. [RT #42579]
 2016-06-02 21:41:02 +02:00
Tinderbox User
e76f113739 regen master 2016-06-02 01:05:09 +00:00
Mark Andrews
d055178624 simplify poorly written conditional 2016-06-02 10:18:17 +10:00
Tinderbox User
1c6d1ca335 update copyright notice / whitespace 2016-06-01 23:45:30 +00:00
Francis Dupont
3933e5c763 Merged rt42563 (ht.c fixes) 2016-06-01 14:49:01 +02:00
Francis Dupont
2a8aa10492 Merged rt42505 (misc DNSSEC bugs) 2016-06-01 09:18:49 +02:00
Tinderbox User
7336a12983 update copyright notice / whitespace 2016-05-31 23:45:29 +00:00
Evan Hunt
3d0b7d5cc3 [master] zone-directory option for catalog zones 
4380.	[experimental]	Added a "zone-directory" option to "catalog-zones"
			syntax, allowing local masterfiles for slaves
			that are provisioned by catalog zones to be stored
			in a directory other than the server's working
			directory. [RT #42527]
 2016-05-31 10:36:27 -07:00
Tinderbox User
262bebd081 update copyright notice / whitespace 2016-05-27 23:45:23 +00:00
Mark Andrews
9268297baa 4379. [bug] An INSIST could be triggered if a zone contains 
RRSIG records with expiry fields that loop
                        using serial number arithmetic. [RT #40571]
 2016-05-27 15:24:30 +10:00
Evan Hunt
e3f231023c [master] use $DIG not dig 2016-05-26 18:39:07 -07:00
Tinderbox User
260e8e04b0 regen master 2016-05-27 01:05:21 +00:00
Mark Andrews
aabcb1fde0 4377. [bug] Don't reuse zero TTL responses beyond the current 
client set (excludes ANY/SIG/RRSIG queries).
                        [RT #42142]
 2016-05-27 09:59:46 +10:00
Evan Hunt
6c2a76b3e2 [master] copyrights, win32 definitions 2016-05-26 12:36:17 -07:00
Witold Krecicki
7a00d69909 4376. [experimental] Added support for Catalog Zones, a new method for 
provisioning secondary servers in which a list of
                        zones to be served is stored in a DNS zone and can
                        be propagated to slaves via AXFR/IXFR. [RT #41581]

4375.   [func]          Add support for automatic reallocation of isc_buffer
                        to isc_buffer_put* functions. [RT #42394]
 2016-05-26 21:23:19 +02:00
Evan Hunt
bfe9697f92 [master] correct summary 2016-05-26 09:53:09 -07:00
Mark Andrews
3d1b521b5b update dnssec-keymgr documentation. [RT #42454] 2016-05-26 16:02:46 +10:00
Mark Andrews
32e1f3cda0 improve error message for missing dnssec-keygen/dnssec-settime. [RT #42456] 2016-05-26 15:46:10 +10:00
Mark Andrews
28784b996b minor host man page cleanups from Tony Finch [RT #42476] 2016-05-26 13:56:42 +10:00
Mark Andrews
ac11084829 4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the 
probability of reference counting errors as seen
                        in 4365. [RT #42405]
 2016-05-26 12:11:00 +10:00
Mark Andrews
10f8dc8456 4370. [bug] Address python3 compatibility issues with RNDC module. 
[RT #42499] [RT #42506]
 2016-05-26 12:01:31 +10:00
Tinderbox User
7173647ada update copyright notice / whitespace 2016-05-25 23:45:21 +00:00
Evan Hunt
0cbe448914 [master] minimal-any 
4371.	[func]		New "minimal-any" option reduces the size of UDP
			responses for qtype ANY by returning a single
			arbitrarily selected RRset instead of all RRsets.
			Thanks to Tony Finch. [RT #41615]
 2016-05-25 13:54:34 -07:00
Mark Andrews
9c6a57d7c7 address python2/python3 differences 2016-05-25 15:19:25 +10:00
Mark Andrews
d4a9a6c4a9 pass $KEYGEN to $KEYMGR 2016-05-25 14:05:26 +10:00
Mark Andrews
e6d09e71d0 style 2016-05-25 13:41:48 +10:00
Mark Andrews
ecb9c56ff6 use python3 compatible syntax 2016-05-25 13:37:07 +10:00
Mark Andrews
9dede25430 4370. [bug] Address python3 compatibility issues with RNDC module. 
[RT #42499]
 2016-05-25 11:48:52 +10:00
Mark Andrews
d3600bb89d 4369. [bug] Fix 'make' and 'make install' out-of-tree python 
support. [RT #42484]
 2016-05-24 09:50:23 +10:00
Mark Andrews
7abac4a395 silence warning 2016-05-17 17:26:27 +10:00
Mark Andrews
4f200033d1 explict conversion 2016-05-17 17:22:51 +10:00
Mark Andrews
c3beecc1bc 4365. [bug] Address zone reference counting errors involving 
nxdomain-redirect. [RT #42258]
 2016-05-13 11:54:25 +10:00
Mark Andrews
32148399a2 ignore missing SERVFAIL 2016-05-12 14:25:43 +10:00
Tinderbox User
f5489931d7 update copyright notice / whitespace 2016-05-09 23:45:56 +00:00
Mark Andrews
8090ceb932 4363. [port] Turn off triggering UAC when running BINDInstall 
temporarily.
 2016-05-09 19:07:07 +10:00
Mark Andrews
97e9fc9e53 add missing dependancy 2016-05-09 15:42:57 +10:00
Mark Andrews
2b96f36d0c remember dig/rndc outputs 2016-05-09 07:59:19 +10:00
Mark Andrews
9e14bf1f86 add test counter 2016-05-09 07:29:43 +10:00
Witold Krecicki
9852ad2408 Fix awk compatibility issue in rndc system test 2016-05-07 13:33:51 +02:00
Tinderbox User
f89adb2c2a update copyright notice / whitespace 2016-05-05 23:45:48 +00:00
Evan Hunt
7614afdab2 [master] remove copyright header from policy.good 2016-05-05 14:26:15 -07:00
Witold Krecicki
e846f127d6 4362. [func] Changed rndc reconfig behaviour so that newly added 
zones are loaded asynchronously and the loading does
			not block the server. [RT #41934]
 2016-05-05 21:41:12 +02:00
Mark Andrews
5ac427050f 4360. [bug] Silence spurious 'bad key type' message when there is 
a existing TSIG key. [RT #42195]
 2016-05-05 22:27:08 +10:00
Mark Andrews
594d15df25 4359. [bug] Inherited 'also-notify' lists were not being checked 
by named-checkconf. [RT #42174]
 2016-05-05 21:59:09 +10:00
Witold Krecicki
19d80ce584 4358. [test] Added American Fuzzy Lop harness that allows 
feeding fuzzed packets into BIND.
			[RT #41723]
 2016-05-05 11:49:38 +02:00
Witold Krecicki
dc2a4887c4 4357. [func] Add the python RNDC module. [RT #42093] 2016-05-05 11:33:47 +02:00
Mark Andrews
08e36aa5a5 4356. [func] Add the ability to specify whether to wait for 
nameserver addresses to be looked up or not to
                        rpz with a new modifying directive 'nsip-wait-recurse'.                         [RT #35009]
 2016-05-05 16:29:05 +10:00
Evan Hunt
f1a2709aad [master] add extractability to pkcs11-list 
4354.	[func]		"pkcs11-list" now displays the extractability
			attribute of private or secret keys stored in
			an HSM, as either "true", "false", or "never"
			Thanks to Daniel Stirnimann. [RT #36557]
 2016-05-04 21:56:48 -07:00
Tinderbox User
99bbb58ce7 update copyright notice / whitespace 2016-05-04 23:45:36 +00:00
Evan Hunt
699f790c49 [master] update pkcs11 headers 
4353.	[cleanup]	Update PKCS#11 header files. [RT #42175]
 2016-05-04 15:55:03 -07:00
Evan Hunt
66074f152f [master] log message when using ISC DLV 
4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]
 2016-05-04 14:37:25 -07:00
Tinderbox User
9e6e0881fa update copyright notice / whitespace 2016-04-30 23:45:50 +00:00
Mark Andrews
cbad856135 support truncated hashes longer that 7 
(cherry picked from commit 5b291f619e312689e25de8fd5662b0b9d4a62679)
 2016-05-01 07:48:40 +10:00
Tinderbox User
3241ddcf93 regen master 2016-04-30 01:05:59 +00:00
Tinderbox User
21635968f7 update copyright notice / whitespace 2016-04-29 23:45:42 +00:00
Evan Hunt
470af54b4e [master] more python2/3 compatibility fixes; use setup.py to install 2016-04-29 14:40:45 -07:00
Evan Hunt
304d16f08f [master] address some python2/3 incompatibilities 2016-04-29 10:38:35 -07:00
Tinderbox User
17e9d6023e Add .8 and .html files for dnssec-keymgr 2016-04-29 16:42:23 +00:00
Evan Hunt
90c7806bb6 [master] remove gnu make dependency 2016-04-29 09:36:36 -07:00
Evan Hunt
a27dc50157 [master] copyrights 2016-04-28 22:30:53 -07:00
Mark Andrews
86f221492f alphabetize 2016-04-29 13:10:26 +10:00
Mark Andrews
48bf87ba83 4351. [bug] 'dig +noignore' didn't work. [RT #42273] 2016-04-29 12:41:02 +10:00
Mark Andrews
cf69e3d8b2 alphabetize host options 2016-04-29 11:21:49 +10:00
Tinderbox User
aa70afe5c1 update copyright notice / whitespace 2016-04-28 23:45:37 +00:00
Evan Hunt
f6096b958c [master] dnssec-keymgr 
4349.   [contrib]       kasp2policy: A python script to create a DNSSEC
                        policy file from an OpenDNSSEC KASP XML file.

4348.	[func]		dnssec-keymgr: A new python-based DNSSEC key
			management utility, which reads a policy definition
			file and can create or update DNSSEC keys as needed
			to ensure that a zone's keys match policy, roll over
			correctly on schedule, etc.  Thanks to Sebastian
			Castro for assistance in development. [RT #39211]
 2016-04-28 00:16:01 -07:00
Evan Hunt
5ecfee97ba [master] copyrights 2016-04-14 19:12:13 -07:00
Evan Hunt
3cd204c4a4 [master] fixed revoked key regression 
4436.	[bug]		Fixed a regression introduced in change #4337 which
			caused signed domains with revoked KSKs to fail
			validation. [RT #42147]
 2016-04-14 18:52:52 -07:00
Mark Andrews
7f79448198 remove unnecessary return 2016-04-08 04:24:47 +10:00
Tinderbox User
a0132868d1 update copyright notice / whitespace 2016-03-25 23:45:16 +00:00
Mark Andrews
42f6b7a890 add mdig.exe; fix typo in isc-hmac-fixup.exe 2016-03-26 09:07:54 +11:00
Evan Hunt
4a5f5c4ce1 [master] install mdig to bin not sbin 2016-03-25 09:52:00 -07:00
Tinderbox User
c19f42a378 update copyright notice / whitespace 2016-03-24 23:45:21 +00:00
Tinderbox User
e285c11870 regen master 2016-03-24 01:05:08 +00:00
Mark Andrews
6214c3c93a 4341. [bug] 'rndc flushtree' could fail to clean the tree if there 
wasn't a node at the specified name. [RT #41846]
 2016-03-24 11:31:25 +11:00
Tinderbox User
a63461cc4b update copyright notice / whitespace 2016-03-23 23:45:22 +00:00
Evan Hunt
7fa4c18451 [master] ECS family 0 handling was still broken 2016-03-23 15:00:30 -07:00
Evan Hunt
05b7b63f17 [master] more ECS handling fixes 2016-03-23 09:59:42 -07:00
Evan Hunt
395e6865d5 [master] fix ECS with family==0 
4341.	[bug]		Correct the handling of ECS options with
			address family 0. [RT #41377]
 2016-03-23 08:54:46 -07:00
Evan Hunt
d82b18a552 [master] fix uiAccess for win64 build 2016-03-22 17:28:12 -07:00
Evan Hunt
ddf3342cca [master] test pipelining with mdig 
4339.	[test]		Use "mdig" to test pipelined queries. [RT #41929]
 2016-03-22 17:26:38 -07:00
Evan Hunt
132a571179 [master] fix mkeys TTL 0 issue 
4337.	[bug]		The previous change exposed a latent flaw in
			key refresh queries for managed-keys when
			a cached DNSKEY had TTL 0. [RT #41986]
 2016-03-22 12:12:32 -07:00
Tinderbox User
27def92931 update copyright notice / whitespace 2016-03-21 23:45:22 +00:00
Mark Andrews
0993cd5f22 4336. [bug] Don't emit records with zero ttl unless the records 
were learnt with a zero ttl. [RT #41687]
 2016-03-21 13:22:21 +11:00
Mark Andrews
b8dcc13bc5 4335. [bug] zone->view could be detached too early. [RT #41942] 2016-03-21 12:02:00 +11:00
Tinderbox User
b1aac28027 update copyright notice / whitespace 2016-03-16 23:45:17 +00:00
Jeremy C. Reed
e12c78ebf6 add comments about why the configuration is bad 
I didn't get review. This is trivial.
 2016-03-16 15:42:56 -04:00
Mark Andrews
756c643330 4334. [func] 'named -V' now reports zlib version. [RT #41913] 2016-03-13 07:48:11 +11:00
Jeremy C. Reed
81780ffd74 use -r $RANDFILE for test using keygen 
stops hang
this is for ticket #41898
 2016-03-11 09:27:15 -05:00
Tinderbox User
4a7004f3ce update copyright notice / whitespace 2016-03-10 23:45:16 +00:00
Mark Andrews
7c52595464 4331. [func] When loading managed signed zones detect if the 
RRSIG's inception time is in the future and regenerate
                        the RRSIG immediately. [RT #41808]
 2016-03-10 17:01:08 +11:00
Tinderbox User
1fb011b1db regen master 2016-03-08 22:35:32 +00:00
Tinderbox User
2cc103828e update copyright notice / whitespace 2016-03-08 22:29:11 +00:00
Mark Andrews
1188aa3010 add automatic-interface-scan to ARM grammar 2016-03-09 09:00:07 +11:00
Mark Andrews
93ca5ee4c4 update copyrights 2016-03-08 16:21:19 +11:00
Mark Andrews
d6357f09aa 4329. [func] Warn about a common misconfiguration when forwarding 
RFC 1918 zones. [RT #41441]
 2016-03-08 10:11:23 +11:00
Tinderbox User
220ba6da87 update copyright notice / whitespace 2016-03-04 23:45:23 +00:00
Mark Andrews
8398f00156 4326. [protocol] Add support for AVC. [RT #41819 2016-03-04 18:11:41 +11:00
Mukund Sivaraman
9da98335c1 Code cleanups (#41656) 2016-03-04 12:18:17 +05:30
Evan Hunt
023ba1e6ef [master] add OS details to rndc status 
4325.	[func]		Add a line to "rndc status" indicating the
			hostname and operating system details. [RT #41610]
 2016-03-03 22:02:52 -08:00
Tinderbox User
f254ab049e update copyright notice / whitespace 2016-03-02 23:45:17 +00:00
Mark Andrews
ce7216c40a 4223. [bug] Improve HTTP header processing on statschannel. 
[RT #41674]
 2016-03-02 11:04:59 +11:00
Mark Andrews
455c0848f8 4322. [security] Duplicate EDNS COOKIE options in a response could 
trigger an assertion failure. (CVE-2016-2088)
                        [RT #41809]
 2016-02-27 11:23:50 +11:00
Mark Andrews
7f514657e2 update copyrights 2016-02-25 10:55:40 +11:00
Mark Andrews
f9da4a8e54 4321. [bug] Zones using mapped files containing out-of-zone data 
could return SERVFAIL instead of the expected NODATA
                        or NXDOMAIN results. [RT #41596]
 2016-02-24 11:13:24 +11:00
Tinderbox User
62735fcde3 update copyright notice / whitespace 2016-02-23 23:45:35 +00:00
Mukund Sivaraman
293a9e9978 Fix allocation for "none" ACL that caused assertion failure (#41745) 2016-02-23 12:51:34 +05:30
Mark Andrews
a125381c60 update usage 2016-02-23 16:57:02 +11:00
Tinderbox User
27424c351d update copyright notice / whitespace 2016-02-20 23:45:16 +00:00
Mark Andrews
c968a257c1 fix subnet prefix 2016-02-20 12:01:30 +11:00
Tinderbox User
53ba272721 update copyright notice / whitespace 2016-02-18 23:45:32 +00:00
Mark Andrews
a2b15b3305 4318. [security] Malformed control messages can trigger assertions 
in named and rndc. (CVE-2016-1285) [RT #41666]
 2016-02-18 12:11:27 +11:00
Mark Andrews
37176663e0 don't used class in grep e.g. [:space:] 2016-02-17 13:17:40 +11:00
Evan Hunt
93c211afc9 [master] fixed a regression in dyndb due to change #4277 2016-02-12 00:22:45 -08:00
Tinderbox User
6632721990 regen master 2016-02-12 01:04:18 +00:00
Tinderbox User
ee2e5fec65 regen master 2016-02-11 01:04:20 +00:00
Mark Andrews
b91d11bfcc copyrights / whitespace 2016-02-11 10:44:21 +11:00
Evan Hunt
23733a9412 [master] misplaced <varlistentry> 2016-02-09 17:11:26 -08:00
Mukund Sivaraman
79a55d4f4d Add option to tools to print RRs in unknown presentation format (#41595) 2016-02-09 15:39:02 +05:30
Mukund Sivaraman
0c29904b27 Check that configured view class isn't a meta class (#41572) 2016-02-08 13:58:01 +05:30
Mark Andrews
08913705e9 specify what to copy 
(cherry picked from commit 88624c9c32)
 2016-02-05 13:54:47 +11:00
Mark Andrews
68ecf1c9a5 add missing line break 2016-02-04 11:51:44 +11:00
Mark Andrews
d88ba93712 4313. [bug] Handle ns_client_replace failures in test mode. 
[RT #41190]
 2016-02-03 14:59:19 +11:00
Tinderbox User
d83a9a980a update copyright notice / whitespace 2016-02-02 23:45:23 +00:00
Mukund Sivaraman
f9b167290a Remove 45 second sleeps from notify system test (#41248) 
No CHANGES entry required.
 2016-02-02 09:46:57 +05:30
Mark Andrews
8d00c5ab2c 4312. [bug] dig's unknown dns and edns flags (MBZ value) logging 
was not consistent. [RT #41600]
 2016-02-02 14:19:22 +11:00
Mark Andrews
e370cdf4ba capture rndc output 
(cherry picked from commit 2d58f4aee2)
 2016-02-02 12:26:23 +11:00
Tinderbox User
8b074bef0c update copyright notice / whitespace 2016-02-01 23:45:25 +00:00
Evan Hunt
ec450fde7c [master] disallow delzone on policiy zones 
4311.	[bug]		Prevent "rndc delzone" from being used on
			response-policy zones. [RT #41593]
 2016-02-01 09:49:49 -08:00
Tinderbox User
3947e3625a update copyright notice / whitespace 2016-01-31 23:45:23 +00:00
Evan Hunt
1d36ed108a [master] spelling 2016-01-31 09:54:13 -08:00
Tinderbox User
5f4f7c688e update copyright notice / whitespace 2016-01-30 23:45:23 +00:00
Evan Hunt
f02c22d58a [master] add uname data to named -V 
4308.	[func]		Added operating system details to "named -V"
			output. [RT #41452]
 2016-01-30 11:06:58 -08:00
Evan Hunt
df9a49ee07 [master] dig/mdig could send misformatted ECS options 
4307.	[bug]		"dig +subnet" and "mdig +subnet" could send
			incorrectly-formatted Client Subnet options
			if the prefix length was not divisble by 8.
			Also fixed a memory leak in "mdig". [RT #45178]
 2016-01-29 17:41:29 -08:00
Tinderbox User
6825f304c5 regen master 2016-01-29 01:04:18 +00:00
Tinderbox User
b7f3400f3b update copyright notice / whitespace 2016-01-28 23:45:29 +00:00
Evan Hunt
e073205a88 [master] openssl 1.0.2f patch 
4306.	[maint]		Added a PKCS#11 openssl patch supporting
			version 1.0.2f [RT #38312]
 2016-01-28 13:27:29 -08:00
Mark Andrews
832ab79d1f 4305. [bug] dnssec-signzone was not removing unnecessary rrsigs 
from the zone's apex. [RT #41483]
 2016-01-28 15:42:34 +11:00
Mark Andrews
9d85a77382 4304. [port] xfer system test failed as 'tail -n +value' is not 
portable. [RT #41315]
 2016-01-28 15:38:06 +11:00
Evan Hunt
8ede7a974b [master] fix dig=+subnet zero-length prefix 
4303.	[bug]		"dig +subnet" was unable to send a prefix length of
			zero, as it was incorrectly changed to 32 for v4
			prefixes or 128 for v6 prefixes. In addition to
			fixing this, "dig +subnet=0" has been added as a
			short form for 0.0.0.0/0. The same changes have
			also been made in "mdig". [RT #41553]
 2016-01-27 19:03:54 -08:00
Evan Hunt
30370d905e [master] removed /Gy- from VS project files 
4302.	[port]		win32: fixed a build error in VS 2015. [RT #41426]
 2016-01-27 15:27:57 -08:00
Tinderbox User
4df65ccfec update copyright notice / whitespace 2016-01-25 23:45:24 +00:00
Mark Andrews
9478de25bb 4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534] 2016-01-26 00:27:44 +11:00
Mark Andrews
f8432e3f24 4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534] 2016-01-26 00:09:03 +11:00
Mark Andrews
1fe6b74b9c use 0 not ISC_FALSE for dns_name_fromtext 2016-01-25 16:55:02 +11:00