bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-03-12 13:43:05 -04:00

Author	SHA1	Message	Date
Tinderbox User	1b2ae58ef1	update copyright notice	2014-06-09 23:45:20 +00:00
Mark Andrews	3b187cad7a	3873. [protocol] Only warn for SPF without TXT spf record. [RT #36210 ]	2014-06-10 09:32:43 +10:00
Mark Andrews	b16d99bac1	3872. [bug] Address issues found by static analysis. [RT #36209 ]	2014-06-10 09:17:15 +10:00
Mukund Sivaraman	79d27f505a	[35063] Don't publish an activated key automatically before its publish time	2014-06-04 14:31:42 +05:30
Mark Andrews	ab6fd5e892	initialise matches	2014-06-02 13:53:59 +10:00
Mark Andrews	5360986092	set max	2014-06-02 13:42:58 +10:00
Mark Andrews	3a26e75e3c	accept a range of stats values	2014-06-02 08:15:47 +10:00
Tinderbox User	f5c27ecceb	regen master	2014-05-31 01:05:50 +00:00
Evan Hunt	0cfb247368	[master] rndc nta 3867. [func] "rndc nta" can now be used to set a temporary negative trust anchor, which disables DNSSEC validation below a specified name for a specified period of time (not exceeding 24 hours). This can be used when validation for a domain is known to be failing due to a configuration error on the part of the domain owner rather than a spoofing attack. [RT #29358]	2014-05-29 22:22:53 -07:00
Mark Andrews	fa6308bd57	3866. [bug] Named could die on disk full in generate_session_key. [RT #36119]	2014-05-30 14:38:39 +10:00
Mark Andrews	536da846f6	update copyrights	2014-05-30 09:41:33 +10:00
Mark Andrews	44b0e0b1d5	More changes for: 3864. [bug] RPZ didn't work well when being used as forwarder. [RT #36060]	2014-05-30 08:41:27 +10:00
Evan Hunt	caa252e5ad	[master] Fix bin/tests/rbt_test.c, use portable int types	2014-05-29 07:37:13 -07:00
Mark Andrews	3d75189141	3864. [bug] RPZ didn't work well when being used as forwarder. [RT #36060]	2014-05-29 17:02:10 +10:00
Mark Andrews	4694229f60	make a explict edns query so this subtest is independent of other tests	2014-05-29 10:46:44 +10:00
Mark Andrews	800d25b848	3863. [bug] The "E" flag was missing from the query log as a unintended side effect of code rearrangement to support EDNS EXPIRE. [RT #36117]	2014-05-29 08:04:55 +10:00
Mark Andrews	9b819daddf	3862. [cleanup] Return immediately if we are not going to log the message in ns_client_dumpmessage.	2014-05-27 12:16:04 +10:00
Tinderbox User	f5ae3cca1d	regen master	2014-05-24 01:05:32 +00:00
Evan Hunt	d51e441520	spelling	2014-05-23 19:32:56 +00:00
Mark Andrews	a0f91e910b	3856. [bug] Configuring libjson without also configuring libxml resulting in a REQUIRE assertion when retrieving statistics using json. [RT #36009]	2014-05-21 12:06:00 +10:00
Tinderbox User	fc74b733bf	regen master	2014-05-17 01:05:14 +00:00
Tinderbox User	104f0e51ac	update copyright notice	2014-05-16 23:45:21 +00:00
Evan Hunt	896f49f8bd	[master] increase and allow configuration of lwresd tasks/clients 3852. [func] Increase the default number of clients available for servicing lightweight resolver queries, and make them configurable via the "lwres-tasks" and "lwres-clients" options. (Thanks to Tomas Hozza.) [RT #35857]	2014-05-15 22:01:19 -07:00
Evan Hunt	6fa84a3e25	[master] enable libseccomp system call filtering 3851. [func] Allow libseccomp based system-call filtering on Linux; use "configure --enable-seccomp" to turn it on. Thanks to Loganaden Velvindron for the contribution. [RT #35347]	2014-05-15 20:29:30 -07:00
Tinderbox User	284d5252c1	update copyright notice	2014-05-15 23:45:22 +00:00
Mark Andrews	01f881c1c5	3849. [bug] Disabling forwarding could trigger a REQUIRE assertion. [RT #35979]	2014-05-15 16:54:32 +10:00
Tinderbox User	b90c4f0646	regen master	2014-05-15 05:05:58 +00:00
Tinderbox User	9cc7fd5e1a	Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9	2014-05-15 05:02:02 +00:00
Tinderbox User	6bcac4b58d	regen master	2014-05-15 04:46:54 +00:00
Mark Andrews	97553eec86	grammar	2014-05-15 14:44:43 +10:00
Mark Andrews	0af902c0df	white space	2014-05-15 14:30:31 +10:00
Mark Andrews	2d0bc1e0f3	+domain was out of order	2014-05-15 14:26:57 +10:00
Tinderbox User	8e16b30787	regen master	2014-05-15 03:57:31 +00:00
Mark Andrews	9c36846e41	3849. [doc] Alphabetized dig's +options. [RT #35992 ]	2014-05-15 13:38:10 +10:00
Mark Andrews	71e9639c1d	ignore dig-symtbl.c, host-symtbl.c and nslookup-symtbl.c	2014-05-15 12:12:50 +10:00
Mark Andrews	a14fe85229	3848. [bug] Adjust 'statistics-channels specified but not effective' error message to account for JSON support. [RT #36008]	2014-05-15 11:12:05 +10:00
Mark Andrews	69530009f1	use portable awk	2014-05-15 00:34:17 +10:00
Tinderbox User	297342940e	regen master	2014-05-14 01:05:10 +00:00
Mark Andrews	05816676bb	3846. [bug] "dig +notcp ixfr=<serial>" should result in a UDP ixfr query. [RT #35980]	2014-05-14 09:59:02 +10:00
Francis Dupont	761f60fc35	use vcredist_x64.exe for 64 bit Windows [#35973 ]	2014-05-13 12:31:50 +02:00
Mark Andrews	2c172a42b3	3842. [bug] Adjust RRL log-only logging category. [RT #35945 ]	2014-05-11 10:59:42 +10:00
Mark Andrews	733898cffe	use sub second sleeps for prefetch disabled test	2014-05-09 15:00:36 +10:00
Mark Andrews	151759e7b7	address suspected race in system test for 'named -L'	2014-05-08 11:10:04 +10:00
Tinderbox User	c381ccf794	update copyright notice	2014-05-07 23:45:21 +00:00
Evan Hunt	60988462e5	[master] use posix-compatible shell in system tests 3839. [test] Use only posix-compatible shell in system tests. [RT #35625]	2014-05-06 22:06:04 -07:00
Mark Andrews	215f02a137	remove resource leak	2014-05-06 20:51:33 +10:00
Mark Andrews	b36fc8294e	3837. [security] A NULL pointer is passed to query_prefetch resulting a REQUIRE assertion failure when a fetch is actually initiated. [ RT #35899] Squashed commit of the following: commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00 Author: Mukund Sivaraman <muks@isc.org> Date: Sun May 4 22:34:34 2014 +0530 Fix a comment commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03 Author: Mark Andrews <marka@isc.org> Date: Sun May 4 23:34:25 2014 +1000 pass the correct name to query_prefetch	2014-05-05 10:12:12 +10:00
Evan Hunt	c0c4512020	[master] fixed geoip elements in named ACLs 3835. [bug] Geoip ACL elements didn't work correctly when referenced via named or nested ACLs. [RT #35879]	2014-04-30 20:21:56 -07:00
Mark Andrews	f09f1bf18e	fix filter-aaaa system test to work when crypto is disabled	2014-05-01 12:28:50 +10:00
Mark Andrews	5b56f2e3cc	zero pad date and month fields	2014-05-01 11:41:32 +10:00
Mark Andrews	c2abd6efeb	update copyrights	2014-05-01 10:00:00 +10:00
Mark Andrews	96f07724d6	use SKIPPED exit code (255)	2014-05-01 00:33:11 +10:00
Mark Andrews	23c7871cc7	don't read past end of command line argument	2014-04-30 16:09:16 +10:00
Mark Andrews	b75c645026	have +[no]ttl as a alias for +[no]ttlid	2014-04-30 16:05:18 +10:00
Mark Andrews	3057498bda	add missing default action for +[no]ttl*	2014-04-30 15:59:15 +10:00
Mark Andrews	0172c9fc2c	use +nottlid	2014-04-30 15:53:37 +10:00
Mark Andrews	87344c2cb3	2833. [bug] Cross compiling was broken due to calling genrandom at build time. [RT #35869]	2014-04-30 11:39:43 +10:00
Tinderbox User	e68c527dff	regen master	2014-04-30 01:05:11 +00:00
Evan Hunt	44613d4d86	[master] named -L option for default logfile 3832. [func] "named -L <filename>" causes named to send log messages to the specified file by default instead of to the system log. (Thanks to Tony Finch.) [RT #35845]	2014-04-29 17:17:03 -07:00
Evan Hunt	0dc0b029e9	[master] log query errors at info when query logging is on 3830. [func] When query logging is enabled, log query errors at the same level ('info') as the queries themselves. [RT #35844]	2014-04-29 17:04:21 -07:00
Evan Hunt	cd750f6e74	[master] dig +ttlunits 3829. [func] "dig +ttlunits" causes dig to print TTL values with time-unit suffixes: w, d, h, m, s for weeks, days, hours, minutes, and seconds. (Thanks to Tony Finch.) [RT #35823]	2014-04-29 16:58:36 -07:00
Tinderbox User	f6ea2b1d09	update copyright notice	2014-04-29 23:45:21 +00:00
Evan Hunt	b4ba66ba1e	[master] "dnssec-signzone -N date" 3827. [func] "dnssec-signzone -N date" updates serial number to the current date in YYYYMMDDNN format. [RT #35800]	2014-04-29 16:29:20 -07:00
Mark Andrews	e54767a3c9	change exit code	2014-04-29 22:57:15 +10:00
Mark Andrews	db3f8d175d	silence compiler warnings; style	2014-04-29 21:11:14 +10:00
Mark Andrews	1a158ef6ee	fix testsock6.pl (cherry picked from commit `660195a82c`)	2014-04-29 19:15:55 +10:00
Evan Hunt	54267016bc	[master] add geoip and filter-aaaa to SUBDIRS	2014-04-28 22:41:13 -07:00
Mark Andrews	52c5b74c27	improve error handling in sig_fromfile	2014-04-29 14:41:25 +10:00
Mark Andrews	76884179fd	3823. [func] Log the rpz cname target when rewriting. [RT #35667 ]	2014-04-28 15:18:53 +10:00
Tinderbox User	2d50cce72e	update copyright notice	2014-04-26 23:45:20 +00:00
Evan Hunt	eb1a7730f0	[master] log static-stub correctly when removing 3822. [bug] Log the correct type of static-stub zones when removing them. [RT #35842]	2014-04-26 10:16:37 -07:00
Mark Andrews	4aaaaadeae	silence warnings	2014-04-26 23:42:37 +10:00
Mark Andrews	f4f70bf596	address 'version' reference leak	2014-04-26 23:30:53 +10:00
Tinderbox User	06081a0d61	update copyright notice	2014-04-25 23:45:21 +00:00
Evan Hunt	aefb3e308b	[master] better DDNS in DLZ; mysqldyn 3821. [contrib] Added a new "mysqldyn" DLZ module with dynamic update and transaction support. Thanks to Marty Lee for the contribution. [RT #35656] 3820. [func] The DLZ API doesn't pass the database version to the lookup() function; this can cause DLZ modules that allow dynamic updates to mishandle prerequisite checks. This has been corrected by adding a 'dbversion' field to the dns_clientinfo_t structure. [RT #35656]	2014-04-25 13:06:30 -07:00
Tinderbox User	37f7c4c673	update copyright notice	2014-04-24 23:45:21 +00:00
Mark Andrews	44c6deacdd	additional changes for: 3818. [bug] Stop lying to the optimizer that 'void *arg' is a constant in isc_event_allocate.	2014-04-24 18:59:01 +10:00
Mark Andrews	36e5ac0033	3819. [bug] NSEC3 hashes need to be able to be entered and displayed without padding. This is not a issue for currently defined algorithms but may be for future hash algorithms. [RT #27925]	2014-04-24 18:58:03 +10:00
Mark Andrews	b57445a84b	fix rename	2014-04-24 09:40:49 +10:00
Tinderbox User	e108f2ec64	regen master	2014-04-23 18:28:07 +00:00
Evan Hunt	2ae159b376	[master] globally rename "delve" to "delv" 3817. [func] The "delve" command is now spelled "delv" to avoid a namespace collision with the Xapian project. [RT #35801]	2014-04-23 11:14:12 -07:00
Tinderbox User	953189d30e	update copyright notice	2014-04-22 23:45:19 +00:00
Evan Hunt	1a9932dde1	[master] dig +qr now shows query size 3816. [func] "dig +qr" now reports query size. (Thanks to Tony Finch.) [RT #35822]	2014-04-22 12:38:53 -07:00
Tinderbox User	f39512a917	regen master	2014-04-20 01:05:19 +00:00
Evan Hunt	5978df387c	[master] additional nsupdate doc fix	2014-04-18 18:26:07 -07:00
Evan Hunt	627a9ceb63	[master] fix tags	2014-04-18 18:23:37 -07:00
Evan Hunt	1f73b46904	[master] clarify nsupdate -y 3815. [doc] Clarify "nsupdate -y" usage in man page. [RT #35808]	2014-04-18 15:08:23 -07:00
Evan Hunt	58e291cb8d	[master] setup tsig in dig/host/nslookup (Change #3813 had broken some system tests.)	2014-04-18 07:27:50 -07:00
Evan Hunt	ec3b216506	[master] masterfile-style 3814. [func] The "masterfile-style" zone option controls the formatting of dumped zone files. Options are "relative" (multiline format) and "full" (one record per line). The default is "relative". [RT #20798]	2014-04-17 17:10:29 -07:00
Evan Hunt	4e7973990c	[master] host recognizes /etc/resolv.conf options 3813. [func] "host" now recognizes the "timeout", "attempts" and "debug" options when set in /etc/resolv.conf. (Thanks to Adam Tkac at RedHat.) [RT #21885]	2014-04-17 17:04:51 -07:00
Mark Andrews	e560fbdf77	3812. [func] Dig now supports sending arbitary EDNS options from the command line (+ednsopt=code[:value]). [RT #35584]	2014-04-18 09:52:12 +10:00
Evan Hunt	7318bbc262	[master] serial-update-method date; 3811. [func] "serial-update-method date;" sets serial number on dynamic update to today's date in YYYYMMDDNN format. (Thanks to Bradley Forschinger.) [RT #24903]	2014-04-17 16:05:50 -07:00
Francis Dupont	7c7c2fa688	OpenSSL 1.0.1f -> 1.0.1g	2014-04-14 14:50:06 +02:00
Tinderbox User	a7051299c6	update copyright notice	2014-04-10 23:46:10 +00:00
Evan Hunt	92fe6db3e4	[master] use test -r in system tests 3806. [test] Improved system test portability. [RT #35625]	2014-04-09 20:29:52 -07:00
Tinderbox User	914ed533b8	regen master	2014-04-10 01:05:11 +00:00
Evan Hunt	540daf2887	[master] missing manpage install rule for dnssec-importkey	2014-04-09 17:17:25 -07:00
Evan Hunt	baad8d9fd8	[master] allow null "file" for DLZ or alternate db zones 3803. [bug] "named-checkconf -z" incorrectly rejected zones using alternate data sources for not having a "file" option. [RT #35685]	2014-04-07 13:29:56 -07:00
Mark Andrews	5b60bde47b	use perl	2014-04-07 21:53:47 +10:00
Mark Andrews	a4941d6b5e	update check the correct resigning time is reported in zonestatus test to be more portable	2014-04-07 11:50:50 +10:00
Evan Hunt	7ef5dc87b6	[master] detach route socket when shutting down 3800. [bug] A pending event on the route socket could cause an assertion failure when shutting down named. [RT #35674]	2014-04-03 19:48:29 -07:00
Evan Hunt	44fbdddcad	[master] improve command line error reporting 3799. [bug] Improve named's command line error reporting. [RT #35603]	2014-04-03 19:34:48 -07:00
Mark Andrews	0dfd942409	3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing time. [RT #35659]	2014-04-04 11:33:49 +11:00
Mark Andrews	a3799a38e7	#include <pk11/result.h>	2014-04-01 12:47:31 +11:00
Mark Andrews	e6ff1b5127	#include <dns/result.h>	2014-04-01 12:27:59 +11:00
Mark Andrews	51e6164fd6	3796. [bug] Register dns and pkcs#11 error codes. [RT #35629 ]	2014-03-31 15:38:36 +11:00
Tinderbox User	180d8b0eec	update copyright notice	2014-03-30 23:46:03 +00:00
Mukund Sivaraman	ef9334d745	3795. [bug] Make named-checkconf detect raw masterfiles for hint zones and reject them. [RT #35268] Squashed commit of the following: commit 5b0254711d6b77940d6217b9131b9d401df8a866 Author: Mukund Sivaraman <muks@isc.org> Date: Fri Mar 28 02:09:01 2014 +0530 Remove redundant helper function commit a4341c1a2ba830c8cee1def57a533f987f67c3dc Author: Mark Andrews <marka@isc.org> Date: Thu Jan 30 10:08:17 2014 +1100 error out if masterfile-format raw is specified for a hint zone.	2014-03-31 04:55:37 +05:30
Jeremy C. Reed	35094302da	have the install target also do installdirs as other tool's makefiles do. Okayed by each via jabber.	2014-03-28 13:04:02 -05:00
Mark Andrews	c73a7e127f	3792. [func] Provide links to the alternate statistics views when displaying in a browser. [RT #35605] Squashed commit of the following: commit 7ac73b584aa6e026a1deb124257d3a2ed1fc64cc Author: Evan Hunt <each@isc.org> Date: Mon Mar 24 21:47:28 2014 -0700 [rt35605] tweak commit b18bccc570803293f819c04f324f91b446a67756 Author: Mark Andrews <marka@isc.org> Date: Tue Mar 25 14:20:07 2014 +1100 provide links to alternate statistic views	2014-03-25 15:56:40 +11:00
Mark Andrews	09ab38c151	3790. [bug] Handle broken nameservers that send BADVERS in response to unknown EDNS options. Maintain statistics on BADVERS responses.	2014-03-20 05:00:55 +11:00
Mark Andrews	9e9d5e2548	check return value of convert_name	2014-03-16 11:21:32 +11:00
Mark Andrews	9f1959f0a7	silence signed/unsigned comparision warning	2014-03-16 11:14:26 +11:00
Evan Hunt	a7742a8885	[master] silence win64 build warning	2014-03-13 13:30:26 -07:00
Tinderbox User	ec899c963c	regen master	2014-03-13 06:24:13 +00:00
Evan Hunt	22e29471c7	[master] check allow-update in view/options 3787. [bug] The code that checks whether "auto-dnssec" is allowed was ignoring "allow-update" ACLs set at the options or view level. [RT #29536]	2014-03-12 21:36:01 -07:00
Mark Andrews	6f49db82ab	calling $TSIGKEYGEN doesn't work with libtool.	2014-03-13 15:11:46 +11:00
Evan Hunt	acbb301e64	[master] better error output when initializing pkcs11 3786. [func] Provide more detailed error codes when using native PKCS#11. "pkcs11-tokens" now fails robustly rather than asserting when run against an HSM with an incomplete PCKS#11 API implementation. [RT #35479]	2014-03-12 20:52:01 -07:00
Evan Hunt	e9a9bb6b14	[master] balance tag	2014-03-12 18:08:05 -07:00
Tinderbox User	0add14467b	update copyright notice	2014-03-12 23:46:05 +00:00
Evan Hunt	89740699cd	[master] fixed 'fixed' 3784. [bug] Using "rrset-order fixed" when it had not been enabled at compile time caused inconsistent results. It now works as documented, defaulting to cyclic mode. [RT #28104]	2014-03-12 08:45:44 -07:00
Evan Hunt	46bc64f4b1	[master] tsig-keygen 3783. [func] "tsig-keygen" is now available as an alternate command name for "ddns-confgen". It generates a TSIG key in named.conf format without comments. [RT #35503]	2014-03-12 08:29:15 -07:00
Mark Andrews	ca7aeeab71	make constant unsigned	2014-03-12 14:04:29 +11:00
Mark Andrews	bab2bf7dfd	expr length arg is not portable	2014-03-12 13:59:41 +11:00
Mark Andrews	f5375b1b8e	check isc_hex_totext result	2014-03-12 12:58:09 +11:00
Tinderbox User	3c7b4ac451	regen master	2014-03-12 01:05:39 +00:00
Evan Hunt	62258ada48	[master] auto-generate salt 3781. [func] Specifying "auto" as the salt when using "rndc signing -nsec3param" causes named to generate a 64-bit salt at random. [RT #35322]	2014-03-11 08:46:58 -07:00
Evan Hunt	7b46a4aa41	[master] fix negative numbers in $GENERATE 3780. [bug] $GENERATE handled negative numbers incorrectly. [RT #25528]	2014-03-10 11:55:32 -07:00
Tinderbox User	4b1a933811	update copyright notice	2014-03-07 23:47:09 +00:00
Evan Hunt	78f79084fc	[master] warn when wrong address family used in listen-on/-v6 3778. [bug] Log a warning when the wrong address family is used in "listen-on" or "listen-on-v6". [RT #17848]	2014-03-07 11:31:51 -08:00
Evan Hunt	e29c2b3903	[master] fix misuses of isc__buffer functions, update comment	2014-03-06 17:26:21 -08:00
Tinderbox User	e9c7fe450e	update copyright notice	2014-03-06 23:46:08 +00:00
Evan Hunt	741dfd3ccd	[master] tests directory cleanup	2014-03-06 11:11:27 -08:00
Evan Hunt	a2fd1de97d	[master] fix DLZ coredump 3777. [bug] EDNS EXPIRE code could dump core when processing DLZ queries. [RT #35493]	2014-03-06 11:06:30 -08:00
Tinderbox User	0f52ea95d8	regen master	2014-03-06 01:05:38 +00:00
Evan Hunt	431859b442	[master] typo	2014-03-04 21:46:21 -08:00
Tinderbox User	d3ddafd746	regen master	2014-03-05 01:06:28 +00:00
Tinderbox User	cc2a515684	update copyright notice	2014-03-04 23:46:15 +00:00
Evan Hunt	b454c03196	[master] use ANSI prototypes, clean up some casts	2014-03-04 10:42:25 -08:00
Evan Hunt	e7c0d42b11	[master] rndc -q 3776. [bug] "rndc -q" suppresses output from successful rndc commands. Errors are printed on stderr. [RT #21393]	2014-03-04 09:49:57 -08:00
Evan Hunt	7d769b7ba7	[master] don't use keyname from command line if using -S	2014-03-04 09:07:26 -08:00
Evan Hunt	d51456e453	[master] fix API mismatch bug in DLZ 3775. [bug] dlz_dlopen driver could return the wrong error code on API version mismatch, leading to a segfault. [RT #35495]	2014-03-04 08:58:40 -08:00
Tinderbox User	b46346eb30	regen master	2014-03-04 01:05:04 +00:00
Tinderbox User	1599ac12be	update copyright notice	2014-03-03 23:47:11 +00:00
Evan Hunt	9f5222620c	[master] revert the "version" interactive command from nslookup	2014-03-03 10:05:55 -08:00
Evan Hunt	f4ada59b35	[master] don't use strncasecmp for command line option	2014-03-03 09:31:41 -08:00
Evan Hunt	67d01dcacb	[master] add "version" options to host/nslookup/nsupdate 3773. [func] "host", "nslookup" and "nsupdate" now have options and commands to print the version number. [RT #26057]	2014-03-03 09:08:04 -08:00
Tinderbox User	74ae031d9d	regen master	2014-03-02 01:05:20 +00:00
Evan Hunt	262fea6637	[master] fix log level for built in keys 3771. [cleanup] Adjusted log level for "using built-in key" messages. [RT #24383]	2014-03-01 15:51:21 -08:00
Tinderbox User	8ab8cd1fa6	update copyright notice	2014-03-01 23:46:15 +00:00
Evan Hunt	084ba95b08	[master] dig +trace could fail when retrying with TCP 3770. [bug] "dig +trace" could fail with an assertion when it needed to fall back to TCP due to a truncated response. [RT #24660]	2014-03-01 15:32:25 -08:00
Evan Hunt	ec88c1fdff	[master] capture stderr in systests.output - also tidied up runall.sh summary output	2014-02-28 21:59:28 -08:00
Evan Hunt	3ef4b7383a	[master] improved doc for "rndc signing -list" 3769. [doc] Improved documentation of "rndc signing -list". [RT #30652]	2014-02-28 21:29:19 -08:00
Evan Hunt	72aa3b2a4e	[master] add sha-384 to dnssec-checkds 3768. [bug] "dnssec-checkds" was missing the SHA-384 digest algorithm. [RT #34000]	2014-02-28 21:09:24 -08:00
Tinderbox User	e23798e2ab	update copyright notice	2014-02-28 23:46:19 +00:00
Evan Hunt	368aedf188	[master] log when using rndc.key 3767. [func] Log explicitly when using rndc.key to configure command channel. [RT #35316]	2014-02-27 17:55:04 -08:00
Tinderbox User	794b79e6bb	regen master	2014-02-28 01:07:06 +00:00
Evan Hunt	a60bf97f9f	[master] dnssec-keyfromlabel -S and -i 3764. [bug] The dnssec-keygen/settime -S and -i options (to set up a successor key and set the prepublication interval) were missing from dnssec-keyfromlabel. [RT #35394]	2014-02-27 16:25:32 -08:00
Tinderbox User	938440694b	update copyright notice	2014-02-27 23:46:22 +00:00
Evan Hunt	f79ee00c69	[master] use cache in delve 3763. [bug] delve: Cache DNSSEC records to avoid the need to re-fetch them when restarting validation. [RT #35476]	2014-02-27 14:49:01 -08:00
Evan Hunt	1753d3c4d7	[master] correct dates in man pages	2014-02-27 11:43:10 -08:00
Evan Hunt	98922b2b2b	[master] merge several interdependent fixes 3760. [bug] Improve SIT with native PKCS#11 and on Windows. [RT #35433] 3759. [port] Enable delve on Windows. [RT #35441] 3758. [port] Enable export library APIs on windows. [RT #35382]	2014-02-26 19:00:05 -08:00
Mark Andrews	95c3a5e116	merge copyrights	2014-02-27 13:21:27 +11:00
Evan Hunt	061f61dd3b	[master] add files omitted from coverage test	2014-02-26 08:54:21 -08:00
Evan Hunt	3a01ded15d	[master] enable windows python tools 3757. [port] Enable Python tools (dnssec-coverage, dnssec-checkds) to run on Windows. [RT #34355]	2014-02-26 08:43:50 -08:00
Mark Andrews	79bd3cf027	we only use 32 octets	2014-02-26 15:54:23 +11:00
Mark Andrews	ed70f92dd0	use ISC_PLATFORM_USESIT	2014-02-24 09:54:04 +11:00
Mark Andrews	6b8c78d6ab	delve: -p was not affecting servers lernt from resolv.conf	2014-02-24 09:38:28 +11:00
Mark Andrews	9e39bafd2e	adjust SIT computation	2014-02-24 09:29:49 +11:00
Mark Andrews	02a5e3ed85	3755. [func] Add stats counters for known EDNS options + others. [RT #35447]	2014-02-24 09:24:25 +11:00
Mark Andrews	c48c691c4f	check for zone being NULL	2014-02-24 08:52:15 +11:00
Mark Andrews	6d7aa71f2f	encrypt nonce and time	2014-02-24 07:16:00 +11:00
Francis Dupont	35bcef6631	fixed ENABLE_LTR typos	2014-02-23 09:37:32 +01:00
Mark Andrews	cc00679829	wait for zone to transfer	2014-02-23 14:06:15 +11:00
Mark Andrews	89b23dc57e	silence compiler warning	2014-02-23 11:44:12 +11:00
Tinderbox User	892503bd48	regen master	2014-02-21 17:38:07 +00:00
Evan Hunt	f0f3f595b1	[master] delve man page improvements	2014-02-21 08:33:17 -08:00
Evan Hunt	999926955b	[master] fix test error	2014-02-21 08:05:40 -08:00
Evan Hunt	6ce1aa1902	[master] tag mismatch	2014-02-20 20:59:24 -08:00
Evan Hunt	2059d7950b	[master] missing man pages, named-rrchecker had wrong name	2014-02-20 20:46:25 -08:00
Tinderbox User	20a96edbf9	update copyright notice	2014-02-20 23:46:35 +00:00
Tinderbox User	0e1dece22e	regen master	2014-02-20 19:19:27 +00:00
Evan Hunt	bce9696c7a	[master] fix win32 installer 3754. [cleanup] win32: Installer now places files in the Program Files area rather than system services. [RT #35361]	2014-02-20 10:11:06 -08:00
Mark Andrews	80b37f909a	increment dns_nsstatscounter_recursclients when prefetching	2014-02-21 01:40:54 +11:00
Mark Andrews	caac342072	add @ISC_OPENSSL_LIBS@	2014-02-21 00:35:22 +11:00
Mark Andrews	c62ead1ae7	check the result of dns_zone_getdb call	2014-02-20 20:33:46 +11:00
Evan Hunt	5b7dbbf172	[master] silence win64 warnings	2014-02-19 22:58:09 -08:00
Mark Andrews	47cb20eae1	add EDNS EXPIRE processing on ixfr and axfr out	2014-02-20 17:51:31 +11:00
Evan Hunt	83eecff731	[master] adjust default -U 3751. [tuning] The default setting for the -U option (setting the number of UDP listeners per interface) has been adjusted to improve performance. [RT #35417]	2014-02-19 21:54:43 -08:00
Evan Hunt	9576baafc0	[master] assert if sitok/sitbad are insane	2014-02-19 21:26:31 -08:00
Mark Andrews	f0c00f10a0	report if sit is good/bad	2014-02-20 15:55:09 +11:00
Mark Andrews	16134801ce	3750. [experimental] Partially implement EDNS EXPIRE option as described in draft-andrews-dnsext-expire-00. Retrivial of remaining time to expiry from slave zones is supported. EXPIRE uses an experimental option code (65002) and is subject to change. [RT #35416]	2014-02-20 14:56:20 +11:00
Mark Andrews	801b958a5c	s/DNS_EDNSOPTIONS/DNS_EDNSOPTIONS/	2014-02-20 14:00:54 +11:00
Mark Andrews	72ba6ba736	define DNS_OPT_EDNSOPTIONS	2014-02-20 13:55:21 +11:00
Mark Andrews	86a85a3bbd	don't error on rpz percentage checks as they fail inconsistently on virtual machines	2014-02-20 12:22:14 +11:00
Evan Hunt	2af7d81efd	[master] unbalanced tag	2014-02-19 17:15:51 -08:00
Mark Andrews	e676a59686	update copyrights	2014-02-20 10:53:11 +11:00
Evan Hunt	d7b9756a21	[master] ENDS client-subnet in dig 3749. [func] "dig +subnet" sends an EDNS client subnet option containing the specified address/prefix when querying. (Thanks to Wilmer van der Gaast.) [RT #35415]	2014-02-19 15:51:02 -08:00
Tinderbox User	1361e03890	update copyright notice	2014-02-19 23:46:31 +00:00
Francis Dupont	f1a6c8e78c	WIN32 master fixes	2014-02-19 23:17:52 +01:00
Mark Andrews	e0c6a3944d	silence Function returns no value	2014-02-20 00:27:36 +11:00
Mark Andrews	ab830e68aa	silence unreachable statement by adding #if/#endif	2014-02-20 00:24:56 +11:00
Mark Andrews	f45c36fb19	add client cookie in hmacsha*	2014-02-19 20:19:36 +11:00
Mark Andrews	7e2e41df67	3748. [func] Use delve to test dns_client interfaces. [RT #35383 ]	2014-02-19 19:33:21 +11:00
Evan Hunt	35f6a21f5f	[master] max-zone-ttl 3746. [func] New "max-zone-ttl" option enforces maximum TTLs for zones. If loading a zone containing a higher TTL, the load fails. DDNS updates with higher TTLs are accepted but the TTL is truncated. (Note: Currently supported for master zones only; inline-signing slaves will be added.) [RT #38405]	2014-02-18 23:26:50 -08:00
Evan Hunt	6a3fa181d1	[master] add "--with-tuning=large" option 3745. [func] "configure --with-tuning=large" adjusts various compiled-in constants and default settings to values suited to large servers with abundant memory. [RT #29538]	2014-02-18 22:36:14 -08:00
Mark Andrews	b5f6271f4d	3744. [experimental] SIT: send and process Source Identity Tokens (which are similar to DNS Cookies by Donald Eastlake) and are designed to help clients detect off path spoofed responses and for servers to detect legitimate clients. SIT use a experimental EDNS option code (65001). SIT can be enabled via --enable-developer or --enable-sit. It is on by default in Windows. RRL processing as been updated to know about SIT with legitimate clients not being rate limited. [RT #35389]	2014-02-19 12:53:42 +11:00
Mark Andrews	43c1433ef2	add attributes to fatal, warn and delve_log	2014-02-19 07:25:29 +11:00
Mark Andrews	657f0f11ac	use return rather than exit	2014-02-19 07:15:27 +11:00
Evan Hunt	9201e2b2f2	[master] remove extra isc_buffer_init	2014-02-17 18:21:37 -08:00
Tinderbox User	3fd910dec5	update copyright notice	2014-02-17 23:46:29 +00:00
Mark Andrews	38eabfcee7	3743. [bug] delegation-only flag wasn't working in forward zone declarations despite being documented. This is needed to support turning off forwarding and turning on delegation only at the same name. [RT #35392]	2014-02-18 10:09:07 +11:00
Evan Hunt	5efcb3a3e2	[master] fix test errors - require 5.006_001 - cut off the least significant figures of rrsig dates before comparison to avoid integer overflow	2014-02-17 08:40:02 -08:00
Mark Andrews	846cb7015b	unchecked isc_mem_get calls; fix loop over getaddrinfo results	2014-02-18 02:07:37 +11:00
Mark Andrews	0e8cfb69d1	a4 and a6 were being referenced out of scope	2014-02-18 01:53:21 +11:00
Mark Andrews	5114325978	3742. [port] linux: libcap support: curval was used before it was declared. [RT #35387]	2014-02-18 00:27:15 +11:00
Evan Hunt	e6b626cc7a	[master] include <isc/string.h>	2014-02-16 16:30:47 -08:00
Tinderbox User	72141595cf	update copyright notice	2014-02-16 23:46:32 +00:00
Mark Andrews	d8f5f53a03	add #include <isc/print.h>	2014-02-17 09:19:25 +11:00
Evan Hunt	7ba88e2a95	[master] fix dnssec test errors	2014-02-16 14:14:56 -08:00
Evan Hunt	72fd845d5a	[master] remove accidentally committed changes	2014-02-16 13:59:19 -08:00
Evan Hunt	792915beb0	[master] fix accidental dig breakage	2014-02-16 13:42:42 -08:00
Evan Hunt	cd38c8c1bb	[master] fixed mistake with delve +short	2014-02-16 13:25:53 -08:00
Evan Hunt	b412cb5334	[master] include <signal.h> not <sys/signal.h>	2014-02-16 13:11:26 -08:00
Evan Hunt	1d761cb453	[master] delve 3741. [func] "delve" (domain entity lookup and validation engine): A new tool with dig-like semantics for performing DNS lookups, with internal DNSSEC validation, using the same resolver and validator logic as named. This allows easy validation of DNSSEC data in environments with untrustworthy resolvers, and assists with troubleshooting of DNSSEC problems. (Note: not yet available on win32.) [RT #32406]	2014-02-16 13:03:17 -08:00
Evan Hunt	31f6244cc2	[master] tcp and udp stats counters 3739. [func] Added per-zone stats counters to track TCP and UDP queries. [RT #35375]	2014-02-15 20:57:00 -08:00
Francis Dupont	fb3ecd89ca	retries -> split in could not parse	2014-02-16 02:08:55 +01:00
Francis Dupont	a3a74b30b3	spurious space	2014-02-16 02:07:33 +01:00
Mark Andrews	2729aea3c1	3738. [bug] --enable-openssl-hash failed to build. [RT #35343 ]	2014-02-13 15:09:08 +11:00
Tinderbox User	665a24faf6	regen master	2014-02-13 01:05:15 +00:00
Tinderbox User	1124950b35	update copyright notice	2014-02-12 23:46:27 +00:00
Mark Andrews	5deedd7057	use unsigned constants	2014-02-13 07:48:44 +11:00
Evan Hunt	79a1c7502d	[master] typos in dig man page	2014-02-12 10:32:20 -08:00
Evan Hunt	842a3e6d0e	[master] try multiple addresses per server name in nsupdate 3736. [bug] nsupdate: When specifying a server by name, fall back to alternate addresses if the first address for that name is not reachable. [RT #25784]	2014-02-11 21:29:10 -08:00
Evan Hunt	dbb012765c	[master] merge libiscpk11 to libisc 3735. [cleanup] Merged the libiscpk11 library into libisc to simplify dependencies. [RT #35205]	2014-02-11 21:20:28 -08:00
Mark Andrews	6b66ee9147	define and use BACKTRACECFLAGS	2014-02-12 09:07:54 +11:00
Tinderbox User	6874b16e4a	update copyright notice	2014-02-10 23:46:26 +00:00
Mark Andrews	d7729155df	3734. [bug] Improve building with libtool. [RT #35314 ]	2014-02-10 15:01:06 +11:00
Mark Andrews	850b5e8093	Add Linux support to: 3733. [func] Improve interface scanning support. Interface information will be automatically updated if the OS supports routing sockets (MacOS, *BSD, Linux). Use "automatic-interface-scan no;" to disable. Add "rndc scan" to trigger a scan. [RT #23027]	2014-02-10 09:46:54 +11:00
Tinderbox User	f2016fcecf	regen master	2014-02-08 01:05:40 +00:00
Tinderbox User	81f58902eb	update copyright notice	2014-02-07 23:46:39 +00:00
Mark Andrews	fc9c44a8b0	move unreachable code inside #ifdef block	2014-02-08 09:49:03 +11:00
Mark Andrews	2870ee1fe5	use exit 255	2014-02-08 09:43:16 +11:00
Mark Andrews	404d7c966c	fix typo in comment	2014-02-08 09:37:32 +11:00
Mark Andrews	62ec9fd168	3733. [func] Improve interface scanning support. Interface information will be automatically updated if the OS supports routing sockets. Use "automatic-interface-scan no;" to disable. Add "rndc scan" to trigger a scan. [RT #23027]	2014-02-07 17:16:37 +11:00
Mark Andrews	0584ab7e9c	#include <isc/util.h>	2014-02-07 16:46:11 +11:00
Evan Hunt	7983f6f77a	[master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2014-02-06 19:41:48 -08:00
Evan Hunt	166341d554	[master] add no-case-compress 3731. [func] Added a "no-case-compress" ACL, which causes named to use case-insensitive compression (disabling change #3645) for specified clients. (This is useful when dealing with broken client implementations that use case-sensitive name comparisons, rejecting responses that fail to match the capitalization of the query that was sent.) [RT #35300]	2014-02-06 19:37:26 -08:00
Tinderbox User	bbbf2e27d3	regen master	2014-02-07 02:03:45 +00:00
Mark Andrews	11d8c966ea	fix closing tag	2014-02-07 12:26:16 +11:00
Mark Andrews	a928b54fa9	silence unused parameter	2014-02-07 11:47:32 +11:00
Evan Hunt	dd19c1a352	[master] report T_SKIPPED from t_dst	2014-02-06 16:21:38 -08:00
Evan Hunt	a165a17a81	[master] dnssec-keygen fixes 3730. [cleanup] Added "never" as a synonym for "none" when configuring key event dates in the dnssec tools. [RT #35277] 3729. [bug] dnssec-kegeyn could set the publication date incorrectly when only the activation date was specified on the command line. [RT #35278]	2014-02-06 15:59:14 -08:00
Tinderbox User	7fa75f8e0e	update copyright notice	2014-02-06 23:46:25 +00:00
Evan Hunt	08c67b5b7a	[master] improved native-pkcs11 doc 3728. [doc] Expanded native-PKCS#11 documentation, specifically pkcs11: URI labels. [RT #35287]	2014-02-06 15:40:00 -08:00
Evan Hunt	62cce60a15	[master] better error message when exceeding RPZ zone limit 3726. [cleanup] Clarified the error message when attempting to configure more than 32 response-policy zones. [RT #35283]	2014-02-06 15:26:54 -08:00
Tinderbox User	0666e6db54	update copyright notice	2014-01-31 23:46:22 +00:00
Evan Hunt	48def18179	[master] silence coverity warnings - remove dead code in server.c - initialize a struct tm.c	2014-01-31 09:34:37 -08:00
Evan Hunt	d0803df331	[master] fixed geoip in blackhole ACLs 3722. [bug] Using geoip ACLs in a blackhole statement could cause a segfault. [RT #35272]	2014-01-30 17:03:32 -08:00
Tinderbox User	4734976943	update copyright notice	2014-01-30 23:46:20 +00:00
Tinderbox User	04b5785fde	update copyright notice	2014-01-29 23:46:19 +00:00
Mark Andrews	63add83a26	3720. [bug] Address compiler warnings. [RT #35261 ]	2014-01-30 10:33:28 +11:00
Mark Andrews	75d747e1c5	3719. [bug] Address memory leak in in peer.c. [RT #35255 ]	2014-01-30 07:54:52 +11:00
Mark Andrews	61932ed917	copyright cleanups	2014-01-29 14:05:46 +11:00
Tinderbox User	88cffc09ae	regen master	2014-01-25 01:04:57 +00:00
Tinderbox User	85167bb10f	update copyright notice	2014-01-24 23:46:22 +00:00
Evan Hunt	bff64bf12b	[master] correct copyrights and attributions see RT #35423 for details; highlights: - remove license clauses 3 and 4 from NetBSD code - remove advertising clause from historical BSD code - add openssl advertising attributions	2014-01-24 09:46:00 -08:00
Tinderbox User	fbe600459d	update copyright notice	2014-01-23 23:46:17 +00:00
Evan Hunt	83f69fcd6e	[master] fix a problem with libgeoip 1.5 and higher 3715. [bug] The region and city databases could fail to initialize when using some versions of libGeoIP, causing assertion failures when named was configured to use them. [RT #35427]	2014-01-23 12:46:02 -08:00
Mark Andrews	db519a99ce	remove src files not available for 'make depend'	2014-01-22 10:49:18 +11:00
Tinderbox User	aa7b16ec2a	update copyright notice	2014-01-21 23:46:16 +00:00
Evan Hunt	d58e33bfab	[master] testcrypto.sh in system tests 3714. [test] System tests that need to test for cryptography support before running can now use a common "testcrypto.sh" script to do so. [RT #35213]	2014-01-20 16:08:09 -08:00
Evan Hunt	e45d0508c3	[master] skip unnecesary also-notify data 3713. [bug] Save memory by not storing "also-notify" addresses in zone objects that are configured not to send notify requests. [RT #35195]	2014-01-20 15:53:51 -08:00
Tinderbox User	dfd5f3b388	update copyright notice	2014-01-18 23:46:13 +00:00
Evan Hunt	12bf5d4796	[master] address several issues with native pkcs11	2014-01-18 11:51:07 -08:00
Tinderbox User	c0682c2367	update copyright notice	2014-01-17 23:46:32 +00:00
Francis Dupont	e02659b241	applied emacs filled-paragraph (ESC-q) to reindent SUBDIRS	2014-01-17 14:14:30 +01:00
Tinderbox User	dd1ce8b524	regen master	2014-01-17 01:05:10 +00:00
Tinderbox User	1633aead67	update copyright notice	2014-01-16 23:46:28 +00:00
Mark Andrews	db8938c993	3710. [bug] Address double dns_zone_detach when switching to using automatic empty zones from regular zones. [RT #35177]	2014-01-17 10:04:16 +11:00
Evan Hunt	5760095601	[master] skip xfer test with Net::DNS 0.73	2014-01-16 09:50:23 -08:00
Evan Hunt	eb94c78be4	[master] atomic test doesn't need libdns	2014-01-16 09:24:44 -08:00
Francis Dupont	6080262ffe	add iscpk11 dep in lwresd system test	2014-01-16 16:06:04 +01:00
Mark Andrews	d1ca4caece	make DST_GSSAPI_INC a macro	2014-01-17 00:50:30 +11:00
Francis Dupont	e2258edfef	libtoolized pkcs11 Makefile.in files	2014-01-16 10:35:24 +01:00
Mark Andrews	e20788e121	update copyrights	2014-01-16 15:19:24 +11:00
Tinderbox User	6ea2385360	regen master	2014-01-16 01:05:38 +00:00
Mark Andrews	75e5062bc5	#include <isc/print.h>	2014-01-15 12:30:50 +11:00
Tinderbox User	bf0266f286	update copyright notice	2014-01-14 23:46:22 +00:00
Evan Hunt	ba751492fc	[master] native PKCS#11 support 3705. [func] "configure --enable-native-pkcs11" enables BIND to use the PKCS#11 API for all cryptographic functions, so that it can drive a hardware service module directly without the need to use a modified OpenSSL as intermediary (so long as the HSM's vendor provides a complete-enough implementation of the PKCS#11 interface). This has been tested successfully with the Thales nShield HSM and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031]	2014-01-14 15:40:56 -08:00
Mark Andrews	07fb9b8330	3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185 ]	2014-01-14 16:12:30 +11:00
Mark Andrews	fef19ce621	fix for pre C99 compiler	2014-01-13 17:07:52 +11:00
Tinderbox User	2cf1d5b098	update copyright notice	2014-01-12 23:46:23 +00:00
Mark Andrews	fb756ba304	3703. [func] Prefetch about to expire records if they are queried for, see prefetch option for details. [RT #35041]	2014-01-12 21:29:15 +11:00
Tinderbox User	9c8c1a0485	regen master	2014-01-12 01:04:54 +00:00
Tinderbox User	f70a10508f	update copyright notice	2014-01-11 23:46:17 +00:00
Evan Hunt	7d2b185f16	[master] new dnssec-coverage options 3702. [func] 'dnssec-coverage -l' option specifies a length of time to check for coverage; events further into the future are ignored. 'dnssec-coverage -z' checks only ZSK events, and 'dnssec-coverage -k' checks only KSK events. (Thanks to Peter Palfrader.) [RT #35168]	2014-01-10 17:53:21 -08:00
Tinderbox User	990d0e893f	regen master	2014-01-11 01:05:06 +00:00
Tinderbox User	7a50e338b5	regen	2014-01-10 20:22:53 +00:00
Mark Andrews	a7c412f37c	update copyrights	2014-01-11 07:07:56 +11:00
Evan Hunt	1bb2f53b9f	[master] fix win32 build problems	2014-01-10 10:58:06 -08:00
Mark Andrews	ff6de396a9	3701. [func] named-checkconf can now suppress the printing of shared secrets by specifying '-x'. [RT #34465]	2014-01-10 16:56:36 +11:00
Evan Hunt	57a46f4b19	[master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2014-01-09 19:05:46 -08:00
Evan Hunt	789252d55f	[master] stats improvements 3700. [func] Allow access to subgroups of XML statistics via special URLs http://<server>:<port>/xml/v3/server, /zones, /net, /tasks, /mem, and /status. [RT #35115] 3699. [bug] Improvements to statistics channel XSL stylesheet: the stylesheet can now be cached by the browser; section headers are omitted from the stats display when there is no data in those sections to be displayed; counters are now right-justified for easier readability. [RT #35117]	2014-01-09 18:46:25 -08:00
Tinderbox User	431a83fb29	update copyright notice	2014-01-09 23:46:35 +00:00
Mark Andrews	d4eb30fa2d	stop spamming system logs	2014-01-09 16:23:40 +11:00
Evan Hunt	080977753e	[master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2014-01-08 18:28:49 -08:00
Tinderbox User	b29285b88f	regen master	2014-01-09 01:05:03 +00:00
Evan Hunt	e851ea8260	[master] replace memcpy() with memmove(). 3698. [cleanup] Replaced all uses of memcpy() with memmove(). [RT #35120]	2014-01-08 16:39:05 -08:00
Tinderbox User	869a7fe8e0	update copyright notice	2014-01-08 23:46:09 +00:00
Evan Hunt	2f0c7f1de7	[master] removed reference to "auto-dnssec create"	2014-01-08 11:33:25 -08:00
Francis Dupont	89bf0dc793	update OpenSSL patches (1.0.0k -> 1.0.0l, 1.0.1e -> 1.0.1f) [#35158 ]	2014-01-07 12:16:35 +01:00
Mark Andrews	d0e3216c21	3697. [bug] Handle "." as a search list element when IDN support is enabled. [RT #35133]	2014-01-06 12:34:28 +11:00
Tinderbox User	e8914b47a2	update copyright notice	2014-01-05 23:46:12 +00:00
Mark Andrews	e9649ece3b	3696. [bug] dig failed to handle AXFR style IXFR responses which span multiple messages. [RT #35137]	2014-01-06 06:22:30 +11:00
Tinderbox User	9c61ab2c99	update copyright notice	2013-12-21 23:46:16 +00:00
Evan Hunt	c14ba71070	[master] warn if key-directory doesn't exist 3694. [bug] Warn when a key-directory is configured for a zone, but does not exist or is not a directory. [RT #35109]	2013-12-20 14:57:03 -08:00
Mark Andrews	fa467e60c5	3693. [security] memcpy was incorrectly called with overlapping ranges resulting in malformed names being generated on some platforms. This could cause INSIST failures when serving NSEC3 signed zones. [RT #35120]	2013-12-20 10:58:32 +11:00
Tinderbox User	7c329be7c0	update copyright notice	2013-12-15 23:46:14 +00:00
Tinderbox User	eade480b33	update copyright notice	2013-12-13 23:46:17 +00:00
Evan Hunt	0606c47750	[master] correct dispatch address/port check 3690. [bug] Iterative responses could be missed when the source port for an upstream query was the same as the listener port (53). [RT #34925]	2013-12-12 22:39:12 -08:00
Evan Hunt	9b895f30f1	[master] fix insecure delegation across static-stub zones 3689. [bug] Fixed a bug causing an insecure delegation from one static-stub zone to another to fail with a broken trust chain. [RT #35081]	2013-12-12 22:19:33 -08:00
Tinderbox User	3f9791eac4	regen master	2013-12-12 01:05:00 +00:00
Tinderbox User	de77dcc2c1	update copyright notice	2013-12-11 23:47:38 +00:00
Evan Hunt	4e1d84a33c	typo	2013-12-11 14:00:07 -08:00
Evan Hunt	0bbe3273a2	[master] dnssec-signzone -Q 3686. [func] "dnssec-signzone -Q" drops signatures from keys that are still published but no longer active. [RT #34990]	2013-12-11 13:25:21 -08:00
Evan Hunt	445a354e63	[master] fix 'rndc refresh' in inline-signing zones 3685. [bug] "rndc refresh" didn't work correctly with slave zones using inline-signing. [RT #35105]	2013-12-11 12:59:04 -08:00
Mark Andrews	99c3e8e09c	cleanup	2013-12-10 09:31:38 +11:00
Mark Andrews	06a0b00bb6	use snprintf; check the result of putstr	2013-12-10 08:55:26 +11:00
Mark Andrews	cc35438d96	install named-rrchecker (cherry picked from commit 918be56b8c4dbc6c993f2aee883fc5cc0a40ee73)	2013-12-09 12:41:08 +11:00
Tinderbox User	79812068ff	update copyright notice	2013-12-06 23:47:28 +00:00
Mark Andrews	7d65cbaca0	3684. [bug] The list of included files would grow on reload. [RT 35090]	2013-12-07 09:44:45 +11:00
Mark Andrews	53f70575bd	silence compiler warnings	2013-12-06 17:38:25 +11:00
Mark Andrews	2bdfb330af	update copyrights	2013-12-05 15:04:53 +11:00
Tinderbox User	4f9cb7bd58	regen master	2013-12-05 01:04:59 +00:00
Tinderbox User	5465b124f1	update copyright notice	2013-12-04 23:46:51 +00:00
Evan Hunt	bee9a28af0	[master] clearer "not found" message for rndc commands 3683. [cleanup] Add a more detailed "not found" message to rndc commands which specify a zone name. [RT #35059]	2013-12-04 12:47:56 -08:00
Curtis Blackburn	8009525601	3682. [bug] Correct the behavior of rndc retransfer to allow inline-signing slave zones to retain NSEC3 parameters instead of reverting to NSEC [RT #34745]	2013-12-04 12:26:20 -06:00
Mark Andrews	545b8a7295	remove redundent assignment	2013-12-04 16:12:43 +11:00
Mark Andrews	c3c8823fed	3681. [port] Update the Windows build system to support feature selection and WIN64 builds. This is a work in progress. [RT #34160]	2013-12-04 12:47:23 +11:00
Evan Hunt	2c2be89824	[master] buffer could overflow in rndc zonestatus 3680. [bug] Ensure buffer space is available in "rndc zonestatus". [RT #35084]	2013-12-02 15:38:24 -08:00
Evan Hunt	fb507315d4	[master] dig could miss tcp connections when cleaning up 3679. [bug] dig could fail to clean up TCP sockets still waiting on connect(). [RT #35074]	2013-12-02 13:34:23 -08:00
Mark Andrews	49ae04f6ee	3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple times. [RT #35073]	2013-11-28 06:45:30 +11:00
Evan Hunt	d999ca28d4	[master] check hint files in named-checkconf -z 3676. [bug] "named-checkconf -z" now checks zones of type hint and redirect as well as master. [RT #35046]	2013-11-25 12:26:53 -08:00
Evan Hunt	2667746d5d	[master] silence warning	2013-11-18 16:01:39 -08:00
Evan Hunt	5255b631b1	[master] previous commit incomplete	2013-11-18 15:59:53 -08:00
Evan Hunt	2b57986603	[master] win32 portability fix	2013-11-18 15:46:24 -08:00
Evan Hunt	b21865572d	[master] add named-rrchecker to win32 build	2013-11-18 14:58:15 -08:00
Mark Andrews	225146b2c8	3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026 ]	2013-11-18 11:22:59 +11:00
Mark Andrews	ced4f794cf	check expected responses	2013-11-15 13:22:48 +11:00
Mark Andrews	3ac9ef6a6d	move forwarder server to 10.53.0.5	2013-11-15 13:16:51 +11:00
Tinderbox User	c8714f6798	Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9	2013-11-15 01:01:24 +00:00
Tinderbox User	432d8fa3b4	update copyright notice	2013-11-14 23:46:24 +00:00
Mark Andrews	0b565f6060	adjust EDNS query returned status warning message	2013-11-14 22:38:29 +11:00
Evan Hunt	434bfc3dfa	[master] "in-view" zone option 3673. [func] New "in-view" zone option allows direct sharing of zones between views. [RT #32968]	2013-11-13 20:35:40 -08:00
Mark Andrews	9800974419	fix dereference before null check warning	2013-11-14 12:31:25 +11:00
Tinderbox User	2a663662d1	Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9	2013-11-14 01:01:16 +00:00
Evan Hunt	0618287859	[master] allow setting local addr in dns_client 3672. [func] Local address can now be specified when using dns_client API. [RT #34811]	2013-11-13 10:52:22 -08:00
Mark Andrews	c4004ada2a	adjust sync point	2013-11-13 15:44:54 +11:00
Tinderbox User	03c0efc689	regen master	2013-11-13 01:04:50 +00:00
Mark Andrews	6b0434299b	3671. [bug] Don't allow dnssec-importkey overwrite a existing non-imported private key.	2013-11-13 12:01:09 +11:00
Tinderbox User	3b7b634d56	update copyright notice	2013-11-12 23:46:31 +00:00
Jeremy C. Reed	f4bd7d27a6	Fix misspellings. Spell out month date while here.	2013-11-12 07:08:44 -06:00
Jeremy C. Reed	0bda84553a	Fix misspelling (at least use common spelling).	2013-11-12 07:08:02 -06:00
Jeremy C. Reed	8012d70ea4	Fix misspelling. Spell out month date while here.	2013-11-12 07:06:13 -06:00
Mark Andrews	eb5e0b8dec	3670. [bug] Address read after free in server side of lwres_getrrsetbyname. [RT #29075]	2013-11-12 15:00:03 +11:00
Mark Andrews	04e33823c4	address uninitialised variable	2013-11-09 14:08:40 +11:00
Mark Andrews	015f044f7f	remove copyright noticed	2013-11-09 13:55:49 +11:00
Tinderbox User	97c299486a	update copyright notice	2013-11-08 23:46:19 +00:00
Tinderbox User	ca5ee98300	regen master	2013-11-08 01:04:47 +00:00
Tinderbox User	56474e9d28	update copyright notice	2013-11-07 23:46:18 +00:00
Tinderbox User	3afd0ff662	regen master	2013-11-07 01:04:45 +00:00
Mark Andrews	2048955015	3667. [func] dig: add support to keep the TCP socket open between successive queries (+[no]keepopen). [RT #34918]	2013-11-07 10:50:01 +11:00
Mark Andrews	49c1e0d18d	3666. [func] Add a tool, named-rrchecker, for checking the syntax of individual resource records. This tool is intended to be called by provisioning systems so that the front end does not need to be upgraded to support new DNS record types. [RT #34778]	2013-11-07 10:41:47 +11:00
Mark Andrews	938aea1dc4	address memory leak in change #3662 , force format matching, attempt to address coverity false positives	2013-10-26 10:04:36 +11:00
Francis Dupont	7aa21a491d	Update OpenSSL PKCS#11 patches. [RT #34855 ]	2013-10-25 17:51:39 +02:00
Mark Andrews	7f0e47b3c2	%ld.%06g -> %ld.%06d	2013-10-25 12:53:24 +11:00
Tinderbox User	ecc420b283	update copyright notice	2013-10-24 23:46:20 +00:00
Mark Andrews	6100b17699	3662. [bug] 'host' could die if a UPD query timed out. [RT #34870 ]	2013-10-25 10:09:33 +11:00
Tinderbox User	77b7c54f1a	regen master	2013-10-13 01:04:48 +00:00
Mark Andrews	cbadc440b9	typos	2013-10-13 11:12:43 +11:00
Mark Andrews	a379c8c108	3659. [port] solaris: don't add explict dependancies/rules for python programs as make won't use the implicit rules. [RT #34835]	2013-10-02 14:01:12 +10:00
Mark Andrews	7433a204d3	3658. [port] linux: Address platform specific compilation issue when libcap-devel is installed. [RT #34838]	2013-09-26 15:26:43 +10:00
Mark Andrews	1a4725bef2	3657. [port] Some readline clones don't accept NULL pointers when calling add_history. [RT #34842]	2013-09-26 08:25:09 +10:00
Mark Andrews	c9ee72cb3a	3656. [bug] Treat a all zero netmask as invalid when generating the localnets acl. [RT #34687]	2013-09-26 07:40:34 +10:00
Mark Andrews	fb623f9a07	3655. [cleanup] Simplify TCP message processing when requesting a zone transfer. [RT #34825]	2013-09-25 09:57:34 +10:00
Mark Andrews	00043fc284	3653. [func] Create delegations for all "children" of empty zones except "forward first". [RT #34826]	2013-09-25 09:40:21 +10:00
Mark Andrews	50c67f588e	remove blank (cherry picked from commit 75aa3c6f2ada5dcc657d0858ee4544c7997d9840)	2013-09-23 09:47:30 +10:00
Mark Andrews	9a7f89279e	remove unnecessary assignment	2013-09-22 23:21:54 +10:00
Mark Andrews	9fa2a0deed	3652. [bug] Address bug with rpz-drop policy. [RT #34816 ]	2013-09-21 17:27:43 +10:00
Tinderbox User	bcbb556868	update copyright notice	2013-09-19 23:46:20 +00:00
Evan Hunt	c7965f84c2	[master] comment nzf files 3649. [cleanup] Include a comment in .nzf files, giving the name of the associated view. [RT #34765]	2013-09-19 15:37:09 -07:00
Mark Andrews	88a6dc33b7	only generate DSA/ECDSA signatures in named if we have a source of randomness and only on specific platforms	2013-09-19 10:40:38 +10:00
Mark Andrews	7667dd1a03	call zone_settimer; sub test failure was not being detected (cherry picked from commit `ebd7900670`)	2013-09-18 12:57:46 +10:00
Mark Andrews	2c089bf6d2	whitspace	2013-09-16 10:14:07 +10:00
Tinderbox User	a989ffdbb3	update copyright notice	2013-09-10 23:46:14 +00:00
Evan Hunt	78f20eda3c	[master] clean up tests, update .gitignore	2013-09-09 19:37:17 -07:00
Mark Andrews	5bdb12d2c6	assignment not read	2013-09-09 14:05:04 +10:00
Mark Andrews	3d3aa9cde6	use -r rather then -f	2013-09-09 12:19:30 +10:00
Mark Andrews	23c73a1848	only test dsa if we have a random device	2013-09-09 11:42:58 +10:00
Tinderbox User	ea37fee48a	regen master	2013-09-06 01:04:47 +00:00
Tinderbox User	63737247d1	update copyright notice	2013-09-05 23:46:16 +00:00
Mark Andrews	cb69994ff8	3645. [protocol] Use case sensitive compression when responding to queries. [RT #34737]	2013-09-05 12:22:34 +10:00
Evan Hunt	690bd6bf5d	[master] fix inline test, add importkey to win32 build	2013-09-04 18:56:50 -07:00
Tinderbox User	d2bdd5b314	regen master	2013-09-05 01:04:31 +00:00
Tinderbox User	473d3168f0	update copyright notice	2013-09-04 23:46:16 +00:00
Tinderbox User	c986916269	regen master	2013-09-04 22:49:18 +00:00
Mark Andrews	5b9469c0db	test for ECDSAP256SHA256 support	2013-09-04 22:33:31 +10:00
Mark Andrews	0c91911b4d	3642. [func] Allow externally generated DNSKEY to be imported into the DNSKEY management framework. A new tool dnssec-importkey is used to this. [RT #34698]	2013-09-04 13:53:02 +10:00
Mark Andrews	b5f4cc132e	3641. [bug] Handle changes to sig-validity-interval settings better. [RT #34625]	2013-09-04 13:45:00 +10:00
Mark Andrews	8afea636ab	3640. [bug] ndots was not being checked when searching. Only continue searching on NXDOMAIN responses. Add the ability to specify ndots to nslookup. [RT #34711]	2013-09-04 13:24:11 +10:00
Mark Andrews	d6f99498d6	3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used in a key zone. [RT #34238]	2013-09-04 13:14:06 +10:00
Mark Andrews	92f2cf45ce	style	2013-09-01 17:08:09 +10:00
Tinderbox User	4b2c089cd8	update copyright notice	2013-08-19 23:46:14 +00:00
Mark Andrews	601d1a9aad	remove dead code	2013-08-19 12:43:47 +10:00
Mark Andrews	997c2c5116	3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583]	2013-08-19 09:18:28 +10:00
Tinderbox User	33d6c4a086	update copyright notice	2013-08-16 23:46:11 +00:00
Mark Andrews	e548e07a9a	3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583]	2013-08-16 13:54:23 +10:00
Tinderbox User	377b774598	update copyright notice	2013-08-15 23:46:17 +00:00
Mark Andrews	7cd9d53c8c	don't print out result as it is not meaningful here	2013-08-16 09:44:30 +10:00
Mark Andrews	d1e22676de	3635. [bug] Signatures were not being removed from a zone with only KSK keys for a algorithm. [RT #24439]	2013-08-15 13:37:07 +10:00
Mark Andrews	0e1dfb8ff5	3634. [func] Report build-id in rndc status. Report build-id when building from a git repository. [RT #20422]	2013-08-15 12:41:52 +10:00
Mark Andrews	8e091f3d3e	3633. [cleanup] Refactor OPT processing in named to make it easier to support new EDNS options. [RT #34414]	2013-08-15 12:01:12 +10:00
Mark Andrews	7ace327795	3632. [bug] Signature from newly inactive keys were not being removed. [RT #32178]	2013-08-15 10:48:05 +10:00
Mark Andrews	06ace051e7	3631. [bug] Remove spurious warning about missing signatures when qtype is SIG. [RT #34600]	2013-08-15 08:04:58 +10:00
Tinderbox User	9054d0bb03	regen master	2013-08-13 01:04:39 +00:00
Mark Andrews	75ae74f8fd	3629. [func] Allow the printing of cryptographic fields in DNSSEC records by dig to be suppressed (dig +nocrypto). [RT #34534]	2013-08-12 15:37:51 +10:00
Mark Andrews	16bd30ae69	3628. [func] Report DNSKEY key id's when dumping the cache. [RT #34533]	2013-08-12 14:38:26 +10:00
Mark Andrews	df0892aea6	3627. [bug] RPZ changes were not effective on slaves. [RT #34450 ]	2013-08-09 13:23:01 +10:00
Tinderbox User	f378953f3b	update copyright notice	2013-08-07 23:46:12 +00:00
Mark Andrews	f45f654185	3625. [bug] Don't send notify messages to machines outside of the test setup.	2013-08-07 15:48:55 +10:00
Evan Hunt	3cea62e3df	[master] fix bad test output when server fails	2013-07-25 11:15:53 -07:00
Evan Hunt	d640b4a0ab	[master] perf: eliminate cache stats attach/detach 3622. [tuning] Eliminate an unnecessary lock when incrementing cache statistics. [RT #34339]	2013-07-25 10:51:31 -07:00
Tinderbox User	44c016134f	update copyright notice	2013-07-13 23:46:06 +00:00
Evan Hunt	9a32b8d8f8	[master] add a sleep to prevent intermittent test failure	2013-07-13 15:30:56 -07:00
Evan Hunt	960958c610	[master] silence warning	2013-07-12 19:05:09 -07:00
Tinderbox User	50464a3398	update copyright notice	2013-07-12 23:46:05 +00:00
Evan Hunt	421d4a0647	[master] rpz work 3620. [func] Added "rpz-client-ip" policy triggers, enabling RPZ responses to be configured on the basis of the client IP address; this can be used, for example, to blacklist misbehaving recursive or stub resolvers. [RT #33605] 3619. [bug] Fixed a bug in RPZ with "recursive-only no;" [RT #33776]	2013-07-12 14:46:47 -07:00
Evan Hunt	0b4ed61d20	[master] added missing file	2013-07-12 00:01:33 -07:00
Tinderbox User	dbd8673fa0	update copyright notice	2013-07-11 23:46:13 +00:00
Evan Hunt	0949306cb9	[master] check include file mtimes 3618. [func] "rndc reload" now checks modification times of include files as well as master files to determine whether to skip reloading a zone. [RT #33936]	2013-07-11 16:32:36 -07:00
Evan Hunt	964bdcd7ad	[master] don't go nonresponsive during "rndc reload" 3617. [bug] Named was failing to answer queries during "rndc reload" [RT #34098]	2013-07-11 10:54:21 -07:00
Evan Hunt	c174d5c13c	[master] portability fix 3614. [port] Check for <linux/types.h>. [RT #34162]	2013-07-10 20:44:58 -07:00
Tinderbox User	77b1d950a6	update copyright notice	2013-07-10 23:46:10 +00:00
Evan Hunt	1d26c6b9b8	[master] count the test cases correctly	2013-07-09 22:52:43 -07:00
Evan Hunt	927e4c9fec	[master] address race conditions with removing inline zones 3513. [bug] named could crash when deleting inline-signing zones with "rndc delzone". [RT #34066]	2013-07-09 17:39:21 -07:00
Tinderbox User	892506b681	update copyright notice	2013-07-08 23:46:07 +00:00
Evan Hunt	26bda028ad	[master] add missing binaries to BINDInstall 3610. [cleanup] win32: Some executables had been omitted from the installer. [RT #34116]	2013-07-08 10:31:42 -07:00
Mark Andrews	9d69017bc6	3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error message. [RT #34045]	2013-07-03 15:41:48 +10:00
Evan Hunt	4ba84a5bdb	[master] use egrep as solaris doesn't like grep -E	2013-07-01 14:08:31 -07:00
Tinderbox User	ccee394812	regen master	2013-07-01 17:56:30 +00:00
Evan Hunt	9d4ec6d2c5	[master] "flushtree -all" no longer optional Updated CHANGES note: 3606. [func] "rndc flushtree" now flushes matching records in the address database and bad cache as well as the DNS cache. (Previously only the DNS cache was flushed.) [RT #33970]	2013-06-30 18:53:48 -07:00
Mark Andrews	ea899f501b	check if target == NULL	2013-06-30 21:46:19 +10:00
Tinderbox User	94479b3834	regen master	2013-06-27 01:04:50 +00:00
Tinderbox User	9c5faa2ba8	update copyright notice	2013-06-26 23:46:14 +00:00
Evan Hunt	9fa5a723e1	[master] "rndc flushtree -all <name>" 3606. [func] "rndc flushtree -all" flushes matching records in the ADB and bad cache as well as the DNS cache. (Without the "-all" option, flushtree will still only flush records from the DNS cache.) [RT #33970]	2013-06-26 14:59:32 -07:00
Evan Hunt	f42c0dcca8	[master] win32 fixes 3605. [port] win32: Addressed several compatibility issues with newer versions of Visual Studio. [RT #33916] Squashed commit of the following: commit 4127af15f85da90cf2bd3a0c5a558daae89e833a Author: Francis Dupont <fdupont@isc.org> Date: Tue Jun 25 22:41:53 2013 +0200 make the last change to be text commit 21ef4891b9ee3e3aefb45d4c80d5cb7ec78f264f Author: Curtis Blackburn <ckb@isc.org> Date: Tue Jun 25 12:35:08 2013 -0500 [rt33916] re-worded for easier reading commit 83828e47e62fea4070441e645ba8fed338255ceb Author: Francis Dupont <fdupont@isc.org> Date: Mon Jun 24 16:08:11 2013 +0200 introduce a VCRedistPath env var commit 0337f2554f168993a65945e78c2879e9bfca5293 Author: Francis Dupont <fdupont@isc.org> Date: Sun Jun 23 01:23:26 2013 +0200 _adjust_fdiv for VS < 2010 commit 375fdd5c06be276b0ff0ad589c0e22b809339fe9 Author: Francis Dupont <fdupont@isc.org> Date: Thu Jun 20 16:27:04 2013 +0200 move to MSVC v1600 as it still breaks on VS 2010 commit bfcaf72071e9d8df1d0ce0c5f05b69acd51bf698 Author: Francis Dupont <fdupont@isc.org> Date: Thu Jun 20 15:57:35 2013 +0200 WIN32: avoid addrinfo redef commit 18504c3e50b11e66a0b573c7cb3d61094bfa5b52 Author: Francis Dupont <fdupont@isc.org> Date: Thu Jun 20 15:54:38 2013 +0200 WIN32: fseek/ftell commit f9a4fdccc5ab1c74c64412fb76da7dfd161787b2 Author: Francis Dupont <fdupont@isc.org> Date: Thu Jun 20 15:13:01 2013 +0200 fix WIN32 error redefs in net.h (isc ad lwres libs)	2013-06-26 14:38:35 -07:00
Francis Dupont	1761ecb90f	Added to PKCS#11 openssl patches a value len attribute in DH derive key. [RT #33928]	2013-06-24 09:32:52 +02:00
Evan Hunt	31d95f1095	[master] typo in dig	2013-06-19 15:21:20 -07:00
Mark Andrews	945ce145e0	Use extended regular expression as HPUX doesn't like grep -w '$TXT\\|ANY$'	2013-06-17 12:59:50 +10:00
Evan Hunt	be3f14af79	[master] fix system test failure - needed to specify session key file	2013-06-15 01:39:23 -07:00
Tinderbox User	53e8ebc8f0	update copyright notice	2013-06-14 23:46:13 +00:00
Evan Hunt	b7e40659ef	[master] rebuild resigning heaps when loading map files 3597. [bug] Ensure automatic-resigning heaps are reconstructed when loading zones in map format. [RT #33381]	2013-06-14 10:16:10 -07:00
Evan Hunt	8f1e278931	[master] updated win32 build 3596. [port] Updated win32 build documentation, added dnssec-verify. [RT #22067]	2013-06-13 17:31:41 -07:00
Tinderbox User	1443158c11	update copyright notice	2013-06-13 23:46:13 +00:00
Tinderbox User	91a45a8ad5	regen master	2013-06-13 01:04:55 +00:00
Mark Andrews	8e15d5eb3a	3593. [func] Update EDNS processing to better track remote server capabilities. [RT #30655]	2013-06-12 11:31:30 +10:00
Tinderbox User	0ccb0e98c7	regen master	2013-06-12 01:04:55 +00:00
Evan Hunt	c51e6991fd	[master] corrected closing tag	2013-06-10 18:48:30 -07:00
Evan Hunt	1b2a4ce2b1	[master] move rndc command documentation to "man rndc" 3592. [doc] Moved documentation of rndc command options to the rndc man page. [RT #33506]	2013-06-10 14:23:14 -07:00
Tinderbox User	1ec9fe2c3c	update copyright notice	2013-06-08 23:46:57 +00:00
Evan Hunt	89be55dc90	[master] improve RRL handling of deferrals and slipped NXDOMAIN 3590. [bug] When using RRL on recursive servers, defer rate-limiting until after recursion is complete; also, use correct rcode for slipped NXDOMAIN responses. [RT #33604]	2013-06-08 13:17:33 -07:00
Mark Andrews	c6eb92beb1	3589. [func] Report serial numbers in when starting zone transfers. Report accepted NOTIFY requests including serial. [RT# 33037]	2013-06-08 09:49:03 +10:00
Evan Hunt	bf0441a339	[master] fix memory leak in sigchase 3588. [bug] dig: addressed a memory leak in the sigchase code that could cause a shutdown crash. [RT #33733]	2013-06-07 11:15:36 -07:00
Tinderbox User	fb05b13c6f	update copyright notice	2013-06-06 23:46:20 +00:00
Mark Andrews	8144dc702b	3587. [func] 'named -g' now checks the logging configuration but does not use it. [RT #33473]	2013-06-06 11:08:16 +10:00
Mark Andrews	7ee225cf90	3586. [buf] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706 ]	2013-06-06 10:55:08 +10:00
Tinderbox User	099fa63e55	update copyright notice	2013-06-05 23:46:14 +00:00
Evan Hunt	5f1dc0d505	[master] add "-clean" option to "rndc delzone" 3585. [func] "rndc delzone -clean" option removes zone files when deleting a zone. [RT #33570]	2013-06-04 21:26:29 -07:00
Mark Andrews	1e34fe9044	3582. [bug] Silence false positive warning regarding missing file directive for inline slave zones. [RT #33662]	2013-06-04 11:34:03 +10:00
Curtis Blackburn	30d6dc14e9	3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029 ]	2013-06-03 14:00:03 -05:00
Mark Andrews	0193e63da9	3579. [maint] Updates to PKCS#11 openssl patches, supporting versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]	2013-05-30 12:40:13 +10:00
Mark Andrews	17a00ff54c	3578. [bug] 'rndc -c file' now fails if 'file' does not exist. [RT #33571]	2013-05-30 11:09:29 +10:00
Tinderbox User	6d4487398e	update copyright notice	2013-05-29 23:46:19 +00:00
Mark Andrews	5f238c3c64	3577. [bug] Handle zero TTL values better. [RT #33411 ]	2013-05-29 18:10:11 +10:00
Evan Hunt	f3c8e48b95	[master] change RRL log category 'query-errors' 3575. [func] Changed the logging category for RRL events from 'queries' to 'query-errors'. [RT #33540]	2013-05-21 12:20:54 -07:00
Tinderbox User	197486d6a9	regen master	2013-05-16 01:04:57 +00:00
Mark Andrews	744589ff64	3574. [doc] The 'hostname' keyword was missing from server-id description in the named.conf man page. [RT #33476]	2013-05-15 13:01:52 +10:00
Evan Hunt	58e3c41441	[master] fix typo	2013-05-14 19:42:19 -07:00
Tinderbox User	be899a549d	update copyright notice	2013-05-10 23:46:06 +00:00
Curtis Blackburn	428dd5c588	3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled zone names containing punctuation marks and other nonstandard characters. [RT #33419]	2013-05-10 16:12:27 -05:00
Tinderbox User	2147c42301	update copyright notice	2013-05-03 23:46:12 +00:00
Evan Hunt	af9f195c9e	[master] add product description 3568. [cleanup] Add a product description line to the version file, to be reported by named -v/-V. [RT #33366]	2013-05-03 15:08:45 -07:00
Evan Hunt	e47208b6fb	[master] silence ccc-analyzer 3567. [bug] Silence clang static analyzer warnings. [RT #33365]	2013-05-03 14:31:27 -07:00
Evan Hunt	34f3693b93	[master] log forwarded updates 3566. [func] Log when forwarding updates to master. [RT #33240]	2013-05-03 14:05:32 -07:00
Evan Hunt	1a076410c2	[master] fix corrupt map file handling 3564. [bug] Improved handling of corrupted map files. [RT #33380]	2013-05-03 14:00:12 -07:00
Evan Hunt	03b5d2689d	[master] add hash to map files 3562. [func] Update map file header format to include a SHA-1 hash of the database content, so that corrupted map files can be rejected at load time. [RT #32459]	2013-05-01 22:20:02 -07:00
Mark Andrews	93aba6dcec	3561. [bug] dig: issue a warning if an EDNS query returns FORMERR or NOTIMP. Adjust usage message. [RT #33363]	2013-05-01 14:53:16 +10:00
Tinderbox User	7105104b6e	update copyright notice	2013-04-30 06:39:16 +00:00
Tinderbox User	055fd5fcba	update copyright notice	2013-04-30 05:03:43 +00:00
Tinderbox User	954e43e605	update copyright notice	2013-04-30 04:51:59 +00:00
Tinderbox User	7be2f6d5df	regen master	2013-04-30 04:23:14 +00:00
Mark Andrews	26bb3b7a67	3559. [func] Check that both forms of Sender Policy Framework records exist or do not exist. [RT #33355]	2013-04-30 13:49:41 +10:00
Tinderbox User	5655174c2c	update copyright notice	2013-04-29 23:46:13 +00:00
Mark Andrews	bbc868ccbb	undo conditional compile	2013-04-29 17:01:06 +10:00
Mark Andrews	f49613e8a7	add #ifdef DLZ	2013-04-29 16:51:23 +10:00
Mark Andrews	9a785712f1	3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331 ]	2013-04-29 15:46:54 +10:00
Mark Andrews	ec8a802114	3557. [bug] Reloading redirect zones was broken. [RT #33292 ]	2013-04-29 15:20:09 +10:00
Tinderbox User	7bf14f4945	regen master	2013-04-29 01:04:45 +00:00
Tinderbox User	9f40a78322	update copyright notice	2013-04-28 23:46:07 +00:00
Tinderbox User	3caa22fe4d	regen master	2013-04-28 01:04:43 +00:00
Evan Hunt	be0982e9e4	[master] correct man volume for isc-hmac-fixup	2013-04-27 16:40:43 -07:00
Evan Hunt	0e932023c4	[master] resume overriding rrl test failures	2013-04-25 20:02:59 -07:00
Evan Hunt	a6d43d18b1	[master] fixed several RRL issues 3554. [bug] RRL failed to correctly rate-limit upward referrals and failed to count dropped error responses in the statistics. [RT #33225]	2013-04-25 14:42:44 -07:00
Mark Andrews	d3c8ba219f	3552. [bug] Wrong getopt option string for 'nsupdate -r'. [RT# 33280]	2013-04-19 23:46:41 +10:00
Mark Andrews	b4914b3d69	3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686 ]	2013-04-19 12:36:02 +10:00
Mark Andrews	78e179da20	egrep was not precise enough	2013-04-13 22:34:35 +10:00
Tinderbox User	08df939613	update copyright notice	2013-04-11 23:46:07 +00:00
Mark Andrews	45b727f651	silence coverity warnings	2013-04-11 17:07:50 +10:00
Evan Hunt	b99bfa184b	[master] unify internal and export libraries 3550. [func] Unified the internal and export versions of the BIND libraries, allowing external clients to use the same libraries as BIND. [RT #33131]	2013-04-10 13:49:57 -07:00
Mark Andrews	cc444c73d5	add sleep 1 to loop	2013-04-10 21:35:36 +10:00
Tinderbox User	526cc7c2c0	update copyright notice	2013-04-09 23:46:07 +00:00
Mark Andrews	1cc4695f0d	3547. [bug] Some malformed unknown rdata records were not properly detected and rejected. [RT #33129]	2013-04-08 09:55:14 +10:00
Mark Andrews	3a6d62c59f	3546. [func] Add EUI48 and EUI64 types. [RT #33082 ]	2013-04-05 09:07:28 +11:00
Mark Andrews	c2838610c6	s/-e/-x/	2013-04-05 07:37:40 +11:00
Tinderbox User	f9adb48aea	update copyright notice	2013-04-03 23:46:07 +00:00
Mark Andrews	085496379f	add SAMPLE to the list of varables to be exported (cherry picked from commit `cf3e838fd3`)	2013-04-04 07:27:21 +11:00
Mark Andrews	8013077aa7	3541. [bug] The parts if libdns was not being properly initialized in when built in libexport mode. [RT #33028]	2013-04-03 17:27:40 +11:00
Tinderbox User	d458ef4acb	update copyright notice	2013-04-02 23:46:03 +00:00
Tinderbox User	49f29a1d55	add dnssec-coverage docs	2013-04-02 04:24:55 +00:00
Evan Hunt	73b3019760	[master] address windows build warnings	2013-03-28 15:37:47 -07:00
Evan Hunt	96139421d6	[master] win32 portability fixes	2013-03-26 23:01:13 -07:00
Tinderbox User	313b0ea9f2	update copyright notice	2013-03-23 23:46:06 +00:00
Mark Andrews	464e32079c	address warnings	2013-03-23 19:41:34 +11:00
Evan Hunt	67adc03ef8	[master] add DSCP support 3535. [func] Add support for setting Differentiated Services Code Point (DSCP) values in named. Most configuration options which take a "port" option (e.g., listen-on, forwarders, also-notify, masters, notify-source, etc) can now also take a "dscp" option specifying a code point for use with outgoing traffic, if supported by the underlying OS. [RT #27596]	2013-03-22 14:05:33 -07:00
Evan Hunt	4bf686cf5d	[master] zone parsing broken with embedded null 3534. [bug] Extra text after an embedded NULL was ignored when parsing zone files. [RT #32699]	2013-03-21 19:30:10 -07:00
Tinderbox User	ad67363430	update copyright notice	2013-03-21 23:46:12 +00:00
Mark Andrews	15d970cb23	remove broken redundant test	2013-03-21 12:38:16 +11:00
Tinderbox User	f9aef05653	regen master	2013-03-21 01:04:40 +00:00
Mark Andrews	4ce2b98434	add files generated by configure	2013-03-21 10:23:16 +11:00
Mark Andrews	06a05efc07	3529. [func] Named now listens on both IPv4 and IPv6 interfaces by default. Named previously only listened on IPv4 interfaces by default unless named was running in IPv6 only mode. [RT #32945]	2013-03-21 10:16:12 +11:00
Evan Hunt	831f59eb43	[master] add dnssec-coverage tool 3528. [func] New "dnssec-coverage" command scans the timing metadata for a set of DNSSEC keys and reports if a lapse in signing coverage has been scheduled inadvertently. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28098]	2013-03-20 14:39:13 -07:00
Evan Hunt	a13aa526be	[master] add xml/v2 and xml/v3 URIs 3527. [compat] Add a URI to allow applications to explicitly request a particular XML schema from the statistics channel, returning 404 if not supported. [RT #32481]	2013-03-18 20:40:40 -07:00
Mark Andrews	030993f41b	version 3.1	2013-03-19 13:12:34 +11:00
Tinderbox User	be8fedce2a	update copyright notice	2013-03-16 23:46:03 +00:00
Evan Hunt	741ebf1004	[master] make dst test work outside srcdir 3526. [cleanup] Set up dependencies for unit tests correctly during build. [RT #32803]	2013-03-15 07:35:56 -07:00
Tinderbox User	cfa2326b5c	update copyright notice	2013-03-14 23:46:11 +00:00
Tinderbox User	b2f07642fd	regen master	2013-03-14 01:04:33 +00:00
Evan Hunt	4eb998928b	[master] algorithm flexibility for rndc 3525. [func] Support for additional signing algorithms in rndc: hmac-sha1, -sha224, -sha256, -sha384, and -sha512. The -A option to rndc-confgen can be used to select the algorithm for the generated key. (The default is still hmac-md5; this may change in a future release.) [RT #20363]	2013-03-13 17:53:11 -07:00
Mark Andrews	1f06836037	make work without json	2013-03-14 11:13:39 +11:00
Evan Hunt	feb067b25a	[master] add JSON statistics channel 3524. [func] Added an alternate statistics channel in JSON format, when the server is built with the json-c library: http://[address]:[port]/json. [RT #32630]	2013-03-13 14:24:50 -07:00
Evan Hunt	72c86c105a	[master] DLZ modules: filesystem, ldap, wildcard 3523. [contrib] Ported filesystem and ldap DLZ drivers to dynamically-loadable modules, and added the "wildcard" module based on a contribution from Vadim Goncharov <vgoncharov@nic.ru>. [RT #23569]	2013-03-11 17:03:46 -07:00
Evan Hunt	21a7fde6ba	[master] handle servfail at DLZ zone apex 3522. [bug] DLZ lookups could fail to return SERVFAIL when they ought to. [RT #32685]	2013-03-11 15:54:03 -07:00
Mark Andrews	fae66f41c5	wait for upstream transfer to complete	2013-03-08 17:14:03 +11:00
Mark Andrews	3a0da183bb	3520. [bug] 'mctx' was not being referenced counted in some places where it should have been. [RT #32794]	2013-03-08 14:38:03 +11:00
Tinderbox User	fe43ef9e63	update copyright notice	2013-03-07 23:47:05 +00:00
Evan Hunt	c1e88f8d86	[master] fix rndc replay protection 3519. [func] Full replay protection via four-way handshake is now mandatory for rndc clients. Very old versions of rndc will no longer work. [RT #32798]	2013-03-07 15:14:07 -08:00
Mark Andrews	550c92405f	3515. [port] '%T' is not portable in strftime(). [RT #32763 ]	2013-03-06 15:34:10 +11:00
Tinderbox User	40b42978b9	update copyright notice	2013-03-05 23:46:17 +00:00
Mark Andrews	f3350b6718	silence compiler warnings	2013-03-05 23:41:22 +11:00
Mark Andrews	ab8ea5c51e	check that the lwresd server has started before querying it (cherry picked from commit 661f1197a200bdd3d2411e9b02a46b93fb1fb083)	2013-03-05 17:24:19 +11:00
Mark Andrews	6d3f44700d	silence compiler warning	2013-03-05 14:49:31 +11:00
Tinderbox User	7b5130bd12	update copyright notice	2013-03-04 23:46:20 +00:00
Evan Hunt	beeb5a03d9	[master] bump stats version	2013-03-04 13:12:39 -08:00
Evan Hunt	33b8db1bb3	[master] fix keysizes in confgen 3514. [bug] The ranges for valid key sizes in ddns-confgen and rndc-confgen were too constrained. Keys up to 512 bits are now allowed for most algorithms, and up to 1024 bits for hmac-sha384 and hmac-sha512. [RT #32753]	2013-03-04 12:14:01 -08:00
Evan Hunt	19b037bcb9	[master] dig -u: microsecond time output 3513. [func] "dig -u" prints times in microseconds rather than milliseconds. [RT #32704]	2013-03-04 12:09:28 -08:00
Evan Hunt	9ffd0f0270	[master] "rndc validation check" 3512. [func] "rndc validation check" reports the current status of DNSSEC validation. [RT #21397]	2013-03-04 12:00:51 -08:00
Tinderbox User	5da851d171	update copyright notice	2013-03-01 23:46:19 +00:00
Evan Hunt	4f9f8fa052	[master] add "config-time" to stats/status 3510. [func] "rndc status" and XML statistics channel now report server start and reconfiguration times. [RT #21048]	2013-03-01 15:07:40 -08:00
Curtis Blackburn	53a4e18582	3509. [cleanup] Added a product line to version file to allow for easy naming of different products (BIND vs BIND ESV, for example). [RT #32755]	2013-03-01 16:24:12 -06:00
Mark Andrews	3fadb11b94	SIZE_MAX is not available on all platforms	2013-03-01 01:12:17 +00:00
Mark Andrews	8e5fce1f9c	update copyrights	2013-03-01 10:39:29 +11:00
Tinderbox User	25bccd181c	regen	2013-02-28 23:31:38 +00:00
Mark Andrews	8a896bc645	fix configure.in to remove warnings when running autoconf only compile geoip.o when requested. silence compiler warnings	2013-03-01 09:58:32 +11:00
Evan Hunt	fbe155373c	[master] change text when no graph visible	2013-02-28 11:03:20 -08:00
Evan Hunt	2b8dac9916	[master] fix XSL glitch with empty query data 3507. [bug] Statistics channel XSL had a glitch when attempting to chart query data before any queries had been received. [RT #32620]	2013-02-28 09:58:13 -08:00
Evan Hunt	2a184ff865	[master] accept >4g max-{,a}cache-size 3506. [func] When setting "max-cache-size" and "max-acache-size", the keyword "unlimited" is no longer defined as equal to 4 gigabytes (except on 32-bit platforms); it means literally unlimited. [RT #32358] 3505. [bug] When setting "max-cache-size" and "max-acache-size", larger values than 4 gigabytes could not be set explicitly, though larger sizes were available when setting cache size to 0. This has been corrected; the full range is now available. [RT #32358]	2013-02-28 09:29:12 -08:00
Mark Andrews	189efe774e	check isc_task_beginexclusive result	2013-02-28 13:23:05 +11:00
Evan Hunt	501941f0b6	[master] add geoip support 3504. [func] Add support for ACLs based on geographic location, using MaxMind GeoIP databases. Based on code contributed by Ken Brownfield <kb@slide.com>. [RT #30681]	2013-02-27 17:19:39 -08:00
Mark Andrews	3acc5d636e	move declaration of dumparg	2013-02-28 11:21:54 +11:00
Tinderbox User	bea3baa50c	update copyright notice	2013-02-27 23:46:03 +00:00
Mark Andrews	f7c4825501	silence compiler warning by adding a assertion	2013-02-28 09:47:49 +11:00
Mark Andrews	90e1d62889	check that inlineslave.bk and inlineslave.bk.signed exist	2013-02-28 09:01:16 +11:00
Evan Hunt	85f89d58a5	[master] zone-statistics no => none 3502. [func] zone-statistics: "no" is now a synonym for "none", instead of "terse". [RT #29165]	2013-02-27 13:37:54 -08:00
Evan Hunt	c805bfa11a	[master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2013-02-27 12:08:07 -08:00
Evan Hunt	40a7e85f3e	[master] better zone-statistics syntax 3501. [func] zone-statistics now takes three options: full, terse, and none. "yes" and "no" are retained as synonyms for full and terse, respectively. [RT #29165]	2013-02-27 11:53:58 -08:00
Mark Andrews	a8af512dc3	fix assignment not read	2013-02-28 06:48:06 +11:00
Mark Andrews	cab2b0d941	remove unreachable line	2013-02-28 06:47:26 +11:00
Mark Andrews	b3d3dd301b	ensure test starting conditions are met	2013-02-27 17:02:16 +11:00
Evan Hunt	68357e5241	[master] avoid double-free in rrl - RRL could assert when freeing qname - also, changed test addresses from 192.168/16 to 192.0/16	2013-02-26 19:15:11 -08:00
Evan Hunt	d654c95c96	[master] force 0 exit status from rrl system test RRL system test seems to be highly dependent on system speed. We are leaving it running and reporting results, but forcing it to return PASS unless one or more of the servers crashed or could not start.	2013-02-26 18:46:57 -08:00
Mark Andrews	609b8d0817	update copyrights	2013-02-27 12:27:58 +11:00
Tinderbox User	b9a067ba40	update copyright notice	2013-02-26 23:45:57 +00:00
Mark Andrews	30314ce9c5	'!' is not portable.	2013-02-26 23:11:43 +11:00
Mark Andrews	bdc7cf66ff	3498. [bug] zone statistics for zones which matched a potential empty zone could have their zone-statistics setting overridden. reviewed via jabber.	2013-02-26 15:47:26 +11:00
Mark Andrews	118bdfd8c4	3497. [func] When deleting a slave/stub zone using 'rndc delzone' report the files that were being used so they can be cleaned up if desired. [RT #27899] Squashed commit of the following: commit 0e4e69d0c3153fe94aaa375b908cf7e3e45b5059 Author: Mark Andrews <marka@isc.org> Date: Thu Feb 21 17:01:44 2013 +1100 report the zones to be removed rather than removing them commit 5d247ac592eef64c4c467d99af4983b8c1ff998f Author: Mark Andrews <marka@isc.org> Date: Wed Feb 20 15:05:47 2013 +1100 remove slave/stub files when deleting a zone using delzone	2013-02-26 14:48:21 +11:00
Tinderbox User	f97d56e757	update copyright notice	2013-02-25 23:46:03 +00:00
Evan Hunt	94315060c2	[master] RPZ speedup (phase 2, multiple RPZ's) 3495. [func] Support multiple response-policy zones, while improving RPZ performance. [RT #32476]	2013-02-25 12:46:51 -08:00
Evan Hunt	55e5c51e66	[master] DNS RRL 3494. [func] DNS RRL: Blunt the impact of DNS reflection and amplification attacks by rate-limiting substantially- identical responses. [RT #28130]	2013-02-25 12:45:56 -08:00
Tinderbox User	573d78f3d5	update copyright notice	2013-02-21 23:45:56 +00:00
Evan Hunt	df925e6c66	[master] add zone memory context pools 3492. [bug] Fixed a regression in zone loading performance due to lock contention. [RT #30399]	2013-02-20 21:39:05 -08:00
Evan Hunt	a81ae06ed3	[master] forbid inline-signing slave with no file 3491. [bug] Slave zones using inline-signing must specify a file name. [RT #31946]	2013-02-20 14:01:31 -08:00
Evan Hunt	2425d8bb7c	[master] truncate logged rdata if too long 3490. [bug] When logging RDATA during update, truncate if it's too long. [RT #32365] cherry picked from: commit 16ddb566e5a5b57bf925adef2b5543dddc1de49b commit cd97e0c23b09f38aac49aabab66ee13c68b7a3f3 commit d087fa982649c081d58c5bb16e63da3428e2b89d commit d0795bdffef57612dd7654ffd09c9f4216eee2c8	2013-02-20 13:54:52 -08:00
Mark Andrews	3c7df84b20	3488. [bug] Use after free error with DH generated keys. [RT #32649 ]	2013-02-18 20:26:26 +11:00
Tinderbox User	32dc577940	update copyright notice	2013-02-16 23:46:02 +00:00
Mark Andrews	c9297d3759	3487. [bug] Change 3444 was not complete. There was a additional place where the NOQNAME proof needed to be saved. [RT #32629] Squashed commit of the following: commit cdef844f57bd3eb30b1f77135b89b6f9360e8bee Author: Mark Andrews <marka@isc.org> Date: Sat Feb 16 00:27:14 2013 +1100 whitespace commit 60eb7e3f6cdd102d6aaf0fb4ada8c552576e4502 Author: Mark Andrews <marka@isc.org> Date: Sat Feb 16 00:19:51 2013 +1100 return noqname proof with +cd and dlv	2013-02-16 07:45:43 +11:00
Evan Hunt	0b8bd3a4ae	[master] address TKEY bugs 3486. [bug] named could crash when using TKEY-negotiated keys that had been deleted and then recreated. [RT #32506] commit 6a48b9999766d26cddc7cef275cd984b7d53c014 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 14:59:46 2013 -0800 [rt32506] don't dump key if dump is unimplemented commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 14:42:25 2013 -0800 [rt32506] make sure LRU needs adjusting before adjusting it commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95 Author: Evan Hunt <each@isc.org> Date: Tue Jan 29 12:28:28 2013 -0800 [rt32506] demonstrate bugs in tkey test	2013-02-15 10:19:50 -08:00
Evan Hunt	6330174f80	[master] fixed another readline link error	2013-02-15 10:15:09 -08:00
Evan Hunt	ef37222aaf	[master] fixed readline link error, ubuntu 13.04	2013-02-15 10:08:19 -08:00
Mark Andrews	1d3c89483c	check for view->adbstats != NULL rather than view->resstats	2013-02-12 17:09:11 +11:00
Tinderbox User	4486374631	update copyright notice	2013-02-08 23:45:50 +00:00
Evan Hunt	855f5935ad	[master] clarify "server counters" section in XSL	2013-02-08 15:16:10 -08:00
Evan Hunt	b748b5e2c2	[master] fix cache/ADB stats in new stats schema new stats that were added for 9.10 (changes 3319-3326) were not all updated when the new statistics schema was merged (change 3418). 3484. [bug] Some statistics were incorrectly rendered in XML. [RT #32587]	2013-02-08 14:53:14 -08:00
Evan Hunt	cdd99263f2	[master] whitespace	2013-02-08 11:43:17 -08:00
Tinderbox User	543ab56b01	update copyright notice	2013-02-07 23:45:51 +00:00
JINMEI Tatuya	ab7a67829f	dig +nssearch now prints name servers that don't have address records.	2013-02-07 14:14:26 -08:00
Tinderbox User	8bbfb495a2	regen master	2013-01-26 01:04:30 +00:00
Tinderbox User	17131a9459	update copyright notice	2013-01-25 23:45:56 +00:00
Tinderbox User	43b9448395	regen master	2013-01-25 01:04:51 +00:00
Curtis Blackburn	ca385a75a8	fixed CHANGES	2013-01-24 16:37:53 -06:00
Curtis Blackburn	c91c439f80	3475. [func] expand logging when adding records via DDNS update [RT #32365]	2013-01-24 16:35:23 -06:00
Evan Hunt	6225380ca6	[master] check signing time on signed db - rndc zonestatus now checks the signing time on the signed, not raw, db when looking at inline-signing zones 3476. [bug] "rndc zonestatus" could report a spurious "not found" error on inline-signing zones. [RT #29226]	2013-01-24 14:24:59 -08:00
Evan Hunt	c9611b4573	[master] change "fast" to "map" 3475. [cleanup] Changed name of 'map' zone file format (previously 'fast'). [RT #32458]	2013-01-24 14:20:48 -08:00
Tinderbox User	dd59fe01c9	regen master	2013-01-24 01:04:22 +00:00
Evan Hunt	8f7d23a25c	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2013-01-23 15:48:47 -08:00
Tinderbox User	3aaa526a94	update copyright notice	2013-01-23 23:45:55 +00:00
Evan Hunt	ffff5d6792	[master] fix dns_request_createvia assert 3474. [bug] nsupdate could assert when the local and remote address families didn't match. [RT #22897]	2013-01-23 15:39:05 -08:00
Evan Hunt	9a0dd99a75	[master] fix incorrect nsec3 check - check for NSEC3 in empty nodes when not due to optout delegations - fixed typo in output ("Bad record NSEC record") - incidentally fixed an error in signzone that caused an incorrect warning about missing DNSKEYs when using -S and -3 together 3473. [bug] dnssec-signzone/verify could incorrectly report an error condition due to an empty node above an opt-out delegation lacking an NSEC3. [RT #32072]	2013-01-23 14:56:00 -08:00
Evan Hunt	2154c01912	[master] default -U to ncpus, not to -n 3471. [bug] The number of UDP dispatches now defaults to the number of CPUs even if -n has been set to a higher value. [RT #30964]	2013-01-22 18:07:05 -08:00
Evan Hunt	a0a1003895	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2013-01-22 16:13:09 -08:00
Evan Hunt	214836c184	[master] dump masterfile after successful xfrin 3470. [bug] Slave zones could fail to dump when successfully refreshing after an initial failure. [RT #31276]	2013-01-22 15:49:50 -08:00
Tinderbox User	b95504f9a7	update copyright notice	2013-01-22 23:45:48 +00:00
Evan Hunt	cbd1fa092e	[master] DLZ fixes - handle malformed answers from DLZ better: - handle dlz_lookup errors better: when the first lookup of a name returns an unexpected failure code, we return it to the caller rather than continuing on to look up the wildcard. we now only continue processing if the return from the first lookup was either ISC_R_SUCCESS or ISC_R_NOTFOUND. - improved backward-compatibility for dlz_version: added a DLZ_DLOPEN_AGE value indicating how many versions back from the current DLZ_DLOPEN_VERSION named will support	2013-01-22 15:13:08 -08:00
Tinderbox User	0a8a14d513	update copyright notice	2013-01-21 23:45:48 +00:00
Evan Hunt	a631c8d9b8	[master] prevent ixfr/ns1 being removed	2013-01-21 14:16:15 -08:00
Evan Hunt	30a7cf3957	[master] add 10.53.0.8 address	2013-01-21 12:36:41 -08:00
Tinderbox User	5ac5300fdf	update copyright notice	2013-01-17 23:46:25 +00:00
Evan Hunt	71f8edccba	[master] fix DNS64 with RPZ-remapped A records 3468. [security] RPZ rules to generate A records (but not AAAA records) could trigger an assertion failure when used in conjunction with DNS64. [RT #32141]	2013-01-17 11:23:30 -08:00
Curtis Blackburn	c8803902d6	[bug] Added checks in dnssec-keygen and dnssec-settime to check for delete date < inactive date. [RT #31719]	2013-01-17 10:59:16 -06:00
Tinderbox User	dc3d68d6fe	update copyright notice	2013-01-11 23:46:02 +00:00
Mark Andrews	c8bfcec3c9	silence compiler warning	2013-01-11 17:38:58 +11:00
Mark Andrews	b5d3508e8a	silence compiler warning	2013-01-11 17:30:21 +11:00
Evan Hunt	b3d116c299	[master] fixed clientinfo version check 3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check in DLZ example driver. [RT #32275]	2013-01-10 19:57:21 -08:00
Evan Hunt	dc6cea0448	[master] update openssl pkcs11 patches 3464. [maint] Updates to PKCS#11 openssl patches, supporting versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]	2013-01-10 18:21:50 -08:00
Tinderbox User	48cbc7cd1e	regen master	2013-01-11 01:04:23 +00:00
Tinderbox User	5c6b95ba1b	update copyright notice	2013-01-10 23:46:00 +00:00
Tinderbox User	d8620c7234	regen master	2013-01-10 20:19:56 +00:00
Evan Hunt	3b9d9ad58b	[master] doc clarification about dig & resolv.conf	2013-01-10 11:48:46 -08:00
Mark Andrews	4801931443	3461. [bug] Negative responses could incorrectly have AD=1 set. [RT #32237]	2013-01-10 23:09:08 +11:00
Mark Andrews	dab4aac006	3460. [bug] Only link against readline where needed. [RT #29810 ]	2013-01-10 17:34:28 +11:00
Evan Hunt	578e319607	[master] add -J option to checkzone/compilezone 3459. [func] Added -J option to named-checkzone/named-compilezone to specify the path to the journal file. [RT #30958]	2013-01-09 16:56:46 -08:00
Tinderbox User	b941edbeb5	update copyright notice	2013-01-09 23:45:53 +00:00
Mark Andrews	c07c2a862e	3458. [bug] Return FORMERR when presented with a overly long domain named in a request. [RT #29682]	2013-01-10 10:30:15 +11:00
Mark Andrews	f1c1aab2c9	3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836 ]	2013-01-10 08:26:31 +11:00
Mark Andrews	1a592aae29	test eighth interface	2013-01-09 19:08:59 +11:00
Tinderbox User	afe7d4b934	update copyright notice	2013-01-08 23:45:50 +00:00
Mark Andrews	fc0bfa07c7	3453. [bug] 'rndc addzone' of a zone with 'inline-signing yes;' failed. [RT #31960]	2013-01-09 07:40:27 +11:00
Tinderbox User	49503f1d9f	update copyright notice	2013-01-05 23:45:47 +00:00
Mark Andrews	25b95d31ce	3450. [bug] Stop logfileconfig system test spam system logs. [RT #32315] Squashed commit of the following: commit ad40744e2c7dc253b70857bb229def5dd194b418 Author: Mark Andrews <marka@isc.org> Date: Fri Jan 4 17:24:45 2013 +1100 logfileconfig spams the system log files	2013-01-06 07:56:10 +11:00
Tinderbox User	6fe42ff85c	update copyright notice	2013-01-04 23:45:53 +00:00
Evan Hunt	cb0a74fd8d	[master] show signzone errors in pkcs11 test	2013-01-03 19:55:34 -08:00
Evan Hunt	222d38735f	[master] allow-query-on works now 3448. [bug] The allow-query-on ACL was not processed correctly. [RT #29486]	2013-01-03 15:13:45 -08:00
Tinderbox User	d91e5a75df	update copyright notice	2013-01-02 23:45:51 +00:00
Tinderbox User	fd6efb2c62	regen	2013-01-02 23:30:08 +00:00
Tinderbox User	19e593a7a5	regen master	2013-01-02 01:04:26 +00:00
Tinderbox User	024cf50d12	update copyright notice	2013-01-01 23:45:47 +00:00
Tinderbox User	b7d5c2f26d	regen	2013-01-01 23:30:07 +00:00
Tinderbox User	cafd7a121f	regen master	2013-01-01 01:04:27 +00:00
Mark Andrews	ae395e5f97	remove extranous rdata in nxrrset call as it is not ingnored in Net::DNS 0.70	2012-12-21 14:16:41 +11:00
Mark Andrews	ab91ece513	sign_tcp_continuation doesn't work with the newer versions of Net:DNS. Code has been submitted so we don't need to use the sign_tcp_continuation hack in future.	2012-12-21 12:58:58 +11:00
Tinderbox User	9191b6c9e8	update copyright notice	2012-12-20 23:45:48 +00:00
Mark Andrews	b372587363	TSIG no longer has a mac_size method; arcount no longer need to be adjusted	2012-12-21 00:30:14 +11:00
Mark Andrews	f127a35b6c	adjust test to account for blank owner after origin now being rejected	2012-12-19 14:37:56 +11:00
Mark Andrews	4040ff974c	-H not -i sets iterations	2012-12-19 14:18:05 +11:00
Mark Andrews	58c543d840	remove redundant $ORIGINs	2012-12-19 13:34:31 +11:00
Mark Andrews	8462dfb880	3443. [bug] The NOQNAME proof was not being returned from cached insecure responses. [RT #21409]	2012-12-19 09:55:02 +11:00
Mark Andrews	03958ad4b9	3442. [port] Net::DNS 0.69 introduced a non backwards compatible change. [RT #32216]	2012-12-19 08:46:36 +11:00
Mark Andrews	b6f22cc32f	Net::DNS 0.{70,71} doesn't force the TTL to zero for yxrrset, nxrrset and rr_del	2012-12-18 11:43:46 +11:00
Mark Andrews	6301757d64	don't wipe out named.run when restarting	2012-12-14 17:39:22 +11:00
Mark Andrews	040dc29236	throw fatal error on realloc failure	2012-12-10 10:16:28 +11:00
Tinderbox User	b8e2e5dd86	update copyright notice	2012-12-08 23:45:51 +00:00
Mark Andrews	ecf5a60f1e	isc_buffer_init -> isc_buffer_constinit	2012-12-09 07:14:27 +11:00
Mark Andrews	fe898ea0ee	DIG -> $DIG	2012-12-08 15:35:01 +11:00
Mark Andrews	e85702ce5b	3438. [bug] Don't accept unknown data escape in quotes. [RT #32031 ] Squashed commit of the following: commit 7ad3daade513c94a1c92ee7c91c112f161d13ef4 Author: Mark Andrews <marka@isc.org> Date: Mon Dec 3 15:03:44 2012 +1100 look at the second token to determine if a TXT record in of unknown format or not commit 7df32138462646f6aee84ffa56d02ac24ec8d672 Author: Mark Andrews <marka@isc.org> Date: Mon Dec 3 12:42:18 2012 +1100 '"\#"' was incorrectly being treated as a unknown data escape sequence.	2012-12-08 14:05:32 +11:00
Mark Andrews	6f7abb89ec	3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialise buffers with constant data. [RT #32064] Squashed commit of the following: commit 3433b96bf11f8c90ccbe412f01d02a6d8bbc2d33 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:41:16 2012 +1100 isc_buffer_init -> isc_buffer_constinit commit c22dbcc1122a0a44f7b46068e0ccbc25353a57d5 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:38:39 2012 +1100 isc_buffer_init -> isc_buffer_constinit commit 900820416c45c1887d0d22d7a010df60a903bd56 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:24:19 2012 +1100 remove isc_buffer_reconstinit commit f815711c17b05f9961786a90b9bae902d3c01494 Author: Mark Andrews <marka@isc.org> Date: Wed Dec 5 15:42:57 2012 +1100 add isc_buffer_constinit	2012-12-08 12:48:57 +11:00
Tinderbox User	aae306e914	update copyright notice	2012-12-07 23:45:48 +00:00
Mark Andrews	a28f8028dc	put declarations at start of block	2012-12-07 23:49:03 +11:00
Tinderbox User	222f5e0697	update copyright notice	2012-12-06 23:45:48 +00:00
Evan Hunt	abff0f462a	[master] pass client info to DLZ findzone method 3434. [bug] Pass client info to the DLZ findzone() entry point in addition to lookup(). This makes it possible for a database to answer differently whether it's authoritative for a name depending on the address of the client. [RT #31775]	2012-12-06 12:59:36 -08:00
Evan Hunt	177be355d4	[master] handle ISC_R_NOMORE correctly 3433. [bug] dlz_findzone() did not correctly handle ISC_R_NOMORE. [RT #31172]	2012-12-06 12:41:58 -08:00
Evan Hunt	2b8bed6681	[master] multiple-dlz/dlz-nxdomain 3432. [func] Multiple DLZ databases can now be configured. DLZ databases are searched in the order configured, unless set to "search no", in which case a zone can be configured to be retrieved from a particular DLZ database by using a "dlz <name>" option in the zone statement. DLZ databases can support type "master" and "redirect" zones. [RT #27597]	2012-12-06 12:39:52 -08:00
Evan Hunt	de5890da9b	[master] support all algorithms in ddns-confgen 3431. [bug] ddns-confgen: Some valid key algorithms were not accepted. [RT #31927]	2012-12-05 16:36:58 -08:00
Mark Andrews	377e7f19ef	silence clang --analyser false positive	2012-12-05 11:43:07 +11:00
Mark Andrews	3ff483ed84	loop 'I:checking expired signatures were updated' test	2012-12-03 09:30:38 +11:00
Mark Andrews	68ba0155ab	silence clang --analyze warning	2012-12-01 09:19:29 +11:00
Mark Andrews	0524248a3b	signed/unsigned comparision	2012-11-30 23:35:34 +11:00
Mark Andrews	4151109b94	silence clang --analyze warnings	2012-11-30 18:50:38 +11:00
Tinderbox User	600cfd566a	update copyright notice	2012-11-29 23:45:50 +00:00
Evan Hunt	706219e547	[master] add timezone to dig 3428. [cleanup] dig: Add timezone to date output. [RT #2269]	2012-11-29 09:07:28 -08:00
Mark Andrews	d2d3c7e02b	use consistent type in sizeof and ultimate type cast	2012-11-30 00:58:59 +11:00
Evan Hunt	2f21adbc6a	[master] fix dig +trace output 3427. [bug] dig +trace incorrectly displayed name server addresses instead of names. [RT #31641]	2012-11-28 19:05:50 -08:00
Tinderbox User	d9eb3dcfa1	update copyright notice	2012-11-28 23:45:44 +00:00
Mark Andrews	bde9e26d13	add -U 4	2012-11-29 08:12:51 +11:00
Evan Hunt	a1dbf90381	[master] remove libgen.h from dnssec tools we no longer use basename() or dirname()	2012-11-27 19:45:51 -08:00
Mark Andrews	53e52b463e	adjust looping threshold from 10 to 15	2012-11-28 12:05:56 +11:00
Evan Hunt	8f9a5ae817	[master] correct checkds test	2012-11-27 15:03:55 -08:00
Evan Hunt	4d077be135	[master] clarify dnssec-checkds output 3426. [bug] dnssec-checkds: Clearer output when records are not found. [RT #31968]	2012-11-27 14:52:36 -08:00
Mark Andrews	b13b452020	3424. [func] dnssec-dsfromkey now emits the hash without spaces. [RT #31951] Squashed commit of the following: commit 7369da0369e1de1fe6c5b5f84df8848b9a0984eb Author: Mark Andrews <marka@isc.org> Date: Fri Nov 23 17:24:04 2012 +1100 dupped/created reversed in log message commit 0cef5faaf3ac22b00ed0f95b6bb7a146cf4cac15 Author: Mark Andrews <marka@isc.org> Date: Fri Nov 23 13:40:14 2012 +1100 remove space from DS hash	2012-11-27 14:22:28 +11:00
Mark Andrews	c22f43b829	limit the number of udp dispatches when testing to 4	2012-11-26 22:11:27 +11:00
Tinderbox User	0a330c717a	regen master	2012-11-26 01:04:39 +00:00
Mark Andrews	b79fc6723b	address dnssec-checkds man page issues	2012-11-26 09:44:26 +11:00
Mark Andrews	8c9d5521e7	3423. [bug] "rndc signing -nsec3param" didn't accept the full range of possible values. Address portability issues. [RT #31938] Squashed commit of the following: commit cdc417909d514903363796085ab3114ef24b7e30 Author: Mark Andrews <marka@isc.org> Date: Thu Nov 22 10:06:01 2012 +1100 address hpux sscanf issues, iterations is a 16 bit field, use %hu rather than %hhd as the values are unsigned	2012-11-22 10:14:41 +11:00
ckb	2786b6c53f	3422. [bug] Added a clear error message for when the SOA does not match the referral. [RT #31281]	2012-11-21 16:44:34 -06:00
Mark Andrews	20b95f5ff6	3421. [bug] Named loops when re-signing if all keys are offline. [RT #31916] Squashed commit of the following: commit f47af0ca6793687b9c8d08fd44b0c091ba5a4f9a Author: Mark Andrews <marka@isc.org> Date: Wed Nov 21 17:45:21 2012 +1100 dns_dns_zonediff_t -> dns_zonediff_t, clarify comment commit 344edefc3ee90856a7ff990abe7971925ba843b2 Author: Mark Andrews <marka@isc.org> Date: Tue Nov 20 13:12:26 2012 +1100 commit the zone changes if a keep was marked as being offline commit cad2c2446ebfc20b6d8c4f6dd0d6596d7106cc0f Author: Mark Andrews <marka@isc.org> Date: Tue Nov 20 13:08:29 2012 +1100 check for looping when re-signing expiring.example	2012-11-21 17:48:57 +11:00
Mark Andrews	8737e0d006	HPUX doesn't support 128 threads	2012-11-18 00:25:39 +11:00
Mark Andrews	c3c30fc43c	force integer output	2012-11-17 23:58:50 +11:00
Mar Andrews	c3b9fad5e3	3420. [bug] Address VPATH compilation issues. [RT #31879 ]	2012-11-17 09:33:46 +00:00
Tinderbox User	38bc0509a7	regen	2012-11-14 23:30:09 +00:00
ckb	aecadaf3b1	3418. [func] New XML schema (version 3.0) for the statistics channel adds query type statistics at the zone level, and flattens the XML tree and uses compressed format to optimize parsing. Includes new XSL that permits charting via the Google Charts API on browsers that support javascript in XSL. The old XML schema has been deprecated. [RT #30023] 3417. [placeholder]	2012-11-14 12:44:15 -06:00
Tinderbox User	bb6f850a5d	update copyright notice	2012-11-13 23:45:44 +00:00
Mark Andrews	55670a1e55	3416. [bug] Named could die on shutdown if running with 128 UDP dispatches per interface. [RT #31743] Squashed commit of the following: commit 1a97c755f8496f65024af0f634c1acf59a0a4252 Author: Mark Andrews <marka@isc.org> Date: Wed Nov 7 07:14:36 2012 +1100 add regression test for RT31743 commit 7b16b5f77fad39478168aac25742823f2fcd825b Author: Mark Andrews <marka@isc.org> Date: Fri Nov 2 23:57:24 2012 +1100 array bounds error when shutting down interface	2012-11-14 07:47:58 +11:00
Mark Andrews	4326ea8b66	use stop.pl to ensure old server is fully shutdown before starting new server	2012-11-08 07:38:13 +11:00
Mark Andrews	30a86ca430	add missing ARPANAME definition	2012-11-06 15:29:01 +11:00
Mark Andrews	4786e693a7	3413. [func] Record the number of DNS64 AAAA RRsets that have been synthesized. [RT #27636] Squashed commit of the following: commit b375c287a3d95ed2eb29977d4347d845f393add7 Author: Evan Hunt <each@isc.org> Date: Wed Oct 24 21:28:04 2012 -0700 [rt27636] add dns64 responses stat counter	2012-11-01 14:23:14 +11:00
Tinderbox User	fcd7c22fdf	update copyright notice	2012-10-31 23:45:49 +00:00
Mark Andrews	bbf31e6b62	More coverity fixes: 3410. [bug] Addressed Coverity warnings. [RT #31626] Squashed commit of the following: commit 6fec07bbb69ead784063052f2099674f8b52c6b3 Author: Mark Andrews <marka@isc.org> Date: Tue Oct 30 18:14:35 2012 +1100 use strl{cat,cpy} commit 19a5d3766f3dbc8a2944b21640a8226a89aae7ba Author: Mark Andrews <marka@isc.org> Date: Tue Oct 30 14:38:55 2012 +1100 address unchecked xmlTextWriter* calls	2012-11-01 10:22:11 +11:00
Mark Andrews	e7d8a61783	More for: 3410. [bug] Addressed Coverity warnings. [RT #31626 Squashed commit of the following: commit d94f5463f508773a7b027230cd81b61cf8c9cfce Author: Mark Andrews <marka@isc.org> Date: Tue Oct 30 11:52:32 2012 +1100 <string.h> -> <isc/string.h> commit d707d6fb739c6e6df90a864141b418a13d3bccc8 Author: Mark Andrews <marka@isc.org> Date: Tue Oct 30 11:48:20 2012 +1100 address coverity warnings	2012-10-30 12:01:39 +11:00
Tinderbox User	0837549bd6	update copyright notice	2012-10-29 23:46:34 +00:00
Mark Andrews	cb761bbd5f	<sys/errno.h> -> <errno.h>	2012-10-30 09:22:57 +11:00
Mark Andrews	f83542787f	3410. [bug] Addressed Coverity warnings. [RT #31626 ] Squashed commit of the following: commit bce2efe66d69d60b746b85df49974ca341723169 Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:59:25 2012 +1100 use 'static dns_rdata_xxxx_t xxxx' commit 704d3c29acbf2dd350a26f2df82a57cb077ba72e Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:35:16 2012 +1100 return ISC_R_NOTFOUND if private record length does not make sense commit 7596610c12c5685336fc0909860173d2fae359af Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:41:17 2012 +1100 check private->length == 5 commit 3836365a3e3e83b057bd940350f032279e080296 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:40:50 2012 +1100 properly set private->length commit a295778ac53109d39ef3a8b233751100edae678b Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:13:30 2012 +1100 check dns_rdata_tostruct result commit e33c37ca9112159e0b2363615bb018d27fa7d1a5 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:10:43 2012 +1100 check remove/fopen/chmod return values commit 3a675e0666aae25d1c51f51ec7bd3fbe25545aae Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:59:10 2012 +1100 check isc_socket_accept result commit 696923344f4b07ce0dba4cf2675b1cbb6eba7e8e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:55:40 2012 +1100 change variable scopes commit b9e9d9ad58270271003e463f10744e0ceaf9ad97 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:53:19 2012 +1100 check inet_pton return value commit 70698e9589da77e3745efb6ea24b8830addd6ae4 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:40 2012 +1100 break -> /* NOTREACHED */ commit 88de9de2e8e201ab2fef16a868f241e8206ea826 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:06 2012 +1100 strcpy -> strlcpy commit 6ba79c7cec0e48014cdfa76e8a9406b7a921556e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:51:26 2012 +1100 check dns_rdata_tostruct return values	2012-10-29 20:04:59 +11:00
Evan Hunt	f46168b879	[master] allow dnssec options in inline-signing slaves 3408. [bug] Some DNSSEC-related options (update-check-ksk, dnssec-loadkeys-interval, dnssec-dnskey-kskonly) are now legal in slave zones as long as inline-signing is in use. [RT #31078]	2012-10-26 16:14:59 -07:00
Evan Hunt	9c659b618f	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2012-10-24 18:03:54 -07:00
Tinderbox User	a3fb84bd1b	update copyright notice	2012-10-24 23:46:51 +00:00
Evan Hunt	4b3d727d96	[master] remove spurious signatures from glue 3404. [bug] dnssec-signzone: When re-signing a zone, remove RRSIG and NSEC records from nodes that used to be in-zone but are now below a zone cut. [RT #31556]	2012-10-24 15:46:59 -07:00
ckb	24d8211904	[rt25085] 3402. [bug] Correct interface numbers for IPv4 and IPv6 interfaces. [RT #25085]	2012-10-24 14:47:29 -05:00
Evan Hunt	47c5b8af92	[master] silence coverity warnings 3401. [bug] Addressed Coverity warnings. [RT #31484]	2012-10-23 22:04:06 -07:00
Evan Hunt	bcf966e614	[rt31494] add gitID to kit.sh generated tarballs	2012-10-22 12:56:47 -07:00
Tinderbox User	c37fbb91e3	update copyright notice	2012-10-18 23:46:07 +00:00
Mark Andrews	de0fd68097	3398. [bug] SOA parameters were not being updated with inline signed zones if the zone was modified while the server was offline. [RT #29272]	2012-10-19 10:25:06 +11:00
ckb	f3f76f009b	3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298 ]	2012-10-18 17:50:07 -05:00
Mark Andrews	0fbd29837a	3396. [bug] OPT records were incorrectly removed from signed, truncated responses. [RT #31439]	2012-10-18 13:25:06 +11:00
Tinderbox User	3d4ce9ea27	update copyright notice	2012-10-16 23:46:15 +00:00
Mark Andrews	1c8f2b6dcd	3395. [protocol] Add RFC 6598 reverse zones to built in empty zones list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA. [RT #31336]	2012-10-16 12:31:28 +11:00
Mark Andrews	415df3c9c0	test for directory existance before calling find	2012-10-16 10:56:42 +11:00
Mark Andrews	7786d6542b	3393. [bug] 'host -C' could core dump if REFUSED was received. [RT #31381]	2012-10-16 10:42:24 +11:00
Mark Andrews	4b17401c9c	add test support for dropping edns messages (-T dropedns); ignoring edns in queries (-T noedns); variable max UDP (-T maxudp=value)	2012-10-16 10:23:08 +11:00
Mark Andrews	71dfdcbfae	3392. [func] Keep statistics on REFUSED responses. [RT #31412 ]	2012-10-16 10:21:22 +11:00
Mark Andrews	1721e1f2a6	Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9	2012-10-07 11:35:56 +11:00
Tinderbox User	15c7a1bf20	update copyright notice	2012-10-06 23:46:11 +00:00
Mark Andrews	20783a3baf	remove empty directories when cleaning	2012-10-06 17:27:38 +10:00
Mark Andrews	dbf693fdfd	3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262 ]	2012-10-06 14:56:33 +10:00
Mark Andrews	611dc88768	3390. [bug] Silence clang compiler warnings. [RT #30417 ]	2012-10-06 14:20:45 +10:00
Tinderbox User	aa444144ad	regen master	2012-10-04 01:05:27 +00:00
Tinderbox User	7ce7ecf6bc	update copyright notice	2012-10-03 23:46:17 +00:00
Evan Hunt	41bbb34bc2	fix coverity issues 3388. [bug] Fixed several Coverity warnings. [RT #30996]	2012-10-02 23:44:03 -07:00
Mark Andrews	ecd851b832	add dsdigest	2012-10-03 14:04:48 +10:00
Mark Andrews	22a711df5e	add bin/tests/system/dsdigest/prereq.sh.in	2012-10-03 13:59:50 +10:00
Mark Andrews	058e44186b	3387. [func] Support for a DS digest can be disabled at runtime with disable-ds-digests. [RT #21581]	2012-10-03 12:38:43 +10:00
Tinderbox User	8e3eb3600a	update copyright notice	2012-10-02 23:46:09 +00:00
Mark Andrews	aa49af836c	3385. [bug] named-checkconf didn't detect missing master lists in also-notify clauses. [RT #30810]	2012-10-02 13:06:02 +10:00
Tinderbox User	adb113e235	update copyright notice	2012-09-29 23:46:01 +00:00
Mark Andrews	cc0a2f0283	Add undocumented '-T delay=value' to allow for simulation of remote servers	2012-09-29 13:07:09 +10:00
Evan Hunt	c872f39a00	fixed an exploitable hang bug 3383. [security] A certain combinations of records in the RBT could cause named to hang while populating the additional section of a response. [RT #31090]	2012-09-26 17:09:43 -07:00
Mark Andrews	fec1c61918	3380. [bug] named could die if a non-existant master list was referenced in a also-notify. [RT #31004]	2012-09-26 15:28:46 +10:00
Evan Hunt	05284949f7	handle nonexistent managed-keys-directory 3378. [bug] Handle missing 'managed-keys-directory' better. [RT #30625]	2012-09-25 18:19:17 -07:00
Mark Andrews	2d68e392f3	copyright style	2012-09-20 10:42:24 +10:00
Mark Andrews	953414e971	make tests less timing sensitive by spining	2012-09-18 14:49:58 +10:00
Mark Andrews	5f26ffc2b4	3375. [bug] 'rndc dumpdb' failed on empty caches. [RT #30808 ]	2012-09-14 07:53:19 +10:00
Tinderbox User	14725aff16	update copyright notice	2012-09-12 23:46:13 +00:00
Mark Andrews	82f37b2665	use binary mode for raw/fast	2012-09-12 17:24:45 +10:00
Mark Andrews	59fdf31195	turn binary mode on for raw/fast	2012-09-12 15:28:20 +10:00
Mark Andrews	4118cd4276	3371. [bug] AD=1 should behave like DO=1 when deciding whether to add NS RRsets to the additional section or not. [RT #30479]	2012-08-31 11:20:38 +10:00
Mark Andrews	d0522678a1	don't call out to the internet when running test	2012-08-30 13:53:41 +10:00
Tinderbox User	9b20c5d7ff	regen master	2012-08-24 01:06:01 +00:00
Mark Andrews	26dde51a93	silence warning	2012-08-24 10:42:44 +10:00
Mark Andrews	69eee72e82	unsigned constant	2012-08-24 10:36:29 +10:00
Mark Andrews	f94f6b3c59	unsigned constants	2012-08-24 07:33:32 +10:00
Mark Andrews	8e0a15f42f	3370. [bug] Address use after free while shutting down. [RT #30241 ]	2012-08-22 19:19:30 +10:00
Mark Andrews	d1f43359e4	3379. [bug] nsupdate terminated unexpectedly in interactive mode if built with readline support. [RT #29550]	2012-08-22 13:38:51 +10:00
Tinderbox User	0c156cfa39	update copyright notice	2012-08-17 23:46:06 +00:00
Mark Andrews	076bda8c2e	we didn't catch a zero option at the global level when views are active	2012-08-17 13:40:17 +10:00
Mark Andrews	cfb5aa26dc	silence "t_names.c:130:7: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage"	2012-08-17 07:23:06 +10:00
Tinderbox User	36a3d08a72	update copyright notice	2012-08-15 23:46:02 +00:00
Evan Hunt	85705b4b5a	allow "forward" and "forwarders" in static-stub 3363. [bug] Need to allow "forward" and "fowarders" options in static-stub zones; this had been overlooked. [RT #30482]	2012-08-15 13:08:15 -07:00
Tinderbox User	23554e8479	update copyright notice	2012-08-14 23:46:02 +00:00
Evan Hunt	820fdd61dd	properly range-check fields that do not allow 0 3362. [bug] Setting some option values to 0 in named.conf could trigger an assertion failure on startup. [RT #27730]	2012-08-13 22:39:42 -07:00
Evan Hunt	8f6d6d72e8	support '-' salt in rndc signing -nsec3param 3361. [bug] "rndc signing -nsec3param" didn't work correctly when salt was set to '-' (no salt). [RT #30099]	2012-08-13 22:24:36 -07:00
Evan Hunt	3f755529ee	address memory leak with bad tsig secret 3359. [bug] An improperly-formed TSIG secret could cause a memory leak. [RT #30607]	2012-08-10 20:15:59 -07:00
Tinderbox User	953692fa1e	update copyright notice	2012-07-25 23:46:04 +00:00
ckb	e7857b5ee0	3356. [bug] Cap the TTL of signed RRsets when RRSIGs are approaching their expiry, so they don't remain in caches after expiry. [RT #26429]	2012-07-25 17:06:34 -05:00
Mark Andrews	3ce2018dfa	3355. [port] Use more portable awk in verify system test.	2012-07-25 12:59:45 +10:00
Tinderbox User	0b637179cc	update copyright notice	2012-07-23 23:46:06 +00:00
Mark Andrews	6eb6af6732	3354. [func] Improve OpenSSL error logging. [RT #29932 ]	2012-07-23 15:08:21 +10:00
Mark Andrews	c965b18690	3353. [bug] Use a single task for task exclusive operations. [RT #29872]	2012-07-19 23:00:21 +10:00
Mark Andrews	16de4bca76	add verify system test	2012-07-19 13:11:42 +10:00
Vernon Schryver	929621dd7d	undo rogue merge on bin/tests/.gitignore add bin/named/include/.gitignore so that `git add` and other commands will not whine about changes in the bin/named/include/named directory	2012-07-09 19:16:11 +00:00
Evan Hunt	b123be9195	fix copyrights in checkds test	2012-07-06 14:24:24 -07:00
ckb	14d4dd1053	added cleanup of test files	2012-07-06 10:00:45 -05:00
Tinderbox User	291a670d12	update copyright notice	2012-07-05 23:45:48 +00:00
ckb	c514f38c80	Conflicts: lib/dns/dst_parse.c lib/isc/win32/file.c	2012-07-05 16:07:31 -05:00
Tinderbox User	a3128c1995	update copyright notice	2012-06-29 23:45:57 +00:00
Mark Andrews	ef013897a9	create implict rule for python executable and use it to create dnssec-checkds	2012-06-29 16:53:12 +10:00
Tinderbox User	54f04323c0	update copyright notice	2012-06-29 01:49:43 +00:00
Mark Andrews	bf8267aa45	reverse bad copyright update	2012-06-29 11:39:47 +10:00
Tinderbox User	247bf37860	update copyright notice	2012-06-29 01:22:18 +00:00
Mark Andrews	66dddd906a	make the checkds system test dependent on the result of python discovery	2012-06-28 23:08:07 +10:00
Mark Andrews	1cefb9df3f	3344. [func] New "dnssec-checkds" command checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099]	2012-06-28 17:06:00 +10:00
Tinderbox User	da5d53fb14	update copyright notice	2012-06-26 23:45:56 +00:00
Mark Andrews	c41c261fc7	3342. [bug] Change #3314 broke saving of stub zones to disk resulting in excessive cpu usage in some cases. [RT #29952]	2012-06-27 09:21:09 +10:00
Mark Andrews	ad127d839d	3341. [func] New "dnssec-verify" command checks a signed zone to ensure correctness of signatures and of NSEC/NSEC3 chains. [RT #23673]	2012-06-25 13:57:32 +10:00
Tinderbox User	dba3c818ae	regen master	2012-06-23 01:04:31 +00:00
Tinderbox User	3b398443f0	update copyright notice	2012-06-21 23:46:36 +00:00
Evan Hunt	6844e3f010	Add documentation for 'fast' format	2012-06-21 15:39:56 -07:00
Mark Andrews	7da86f0027	supply NULL data_printer	2012-06-21 18:40:40 +10:00
Evan Hunt	6686505e3a	fix secondkey test, properly	2012-06-20 22:44:06 -07:00
Evan Hunt	8566c18b02	fixed second-key test to use correct rndc.conf	2012-06-20 15:07:24 -07:00
ckb	5f5f8b1dd4	removed .cvsignore files	2012-06-20 14:23:12 -05:00
ckb	7829fad409	merging fast format zone files Conflicts: .gitignore bin/named/zoneconf.c bin/tests/.gitignore bin/tests/system/autosign/tests.sh bin/tests/system/masterformat/clean.sh bin/tests/system/masterformat/ns1/compile.sh bin/tests/system/masterformat/tests.sh configure lib/dns/db.c lib/dns/include/dns/db.h lib/dns/include/dns/types.h lib/dns/master.c lib/dns/masterdump.c lib/dns/rbt.c lib/dns/rbtdb.c lib/dns/sdb.c lib/dns/sdlz.c lib/dns/tests/.cvsignore lib/dns/tests/Makefile.in lib/dns/win32/libdns.def lib/dns/xfrin.c lib/dns/zone.c lib/export/dns/Makefile.in lib/isc/include/isc/file.h lib/isc/unix/file.c lib/isc/win32/file.c lib/isccfg/namedconf.c	2012-06-20 14:13:12 -05:00
Tinderbox User	ef1963d83d	update copyright notice	2012-06-15 23:45:49 +00:00
Mark Andrews	6190ede04a	use a pre-computed key if the OpenSSL version doesn't support generating rsa keys with exponents > 32 bits	2012-06-15 10:41:31 +10:00
Mark Andrews	df6a295e43	temporarially pull rsabigexponent	2012-06-15 09:55:50 +10:00
Tinderbox User	fd5b3eb81a	update copyright notice	2012-06-14 23:45:57 +00:00
Mark Andrews	7865ea9545	3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228 ]	2012-06-14 15:44:20 +10:00
Mark Andrews	c298583db5	3337. [bug] Change #3294 broke support for the multiple keys in controls. [RT #29694]	2012-06-13 16:25:42 +10:00
Tinderbox User	8ce1923429	update copyright notice	2012-06-08 23:45:57 +00:00
Mark Andrews	80fa3ef851	3336. [func] Maintain statistics for RRsets tagged as "stale". [RT #29514]	2012-06-08 16:32:44 +10:00
Evan Hunt	04e5f9812c	nslookup exit with error if unsuccessful 3335. [func] nslookup: return a nonzero exit code when unable to get an answer. [RT #29492]	2012-06-07 22:03:47 -07:00
Mark Andrews	7310c0b1ee	3333. [bug] Setting resolver-query-timeout too low can cause named to not recover if it looses connectivity. [RT #29623]	2012-06-08 12:34:33 +10:00
Mark Andrews	1ff22ac042	Don't restart ns5 after killing it	2012-06-07 14:37:58 +10:00
Mark Andrews	ba16ade5f8	kill and restart the nameserver after running: perf 'without rpz' norpz	2012-06-04 16:25:25 +10:00
Tinderbox User	0ecbe41b6b	update copyright notice	2012-06-01 23:46:03 +00:00
Evan Hunt	3787f2ec8a	fix solaris portability problem	2012-06-01 11:40:52 -07:00
Evan Hunt	a2cd182a83	add a test for non-inline slaves	2012-06-01 08:29:06 -07:00
Mark Andrews	735ca24fa6	3321. [security] dns_rdataslab_fromrdataset could produce bad rdataslabs. [RT #29644]	2012-06-01 23:33:16 +10:00
Tinderbox User	7a440c4300	update copyright notice	2012-05-31 23:46:01 +00:00
Vernon Schryver	afaa290bb6	Squashed commit of the following: commit aea73609ac5d41ed091360e94370798965f28f05 commit eef7f44c57a060b24a426eb8888e16176a0a69b1 commit a88a26d864ad399fa2d40e3b9659b4d26f454ca1 commit 1b90d59568e7e3b65690c6bd075cf4d60b03e454 Merge: 74d8f73 `cd02924` commit 74d8f73ed553bb64a305e284905762f7ff0029aa commit 9a59ef6bbd4befe91e5691e8b85afe1cb7ab0706 commit c63606a53b4f1bb7066b37d3cfe588e9dc21a119 commit 2c392a840c8838455d144ce163bd873bee400c97 commit 0241f53563e6e7bed462a883d98a8931f01e0980 commit 79fe22b5d6f04bdaa3073cf54d41952194e879e1 commit 351b3049625f2edd39729dd85413e961b97d4b3b commit 7207674fc77c9a10d84c0cb94e36d1c09bb31459 commit 543ad34cf08f901c20b438c9d2f45482cff13d5e commit fc45b99ce4438627fdcbeb4365695ba0065fa46f commit c425207f57e0a5157372aa7edbb79b13170563e5 commit ef8c5e23ca284e0ea02f69ce1f356d537c19d93b commit ba0d4e3aa51efe412cfa1d031651f949442d1802 commit 41c7969c7cb6884b93011f7ace3fd9522efc021e and more from CVS for rt26172 Add - optional "recursive-only yes\|no" to the response-policy statement - optional max-policy-ttl to limit the lies that "recursive-only no" can introduce into resolvers' caches - test that queries with RD=0 are not rewritten by default - performance smoke test Change encoding of PASSTHRU action to "rpz-passthru". (The old encoding is still accepted.) Fix rt26180 assert botch in zone_findrdataset() in this branch as well. Fix missing signatures on NOERROR results despite RPZ hits when there are signatures and the client asks for DNSSEC,	2012-05-31 02:03:34 +00:00
Mark Andrews	dc475b88f9	use correct buffer for reporting expire time in 'rndc zonestatus'	2012-05-22 14:41:52 +10:00
Tinderbox User	e5d117e83f	update copyright notice	2012-05-21 23:45:46 +00:00
Mark Andrews	9caed807dc	redirect stderr to /dev/null	2012-05-21 16:02:46 +10:00
Mark Andrews	1b786cf46f	check for Net::DNS	2012-05-21 10:33:05 +10:00
Mark Andrews	9b6e76e5e7	awk and toupper is not portable, use sed instead	2012-05-21 10:13:08 +10:00
Tinderbox User	a847a4bcd6	update copyright notice	2012-05-17 23:46:03 +00:00
Evan Hunt	a40c338eaf	add ecdsa to system tests	2012-05-17 16:11:13 -07:00
Evan Hunt	26833735d3	Handle RRSIG signer case consistently 3329. [bug] Handle RRSIG signer-name case consistently: We generate RRSIG records with the signer-name in lower case. We accept them with any case, but if they fail to validate, we try again in lower case. [RT #27451]	2012-05-17 10:44:16 -07:00
Tinderbox User	701f6f02a2	regen	2012-05-15 23:30:20 +00:00
Tinderbox User	633c5dc507	update copyright notice	2012-05-14 23:45:48 +00:00
Evan Hunt	d878b8d87c	merged filter-aaaa-on-v6 (ATT SoW) 3327. [func] Added 'filter-aaaa-on-v6' option; this is similar to 'filter-aaaa-on-v4' but applies to IPv6 connections. (Use "configure --enable-filter-aaaa" to enable this option.) [RT #27308]	2012-05-14 11:50:00 -07:00
Evan Hunt	bc626b81d7	Merge branch 'master' of ssh://repo/proj/git/prod/bind9	2012-05-14 10:07:34 -07:00
Evan Hunt	dd2a0a6d2d	Merge statistics code (ATT SoW, rt24117) This includes the following changes: 3326. [func] Added task list statistics: task model, worker threads, quantum, tasks running, tasks ready. [RT #27678] 3325. [func] Report cache statistics: memory use, number of nodes, number of hash buckets, hit and miss counts. [RT #27056] 3324. [test] Add better tests for ADB stats [RT #27057] 3323. [func] Report the number of buckets the resolver is using. [RT #27020] 3322. [func] Monitor the number of active TCP and UDP dispatches. [RT #27055] 3321. [func] Monitor the number of recursive fetches and the number of open sockets, and report these values in the statistics channel. [RT #27054] 3320. [func] Added support for monitoring of recursing client count. [RT #27009] 3319. [func] Added support for monitoring of ADB entry count and hash size. [RT #27057]	2012-05-14 10:06:05 -07:00
Francis Dupont	6a2ebd69b5	fix key name variable in autosign	2012-05-12 07:54:45 +02:00
Tinderbox User	cd791043c8	regen master	2012-05-03 01:04:16 +00:00
Tinderbox User	99d8f5a704	update copyright notice	2012-05-02 23:45:44 +00:00
Mark Andrews	aaaf8d4f48	3317. [func] Add ECDSA support (RFC 6605). [RT #21918 ]	2012-05-02 23:20:17 +10:00
Tinderbox User	ee980d3fc4	update copyright notice	2012-04-28 23:45:42 +00:00
Evan Hunt	4e8fe357a6	create and use multiple fetch dispatches Added API to create a set of UDP dispatches which can be shared round-robin style when making upstream queries for authoritative data; this should reduce lock contention in the query source dispatch.	2012-04-27 16:11:30 -07:00
Tinderbox User	aa64e902a0	update copyright notice	2012-04-26 23:45:49 +00:00
Mark Andrews	393fd55d91	3313. [protocol] Add TLSA record type. [RT #28989 ]	2012-04-26 12:22:49 +10:00
Mark Andrews	7e9d6c7075	3312. [bug] named-checkconf didn't detect a bad dns64 clients acl. [RT #27631]	2012-04-26 11:42:39 +10:00
Evan Hunt	8c2a1d6b0b	fix .gitignore files	2012-04-23 08:17:26 -07:00
Tinderbox User	3fb95bfcb2	update copyright notice	2012-04-11 23:45:52 +00:00
Mark Andrews	75582adac7	3306. [bug] Improve DNS64 reverse zone performance. [RT #28563 ] 3305. [func] Add wire format lookup method to sdb. [RT #28563]	2012-04-11 12:17:57 +10:00
Mark Andrews	bf6651e27d	3303. [bug] named could die when reloading. [RT #28606 ]	2012-04-05 15:48:43 +10:00
Mark Andrews	85fcd0b9b2	3299. [bug] Make SDB handle errors from database drivers better. [RT #28534]	2012-03-28 10:21:13 +11:00
Mark Andrews	d8e73b1c76	3296. [bug] Named could die with a INSIST failure in client.c:exit_check. [RT #28346]	2012-03-15 11:33:43 +11:00
Tinderbox User	c922066e77	update copyright notice	2012-03-14 23:45:43 +00:00
Mark Andrews	021ea88ee5	ignore more test artifacts	2012-03-14 16:03:42 +11:00
Mark Andrews	25291eb87a	additional cleanup	2012-03-14 16:02:52 +11:00
Mark Andrews	dea3eb8eac	properly redirect stderr to stdout	2012-03-14 16:02:15 +11:00
Tinderbox User	5082a49b9c	regen master	2012-03-12 01:04:10 +00:00
Tinderbox User	5fa46bc916	update copyright notice	2012-03-10 23:45:53 +00:00
Tinderbox User	b0c3e518e4	regen	2012-03-09 23:30:35 +00:00
Mark Andrews	39bd69da32	empty directory	2012-03-10 08:45:46 +11:00
Mark Andrews	962bf88eec	3294. [bug] isccc/cc.c:table_fromwire failed to free alist on error. [RT #28265]	2012-03-08 14:28:26 +11:00
Evan Hunt	207845805e	set $Id$	2012-03-07 08:18:20 -08:00
Mark Andrews	74777c4523	non specific $Id$	2012-03-07 13:10:50 +11:00
Tinderbox User	ea94d37012	regen master	2012-03-07 01:41:11 +00:00
Tinderbox User	9a63fb8455	fix docbook error	2012-03-07 00:07:24 +00:00
Evan Hunt	2d7f41d66c	Revert "Re-created rt27597a for ongoing DLZ work" This reverts commit `d731ee9121`.	2012-03-05 15:42:52 -08:00
Evan Hunt	d731ee9121	Re-created rt27597a for ongoing DLZ work	2012-03-05 14:45:30 -08:00
Evan Hunt	632c0f1e91	Revert accidental merge of unfinished DLZ work	2012-03-05 14:44:21 -08:00
Mark Andrews	e214e8728a	Merge branches 'rt28261' and 'rt27597' of repo.isc.org:/proj/git/prod/bind9	2012-03-06 00:16:04 +11:00
Evan Hunt	2dc2a6b6e9	grammar fixes	2012-03-04 22:19:12 -08:00
Mark Andrews	f5b7359c57	Allow nsupdate to report which types it knows the internal structure to.	2012-03-05 11:38:07 +11:00
Evan Hunt	e41d5a00bc	added gitignore, removed cvsignore	2012-03-03 23:10:05 -08:00
Evan Hunt	43cf20e3e4	created	2012-03-03 22:47:40 -08:00
Evan Hunt	954501715d	checkpoint: multiple-DLZ functionality - multiple DLZ's can be specified, including multiple DLZ's using the same driver; e.g., two different back-ends both loaded by the dlopen driver - new "search" option can be specified in a DLZ indicating whether this DLZ database should be searched for unknown zones. The default is "yes". If "no", then the zone can only be found by named if it's registered in the zone table, which happens if the zone is configured for dynamic updates, or if "dlz <dlzname>" is specified in the zone statement. (The latter functionality is incomplete in this commit).	2012-03-03 22:43:38 -08:00
Automatic Updater	3484552b1b	update copyright notice	2012-02-23 07:09:29 +00:00
Mark Andrews	1864400107	3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036 ]	2012-02-23 06:53:15 +00:00
Automatic Updater	6c6ccd6b33	update copyright notice	2012-02-22 23:47:35 +00:00
Evan Hunt	261543671b	3288. [bug] dlz_destroy() function wasn't correctly registered by the DLZ dlopen driver. [RT #28056]	2012-02-22 21:45:20 +00:00
Mark Andrews	490b05960c	3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028 ]	2012-02-22 14:22:54 +00:00
Evan Hunt	89069e6b3a	3286. [bug] Managed key maintenance timer could fail to start after 'rndc reconfig'. [RT #26786]	2012-02-22 00:37:54 +00:00
Mark Andrews	5e501f3a87	Loop 'I:checking that large rdatasets loaded' in case the zone transfer has not yet completed	2012-02-15 00:50:59 +00:00
Automatic Updater	d03bc586b9	update copyright notice	2012-02-14 23:47:15 +00:00
Mark Andrews	4c34112a69	3283. [bug] Raw zones with with more than 512 records in a RRset failed to load. [RT #27863]	2012-02-13 23:46:24 +00:00
Automatic Updater	09b46c3945	update copyright notice	2012-02-09 23:47:18 +00:00
Mark Andrews	77eca24a29	move keygeneration out of the timing critical section	2012-02-09 21:10:45 +00:00
Mark Andrews	fb604d1cee	3282. [bug] Restrict the TTL of NS RRset to no more than that of the old NS RRset when replacing it. [RT #27792]	2012-02-09 20:54:46 +00:00
Automatic Updater	da5a7b29e9	update copyright notice	2012-02-07 23:47:24 +00:00
Mark Andrews	81274f4b08	3280. [bug] Potential double free of a rdataset on out of memory with DNS64. [RT #27762]	2012-02-07 01:07:47 +00:00
Evan Hunt	f4bd753e0b	fixed a test error that caused autosign to fail on freebsd	2012-02-07 00:33:19 +00:00
Mark Andrews	9181e8a056	rt27739: make ixfr test more robust	2012-02-07 00:19:45 +00:00
Automatic Updater	2f4561bc9c	update copyright notice	2012-02-06 23:46:49 +00:00
Mark Andrews	f91db44ab9	verify server is answering before starting next server	2012-02-06 23:20:38 +00:00
Evan Hunt	99f6179191	3277. [bug] Make sure automatic key maintenance is started when "auto-dnssec maintain" is turned on during "rndc reconfig". [RT #26805]	2012-02-06 21:33:50 +00:00
Mark Andrews	77cb7130e7	3276. [bug] win32: isc_socket_dup is not implemented. [RT #27696 ] 3276. [bug] win32: ns_os_openfile failed to return NULL on safe_open failure. [RT #27696]	2012-02-06 04:19:33 +00:00
Automatic Updater	bb2d9d7aec	update copyright notice	2012-02-03 23:46:58 +00:00
Evan Hunt	adfc3ad3ce	3275. [bug] Corrected rndc -h output; the 'rndc sync -clean' option had been missplled as '-clear'. (To avoid future confusion, both options now work.) [RT #27173]	2012-02-03 22:27:17 +00:00
Mark Andrews	ca92b02363	I:waiting for nameserver to load, ok'd by Evan	2012-02-03 04:44:17 +00:00
Automatic Updater	c2f843fc2b	update copyright notice	2012-02-02 23:47:33 +00:00
Mark Andrews	92a83eeb2d	portable code, ok'd bu Evan	2012-02-02 03:47:39 +00:00
Mark Andrews	912920eace	leave a better forensics trail on failure, ok'd by Evan	2012-02-02 03:26:55 +00:00
Mark Andrews	53d4f17eac	spin waiting for load/transfer to complete, ok'd by Evan	2012-02-02 03:08:02 +00:00
Automatic Updater	fe910f9d17	update copyright notice	2012-02-01 23:46:51 +00:00
Mark Andrews	23370a7eb2	more robust I:waiting for transfers to complete	2012-02-01 22:07:23 +00:00
Mark Andrews	1769b07530	fix memory overun in dns_zone_getincludes, allocated array too small (zero). fix possible memory overrun in dns_zone_getincludes fix inconsistent mxtc use in ns_server_zonestatus fix missing out of memory errors checks in zone_registerinclude fix possible use after free issues zone_registerinclude/ns_server_zonestatus	2012-02-01 21:28:39 +00:00
Automatic Updater	41f1164438	update copyright notice	2012-01-31 23:47:33 +00:00
Evan Hunt	93143fd81a	3273. [bug] AAAA responses could be returned in the additional section even when filter-aaaa-on-v4 was in use. [RT #27292]	2012-01-31 06:58:39 +00:00
Evan Hunt	2855e27723	3271. [func] New "rndc zonestatus" command prints information about the specified zone. [RT #21671]	2012-01-31 03:35:41 +00:00
Evan Hunt	c54dadd853	3270. [bug] "rndc reload" didn't reuse existing zones correctly when inline-signing was in use. [RT #27650]	2012-01-31 01:13:10 +00:00
Mark Andrews	18d208a4a2	3265. [bug] Address lock order reversal with inline-signing support. [27557]	2012-01-25 02:46:53 +00:00
Automatic Updater	4a8adb51da	update copyright notice	2012-01-23 23:46:48 +00:00
Mark Andrews	3f7ad9656c	test for Net::DNS	2012-01-23 11:58:12 +00:00
Mark Andrews	59162a5b5c	silence 'Assigned value is always the same as the existing value' warnings	2012-01-21 22:51:27 +00:00
Evan Hunt	a252f66d36	update authors.bind	2012-01-21 19:44:18 +00:00
Mark Andrews	bfe720adb5	reverse accidental commit	2012-01-17 08:26:03 +00:00
Automatic Updater	0d1cf4f5bc	update copyright notice	2012-01-16 23:46:46 +00:00
Evan Hunt	edc7636fbe	remove Makefile diff from patch files	2012-01-16 18:59:39 +00:00
Evan Hunt	6d6b836417	- add openssl-1.0.0f-patch - update openssl-0.9.8s-patch to francis's version	2012-01-16 18:57:12 +00:00
Mark Andrews	00164c8db2	fetches in progress/buckets	2012-01-16 08:35:09 +00:00
Evan Hunt	a06e0a14cc	use test -f; solaris doesn't support test -e	2012-01-12 00:37:18 +00:00
Evan Hunt	1ca47afdb2	rebase pkcs11 patch to openssl 0.9.8s	2012-01-11 23:43:45 +00:00
Curtis Blackburn	736cbba952	added myself to the list of authors.	2012-01-11 18:27:45 +00:00
Automatic Updater	edb4393ef5	update copyright notice	2012-01-10 23:46:58 +00:00
Evan Hunt	9a02019889	3264. [bug] Automatic regeneration of signatures in an inline-signing zone could stall when the server was restarted. [RT #27344] 3263. [bug] "rndc sync" did not affect the unsigned side of an inline-signing zone. [RT #27337]	2012-01-10 18:13:37 +00:00
Scott Mann	896b39febc	added scott mann to author list	2012-01-09 23:45:04 +00:00
Automatic Updater	1b428fd3a7	update copyright notice	2012-01-07 23:46:53 +00:00
Evan Hunt	c19cfefe7e	3262. [bug] Signed responses were handled incorrectly by RPZ. [RT #27316]	2012-01-07 00:19:59 +00:00
Automatic Updater	53c234d9d3	update copyright notice	2012-01-06 23:46:42 +00:00
Evan Hunt	19c4187e35	3261. [func] RRset ordering now defaults to random. [RT #27174 ]	2012-01-06 19:00:13 +00:00
Automatic Updater	f76bddd50b	update copyright notice	2012-01-04 23:46:49 +00:00
Evan Hunt	56c9fcf075	3260. [bug] "rrset-order cyclic" could appear not to rotate for some query patterns. [RT #27170/27185]	2012-01-04 03:06:51 +00:00
Automatic Updater	045e92d425	update copyright notice	2011-12-23 23:47:13 +00:00
Mark Andrews	7caaa75cbf	--enable-fixed-rrset uses reversed order for cyclic	2011-12-23 01:06:42 +00:00
Mark Andrews	6643b0dd91	3260. [bug] "rrset-order cyclic" could appears to not rotate for some query patterns. [RT #27170]	2011-12-23 00:38:23 +00:00
Automatic Updater	97e74139b1	regen HEAD	2011-12-22 18:10:11 +00:00
Evan Hunt	15218d6ed0	3259. [bug] named-compilezone: Suppress "dump zone to <file>" message when writing to stdout. [RT #27109]	2011-12-22 17:29:22 +00:00
Mark Andrews	53e7766f7d	remove logit	2011-12-22 12:58:13 +00:00
Mark Andrews	eacd6ec4e4	use binmode	2011-12-22 12:01:43 +00:00
Mark Andrews	9892bae7b7	forcing full sign with unreadable keys	2011-12-22 11:57:30 +00:00
Mark Andrews	354cb3ea67	use binmode	2011-12-22 11:56:07 +00:00
Mark Andrews	83878aaa47	3256. [bug] Disable empty zones for lwresd -C. [RT #27139 ] 3255. [func] No longer require that a empty zones be explicitly enabled or that a empty zone is disabled for RFC 1918 empty zones to be configured. [RT #27139]	2011-12-22 08:22:18 +00:00
Mark Andrews	328e0fee6b	3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels. [RT #22249]	2011-12-22 08:07:48 +00:00
Evan Hunt	f30785f506	3252. [bug] When master zones using inline-signing were updated while the server was offline, the source zone could fall out of sync with the signed copy. They can now resynchronize. [RT #26676]	2011-12-22 07:32:41 +00:00
Mark Andrews	281a31ad37	+/- 500ms was too small a fudge factor (-582ms seen in testing), raise to +/- 1000ms	2011-12-22 02:15:24 +00:00
Mark Andrews	67dc2f0536	3249. [bug] Update log message when saving slave zones files for analysis after load failures. [RT #27087] 3248. [bug] Configure options --enable-fixed-rrset and --enable-exportlib were incompatible with each other. [RT #27087] 3247. [bug] 'raw' format zones failed to preserve load order breaking 'fixed' sort order. [RT #27087] 3246. [bug] Named failed to start with a empty also-notify list. [RT #27087]	2011-12-20 00:06:54 +00:00
Mark Andrews	b290d10fc4	3245. [bug] Don't report a error unchanged serials unless there were other changes when thawing a zone with ixfr-fromdifferences. [RT #26845]	2011-12-19 23:46:13 +00:00
Mark Andrews	d884e8ee4d	set status to 1 on R:FAIL	2011-12-19 23:08:50 +00:00
Automatic Updater	ce8ac1bc98	regen HEAD	2011-12-17 01:14:51 +00:00
Automatic Updater	a9f68291c8	update copyright notice	2011-12-16 23:46:20 +00:00
Evan Hunt	1d32b1df37	3244. [func] Added readline support to nslookup and nsupdate. Also simplified nsupdate syntax to make "update" and "prereq" optional. [RT #24659]	2011-12-16 23:01:17 +00:00
Automatic Updater	b98da83857	regen HEAD	2011-12-16 01:15:05 +00:00
Mark Andrews	ea55a4e469	-l	2011-12-16 00:10:05 +00:00
Mark Andrews	91013b0e19	join line for old awk	2011-12-12 12:08:09 +00:00
Mark Andrews	6c1a778723	chech that the final time is within 10 seconds but no greater than the expected interval	2011-12-12 06:51:12 +00:00
Automatic Updater	72938578c9	regen HEAD	2011-12-10 01:14:53 +00:00
Automatic Updater	339d2a4d4b	update copyright notice	2011-12-09 23:47:05 +00:00
Mark Andrews	e238ebd9b3	Backout accident commit to head	2011-12-09 22:09:26 +00:00
Mark Andrews	5ccf5eac0f	ixfr-from-differences backup file	2011-12-09 13:32:42 +00:00
Mark Andrews	25e771f87e	fix typo	2011-12-09 01:52:14 +00:00
Mark Andrews	b11fd36119	move declaration to start of block	2011-12-08 23:45:02 +00:00
Evan Hunt	b4d8192d21	3241. [func] Extended the header of raw-format master files to include the serial number of the zone from which they were generated, if different (as in the case of inline-signing zones). This is to be used in inline-signing zones, to track changes between the unsigned and signed versions of the zone, which may have different serial numbers. (Note: raw zonefiles generated by this version of BIND are no longer compatble with prior versions. To generate a backward-compatible raw zonefile using dnssec-signzone or named-compilezone, specify output format "raw=0" instead of simply "raw".) [RT #26587]	2011-12-08 16:07:22 +00:00
Evan Hunt	28c2bc2026	3237. [bug] dig -6 didn't work with +trace. [RT #26906 ]	2011-12-07 17:23:28 +00:00
Evan Hunt	4122abdc3c	Back out changes #3182 and #3202	2011-12-05 17:10:51 +00:00
Mark Andrews	f5f868ca4f	loop waiting for the zone to transfer	2011-12-02 04:14:33 +00:00
Mark Andrews	56dc4c6730	3233. [bug] 'rndc freeze/thaw' didn't work for inline zones. [RT #26632]	2011-12-02 02:44:01 +00:00
Automatic Updater	55313f60d8	update copyright notice	2011-12-01 23:46:51 +00:00
Mark Andrews	553197e288	3231. [bug] named could fail to send a uncompressable zone. [RT #26796] 3230. [bug[ 'dig axfr' failed to properly handle a multi-message axfr with a serial of 0. [RT #26796]	2011-12-01 00:53:58 +00:00
Mark Andrews	411d2914ad	3226. [bug] Address minor resource leakages. [RT #26624 ]	2011-11-30 00:48:51 +00:00
Mark Andrews	9bd876a683	3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684 ]	2011-11-29 00:49:26 +00:00
Mark Andrews	374b677c50	make grep more precise	2011-11-27 12:04:27 +00:00
Evan Hunt	75c622f53b	add regression test for rbtdb.c version-mismatch issue	2011-11-18 19:32:13 +00:00
Evan Hunt	7c6a1a11fa	3218. [security] Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [RT #26590]	2011-11-16 09:44:32 +00:00
Evan Hunt	6fb6f8a226	3217. [cleanup] Fix build problem with --disable-static. [RT #26476 ]	2011-11-16 00:42:07 +00:00
Automatic Updater	2a1d6afad5	regen HEAD	2011-11-10 01:16:02 +00:00
Automatic Updater	2fd58cb8f1	update copyright notice	2011-11-09 23:46:23 +00:00
Evan Hunt	77d048b03e	3215. [bug] 'rndc recursing' could cause a core dump. [RT #26495 ]	2011-11-09 22:05:09 +00:00
Evan Hunt	5d23a6ac83	3214. [func] Add 'named -U' option to set the number of UDP listener threads per interface. [RT #26485]	2011-11-09 18:44:04 +00:00
Automatic Updater	2628293c6e	regen HEAD	2011-11-08 01:14:50 +00:00
Automatic Updater	0237221b8a	update copyright notice	2011-11-07 23:46:50 +00:00
Evan Hunt	d9eebc0849	3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full" option prints in single-line-per-record format. [RT #20287]	2011-11-07 23:16:31 +00:00
Evan Hunt	83c0ef8815	3210. [bug] Canceling the oldest query due to recursive-client overload could trigger an assertion failure. [RT #26463]	2011-11-07 23:03:09 +00:00
Automatic Updater	36da16fa31	regen HEAD	2011-11-07 01:15:05 +00:00
Evan Hunt	36a13a94c5	new "dnssec-lookaside" option is "no", not "off"	2011-11-07 00:25:53 +00:00
Mark Andrews	ac43690858	3209. [func] Add "dnssec-lookaside 'off'". [RT #24858 ]	2011-11-07 00:14:11 +00:00
Automatic Updater	2e8694f4db	update copyright notice	2011-11-06 23:46:40 +00:00
Mark Andrews	19ae9cbb28	3208. [bug] 'dig -y' handle unknown tsig alorithm better. [RT #25522]	2011-11-06 23:18:07 +00:00
Automatic Updater	77dccf2a5d	regen HEAD	2011-11-05 01:14:51 +00:00
Evan Hunt	ca45c0bc34	3206. [cleanup] Add ISC information to log at start time. [RT #25484 ]	2011-11-05 00:45:31 +00:00
Automatic Updater	af42579df6	update copyright notice	2011-11-04 23:46:15 +00:00
Evan Hunt	59c79d8cc8	shorten an 81-char line in dig -h	2011-11-04 14:19:17 +00:00
Jeremy Reed	2de07361f3	Fix typo within XML tag.	2011-11-04 11:02:50 +00:00
Mark Andrews	3fb5bccf59	3205. [func] Upgrade dig's defaults to better reflect modern nameserver behaviour. Enable "dig +adflag" and "dig +edns=0" by default. Enable "+dnssec" when running "dig +trace". [RT #23497]	2011-11-04 10:41:38 +00:00
Evan Hunt	25845da41a	3203. [bug] Increase log level to 'info' for validation failures from expired or not-yet-valid RRSIGs. [RT #21796]	2011-11-04 05:36:28 +00:00
Automatic Updater	0b85ae70e9	update copyright notice	2011-11-03 23:46:26 +00:00
Evan Hunt	f550b4b104	3201. [func] 'rndc querylog' can now be given an on/off parameter instead of only being used as a toggle. [RT #18351]	2011-11-03 23:05:31 +00:00
Evan Hunt	6150d3cb66	3200. [doc] Some rndc functions were undocumented or were missing from 'rndc -h' output. [RT #25555]	2011-11-03 22:06:21 +00:00
Evan Hunt	fd0cb18761	3199. [func] When logging client information, include the name being queried. [RT #25944]	2011-11-03 21:14:22 +00:00
Evan Hunt	d7be2b79ed	3198. [doc] Clarified that dnssec-settime can alter keyfile permissions. [RT #24866]	2011-11-03 20:21:37 +00:00
Evan Hunt	7f2a245b96	3196. [bug] nsupdate: return nonzero exit code when target zone doesn't exist. [RT #25783]	2011-11-03 04:29:28 +00:00
Automatic Updater	1ab9944f6b	update copyright notice	2011-11-02 23:46:24 +00:00
Mark Andrews	46c7b71b4d	improve error diagnostics	2011-11-02 13:59:07 +00:00
Mark Andrews	e223d4bb26	loop waiting for stub zone to transfer	2011-11-02 08:17:01 +00:00
Evan Hunt	103250dd47	fix usage message	2011-11-02 06:00:35 +00:00
Mark Andrews	fe3472c80b	3191. [bug] Print NULL records using unknown format. [RT #26392 ]	2011-11-02 01:01:52 +00:00
Automatic Updater	89d1324270	update copyright notice	2011-11-01 23:47:00 +00:00
Evan Hunt	e2271ee953	3189. [test] Added a summary report after system tests. [RT #25517 ]	2011-11-01 18:35:53 +00:00
Automatic Updater	f308b3c2e0	update copyright notice	2011-10-30 23:46:15 +00:00
Mark Andrews	36e97eb661	3187. [port] win32: support for Visual Studio 2008. [RT #26356 ]	2011-10-30 23:39:39 +00:00
Evan Hunt	695ccee03b	added cvsignore files	2011-10-30 23:14:31 +00:00
Evan Hunt	81443179e5	missing files from clean.sh	2011-10-30 23:14:23 +00:00
Evan Hunt	74c46f605f	file missing from clean.sh	2011-10-30 23:11:24 +00:00
Evan Hunt	094672b313	some files were missing from clean.sh	2011-10-30 23:05:13 +00:00
Evan Hunt	3718adf753	some files were missing from clean.sh	2011-10-30 22:59:45 +00:00
Evan Hunt	0422d7c531	Need to clear db-* files in clean.sh.	2011-10-30 22:55:12 +00:00
Mark Andrews	cd56981c8a	remove unused parameter from next_origin	2011-10-29 22:26:21 +00:00
Mark Andrews	5b7e96d3a7	add if (list)	2011-10-29 06:22:51 +00:00
Automatic Updater	98a7e53914	update copyright notice	2011-10-28 12:20:31 +00:00
Automatic Updater	d68503046d	update copyright notice	2011-10-28 12:08:04 +00:00
Mark Andrews	7b4b6f361b	3186. [bug] Version/db mis-match in rpz code. [RT #26180 ]	2011-10-28 11:46:50 +00:00
Evan Hunt	9c03f13e18	3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]	2011-10-28 06:20:07 +00:00
Mark Andrews	30574fa9ad	exit 255 for SKIPPED	2011-10-28 03:15:05 +00:00
Scott Mann	376444d40b	add test for recent Net::DNS module.	2011-10-28 02:18:56 +00:00
Automatic Updater	96f5a19c12	update copyright notice	2011-10-27 23:46:31 +00:00
Scott Mann	0148654d85	added RTLD_GLOBAL to dlopen call (RT #26301 ).	2011-10-27 23:01:59 +00:00
Scott Mann	b91b288f92	fix edns0 retry issues (rt #23393/24964).	2011-10-27 20:18:42 +00:00
Automatic Updater	8826a72394	update copyright notice	2011-10-26 23:46:15 +00:00
Mark Andrews	24ef32426d	3181. [func] Inline-signing is now supported for master zones. [RT #26224]	2011-10-26 20:56:45 +00:00
Evan Hunt	9570ddcd41	3180. [func] Local copies of slave zones are now saved in raw format by default, to improve startup performance. 'masterfile-format text;' can be used to override the default, if desired. [RT #25867]	2011-10-26 15:23:37 +00:00
Mark Andrews	aa0777cfb6	spin waiting for zone transfer to complete	2011-10-26 05:32:56 +00:00
Automatic Updater	e839bf134f	regen HEAD	2011-10-26 01:14:53 +00:00
Automatic Updater	329eb05c12	update copyright notice	2011-10-25 23:46:58 +00:00
Evan Hunt	f704fa0ca6	3178. [bug] A race condition introduced by change #3163 could cause an assertion failure on shutdown. [RT #26271]	2011-10-25 16:21:21 +00:00
Mark Andrews	ad94465154	improve failure reports	2011-10-25 03:57:08 +00:00
Mark Andrews	b1c6de5456	3177. [func] 'rndc keydone', remove the indicator record that named has finished signing the zone with the corresponding key. [RT #26206]	2011-10-25 01:54:22 +00:00
Mark Andrews	f49d12edf8	remove redundant assignment and variable	2011-10-21 03:55:33 +00:00
Automatic Updater	12bfbed87c	regen HEAD	2011-10-21 01:14:51 +00:00
Automatic Updater	dfc015bc7e	update copyright notice	2011-10-20 23:46:51 +00:00
Mark Andrews	ada40193c8	3175. [bug] Fix how DNSSEC positive wildcard responses from a NSEC3 signed zone are validated. Stop sending a unnecessary NSEC3 record when generating such responses. [RT #26200]	2011-10-20 21:42:11 +00:00
Mark Andrews	1946c596b4	3174. [bug] Always compute to revoked key tag from scratch. [RT #24711]	2011-10-20 21:20:02 +00:00
Automatic Updater	e87f494810	update copyright notice	2011-10-17 23:46:33 +00:00
Mark Andrews	ca890c0aa8	sleep 1 # allow lwresd to finish starting.	2011-10-17 05:40:11 +00:00
Mark Andrews	2da036f231	The notify system test was using a dynamic zone for reload testing so it was just a plain fluke that it ever succeeded. * use a normal (non-dynamic) zone. * check that reloads of the master zone actually occur. * remove example3 test from tests.sh as it wasn't testing notify. * add a "sleep 1" so that the copied file will have a newer timestamp. * improve system test logging. * using seperate output files for each test so that it is possible to work out what went wrong if the system test fails.	2011-10-17 01:33:28 +00:00
Mark Andrews	020c4484fe	3173. [port] Correctly validate root DS responses. [RT #25726 ]	2011-10-15 05:00:15 +00:00
Automatic Updater	2d45eb7acb	update copyright notice	2011-10-14 23:46:34 +00:00
Mark Andrews	baabfdc0d9	wait for test zones to have loaded	2011-10-14 12:02:12 +00:00
Mark Andrews	0a1009ae64	3171. [bug] Exclusively lock the task when adding a zone using 'rndc addzone'. [RT #25600]	2011-10-14 05:38:50 +00:00
Mark Andrews	298452f671	update for clientinfo support	2011-10-14 00:52:32 +00:00
Automatic Updater	304a539c59	update copyright notice	2011-10-13 22:48:24 +00:00
Mark Andrews	c28bc44028	waiting for servers to be ready for testing	2011-10-13 22:18:05 +00:00
Mark Andrews	88112d5fcb	'test -e' is not portable, use 'test -f'	2011-10-13 13:03:51 +00:00
Mark Andrews	abea1710a7	new	2011-10-13 04:53:07 +00:00
Mark Andrews	24ae404aca	'grep' -> 'grep -w' when checking for keyids	2011-10-13 03:55:01 +00:00
Mark Andrews	89d7808786	'grep' -> 'grep -w' when checking for keyids	2011-10-13 03:46:41 +00:00
Vernon Schryver	9fee08f655	Commit rt25172 changes to HEAD including - fix precedence among competing rules - improve ARM text including documenting rule precedence - try to rewrite CNAME chains until first hit - new "rpz" logging channel - same fix for "NS ." as in RT 24985	2011-10-13 01:32:34 +00:00
Automatic Updater	ea68e8eba9	update copyright notice	2011-10-12 23:46:34 +00:00
Mark Andrews	af850c4120	3168. [bug] Nxdomain redirection could trigger a assert with a ANY query. [RT #26017]	2011-10-12 23:09:35 +00:00
Mark Andrews	dc2e627239	3167. [bug] Negative answers from forwarders were not being correctly tagged making them appear to not be cached. [RT #25380]	2011-10-12 00:18:11 +00:00
Mark Andrews	02286522fb	3166. [bug] Upgrading a zone to support inline-signing failed. [RT #26014 ]	2011-10-12 00:10:20 +00:00
Automatic Updater	0e11ca0f0b	update copyright notice	2011-10-11 23:46:45 +00:00
Evan Hunt	653a78de95	3165. [bug] dnssec-signzone could generate new signatures when resigning, even when valid signatures were already present. [RT #26025]	2011-10-11 19:26:06 +00:00
Mark Andrews	25500a1d9f	add missing break;	2011-10-11 13:36:12 +00:00
Mark Andrews	f730d7bdc2	fix builtin_lookup to match new prototype	2011-10-11 02:39:03 +00:00
Mark Andrews	be7772a59c	#include <isc/print.h>	2011-10-11 00:53:15 +00:00
Evan Hunt	793814f807	3164. [func] Enable DLZ modules to retrieve client information, so that responses can be changed depending on the source address of the query. [RT #25768]	2011-10-11 00:09:03 +00:00
Scott Mann	07dc62785b	Change s/\R//g to chomp().	2011-10-10 23:18:17 +00:00
Evan Hunt	b2086d798b	3163. [bug] Use finer-grained locking in client.c to address concurrency problems with large numbers of threads. [RT #26044]	2011-10-10 22:57:14 +00:00
Scott Mann	db715e6d83	fix directory path for subdirs	2011-10-10 19:06:05 +00:00
Mark Andrews	d60fb3a58c	use index rather than match as it is more portable	2011-10-10 00:34:57 +00:00
Scott Mann	aab0b9cd3b	added ability to set named params through "named.args" file	2011-10-09 22:47:15 +00:00
Mark Andrews	17dfbab847	handle getline errors/eof	2011-10-07 21:32:35 +00:00
Mark Andrews	dc2cbfdafe	handle multi-line NSEC3 record better	2011-10-06 22:11:39 +00:00
Evan Hunt	a6c74da2b0	3159. [bug] On some platforms, named could assert on startup when running in a chrooted environment without /proc. [RT #25863] 3158. [bug] Recursive servers would prefer a particular UDP socket instead of using all available sockets. [RT #26038]	2011-10-04 16:04:22 +00:00
Evan Hunt	1219f8d194	3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing the config file before pausing the server. [RT #21373]	2011-09-23 18:08:01 +00:00
Automatic Updater	65df0ad698	update copyright notice	2011-09-07 23:46:28 +00:00
Mark Andrews	35540d8b32	add missing files from request-ixfr test	2011-09-07 01:30:13 +00:00
Automatic Updater	eea6be913f	regen HEAD	2011-09-07 01:14:44 +00:00
Automatic Updater	cb3168cec7	update copyright notice	2011-09-06 23:46:27 +00:00
Scott Mann	fad5116b3d	Remove the ixfr-from-differences side-effect which causes an AXFR and extend request-ixfr to the zone level.	2011-09-06 22:29:33 +00:00
Automatic Updater	b3d6edf7cf	update copyright notice	2011-09-05 23:46:54 +00:00
Evan Hunt	76a7d4e152	3152. [cleanup] Some versions of gcc and clang failed due to incorrect use of __builtin_expect. [RT #25183]	2011-09-05 18:00:22 +00:00
Evan Hunt	6010c10f1f	add time.h to silence compiler warning	2011-09-05 17:39:37 +00:00
Evan Hunt	ab6c20f978	fix whitespace	2011-09-03 05:51:29 +00:00
Automatic Updater	ca894e53b5	update copyright notice	2011-09-02 23:46:33 +00:00
Evan Hunt	9e4afc9b39	3151. [bug] Queries for type RRSIG or SIG could be handled incorrectly. [RT #21050]	2011-09-02 21:55:16 +00:00
Evan Hunt	8a2ab2b920	3150. [func] Improved startup and reconfiguration time by enabling zones to load in multiple threads. [RT #25333]	2011-09-02 21:15:39 +00:00
Mark Andrews	56a520ef3a	don't use a expired slave zone	2011-09-02 02:25:07 +00:00
Mark Andrews	cd49e1ec2f	handle flushing of entries just before a second ticks over, speed up priming of the cache	2011-09-01 05:28:14 +00:00
Automatic Updater	a6ab2774bc	update copyright notice	2011-08-31 23:46:44 +00:00
Mark Andrews	2c35c68236	3148. [bug] Processing of normal queries could be stalled when forwarding a UPDATE message. [RT #24711]	2011-08-31 06:49:10 +00:00
Automatic Updater	4e68c7c87c	update copyright notice	2011-08-30 23:46:53 +00:00
Mark Andrews	74f4130f41	report the result of dns_adb_createfind	2011-08-30 21:51:34 +00:00
Mark Andrews	837633db56	report the result of dns_adb_createfind	2011-08-30 21:50:34 +00:00
Mark Andrews	29f4de85ed	remove unused variables	2011-08-30 12:45:43 +00:00
Mark Andrews	9198ab377b	3147. [func] Initial inline signing support. [RT #23657 ]	2011-08-30 05:16:15 +00:00
Automatic Updater	d0dce4d839	update copyright notice	2011-08-29 23:46:44 +00:00
Mark Andrews	90306774dc	query could be tested uninitialised, check the result of dns_message_create	2011-08-29 23:21:48 +00:00
Mark Andrews	31ad3f3aa4	split out subtests of 'another leaf node, with both positive and negative cache entries'	2011-08-29 03:31:29 +00:00
Mark Andrews	787b0c87b7	add POST, len is not needed	2011-08-28 23:53:59 +00:00
Mark Andrews	281c57e2c1	add POST	2011-08-28 23:46:51 +00:00
Automatic Updater	b5217f1647	update copyright notice	2011-08-28 23:46:41 +00:00
Mark Andrews	9a770b4476	add missing check_result	2011-08-28 23:35:57 +00:00
Mark Andrews	a15f930626	silence 'never read' warning	2011-08-28 09:22:45 +00:00
Mark Andrews	f6b0ccf76a	report if dns_rdata{class,type}_totext failed	2011-08-28 09:10:41 +00:00
Mark Andrews	9cbad6c4c0	t3 is not used	2011-08-28 08:10:13 +00:00
Automatic Updater	6e3afdcced	update copyright notice	2011-08-25 23:46:42 +00:00
Mark Andrews	db2a90f6ea	simplify flag printing, protect first with #ifdef USEINITALWS	2011-08-25 13:28:00 +00:00
Evan Hunt	5a75f61dd4	3144. [bug] dns_dbiterator_seek() could trigger an assert when used with a nonexistent database node. [RT #25358]	2011-08-23 00:59:23 +00:00
Mark Andrews	3a63259484	3143. [bug] Silence clang compiler warnings. [RT #25174 ]	2011-08-18 04:52:35 +00:00
Mark Andrews	ab8d150e91	3142. [bug] NAPTR is class agnostic. [RT #25429 ]	2011-08-16 03:00:02 +00:00
Automatic Updater	17d33346d7	update copyright notice	2011-08-09 04:12:25 +00:00
Mark Andrews	772dfb90be	3141. [bug] Silence spurious "zone serial (0) unchanged" messages associated with empty zones. [RT #25079]	2011-08-09 02:24:28 +00:00
Automatic Updater	cb3c295308	regen HEAD	2011-08-09 01:14:54 +00:00
Automatic Updater	4fc2b43e69	update copyright notice	2011-08-08 23:46:41 +00:00
Mark Andrews	f81e8340fc	rt25400 s/domainname/filename/	2011-08-08 03:28:15 +00:00
Automatic Updater	44931133ff	update copyright notice	2011-08-03 23:47:48 +00:00
Evan Hunt	64c66c801f	Missed an added file when merging rt19770.	2011-08-03 05:37:59 +00:00
Automatic Updater	adbc177194	update copyright notice	2011-08-02 23:47:52 +00:00
Evan Hunt	0127993480	3140. [func] New command "rndc flushtree <name>" clears the specified name from the server cache along with all names under it. [RT #19970]	2011-08-02 20:36:13 +00:00
Automatic Updater	2f17ad4545	update copyright notice	2011-07-28 23:47:59 +00:00
Mark Andrews	16f3aeab3c	move declaration to start of function	2011-07-28 11:16:04 +00:00
Mark Andrews	31f46f1869	3138. [bug] Address memory leaks and out-of-order operations when shutting named down. [RT #25210]	2011-07-28 04:27:27 +00:00
Evan Hunt	f07b2fccaf	3137. [func] Improve hardware scalability by allowing multiple worker threads to process incoming UDP packets. This can significantly increase query throughput on some systems. [RT #22992]	2011-07-28 04:04:37 +00:00
Mark Andrews	011080d64a	add ${ISC_INCLUDES}	2011-07-28 03:20:45 +00:00
Evan Hunt	cf63d32d55	3136. [func] Add RFC 1918 reverse zones to the list of built-in empty zones switched on by the 'empty-zones-enable' option. [RT #24990]	2011-07-28 03:18:17 +00:00
Mark Andrews	062ddb1981	use UNUSED()	2011-07-27 23:38:21 +00:00
Mark Andrews	8bd2b6923c	silence 'expression result unused' from clang	2011-07-27 07:45:55 +00:00
Mark Andrews	56e85a97bb	use UNUSED(x) not 'x = x'	2011-07-27 07:02:21 +00:00
Mark Andrews	f96ba7c746	remove check for oldid as named may have already deleted it	2011-07-26 04:42:20 +00:00
Mark Andrews	acf34e66a8	id was not being properly set	2011-07-26 04:28:35 +00:00
Automatic Updater	3d73f493d0	update copyright notice	2011-07-19 23:47:48 +00:00
Mark Andrews	96ade2bc52	3134. [bug] Improve the accuracy of dnssec-signzone's signing statistics. [RT #16030]	2011-07-19 04:09:27 +00:00
Evan Hunt	b47c020d5c	3133. [bug] Change #3114 was incomplete. [RT #24577 ]	2011-07-08 01:43:26 +00:00
Automatic Updater	2a36d8ca40	update copyright notice	2011-07-07 23:47:50 +00:00
Automatic Updater	69f5c36b39	update copyright notice	2011-07-06 23:47:43 +00:00
Evan Hunt	c46ce2d79b	3131. [func] Improve scalability by allocating one zone task per 100 zones at startup time, rather than using a fixed-size task table. [RT #24406]	2011-07-06 05:05:52 +00:00
Evan Hunt	42cf2ff7ba	3131. [func] Improve scalability by allocating one zone task per 100 zones at startup time, rather than using a fixed-size task table. [RT #24406]	2011-07-06 01:36:32 +00:00
Mark Andrews	a69070d8fa	3130. [func] Support alternate methods for managing a dynamic zone's serial number. Two methods are currently defined using serial-update-method, "increment" (default) and "unixtime". [RT #23849]	2011-07-01 02:25:48 +00:00
Evan Hunt	cba23be7ba	Add the newly discovered PoD to the nsupdate test. (No CHANGES note.)	2011-06-21 22:15:05 +00:00
Automatic Updater	313b4dc3b2	update copyright notice	2011-06-17 23:47:49 +00:00
Evan Hunt	e7220c9b84	3129. [bug] Named could crash on 'rndc reconfig' when allow-new-zones was set to yes and named ACLs were used, [RT #22739]	2011-06-17 07:05:02 +00:00
Automatic Updater	0f467ed4d4	update copyright notice	2011-06-10 23:47:32 +00:00
Evan Hunt	79ce3a9e82	3128. [func] Inserting an NSEC3PARAM via dynamic update in an auto-dnssec zone that has not been signed yet will cause it to be signed with the specified NSEC3 parameters when keys are activated. The NSEC3PARAM record will not appear in the zone until it is signed, but the parameters will be stored. [RT #23684]	2011-06-10 01:51:09 +00:00
Evan Hunt	5e3affc6a0	3127. [bug] 'rndc thaw' will now remove a zone's journal file if the zone serial number has been changed and ixfr-from-differences is not in use. [RT #24687]	2011-06-10 01:32:38 +00:00
Mark Andrews	475b1ed9cc	3126. [security] Using DNAME record to generate replacements caused RPZ to exit with a assertion failure. [RT #23766]	2011-06-09 03:10:17 +00:00
Mark Andrews	b64e3b8358	3125. [security] Using wildcard CNAME records as a replacement with RPZ caused named to exit with a assertion failure. [RT #24715]	2011-06-09 00:42:51 +00:00
Evan Hunt	2a6d60615c	Fixed an nsupdate test error	2011-06-09 00:15:05 +00:00
Evan Hunt	6de9744cf9	3124. [bug] Use an rdataset attribute flag to indicate negative-cache records rather than using rrtype 0; this will prevent problems when that rrtype is used in actual DNS packets. [RT #24777] 3123. [security] Change #2912 exposed a latent flaw in dns_rdataset_totext() that could cause named to crash with an assertion failure. [RT #24777]	2011-06-08 22:13:51 +00:00
Scott Mann	07797bfb1f	fix RT 24561	2011-06-07 01:45:38 +00:00
Evan Hunt	6b95b91c61	3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664 ]	2011-06-02 20:24:45 +00:00
Mark Andrews	ec564e401a	add debugging output on test failure	2011-05-31 13:52:06 +00:00
Mark Andrews	ae0691566a	date +%s is not portable, use perl -e 'print time();', Adjust messages	2011-05-30 22:32:06 +00:00
Scott Mann	5588b32695	This is a workaround fix for a problem in Solaris 10 (specifically on thing1) for which a root cause has not yet been found. RT #24561.	2011-05-30 15:13:49 +00:00
Mark Andrews	fe8572e116	The old active key could be deleted before the "former standby key has now signed fully" ran causing it to fail. Delay the deletion by 10 seconds.	2011-05-30 07:25:19 +00:00
Automatic Updater	6406d6507a	update copyright notice	2011-05-26 23:47:28 +00:00
Mark Andrews	ea82782532	3120. [bug] Named could fail to validate zones list in a DLV that validated insecure without using DLV and had DS records in the parent zone. [RT #24631]	2011-05-26 04:35:02 +00:00
Evan Hunt	0245f7725c	3118. [bug] When rolling to a new DNSSEC key, a private-type record could be created and never marked complete. [RT #23253]	2011-05-26 04:25:47 +00:00
Automatic Updater	00678e367d	update copyright notice	2011-05-25 23:47:16 +00:00
Mark Andrews	021bc5b3cc	add DRUZ zone with DS records	2011-05-25 01:06:56 +00:00
Evan Hunt	47e70d820e	3118. [bug] nsupdate could dump core on shutdown when using SIG(0) keys. [RT #24604]	2011-05-23 22:25:32 +00:00
Evan Hunt	bfe32d08c5	3116. [func] New 'dnssec-update-mode' option controls updates of DNSSEC records in signed dynamic zones. Set to 'no-resign' to disable automatic RRSIG regeneration while retaining the ability to sign new or changed data. [RT #24533]	2011-05-23 20:10:03 +00:00
Evan Hunt	fc6364bf24	expiring.example.db.in was left out when committing rt23136 to HEAD	2011-05-21 15:07:10 +00:00
Mark Andrews	c0984ac8bd	3115. [bug] Named could fail to return requested data when following a CNAME that points into the same zone. [RT #2445]	2011-05-20 05:09:30 +00:00
Scott Mann	a50ce0f80b	Fix for RT #23136 task 1.	2011-05-19 00:31:57 +00:00
Automatic Updater	d9c707589a	regen HEAD	2011-05-09 01:14:47 +00:00
Mark Andrews	789875a1bd	named.conf copyrights	2011-05-08 07:12:48 +00:00
Automatic Updater	25db028666	update copyright notice	2011-05-07 23:47:28 +00:00
Evan Hunt	de7df3e56f	3111. [bug] Improved consistency checks for dnssec-enable and dnssec-validation, added test cases to the checkconf system test. [RT #24398]	2011-05-07 05:55:17 +00:00
Evan Hunt	be84733145	3110. [bug] dnssec-signzone: Wrong error message could appear when attempting to sign with no KSK. [RT #24369]	2011-05-07 00:31:13 +00:00
Automatic Updater	40717638fa	update copyright notice	2011-05-06 23:47:29 +00:00
Evan Hunt	ac21f918f2	3109. [func] The also-notify option now uses the same syntax as a zone's masters clause. This means it is now possible to specify a TSIG key to use when sending notifies to a given server, or to include an explicit named masters list in an also-notfiy statement. [RT #23508]	2011-05-06 21:23:51 +00:00
Evan Hunt	485522d7e1	3108. [cleanup] dnssec-signzone: Clarified some error and warning messages; removed #ifdef ALLOW_KSKLESS_ZONES code (use -P instead). [RT #20852] 3107. [bug] dnssec-signzone: Report the correct number of ZSKs when using -x. [RT #20852]	2011-05-06 21:08:33 +00:00
Automatic Updater	a30e1b26b4	update copyright notice	2011-05-05 23:47:17 +00:00
Mark Andrews	fe646be4b7	set/reset client->signer. change 3106 used it before it was set	2011-05-05 23:44:52 +00:00
Scott Mann	b2b3209149	added g	2011-05-05 23:15:56 +00:00
Scott Mann	101e493844	remove trailing whitespace from pid (RT 24388)	2011-05-05 23:10:24 +00:00
Scott Mann	58d7c91b65	remove trailing newline from pid (RT #24388 )	2011-05-05 22:56:55 +00:00
Evan Hunt	9eea4c5cbd	3106. [func] When logging client requests, include the name of the TSIG key if any. [RT #23619]	2011-05-05 20:04:24 +00:00
Evan Hunt	d454a60f56	3103. [bug] Configuring 'dnssec-validation auto' in a view instead of in the options statement could trigger an assertion failure in named-checkconf. [RT #24382]	2011-05-05 16:13:35 +00:00
Mark Andrews	83bf223210	explictly kill the process if the server fails to start, check for a non zero length pid file	2011-05-05 04:47:45 +00:00
Mark Andrews	46d3c6cf40	grep was not precise enough leading to test failure	2011-05-03 16:07:44 +00:00
Mark Andrews	f1d4986b83	treat asb(x) < 500ms as 0	2011-05-02 23:56:59 +00:00
Mark Andrews	65043f48f2	force numeric comparision	2011-05-02 05:05:05 +00:00
Mark Andrews	07907fa31a	handle end of day	2011-05-02 01:35:04 +00:00
Mark Andrews	bbf46f1aa2	fix expression	2011-05-01 21:36:33 +00:00
Mark Andrews	f83682f368	awk -v is not portable, add floating point arithmetic effects	2011-05-01 11:29:20 +00:00
Automatic Updater	54968ae88e	update copyright notice	2011-04-29 23:47:18 +00:00
Evan Hunt	39f2d1a96a	3102. [func] New 'dnssec-loadkeys-interval' option configures how often, in minutes, to check the key repository for updates when using automatic key maintenance. Default is every 60 minutes (formerly hard-coded to 12 hours). [RT #23744] 3101. [bug] Zones using automatic key maintenance could fail to check the key repository for updates. [RT #23744]	2011-04-29 21:37:15 +00:00
Automatic Updater	46ce2f7b60	update copyright notice	2011-04-27 23:47:26 +00:00
Evan Hunt	76db58eb81	3100. [security] Certain response policy zone configurations could trigger an INSIST when receiving a query of type RRSIG. [RT #24280]	2011-04-27 17:46:47 +00:00
Automatic Updater	7021f2faa0	update copyright notice	2011-04-19 23:47:52 +00:00
Evan Hunt	7a2173839c	3099. [test] "dlz" system test now runs but gives R:SKIPPED if not compiled with --with-dlz-filesystem. [RT #24146] 3098. [bug] DLZ zones were answering without setting the AA bit. [RT #24146]	2011-04-19 22:30:52 +00:00
Evan Hunt	c92122485d	3097. [test] Add a tool to test handling of malformed packets. [RT #24096]	2011-04-15 01:02:08 +00:00
Scott Mann	c7e1812d02	a few more "--with-gssapi" as default fixes to correct problems on test systems	2011-04-05 19:16:54 +00:00
Scott Mann	80593d9802	one character typo.	2011-04-05 16:10:39 +00:00
Evan Hunt	4e5fc672bc	Corrected a bug in the dnssec test introduced in change #3046 .	2011-03-31 15:58:51 +00:00
Automatic Updater	e2d4cd0ae4	update copyright notice	2011-03-30 23:47:12 +00:00
Scott Mann	761fa7d770	Fixes for various OS/environs for RT #23836 (--with-gssapi as default).	2011-03-30 15:48:41 +00:00
Mark Andrews	779c84fb32	style	2011-03-28 05:14:51 +00:00
Mark Andrews	4768c1d9a4	while (1) -> for (;;)	2011-03-28 05:11:43 +00:00
Automatic Updater	795a316ec5	regen HEAD	2011-03-28 01:14:35 +00:00
Mark Andrews	2ae23f7fc6	</para> -> <para>	2011-03-27 06:39:59 +00:00
Evan Hunt	eb08f01b96	Forgot to add a data file for the autosign test.	2011-03-26 01:19:03 +00:00
Evan Hunt	319b8a1488	3092. [bug] Signatures for records at the zone apex could go stale due to an incorrect timer setting. [RT #23769] 3091. [bug] Fixed a bug in which zone keys that were published and then subsequently activated could fail to trigger automatic signing. [RT #22991]	2011-03-25 23:53:02 +00:00
Mark Andrews	fdc2d31c00	</para>-><para>	2011-03-25 03:08:44 +00:00
Automatic Updater	06140f733a	update copyright notice	2011-03-24 23:47:48 +00:00
Mark Andrews	0a82492610	3089. [func] dnssec-dsfromkey now supports reading keys from standard input "dnssec-dsfromkey -f -". [RT# 20662]	2011-03-24 02:10:23 +00:00
Automatic Updater	4f06155c8f	update copyright notice	2011-03-22 23:47:30 +00:00
Scott Mann	1760d5e5f2	For some reason, this didn't get removed before (RT #23687 )	2011-03-22 17:20:03 +00:00
Scott Mann	95759de490	Remove bin/tests/system/logfileconfig/ns1/named.conf and add setup.sh in order to resolve changing named.conf issue. [RT #23687]	2011-03-22 16:51:50 +00:00
Evan Hunt	c2255e8614	Fixed a bug that was exposed by change #3085 .	2011-03-22 03:19:38 +00:00
Automatic Updater	7717ec7a6a	regen HEAD	2011-03-22 01:14:27 +00:00
Mark Andrews	e706901292	add test numbers	2011-03-22 00:41:53 +00:00
Automatic Updater	6333ba02a5	update copyright notice	2011-03-21 23:47:21 +00:00
Mark Andrews	c2265bd341	adjust rt23702 test to take less time	2011-03-21 20:31:22 +00:00
Evan Hunt	0994d3a21b	3087. [bug] DDNS updates using SIG(0) with update-policy match type "external" could cause a crash. [RT #23735]	2011-03-21 19:54:03 +00:00
Evan Hunt	1063914c30	Fixed some problems from change #3084 that turned up after committing it; "freeze" and "thaw" weren't working quite right when used without a specific zone name.	2011-03-21 18:38:40 +00:00
Evan Hunt	cf0d508b1e	Forgot to add rndc test dir when committing "rndc sync" change to HEAD	2011-03-21 18:06:07 +00:00
Evan Hunt	36b2d5f93c	use "rndc sync" instead of freeze/thaw cycle to dump zones, now that it's available.	2011-03-21 16:53:44 +00:00
Evan Hunt	dff7e38491	initialize delset	2011-03-21 16:17:57 +00:00
Evan Hunt	10a759cee6	3086. [bug] Running dnssec-settime -f on an old-style key will now force an update to the new key format even if no other change has been specified, using "-P now -A now" as default values. [RT #22474]	2011-03-21 15:56:35 +00:00
Evan Hunt	d965c91f95	clarify "rndc sync" logging, add it to "rndc -h" output, per francis review comments in rt22473.	2011-03-21 15:39:05 +00:00
Evan Hunt	35f1a4fc93	3085. [func] New '-R' option in dnssec-signzone forces removal of signatures which have not yet expired but were generated by a key that no longer exists. [RT #22471]	2011-03-21 07:26:47 +00:00
Evan Hunt	7cb226ec34	3084. [func] A new command "rndc sync" dumps pending changes in a dynamic zone to disk; "rndc sync -clean" also removes the journal file after syncing. Also, "rndc freeze" no longer removes journal files. [RT #22473]	2011-03-21 07:22:14 +00:00
Mark Andrews	5f49da42fe	wait longer for the nsec3chain generation to complete	2011-03-21 03:30:48 +00:00
Mark Andrews	5095e72ac3	3083. [bug] NOTIFY messages were not being sent when generating a NSEC3 chain incrementally. [RT #23702]	2011-03-21 01:02:39 +00:00
Mark Andrews	653cad790b	3082. [port] strtok_r is threads only. [RT #23747 ]	2011-03-21 00:30:18 +00:00
Mark Andrews	7dc5273a3e	skip not untested	2011-03-20 09:03:47 +00:00
Automatic Updater	7885190562	update copyright notice	2011-03-18 23:47:36 +00:00
Francis Dupont	f3bb08a519	add 23591 no-regression	2011-03-18 21:14:20 +00:00
Francis Dupont	a8e6a8cd6c	fix too long with dname error	2011-03-18 21:12:19 +00:00
Mark Andrews	cbf59e5887	3079. [bug] Handle isc_event_allocate failures in t_tasks. [RT #23572]	2011-03-18 07:40:25 +00:00
Evan Hunt	1853c5eaf7	ignore SIGPIPE in ans.pl; this is needed for debian.	2011-03-18 04:41:15 +00:00
Mark Andrews	f79a36eeed	silence: 'ttl' might be used uninitialized	2011-03-18 02:16:43 +00:00
Evan Hunt	ea5334a36e	fixed a missing / in /dev/null	2011-03-18 02:08:45 +00:00
Automatic Updater	a3f8c8e207	regen HEAD	2011-03-18 01:14:34 +00:00
Automatic Updater	207cee019e	update copyright notice	2011-03-17 23:47:30 +00:00
Francis Dupont	50f64cf0e5	silent compiler warnings for DLZ exernal driver support and example	2011-03-17 09:25:54 +00:00
Evan Hunt	61bcc23203	3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and dnssec-keyfromlabel sets the default TTL of the key. When possible, automatic signing will use that TTL when the key is published. [RT #23304]	2011-03-17 01:40:40 +00:00
Francis Dupont	92f2688155	silent clang analyzer	2011-03-14 14:13:10 +00:00
Automatic Updater	71d0d898fb	update copyright notice	2011-03-13 23:47:36 +00:00
Mark Andrews	26b49e8459	3074. [bug] Make the adb cache read through for zone data and glue learn for zone named is authoritative for. [RT #22842]	2011-03-13 02:49:28 +00:00
Automatic Updater	8ac903147f	update copyright notice	2011-03-12 23:47:42 +00:00
Mark Andrews	69e617cf88	test for Net::DNS	2011-03-12 21:24:52 +00:00
Automatic Updater	c1aef54e14	update copyright notice	2011-03-12 04:59:49 +00:00
Mark Andrews	4f587beb8e	3071. [bug] has_nsec could be used unintialised in update.c:next_active. [RT #20256]	2011-03-11 12:51:40 +00:00
Mark Andrews	6494526350	3070. [bug] dnssec-signzone potential NULL pointer dereference. [RT #20256]	2011-03-11 12:37:01 +00:00
Evan Hunt	4fbaf0202b	link driver.so from the .o file instead of the .lo file when building with libtool.	2011-03-11 07:11:07 +00:00
Mark Andrews	0874abad14	3069. [cleanup] Silence warnings messages from clang static analysis. [RT #20256]	2011-03-11 06:11:27 +00:00
Mark Andrews	2d96b63d31	3067. [bug] ixfr-from-differences {master\|slave}; failed to select the master/slave zones. [RT #23580]	2011-03-11 00:43:54 +00:00
Automatic Updater	cf786a52ce	update copyright notice	2011-03-10 23:47:50 +00:00
Francis Dupont	cf39976b89	while(1) -> for(;;) (cf 23588)	2011-03-10 13:37:21 +00:00
Evan Hunt	422009fe5b	3066. [func] The DLZ "dlopen" driver is now built by default, no longer requiring a configure option. To disable it, use "configure --without-dlopen". Driver also supported on win32. [RT #23467]	2011-03-10 04:36:16 +00:00
Francis Dupont	228bddfc12	update do_authors_lookup()	2011-03-07 15:29:32 +00:00
Mark Andrews	198be130e2	remove exit	2011-03-07 14:03:49 +00:00
Automatic Updater	be6c1c5061	regen HEAD	2011-03-06 01:14:21 +00:00
Automatic Updater	0e27506ce3	update copyright notice	2011-03-05 23:52:31 +00:00
Evan Hunt	9a859983d7	3062. [func] Made several changes to enhance human readability of DNSSEC data in dig output and in generated zone files: - DNSKEY record comments are more verbose, no longer used in multiline mode only - multiline RRSIG records reformatted - multiline output mode for NSEC3PARAM records - "dig +norrcomments" suppresses DNSKEY comments - "dig +split=X" breaks hex/base64 records into fields of width X; "dig +nosplit" disables this. [RT #22820]	2011-03-05 19:39:07 +00:00
Mark Andrews	eff7f78bc6	3061. [func] New option "dnssec-signzone -D", only write out generated DNSSEC records. [RT #22896]	2011-03-05 06:35:41 +00:00
Mark Andrews	7d09a0190b	add #include <isc/file.h>	2011-03-05 03:03:57 +00:00
Automatic Updater	60a900e83b	regen HEAD	2011-03-05 01:14:22 +00:00
Automatic Updater	26a7306397	update copyright notice	2011-03-04 23:47:47 +00:00
Evan Hunt	61271cdee6	3060. [func] New option "dnssec-signzone -X <date>" allows specification of a separate expiration date for DNSKEY RRSIGs and other RRSIGs. [RT #22141]	2011-03-04 22:20:21 +00:00
Evan Hunt	c2f051aaaa	3059. [test] Added a regression test for change #3023 .	2011-03-04 22:01:01 +00:00
Scott Mann	be59d1eb72	Adding missing files for RT22771.	2011-03-04 14:43:58 +00:00
Scott Mann	32babe43eb	Ensure that log files are plain files. (RT #22771 )	2011-03-04 14:07:03 +00:00
Automatic Updater	7d9d170dbb	update copyright notice	2011-03-03 23:47:32 +00:00
Evan Hunt	f385bac3b9	3057. [bug] "rndc secroots" would abort after the first error and so could miss some views. [RT #23488]	2011-03-03 16:16:47 +00:00
Francis Dupont	9fe8cca065	add URI support	2011-03-03 14:10:27 +00:00
Evan Hunt	70c7f4fb4f	3053. [bug] Under a sustained high query load with a finite max-cache-size, it was possible for cache memory to be exhausted and not recovered. [RT #23371]	2011-03-03 04:42:25 +00:00
Francis Dupont	624664e504	Fixed last autosign test report [RT #23256 ]	2011-03-02 09:03:45 +00:00
Mark Andrews	be789bc7eb	3045. [removed] Replaced by change #3050 .	2011-03-02 04:52:25 +00:00
Mark Andrews	d819823fee	3051. [bug] NS records obsure DS records at the bottom of the zone if both are present. [RT #23035]	2011-03-02 04:49:05 +00:00
Mark Andrews	c1ced49662	3051. [bug] NS records obsure DS records at the bottom of the zone if both are present. [RT #23035]	2011-03-02 04:20:34 +00:00
Mark Andrews	ba88bcf08b	3050. [bug] The autosign system test was timing dependent. Wait for the initial autosigning to complete before running the rest of the test. [RT #23035]	2011-03-02 04:08:58 +00:00
Mark Andrews	88c63fe9c7	3039. [bug] Save and restore the gid when creating creating named.pid at startup. [RT #23290]	2011-03-02 00:02:54 +00:00
Automatic Updater	c8175ece69	update copyright notice	2011-03-01 23:48:07 +00:00
Mark Andrews	4c05f9a6a3	3048. [bug] Fully seperate view key mangement. [RT #23419 ]	2011-03-01 22:44:04 +00:00
Scott Mann	d31740ce28	Fixed DNSKEY NODATA responses not cached (RT #22908 ).	2011-03-01 14:40:39 +00:00
Automatic Updater	bc171df6ca	update copyright notice	2011-02-28 23:47:39 +00:00
Automatic Updater	ddc163d532	regen	2011-02-28 23:31:05 +00:00
Francis Dupont	664917beda	Use RRSIG original TTL in validated RRset TTL [RT #23332 ]	2011-02-28 14:21:35 +00:00
Francis Dupont	17bc56e321	ove the testsock.pl sleep to autosign test suite [RT #23400 ]	2011-02-28 14:08:36 +00:00
Automatic Updater	1c743aa176	regen	2011-02-27 23:30:42 +00:00
Evan Hunt	7cc5632595	3042. [bug] dig +trace could fail attempting to use IPv6 addresses on systems with only IPv4 connectivity. [RT #23797]	2011-02-25 23:11:13 +00:00
Mark Andrews	2f09e7c3fc	3041. [bug] dnssec-signzone failed to generate new signatures on ttl changes. [RT #23330]	2011-02-24 03:04:43 +00:00
Automatic Updater	8a8d38eb8e	regen HEAD	2011-02-24 01:14:22 +00:00
Automatic Updater	45caada8cb	update copyright notice	2011-02-23 23:47:20 +00:00
Mark Andrews	4f07b2b00c	3040. [bug] Named failed to validate insecure zones where a node with a CNAME existed between the trust anchor and the top of the zone. [RT #23338]	2011-02-23 11:30:35 +00:00
Mark Andrews	0e507dbb81	2039. [func] Redirect on NXDOMAIN support. [RT #23146 ]	2011-02-23 03:08:11 +00:00
Scott Mann	3b46648b02	Revert the previous commit...made on wrong branch.	2011-02-22 22:57:23 +00:00
Scott Mann	44b49a34b1	Added some comments.	2011-02-22 22:50:45 +00:00
Mark Andrews	b795de862b	2036. [bug] Check built-in zone arguments to see if the zone is re-usable or not. [RT #21914]	2011-02-22 04:14:30 +00:00
Automatic Updater	b01d422daf	update copyright notice	2011-02-21 23:47:45 +00:00
Mark Andrews	c12904ec53	3035. [cleanup] Simplify by using strlcpy. [RT #22521 ]	2011-02-21 07:34:57 +00:00
Mark Andrews	0a92db42c6	3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521 ]	2011-02-21 07:22:21 +00:00
Mark Andrews	a360461b34	check for snprintf failure	2011-02-21 07:14:43 +00:00
Scott Mann	57b403c1e9	Fix prz SERVFAILs after failed zone transfers (RT23246).	2011-02-18 15:18:30 +00:00
Evan Hunt	29bd52e4ee	3021. [bug] Change #3010 was incomplete. [RT #22296 ]	2011-02-16 19:48:12 +00:00
Automatic Updater	c41b2924a5	update copyright notice	2011-02-15 23:47:36 +00:00
Mark Andrews	b1b42b03b7	3020. [bug] auto-dnssec failed to correctly update the zone when changing the DNSKEY RRset. [RT #23232 ]	2011-02-15 22:02:36 +00:00
Francis Dupont	931814de4a	typo in comment	2011-02-15 18:23:34 +00:00
Mark Andrews	c5fa370695	3019. [func] Test: check apex NSEC3 records after adding DNSKEY record via UPDATE. [RT #23229]	2011-02-14 23:53:44 +00:00
Automatic Updater	56748bc3d1	update copyright notice	2011-02-08 23:10:07 +00:00
Mark Andrews	37b017f2ca	Regression test for: 3018. [bug] Named failed to check for the "none;" acl when deciding if a zone may need to be re-signed. [RT #23120]	2011-02-08 03:47:02 +00:00
Automatic Updater	79cf9524b1	regen HEAD	2011-02-04 01:14:16 +00:00
Automatic Updater	784a904bd0	update copyright notice	2011-02-03 12:18:12 +00:00
Mark Andrews	5cfe4bcb0a	3017. [doc] dnssec-keyfromlabel -I was not properly documented. [RT #22887]	2011-02-03 12:01:44 +00:00
Mark Andrews	5b79d15401	3016. [bug] rndc usage missing '-b'. [RT #22937 ]	2011-02-03 11:46:17 +00:00
Mark Andrews	c1ee8bb4ba	3013. [bug] The DNS64 ttl was not always being set as expected. [RT #23034]	2011-02-03 07:35:56 +00:00
Mark Andrews	16cc4a1f56	3012. [bug] Remove DNSKEY TTL change pairs before generating signing records for any remaing DNSKEY changes. [RT #22590]	2011-02-03 06:03:15 +00:00
Mark Andrews	000a8970f8	3011. [func] Change the default query timeout from 30 seconds to 10. Allow setting this in named.conf using the new 'resolver-query-timeout' option, which specifies a max time in seconds. 0 means 'default' and anything longer than 30 will be silently set to 30. [RT #22852]	2011-02-03 05:41:55 +00:00
Evan Hunt	903b3c84e2	3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer for refreshing managed-keys. [RT #22296]	2011-02-03 00:21:55 +00:00
Evan Hunt	439a6b2fbf	created cvsignore	2011-02-01 20:12:16 +00:00
Automatic Updater	a09fff7051	update copyright notice	2011-01-14 00:51:43 +00:00
Mark Andrews	638614fe02	silence: warning: format not a string literal and no format arguments	2011-01-14 00:44:53 +00:00
Mark Andrews	cc5e0baaef	arguements out of order	2011-01-13 23:16:06 +00:00
Evan Hunt	5645e0c82a	Automatically-added copyright text was breaking the RPZ test.	2011-01-13 19:30:41 +00:00
Automatic Updater	2352050890	update copyright notice	2011-01-13 08:50:29 +00:00
Mark Andrews	16ae8f12c2	add -V to foreground flags	2011-01-13 08:46:34 +00:00
Mark Andrews	6767b5b544	openssl include path	2011-01-13 08:15:30 +00:00
Mark Andrews	0a24e3a8ae	openssl include path	2011-01-13 07:51:06 +00:00
Mark Andrews	fd7b3477c3	openssl include path	2011-01-13 07:25:35 +00:00
Automatic Updater	9cee5bb028	update copyright notice	2011-01-13 04:59:26 +00:00
Mark Andrews	9d53927aa8	zone = NULL	2011-01-13 03:57:50 +00:00
Mark Andrews	87708bde16	3008. [func] Response policy zones (RPZ) support. [RT #21726 ]	2011-01-13 01:59:28 +00:00
Automatic Updater	135bcc2e42	update copyright notice	2011-01-11 23:47:14 +00:00
Michael Graff	59b600ae73	commit Makefile.in, not Makefile	2011-01-11 21:40:35 +00:00
Michael Graff	beb52a4b18	add tests for isc_atomic_xadd() and isc_atomic_xaddq() since there is some suspicion that they may not be working properly on all platforms. This is committed direclty to the mainline as it's only a test. I did not regenerate configure from configure.in, but just added the one Makefile line. Evan will take a quick look at this after it's committed.	2011-01-11 21:36:22 +00:00
Mark Andrews	b053854c20	call dns_tsigkeyring_detach(&ring)	2011-01-10 13:09:49 +00:00
Mark Andrews	433e06a25c	3006. [func] Allow dynamically generated TSIG keys to be preserved across restarts of named. Initially this is for TSIG keys generated using GSSAPI. [RT #22639]	2011-01-10 05:32:04 +00:00
Mark Andrews	fc5e97963d	Check that ::1 is configured	2011-01-10 05:08:49 +00:00
Automatic Updater	0e0be796a7	update copyright notice	2011-01-08 23:47:01 +00:00
Evan Hunt	b156001ec1	Oops, omitted some commits from change #3005 .	2011-01-08 01:26:01 +00:00
Automatic Updater	65ad89971e	regen HEAD	2011-01-08 01:15:44 +00:00
Evan Hunt	8a743600dd	3005. [port] Solaris: Work around the lack of gsskrb5_register_acceptor_identity() by setting the KRB5_KTNAME environment variable to the contents of tkey-gssapi-keytab. Also fixed test errors on MacOSX. [RT #22853]	2011-01-08 00:33:12 +00:00
Automatic Updater	93235c1cba	update copyright notice	2011-01-07 23:47:07 +00:00
Evan Hunt	a727690e8b	HPUX: silence compiler warnings about signed/unsigned comparisons	2011-01-07 21:42:03 +00:00
Evan Hunt	f686c5d700	Added missing .cvsignore entries	2011-01-07 07:10:34 +00:00
Evan Hunt	c23a9eed3e	- Missed out authsock.pl when committing 3003. - Remove auth.sock in clean.sh.	2011-01-07 07:01:58 +00:00
Mark Andrews	dc4fa197dd	3004. [func] DNS64 reverse support. [RT #22769 ]	2011-01-07 04:31:39 +00:00
Evan Hunt	5a87f3439e	Initialize a pointer to NULL in order to to silence a compiler warning. Committing without review because the change is trivial.	2011-01-07 00:50:06 +00:00
Automatic Updater	db69d5d53c	update copyright notice	2011-01-06 23:47:00 +00:00
Evan Hunt	3916872f37	3003. [experimental] Added update-policy match type "external", enabliing named to defer the decision of whether to allow a dynamic update to an external daemon. (Contributed by Andrew Tridgell.) [RT #22758]	2011-01-06 23:24:39 +00:00
Automatic Updater	9412850a75	regen	2011-01-05 23:30:46 +00:00
Automatic Updater	1da9dbcf48	update copyright notice	2011-01-04 23:47:14 +00:00
Automatic Updater	a184761e52	regen	2011-01-04 23:30:37 +00:00
Evan Hunt	79bf7c874b	3001. [func] Added a default trust anchor for the root zone, which can be switched on by setting "dnssec-validation auto;" in the named.conf options. [RT #21727]	2011-01-03 23:45:08 +00:00
Mark Andrews	ac78c47210	! test -n -> test -z	2010-12-27 13:38:43 +00:00
Mark Andrews	c2f37a77cc	#include ISC_PLATFORM_KRB5HEADER [RT #22798 ]	2010-12-26 23:24:18 +00:00
Automatic Updater	6764a1403a	update copyright notice	2010-12-24 23:47:05 +00:00
Mark Andrews	cd86950664	exit 255	2010-12-24 07:27:15 +00:00
Evan Hunt	d9ad0a55bb	3000. [bug] More TKEY/GSS fixes: - nsupdate can now get the default realm from the user's Kerberos principal - corrected gsstest compilation flags - improved documentation - fixed some NULL dereferences [RT #22795]	2010-12-24 02:20:47 +00:00
Automatic Updater	0e9e255d16	regen HEAD	2010-12-24 01:14:21 +00:00
Automatic Updater	a094c46640	update copyright notice	2010-12-23 23:47:08 +00:00
Mark Andrews	37dee1ff94	2999. [func] Add GOST support (RFC 5933). [RT #20639 ]	2010-12-23 04:08:00 +00:00
Mark Andrews	10e018f66d	s/ISC_OPENSSL_INC/DST_OPENSSL_INC	2010-12-22 09:00:40 +00:00
Mark Andrews	643935ac11	2997. [func] named -V now reports the OpenSSL and libxml2 verions it was compiled against. [RT #22687]	2010-12-22 03:59:02 +00:00
Automatic Updater	ca103999e6	update copyright notice	2010-12-20 23:47:21 +00:00
Evan Hunt	950aa1d752	When a prereq.sh file determines that a test can't run because the feature to be tested was not configured in at build time, it can now return 255, and run.sh will print "R:SKIPPED" instead of "R:UNTESTED". Robie will be able to flag this as green rather than yellow.	2010-12-20 21:35:45 +00:00
Evan Hunt	8fda09fc85	Changed $(command) to `command` in tests.sh for compatibility with older bourne shells.	2010-12-20 18:37:07 +00:00
Mark Andrews	e11d10bbcc	example.nil.zone -> example.nil.db	2010-12-19 23:39:28 +00:00
Evan Hunt	584ad7dedd	2990. [bug] 'dnssec-settime -S' no longer tests prepublication interval validity when the interval is set to 0. [RT #22761]	2010-12-19 07:29:36 +00:00
Automatic Updater	517ae3de96	regen HEAD	2010-12-19 01:14:08 +00:00
Automatic Updater	941c0792f2	update copyright notice	2010-12-18 23:47:11 +00:00
Evan Hunt	6c3eff861d	tsiggss test needed a prereq.sh file. (Committing without review because the script is simple, no one is available, and I want to shut robie up.)	2010-12-18 16:48:41 +00:00
Mark Andrews	0faa11ab77	clean first	2010-12-18 11:45:01 +00:00
Evan Hunt	af903e5008	Added files to clean.sh scripts that have been left around after tests run. Skipping the ticket/review steps because the change is trivial.	2010-12-18 02:12:44 +00:00
Evan Hunt	71bd858d8e	2989. [func] Added support for writable DLZ zones. (Contributed by Andrew Tridgell of the Samba project.) [RT #22629] 2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation of external DLZ drivers that can be loaded as shared objects at runtime rather than linked with named. Currently this is switched on via a compile-time option, "configure --with-dlz-dlopen". Note: the syntax for configuring DLZ zones is likely to be refined in future releases. (Contributed by Andrew Tridgell of the Samba project.) [RT #22629] 2987. [func] Improve ease of configuring TKEY/GSS updates by adding a "tkey-gssapi-keytab" option. If set, updates will be allowed with any key matching a principal in the specified keytab file. "tkey-gssapi-credential" is no longer required and is expected to be deprecated. (Contributed by Andrew Tridgell of the Samba project.) [RT #22629]	2010-12-18 01:56:23 +00:00
Mark Andrews	273757406a	.zone -> .db	2010-12-17 00:57:39 +00:00
Automatic Updater	0ccd663a83	update copyright notice	2010-12-16 23:47:08 +00:00
Tatuya JINMEI 神明達哉	743bbdc18f	2947. [func] Add new zone type "static-stub". It's like a stub zone, but the nameserver names and/or their IP addresses are statically configured. [RT #21474] (for 9.8.0)	2010-12-16 09:51:30 +00:00
Evan Hunt	bbedadf76a	2985. [bug] Add a regression test for change #2896 . [RT #21324 ]	2010-12-15 18:44:37 +00:00
johnd	7659fdb3aa	Include "loadkeys" in rndc help output. [RT #22493 ]	2010-12-10 19:20:47 +00:00
Mark Andrews	cf5770e7b1	remove semi-colon	2010-12-09 06:17:33 +00:00
Automatic Updater	fd6a9d688c	update copyright notice	2010-12-09 04:31:57 +00:00
Mark Andrews	9f9b7f0e8d	2982. [bug] Reference count dst keys. dst_key_attach() can be used increment the reference count. Note: dns_tsigkey_createfromkey() callers should now always call dst_key_free() rather than setting it to NULL on success. [RT #22672]	2010-12-09 00:54:34 +00:00
Automatic Updater	b8a9a7bef2	update copyright notice	2010-12-08 23:51:56 +00:00
Mark Andrews	b9f2d007c5	2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991 ]	2010-12-08 05:01:00 +00:00
Mark Andrews	e334405421	2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991 ]	2010-12-08 02:46:17 +00:00
Automatic Updater	a4b8846651	update copyright notice	2010-12-07 23:47:02 +00:00
Mark Andrews	8aee18709f	2980. [bug] named didn't properly handle UPDATES that changed the TTL of the NSEC3PARAM RRset. [RT #22363]	2010-12-07 02:53:34 +00:00
Evan Hunt	e78c2b856b	2979. [bug] named could deadlock during shutdown if two "rndc stop" commands were issued at the same time. [RT #22108]	2010-12-03 22:05:19 +00:00
Mark Andrews	82f0630bae	2977. [bug] 'nsupdate -l' report if the session key is missing. [RT #21670]	2010-12-03 00:37:33 +00:00
Automatic Updater	326a702a35	update copyright notice	2010-12-02 23:46:56 +00:00
Mark Andrews	c87f15dac8	2976. [bug] named die on exit after negotiating a GSS-TSIG key. [RT #3415 ]	2010-12-02 23:22:42 +00:00
Automatic Updater	e085624e0f	update copyright notice	2010-11-30 23:46:55 +00:00
Evan Hunt	b5b934a0bb	2974. [bug] Some vaild UPDATE requests could fail due to a consistency check examining the existing version of the zone rather than the new version resulting from the UPDATE. [RT #22413]	2010-11-30 02:27:08 +00:00
Mark Andrews	5af195d1db	2973. [bug] bind.keys.h was being removed by the "make clean" at the end of configure resulting in build failures where there is very old version of perl installed. Move it to "make maintainer-clean". [RT #22230]	2010-11-18 23:20:15 +00:00
Automatic Updater	33cc94f04c	update copyright notice	2010-11-17 23:47:09 +00:00
Mark Andrews	d48730a446	2970. [security] Adding a NO DATA negative cache entry failed to clear any matching RRSIG records. A subsequent lookup of of NO DATA cache entry could trigger a INSIST when the unexpected RRSIG was also returned with the NO DATA cache entry. [RT #22288]	2010-11-16 06:46:44 +00:00
Mark Andrews	cd9d825a71	remove accidental commit	2010-11-16 05:38:31 +00:00
Shawn Routhier	380c874925	Fix acl type processing so that allow-query works in options and view statements. Also add a new set of tests to verify proper functioning. [RT #22418]	2010-11-16 01:37:39 +00:00
Mark Andrews	a27b3757fd	2968. [security] Named could fail to prove a data set was insecure before marking it as insecure. One set of conditions that can trigger this occurs naturally when rolling DNSKEY algorithms. [RT #22309]	2010-11-16 01:14:51 +00:00
Mark Andrews	f85281de08	check for snprintf failure	2010-11-16 00:47:48 +00:00
Mark Andrews	73b1b8a6f1	safecpy -> strlcpy	2010-11-16 00:46:39 +00:00
Mark Andrews	2bd3a6e266	strncpy + array[end] = 0 -> strlcpy	2010-11-16 00:46:00 +00:00
Automatic Updater	4071d667be	update copyright notice	2010-10-19 23:47:10 +00:00
Mark Andrews	c9c2ffe729	2967. [bug] 'host -D' now turns on debugging messages earlier. [RT #22361]	2010-10-19 02:48:17 +00:00
Mark Andrews	13dae6ff58	silence 'Null terminator in string initializer ignored.' warning	2010-10-04 22:27:41 +00:00
Automatic Updater	9b367fcfe6	update copyright notice	2010-09-29 23:47:05 +00:00
Mark Andrews	34f010449c	#include <isc/print.h>	2010-09-29 04:30:13 +00:00
Mark Andrews	2015023399	2965. [func] Test HMAC functions using test data from RFC 2104 and RFC 4634. [RT #21702 ]	2010-09-29 04:00:16 +00:00
Automatic Updater	7041e86986	update copyright notice	2010-09-24 08:31:23 +00:00
Mark Andrews	ed83fa75f5	2963. [security] The allow-query acl was being applied instead of the allow-query-cache acl to cache lookups. [RT #22114]	2010-09-24 05:09:03 +00:00
Mark Andrews	165501a801	simplify grep	2010-09-15 23:22:02 +00:00
Evan Hunt	cff5da57d6	The "resolver" test was failing on systems with old versions of "grep".	2010-09-15 15:45:07 +00:00
Automatic Updater	3255640981	update copyright notice	2010-09-15 12:38:36 +00:00
Mark Andrews	082f42dcf2	2960. [func] Check that named accepts non-authoritative answers. [RT #21594]	2010-09-15 12:07:56 +00:00
Mark Andrews	c75523bcb3	2959. [func] Check that named starts with a missing masterfile. [RT #22076] 2958. [bug] named failed to start with a missing master file. [RT #22076]	2010-09-15 03:32:34 +00:00
Automatic Updater	dc9fa0be37	update copyright notice	2010-09-13 23:46:58 +00:00
Mark Andrews	3f9f14055b	2955. [func] Provide more detail in the recursing log. [RT #22043 ]	2010-09-13 03:37:43 +00:00
Automatic Updater	7306e8e4ee	update copyright notice	2010-09-07 23:46:59 +00:00
Mark Andrews	8fb412590e	2953. [bug] Silence spurious "expected covering NSEC3, got an exact match" message when returning a wildcard no data response. [RT #21744]	2010-09-07 02:28:17 +00:00
Mark Andrews	1b42401954	2952. [port] win32: named-checkzone and named-checkconf failed to initialise winsock. [RT #21932]	2010-09-07 01:49:08 +00:00
Mark Andrews	240a7dc59d	2951. [bug] named failed to generate a correct signed response in a optout, delegation only zone with no secure delegations. [RT #22007]	2010-09-07 00:58:36 +00:00
Automatic Updater	dac2623103	update copyright notice	2010-08-25 23:46:37 +00:00
Mark Andrews	17be07ab81	2948. [port] MacOS: provide a mechanism to configure the test interfaces at reboot. See bin/tests/system/README for details.	2010-08-25 04:51:51 +00:00
Mark Andrews	b5fd149e7e	silence signed/unsigned warning hpux	2010-08-24 01:00:31 +00:00
Mark Andrews	38abdbf816	2945. [doc] Update empty-zones list in ARM. [RT #21772 ] 2944. [maint] Remove ORCHID prefix from built in empty zones. [RT #21772]	2010-08-20 00:13:26 +00:00
Automatic Updater	7202b5cf66	update copyright notice	2010-08-17 23:46:46 +00:00
Mark Andrews	e0c50ca36a	update default id range to match that used (1..7)	2010-08-17 04:08:57 +00:00
Automatic Updater	3acf5eb97c	regen HEAD	2010-08-17 01:15:38 +00:00
Automatic Updater	f428e385a4	update copyright notice	2010-08-16 23:46:52 +00:00
Mark Andrews	c6f4972c74	2943. [func] Add support to load new keys into managed zones without signing immediately with "rndc loadkeys". Add support to link keys with "dnssec-keygen -S" and "dnssec-settime -S". [RT #21351]	2010-08-16 22:21:07 +00:00
Mark Andrews	8bc194b266	2941. [bug] sdb and sdlz (dlz's zone database) failed to support DNAME at the zone apex. [RT #21610]	2010-08-16 04:49:14 +00:00
Automatic Updater	2b43d1d8c5	update copyright notice	2010-08-13 23:47:04 +00:00
Francis Dupont	7641867b4c	fix win32 build	2010-08-13 14:33:31 +00:00
Mark Andrews	c73d8c1b72	2938. [bug] When skipping NSEC3 records that don't match the current NSEC3PARAM record in use for zone named could dereference a uninitialised pointer attempting to obtain a lock. [RT# 21868]	2010-08-13 06:46:25 +00:00
Francis Dupont	bf22bad528	removing unused	2010-08-12 09:52:35 +00:00
Francis Dupont	13f0ecd037	re-indent	2010-08-12 09:31:50 +00:00
Mark Andrews	bde46569f3	.orig -> .in as .orig is used by patch	2010-08-12 01:31:36 +00:00
Evan Hunt	cfd262045c	2936. [func] Improved configuration syntax and multiple-view support for addzone/delzone feature (see change #2930). Removed "new-zone-file" option, replaced with "allow-new-zones (yes\|no)". The new-zone-file for each view is now created automatically, with a filename generated from a hash of the view name. It is no longer necessary to "include" the new-zone-file in named.conf; this happens automatically. Zones that were not added via "rndc addzone" can no longer be removed with "rndc delzone". [RT #19447]	2010-08-11 18:14:20 +00:00
Automatic Updater	548317f929	update copyright notice	2010-08-10 23:48:19 +00:00
Mark Andrews	4b6cb8d09e	2935. [bug] nsupdate: improve 'file not found' error message. [RT #21871]	2010-08-10 09:51:47 +00:00
Mark Andrews	f083530138	2933. [bug] 'dig +nsid' used stack memory after it went out of scope. This could potentially result in a unknown, potentially malformed, EDNS option being sent instead of the desired NSID option. [RT #21781]	2010-08-10 08:39:15 +00:00
Evan Hunt	cb933b69ff	2932. [cleanup] Corrected a numbering error in the "dnssec" test. [RT #21597]	2010-08-09 22:34:56 +00:00
Automatic Updater	8ac1f6a48c	update copyright notice	2010-08-03 23:46:39 +00:00
Tatuya JINMEI 神明達哉	dbae1499ba	added me to authors. approved by Evan.	2010-08-03 16:40:45 +00:00
Mark Andrews	7b830cb17f	while (1) -> for (;;) to silence compiler warning	2010-07-20 04:52:21 +00:00
Mark Andrews	0ddcd0c0ce	format/arg mismatch solaris	2010-07-20 04:46:49 +00:00
Mark Andrews	7a8d1e1e2e	0 -> 0U	2010-07-19 06:13:28 +00:00
Mark Andrews	dfbda37366	silence compiler warnings about (char) as index to array	2010-07-19 04:13:38 +00:00
Tatuya JINMEI 神明達哉	f1f39b7e07	2931. [bug] Temporarily and partially disable change 2864 because it would cause inifinite attempts of RRSIG queries. This is an urgent care fix; we'll revisit the issue and complete the fix later. [RT #21710]	2010-07-15 01:17:45 +00:00
Automatic Updater	a90aca78aa	update copyright notice	2010-07-11 23:46:54 +00:00
Evan Hunt	5312c2ffbe	dnssec and dlv tests included master zones whose master files were missing. this was a bug that hadn't been noticed before, but 19447 added a test for that condition and it caused test failures.	2010-07-11 01:18:24 +00:00
Evan Hunt	86dcc40058	2930. [experimental] New "rndc addzone" and "rndc delzone" commads allow dynamic addition and deletion of zones. To enable this feature, specify a "new-zone-file" option at the view or options level in named.conf. Zone configuration information for the new zones will be written into that file. To make the new zones persist after a restart, "include" the file into named.conf in the appropriate view. (Note: This feature is not yet documented, and its syntax is expected to change.) [RT #19447]	2010-07-11 00:12:57 +00:00
Automatic Updater	7c6b9b2638	regen HEAD	2010-07-10 01:14:20 +00:00
Automatic Updater	1b892cf691	update copyright notice	2010-07-09 23:46:51 +00:00
Evan Hunt	bf9b852c3e	2929. [bug] Improved handling of GSS security contexts: - added LRU expiration for generated TSIGs - added the ability to use a non-default realm - added new "realm" keyword in nsupdate - limited lifetime of generated keys to 1 hour or the lifetime of the context (whichever is smaller) [RT #19737]	2010-07-09 05:13:15 +00:00
Mark Andrews	a7d2b922ee	match the dig.out.ns#.$n to the nameserver	2010-06-28 01:34:11 +00:00
Mark Andrews	8fa6ca58b6	check that we have non-cachable answers to test against	2010-06-28 01:31:49 +00:00
Automatic Updater	1b67d9b719	update copyright notice	2010-06-26 23:46:49 +00:00
Mark Andrews	73134bd1c7	add /* NOT DOCUMENTED */	2010-06-26 00:20:33 +00:00
Mark Andrews	810656a187	2925. [bug] Named failed to accept uncachable negative responses from insecure zones. [RT# 21555]	2010-06-25 23:50:13 +00:00
Automatic Updater	cf309ffeee	update copyright notice	2010-06-25 23:46:51 +00:00
Mark Andrews	f35a87f58f	remove leading zeros on keyid account for trusted keys not applying to _bind anymore	2010-06-25 07:28:46 +00:00
Mark Andrews	bf13e709db	2924. [func] 'rndc secroots' dump a combined summary of the current managed keys combined with trusted keys. [RT #20904]	2010-06-25 03:24:05 +00:00
Mark Andrews	43888c2315	2922. [bug] 'dig +trace' could drop core after "connection timeout". [RT #21514]	2010-06-24 07:22:18 +00:00
Automatic Updater	b8d4e96e95	update copyright notice	2010-06-23 23:46:58 +00:00
Automatic Updater	b61690dbad	update copyright notice	2010-06-22 23:46:52 +00:00
Mark Andrews	48dfee7150	2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively to IPv4 clients. New acl 'filter-aaaa' (default any).	2010-06-22 04:03:38 +00:00
Automatic Updater	c7c7ba3977	update copyright notice	2010-06-21 23:46:48 +00:00
Automatic Updater	cc2adcaa10	regen	2010-06-21 23:30:33 +00:00
Mark Andrews	718c4becc5	2919. [func] Add autosign-ksk and autosign-zsk virtual time tests. [RT #20840]	2010-06-21 02:31:46 +00:00
Automatic Updater	673ed6391e	update copyright notice	2010-06-20 23:46:45 +00:00
Automatic Updater	d5289b74fe	regen	2010-06-20 23:30:40 +00:00
Mark Andrews	be28cc55c5	regen	2010-06-20 07:19:18 +00:00
Mark Andrews	ea7760e72a	report bind.keys and bindkeys.pl versions in output	2010-06-20 07:18:30 +00:00
Mark Andrews	56b9fb463c	add bind.keys.h dependancy on ${srcdir}/bindkeys.pl	2010-06-20 07:17:02 +00:00
Automatic Updater	efa460418c	update copyright notice	2010-06-18 23:46:43 +00:00
Mark Andrews	43c770b998	2917. [func] Virtual time test framework. [RT #20801 ]	2010-06-17 05:39:19 +00:00
Automatic Updater	263874836b	update copyright notice	2010-06-11 23:46:49 +00:00
Mark Andrews	96fae19c97	restore export of PERL PK11GEN PK11LIST PK11DEL	2010-06-11 01:57:36 +00:00
Mark Andrews	9a56f03c4c	2916. [func] Add framework to use IPv6 in tests. fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7	2010-06-10 06:19:52 +00:00
Automatic Updater	ad0471f93b	update copyright notice	2010-06-08 23:50:24 +00:00
Mark Andrews	e24ccb512c	2914. [bug] Make the "autosign" system test more portable. [RT #20997]	2010-06-07 04:45:43 +00:00
Mark Andrews	63af1a646a	2913. [func] Add pkcs#11 system tests. [RT #20784 ]	2010-06-07 03:42:37 +00:00
Mark Andrews	5ee4d3f2ee	iterations is -H	2010-06-04 00:04:39 +00:00
Automatic Updater	6e13ffa218	update copyright notice	2010-06-03 23:51:05 +00:00
Mark Andrews	e74c3a0f59	specify NSEC3 iterations	2010-06-03 21:44:49 +00:00
Mark Andrews	10acc63770	2911. [bug] dnssec-signzone didn't handle out of zone records well. [RT #21367]	2010-06-03 06:29:03 +00:00
Mark Andrews	675cc80975	2911. [bug] dnssec-signzone didn't handle out of zone records well. [RT #21367]	2010-06-03 03:13:32 +00:00
Automatic Updater	a2d2fc17b0	update copyright notice	2010-06-02 01:28:40 +00:00
Mark Andrews	a27bbd21cf	2909. [bug] named-checkzone -p could die if "update-policy local;" was specified in named.conf. [RT #21416]	2010-06-02 01:07:47 +00:00
Automatic Updater	248b9ab0b0	update copyright notice	2010-05-27 23:51:08 +00:00
Mark Andrews	2f34efede1	line length	2010-05-27 03:23:56 +00:00
Automatic Updater	051dec6fb7	update copyright notice	2010-05-26 23:50:47 +00:00
Mark Andrews	b4c6ce22d0	call sign.sh robustly	2010-05-26 07:00:37 +00:00
Mark Andrews	e27d55e3ee	2904. [bug] When using DLV, sub-zones of the zones in the DLV, could be incorrectly marked as insecure instead of secure leading to negative proofs failing. This was a unintended outcome from change 2890. [RT# 21392]	2010-05-26 06:28:00 +00:00
Automatic Updater	15c961a1dd	update copyright notice	2010-05-19 09:33:50 +00:00
Mark Andrews	5ae2eac4c1	2902. [func] Add regression test for change 2897. [RT #21040 ]	2010-05-19 07:45:38 +00:00
Mark Andrews	b667946fa5	2900. [bug] The placeholder negative caching element was not properly constructed triggering a INSIST in dns_ncache_towire(). [RT #21346]	2010-05-19 06:39:50 +00:00
Automatic Updater	bef75d63d7	regen HEAD	2010-05-19 01:14:14 +00:00
Mark Andrews	6ffc3748d9	wrong rdataset disassociated. reviewed by each	2010-05-18 06:18:23 +00:00
Automatic Updater	4dd3ec797d	update copyright notice	2010-05-18 02:38:10 +00:00
Mark Andrews	98744b5111	2898. [bug] nslookup leaked memory when -domain=value was specified. [RT #21301]	2010-05-18 01:48:13 +00:00
Mark Andrews	8d31dd9ab6	2897. [bug] NSEC3 chains could be left behind when transitioning to insecure. [RT #21040]	2010-05-18 01:39:41 +00:00
Automatic Updater	e1263b4b9c	regen HEAD	2010-05-18 01:14:20 +00:00
Mark Andrews	7ac162ea7e	silence compiler warning	2010-05-18 00:28:40 +00:00
Automatic Updater	bd5842db3d	update copyright notice	2010-05-17 23:51:05 +00:00
Mark Andrews	c9c7fc6a01	#include <isc/print.h>	2010-05-17 05:31:43 +00:00
Mark Andrews	3ec79bbc03	2895. [func] genrandom: add support for the generation of multiple files. [RT #20917]	2010-05-17 04:38:45 +00:00
Automatic Updater	0284e57b9b	regen HEAD	2010-05-15 01:14:25 +00:00
Automatic Updater	515c7f3c43	update copyright notice	2010-05-14 23:50:40 +00:00
Mark Andrews	778a01b1aa	2893. [bug] Improve managed keys support. New named.conf option managed-keys-directory. [RT #20924]	2010-05-14 04:48:28 +00:00
Mark Andrews	44f175a90a	2892. [bug] Handle REVOKED keys better. [RT #20961 ]	2010-05-14 04:38:52 +00:00
Mark Andrews	21991bd14e	2891. [maint] Update empty-zones list to match draft-ietf-dnsop-default-local-zones-13. [RT# 21099]	2010-05-14 03:24:24 +00:00
Mark Andrews	e18c62b1da	2888. [bug] Only the first EDNS option was displayed. [RT #21273 ]	2010-05-13 00:40:46 +00:00
Mark Andrews	108300f7f1	2883. [bug] 'dig +short' failed to handle really large datasets. [RT #21113]	2010-05-12 01:31:37 +00:00
Automatic Updater	d3798f2bff	update copyright notice	2010-05-06 23:50:56 +00:00
Mark Andrews	f2ae969065	handle revoke changes	2010-05-06 11:28:20 +00:00
Mark Andrews	707d9fbd86	2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke consistent. [RT #21078]	2010-05-06 05:31:19 +00:00
Automatic Updater	230987e819	update copyright notice	2010-03-12 23:51:11 +00:00
Mark Andrews	c19f322914	2866. [bug] Windows does not like the TSIG name being compressed. [RT #20986]	2010-03-12 03:34:56 +00:00
Mark Andrews	fa2cb8d61d	2864. [bug] Direct SIG/RRSIG queries were not handled correctly. [RT #21050]	2010-03-12 01:48:35 +00:00
Mark Andrews	9537e40e79	cast isc_buffer_usedlength() to (int)	2010-03-10 02:17:52 +00:00
Automatic Updater	83f43b00a5	regen HEAD	2010-03-10 01:14:18 +00:00
Automatic Updater	3767befe3a	update copyright notice	2010-03-09 23:51:06 +00:00
Mark Andrews	64c43af4f4	2862. [bug] nsupdate didn't default to the parent zone when updating DS records. [RT #20896]	2010-03-09 03:46:12 +00:00
Mark Andrews	c5259c013b	2861. [doc] dnssec-settime man pages didn't correctly document the inactivation time. [RT #21039] 2860. [bug] named-checkconf's usage was out of date. [RT #21039]	2010-03-09 03:38:18 +00:00
Automatic Updater	6c8a888822	regen HEAD	2010-03-05 01:14:15 +00:00
Automatic Updater	4d42b714be	update copyright notice	2010-03-04 23:50:34 +00:00
Mark Andrews	56c2c3835f	10.53.0.1 through 10.53.0.5 -> 10.53.0.1 through 10.53.0.7	2010-03-04 20:34:16 +00:00
Mark Andrews	92348098eb	2956. [bug] named-checkconf did not fail on a bad trusted key. [RT #20705]	2010-03-04 06:17:01 +00:00
Mark Andrews	2e20dea9fc	2854. [func] nsupdate will now preserve the entered case of domain names in update requests it sends. [RT #20928]	2010-03-04 05:24:56 +00:00
Mark Andrews	13396661f4	2854. [func] dig: allow the final soa record in a axfr response to be suppressed, dig +onesoa. [RT #20929]	2010-03-04 05:18:04 +00:00
Automatic Updater	cc9ed75dd9	update copyright notice	2010-02-26 23:50:59 +00:00
Mark Andrews	64f8608ed6	2853. [bug] add_sigs() could run out of scratch space. [RT #21015 ]	2010-02-26 01:39:49 +00:00
Mark Andrews	0cae66577c	2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619 ]	2010-02-25 04:39:13 +00:00
Automatic Updater	680033ce4d	regen HEAD	2010-02-23 01:14:31 +00:00
Automatic Updater	8077efca7d	update copyright notice	2010-02-22 23:49:11 +00:00
Mark Andrews	d3cbd6b05c	2851. [doc] nslookup.1, removed <informalexample> from the docbook source as it produced bad nroff. [RT #21007]	2010-02-22 20:48:56 +00:00
Automatic Updater	6f1b350c3a	update copyright notice	2010-02-04 23:49:13 +00:00
Automatic Updater	44d0f0256f	regen	2010-02-04 01:14:17 +00:00
Mark Andrews	8ac908b38a	2849. [bug] Don't treat errors from the xml2 library as fatal. [RT #20945]	2010-02-04 00:57:25 +00:00
Automatic Updater	f1c89cb4f5	update copyright notice	2010-02-03 23:49:07 +00:00
Evan Hunt	dcfca6f18d	2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921 ]	2010-02-03 01:02:37 +00:00
Evan Hunt	6bb16fca28	rename "ischmacfix" files to "ischmacfixup" so win32 build will work	2010-01-22 00:55:46 +00:00
Automatic Updater	a3416b0a1b	regen	2010-01-20 01:14:19 +00:00
Automatic Updater	ca4e44ebe8	update copyright notice	2010-01-19 23:48:56 +00:00
Evan Hunt	8a198fa776	2842. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from creating key files if there is a chance that the new key ID will collide with an existing one after either of the keys has been revoked. (To override this in the case of dnssec-keyfromlabel, use the -y option. dnssec-keygen will simply create a different, noncolliding key, so an override is not necessary.) [RT #20838]	2010-01-19 20:26:07 +00:00
Evan Hunt	ecde9a1cd5	smartsign fails on slow machines. delay the timing-sensitive dnssec-settime call as long as possible.	2010-01-19 15:54:45 +00:00
Automatic Updater	6bb1560124	update copyright notice	2010-01-18 23:48:40 +00:00
Evan Hunt	e11a0c114c	2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865]	2010-01-18 19:19:31 +00:00
Automatic Updater	4dea9e5971	regen	2010-01-17 01:14:02 +00:00
Automatic Updater	20f2d1d74b	update copyright notice	2010-01-16 23:48:15 +00:00
Francis Dupont	4025076ca2	move -o in synopsis to the right place	2010-01-16 14:04:47 +00:00
Automatic Updater	5bdf8cd3c2	update copyright notice	2010-01-13 23:48:59 +00:00
Francis Dupont	6ff7cd9fa5	Temporary fixed pkcs11-destroy usage check. [RT #20760 ]	2010-01-13 21:19:52 +00:00
Evan Hunt	20624f43c3	removed lines inadvertently committed	2010-01-13 19:29:38 +00:00
Francis Dupont	b3990d04da	fix built-in view comment	2010-01-13 08:29:11 +00:00
Automatic Updater	65d1486535	update copyright notice	2010-01-11 23:48:37 +00:00
Francis Dupont	a91029a00e	Prevent Linux spurious warnings about fwrite(). [RT #20812 ]	2010-01-11 10:49:14 +00:00
Automatic Updater	fdd80e9a55	regen	2010-01-08 01:14:09 +00:00
Automatic Updater	a30c7003af	update copyright notice	2010-01-07 23:48:54 +00:00
Evan Hunt	0f66aced26	2834. [bug] HMAC-SHA* keys that were longer than the algorithm digest length were used incorrectly, leading to interoperability problems with other DNS implementations. This has been corrected. (Note: If an oversize key is in use, and compatibility is needed with an older release of BIND, the new tool "isc-hmac-fixup" can convert the key secret to a form that will work with all versions.) [RT #20751]	2010-01-07 21:52:12 +00:00
Evan Hunt	8ebf67b7f0	2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime. [RT #20851]	2010-01-07 19:13:59 +00:00
Evan Hunt	597642c0ba	2831. [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819]	2010-01-07 16:48:23 +00:00
Automatic Updater	247f299fb0	update copyright notice	2010-01-06 23:48:47 +00:00
Evan Hunt	b1fbf2a4db	fix spacing	2010-01-06 00:53:45 +00:00
Automatic Updater	3ee1371212	update copyright notice	2010-01-05 23:48:37 +00:00
Evan Hunt	564d687132	missing newline in dnssec-signzone usage	2010-01-05 15:31:58 +00:00
Tatuya JINMEI 神明達哉	d8680445d6	2828. [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] 9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)	2009-12-30 08:02:23 +00:00
Mark Andrews	57fb4f7bbe	2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that was in the process of being created was not properly recorded in the zone. [RT #20786]	2009-12-30 02:43:09 +00:00
Mark Andrews	5b77627c09	2824. [bug] "rndc sign" was not being run by the correct task. [RT #20759]	2009-12-29 22:20:33 +00:00
Automatic Updater	d856585f5f	regen	2009-12-29 01:14:03 +00:00
Evan Hunt	85c5ed3577	2821. [doc] Add note that named-checkconf doesn't automatically read rndc.key and bind.keys [RT #20758]	2009-12-28 23:21:16 +00:00
Francis Dupont	0faf1492c7	non-readable openssl.cnf [20668]	2009-12-24 17:49:39 +00:00
Evan Hunt	1361014b02	2818. [cleanup] rndc could return an incorrect error code when a zone was not found. [RT #20767]	2009-12-24 00:14:20 +00:00
Evan Hunt	40ad4ed01b	2817. [cleanup] Removed unnecessary isc_tasc_endexclusive() calls. [RT #20768]	2009-12-23 23:59:42 +00:00
Evan Hunt	aa3415ba49	2815. [bug] Exclusively lock the task when freezing a zone. [RT #19838]	2009-12-23 23:33:09 +00:00
Evan Hunt	f766024a27	change all keys from rsasha1 to nsec3rsasha1 so that the nsec->nsec3 transitions work correctly. (they worked before, but weren't supposed to; when that bug was fixed, the test broke.)	2009-12-19 17:30:31 +00:00
Automatic Updater	928e12ccdc	update copyright notice	2009-12-18 23:49:03 +00:00
Evan Hunt	4e55893d30	2813. [bug] Better handling of unreadable DNSSEC key files. [RT #20710] 2812. [bug] Make sure updates can't result in a zone with NSEC-only keys and NSEC3 records. [RT 20748]	2009-12-18 22:16:49 +00:00
Evan Hunt	0da859c5a7	2811. [cleanup] Add "rndc sign" to list of commands in rndc usage output. [RT #20733]	2009-12-18 07:59:43 +00:00
Evan Hunt	9de98fbbbe	2809. [cleanup] Restored accidentally-deleted text in usage output in dnssec-settime and dnssec-revoke [RT #20739]	2009-12-18 07:49:42 +00:00
Automatic Updater	90c38ab4e6	regen	2009-12-17 01:13:46 +00:00
Evan Hunt	535bc8112a	s/ddns.key/session.key/	2009-12-16 07:13:02 +00:00
Automatic Updater	8b82c01d74	update copyright notice	2009-12-06 23:48:29 +00:00
Evan Hunt	3cd574df2f	s/journalprint/named-journalprint/	2009-12-06 03:06:16 +00:00
Evan Hunt	0d796b1aaa	improve cleanup and add named.run to .cvsignore files	2009-12-06 03:04:39 +00:00
Evan Hunt	12178c8652	2805. [bug] Fixed namespace problems encountered when building external programs using non-exported BIND9 libraries (i.e., built without --enable-exportlib). [RT #20679]	2009-12-05 23:31:41 +00:00
Evan Hunt	d4d836350f	add .cvsignore files	2009-12-05 05:36:03 +00:00
Automatic Updater	e2e4d32199	regen	2009-12-04 22:22:27 +00:00
Automatic Updater	4b6dc226f7	update copyright notice	2009-12-04 22:06:37 +00:00
Mark Andrews	71ba75c604	2803. [port] win32: Install named-journalprint, nsec3hash, arpaname and genrandom under windows. [RT #20670] 2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]	2009-12-04 21:59:24 +00:00
Mark Andrews	3d17a3ba61	2801. [func] Detect and report records that are different according to DNSSEC but are sematically equal according to plain DNS. Apply plain DNS comparisons rather than DNSSEC comparisons when processing UPDATE requests. dnssec-signzone now removes such semantically duplicate records prior to signing the RRset. named-checkzone -r {ignore\|warn\|fail} (default warn) named-compilezone -r {ignore\|warn\|fail} (default warn) named.conf: check-dup-records {ignore\|warn\|fail};	2009-12-04 21:09:34 +00:00
Evan Hunt	e438e29354	claried log message when no active private keys are found to use for signing. [rt20690]	2009-12-04 20:32:07 +00:00
Mark Andrews	5d850024cb	2800. [func] Reject zones which have NS records which refer to CNAMEs, DNAMEs or don't have address record (class IN only). Reject UPDATEs which would cause the zone to fail the above checks if committed. [RT #20678]	2009-12-04 03:33:15 +00:00
Automatic Updater	089c63b69c	regen	2009-12-04 01:13:45 +00:00
Automatic Updater	63aeaafd97	update copyright notice	2009-12-03 23:48:22 +00:00
Evan Hunt	8e4f3f1cbc	2799. [cleanup] Changed the "secure-to-insecure" option to "dnssec-secure-to-insecure", and "dnskey-ksk-only" to "dnssec-dnskey-kskonly", for clarity. [RT #20586]	2009-12-03 23:18:17 +00:00
Mark Andrews	ecbbb29519	add copyright	2009-12-03 04:51:41 +00:00
Evan Hunt	6a4d6e3379	adapted to the special needs of solaris's really old awk	2009-12-02 17:54:45 +00:00
Evan Hunt	095810f8cb	fixed autosign/metadata brokenness on solaris [rt20685]	2009-12-02 05:42:15 +00:00
Automatic Updater	ffd297db79	update copyright notice	2009-11-30 23:48:02 +00:00
Evan Hunt	7511904837	add cvsignore files	2009-11-30 21:03:17 +00:00
Evan Hunt	75b8de8787	Create automatic tests "autosign" and "metadata". [rt19946]	2009-11-30 21:00:48 +00:00
Vernon Schryver	5d9922e86f	Allow the optional filter-aaaa-on-v4 option in view statements to close #20635	2009-11-28 15:57:37 +00:00
Mark Andrews	4bf4beede2	silence compiler warnings	2009-11-25 23:00:32 +00:00
Evan Hunt	ce3b2c5189	2788. [bug] dnssec-signzone could sign with keys that were not requested [RT #20625]	2009-11-25 03:17:11 +00:00
Mark Andrews	d0ca4e90e2	2786. [bug] Additional could be promoted to answer. [RT #20663 ]	2009-11-25 02:22:05 +00:00
Evan Hunt	d312bc5d81	2785. [bug] Revoked keys could fail to self-sign [RT #20652 ]	2009-11-24 03:42:32 +00:00
Mark Andrews	dc92707066	2783. [func] Return minimal responses to EDNS/UDP queries with a UDP buffer size of 512 or less. [RT #20654]	2009-11-24 03:09:57 +00:00
Evan Hunt	cef109efa7	2780. [bug] dnssec-keygen -A none didn't properly unset the activation date in all cases. [RT #20648] 2779. [bug] Dynamic key revokation could fail. [RT #20644] 2778. [bug] dnssec-signzone could fail when a key was revoked without deleting the unrevoked version. [RT #20638]	2009-11-23 02:55:41 +00:00
Francis Dupont	1cd538c051	20643: RSASHA2 NSEC3 compatible in dnssec-keyfromlabel	2009-11-21 17:54:09 +00:00
Evan Hunt	0088b45de5	2774. [bug] Existing cache DB wasn't being reused after reconfiguration. [RT #20629]	2009-11-19 18:52:40 +00:00
Automatic Updater	fe2b9bf570	update copyright notice	2009-11-18 23:48:07 +00:00
Evan Hunt	b08325a7f3	2773. [bug] In autosigned zones, the SOA could be signed with the KSK. [RT #20628]	2009-11-18 21:22:31 +00:00
Mark Andrews	a39a5f4d81	2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438]	2009-11-17 23:55:18 +00:00
Evan Hunt	00295e0650	2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568 ]	2009-11-16 04:27:44 +00:00
Mark Andrews	adb4211586	2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610 ]	2009-11-12 14:02:38 +00:00
Automatic Updater	3a5fe5abf0	regen	2009-11-11 01:14:42 +00:00
Evan Hunt	2e2a294b05	remove unnecessary braces around {-o filename}	2009-11-10 21:30:42 +00:00
Evan Hunt	3839749200	2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533 ]	2009-11-10 20:02:01 +00:00
Evan Hunt	7fe4b0447f	2757. [bug] dig: assertion failure could occur in connect timeout. [RT #20599]	2009-11-10 17:27:40 +00:00
Evan Hunt	e2facd7af2	2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]	2009-11-09 01:28:32 +00:00
Evan Hunt	cc3ed192b0	2754. [bug] Secure-to-insecure transitions failed when zone was signed with NSEC3. [RT #20587]	2009-11-06 08:38:56 +00:00
Evan Hunt	aa2f010f13	Switch from OpenSSL 0.9.8k to 0.9.8l	2009-11-06 03:14:10 +00:00
Evan Hunt	6f6f08b7a4	2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588 ]	2009-11-06 01:06:38 +00:00
Mark Andrews	052e7083ac	correct bind9.xsl.h dependancy	2009-11-05 02:59:04 +00:00
Evan Hunt	9a050780dc	2750. [bug] dig: assertion failure could occur when a server didn't have an address. [RT #20579]	2009-11-05 01:57:49 +00:00
Mark Andrews	0a30185f80	2748. [func] Identify bad answers from GTLD servers and treat them as referrals. [RT #18884]	2009-11-04 02:15:30 +00:00
Automatic Updater	64affc54f9	regen	2009-11-03 21:59:04 +00:00
Evan Hunt	f80b665135	fix typo: s/pcks11/pkcs11/	2009-11-03 21:44:46 +00:00
Mark Andrews	9d856845d6	2744. [func] Log if a query was over TCP. [RT #19961 ]	2009-11-03 04:39:41 +00:00
Mark Andrews	2162c1ed3d	add missing period	2009-11-03 01:31:17 +00:00
Automatic Updater	575e15fed9	regen	2009-10-28 01:14:38 +00:00
Mark Andrews	c6d2578fd6	2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474]	2009-10-28 00:27:10 +00:00
Automatic Updater	990dca4605	update copyright notice	2009-10-27 23:47:45 +00:00
Evan Hunt	95f2377b4f	2739. [cleanup] Clean up API for initializing and clearing trust anchors for a view. [RT #20211]	2009-10-27 22:46:13 +00:00
Mark Andrews	e09cdbac08	2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system test. [RT #20453]	2009-10-27 22:25:37 +00:00
Evan Hunt	e3b59e4af7	Minor cleanup in dnssec-* tools	2009-10-27 18:56:49 +00:00
Evan Hunt	312a00fb75	add named-symtbl.c to .cvsignore	2009-10-27 06:06:46 +00:00
Evan Hunt	72cfcb48a7	cleanup ddns.key after nsupdate test	2009-10-27 05:57:06 +00:00
Evan Hunt	0ce9fba8f0	cleanup DLV test	2009-10-27 05:49:50 +00:00
Mark Andrews	9e9e7112f9	2737. [func] UPDATE requests can leak existance information. [RT #17261]	2009-10-27 05:42:25 +00:00
Mark Andrews	63d5a6f680	2736. [func] Improve the performance of NSEC signed zones with more than a normal amount of glue below a delegation. [RT #20191]	2009-10-27 04:46:58 +00:00
Evan Hunt	e8831e51c1	2735. [bug] dnssec-signzone could fail to read keys that were specified on the command line with full paths, but weren't in the current directory. [RT #20421]	2009-10-27 03:59:45 +00:00
Mark Andrews	af30180834	2734. [port] cygwin: arpaname did not compile. [RT #20473 ]	2009-10-27 03:05:33 +00:00
Automatic Updater	5f744ebbdc	update copyright notice	2009-10-26 23:47:35 +00:00
Evan Hunt	6f9c93a885	2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355 ]	2009-10-26 23:36:53 +00:00
Evan Hunt	c8aa7ce70d	2732. [func] Add optional filter-aaaa-on-v4 option, available if built with './configure --enable-filter-aaaa'. Filters out AAAA answers to clients connecting via IPv4. (This is NOT recommended for general use.) [RT #20339]	2009-10-26 23:14:54 +00:00
Evan Hunt	c021499604	2731. [func] Additional work on change 2709. The key parser will now ignore unrecognized fields when the minor version number of the private key format has been increased. It will reject any key with the major version number increased. [RT #20310]	2009-10-26 21:18:24 +00:00
Francis Dupont	775a8d86d9	keygen progress indication [RT #20284 ]	2009-10-24 09:46:19 +00:00
Mark Andrews	c07236a635	2729. [func] When constructing a CNAME from a DNAME use the DNAME TTL. [RT #20451]	2009-10-24 04:38:19 +00:00
Evan Hunt	8f0502e922	2728. [bug] dnssec-keygen, dnssec-keyfromlabel and dnssec-signzone now warn immediately if asked to write into a nonexistent directory. [RT #20278]	2009-10-24 00:00:06 +00:00
Automatic Updater	8e821eea5f	regen	2009-10-23 01:14:48 +00:00
Automatic Updater	510032fdf4	update copyright notice	2009-10-22 23:48:07 +00:00
Evan Hunt	f10a8fa034	2727. [func] The 'key-directory' option can now specify a relative path. [RT #20154]	2009-10-22 03:43:16 +00:00
Evan Hunt	cc6cddfd94	2726. [func] Added support for SHA-2 DNSSEC algorithms, RSASHA256 and RSASHA512. [RT #20023]	2009-10-22 02:21:31 +00:00
Mark Andrews	d2a8d00228	2724. [bug] Updates to a existing node in secure zone using NSEC were failing. [RT #20448]	2009-10-22 01:55:55 +00:00
Mark Andrews	859cfb24bf	silence compiler warnings. [RT #20412 ]	2009-10-20 03:30:07 +00:00
Mark Andrews	06e7340198	2719. [func] Skip trusted/managed keys for unsupported algorithms. [RT #20392]	2009-10-20 03:15:06 +00:00
Mark Andrews	4b30598fb9	2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414 ]	2009-10-20 01:04:03 +00:00
Automatic Updater	5a24d24c8f	regen	2009-10-17 01:14:35 +00:00
Jeremy Reed	eec29cfd40	Fix typo as reported by SUN Guonian <sun@cnnic.cn>. This was seen in 9.7.0a3. No CHANGES entry as is too minor.	2009-10-16 15:37:01 +00:00
Automatic Updater	d060d8669f	regen	2009-10-16 04:20:49 +00:00
Evan Hunt	8f7de3db7e	Respinning to fix memory leak in dnssec-signzone. (Also adopting doc changes.)	2009-10-16 02:59:41 +00:00
Mark Andrews	1ed01b3390	silence compiler warning	2009-10-14 22:07:13 +00:00
Automatic Updater	ef9ee92543	update copyright notice	2009-10-13 23:48:12 +00:00
Evan Hunt	5c0fd37335	changes needed for win32 build	2009-10-13 02:39:38 +00:00
Evan Hunt	19ac4707ee	changes needed for win32 build	2009-10-13 00:55:51 +00:00
Automatic Updater	97639003b0	update copyright notice	2009-10-12 23:48:02 +00:00
Automatic Updater	3b2c6af63e	regen	2009-10-12 23:16:15 +00:00
Evan Hunt	c00929ed9f	additional doc improvement	2009-10-12 23:02:32 +00:00
Evan Hunt	77b8f88f14	2712. [func] New 'auto-dnssec' zone option allows zone signing to be fully automated in zones configured for dynamic DNS. 'auto-dnssec allow;' permits a zone to be signed by creating keys for it in the key-directory and using 'rndc sign <zone>'. 'auto-dnssec maintain;' allows that too, plus it also keeps the zone's DNSSEC keys up to date according to their timing metadata. [RT #19943]	2009-10-12 20:48:12 +00:00
Automatic Updater	8de0d8a690	regen	2009-10-11 01:14:49 +00:00
Automatic Updater	8667770ad2	update copyright notice	2009-10-10 23:47:58 +00:00
Evan Hunt	3727725bb7	2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' zone option cause a zone to be signed with only KSKs signing the DNSKEY RRset, not ZSKs. This reduces the size of a DNSKEY answer. [RT #20340]	2009-10-10 01:48:00 +00:00
Evan Hunt	315a1514a5	2709. [func] Added some data fields, currently unused, to the private key file format, to allow implementation of explicit key rollover in a future release without impairing backward or forward compatibility. [RT #20310]	2009-10-09 06:09:21 +00:00
Automatic Updater	b05106c7e6	regen	2009-10-09 01:14:47 +00:00
Automatic Updater	15bbb8a129	update copyright notice	2009-10-08 23:48:10 +00:00
Mark Andrews	2847930722	2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.	2009-10-08 23:13:07 +00:00
Automatic Updater	2a6d4c9948	regen	2009-10-07 01:14:42 +00:00
Evan Hunt	22b23fb59d	tbox wants an #include <isc/print.h>...	2009-10-06 23:22:51 +00:00
Evan Hunt	d1f39121a6	2707. [func] dnssec-keyfromlabel no longer require engine name to be specified in the label if there is a default engine or the -E option has been used. Also, it now uses default algorithms as dnssec-keygen does (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used). [RT #20371]	2009-10-06 22:58:45 +00:00
Evan Hunt	ca60f7ba75	Add pkcs11 tools to standard windows BIND 9 build.	2009-10-06 22:14:13 +00:00
Evan Hunt	246c504f90	2706. [bug] Loading a zone with a very large NSEC3 salt could trigger an assert. [RT #20368]	2009-10-06 21:20:45 +00:00
Evan Hunt	95b41985f7	- build pkcs11 tools when compiling --with-pkcs11=yes - add PKCS11_PROVIDER environment variable as a method for specifying the provider.	2009-10-06 20:27:55 +00:00
Automatic Updater	e74245134d	update copyright notice	2009-10-06 04:40:14 +00:00
Automatic Updater	8ec3c08523	regen	2009-10-06 01:14:42 +00:00
Evan Hunt	3ff75c89eb	2704. [bug] Serial of dynamic and stub zones could be inconsistent with their SOA serial. [RT #19387]	2009-10-05 19:39:20 +00:00
Francis Dupont	8b78c993cb	explicit engine rt20230a	2009-10-05 17:30:49 +00:00
Francis Dupont	e853728477	update OpenSSL PKCS#11 patch (rt19910)	2009-10-05 13:20:06 +00:00
Francis Dupont	d220cab39d	pkcs11 rt20229	2009-10-05 13:02:31 +00:00
Francis Dupont	247806c820	regen	2009-10-05 12:25:29 +00:00
Francis Dupont	f89a9bcf1c	pkcs11 rt20236	2009-10-05 12:23:11 +00:00
Francis Dupont	b091b4bb80	regen	2009-10-05 12:13:15 +00:00
Francis Dupont	a631b30b1d	pkcs11 rt20225	2009-10-05 12:07:08 +00:00
Francis Dupont	78e0199a39	update OpenSSL PKCS#11 patch (19143)	2009-10-05 11:12:45 +00:00
Evan Hunt	1210799345	Add /* NOTREACHED */ comments	2009-10-03 18:03:54 +00:00
Automatic Updater	66fec05962	regen	2009-09-30 01:14:47 +00:00
Automatic Updater	61dd99bfae	update copyright notice	2009-09-29 23:48:04 +00:00
Evan Hunt	a93a66f618	2794. [bug] Reduce default NSEC3 iterations from 100 to 10. [RT #19970]	2009-09-29 22:17:34 +00:00
Francis Dupont	debd489a44	noreturn RT #20257	2009-09-29 15:06:07 +00:00
Mark Andrews	1e733ffc11	2792. [port] win32: 32/64 bit cleanups. [RT #128244 ]	2009-09-29 04:38:23 +00:00
Automatic Updater	f3d1a0ba52	regen	2009-09-26 01:14:51 +00:00
Automatic Updater	627f3e0805	update copyright notice	2009-09-25 23:48:13 +00:00
Evan Hunt	1e3c9961bb	Move dns_rdataset_init() call earlier so "goto cleanup" won't trigger an assert in dns_rdataset_isassociated(). (This is trivial, I'm going to commit without review.)	2009-09-25 14:30:10 +00:00
Evan Hunt	fb596cc9af	2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 chain when re-signing a previously-signed zone. Use -u to modify NSEC3 parameters or switch between NSEC and NSEC3. [RT #20304]	2009-09-25 06:47:50 +00:00
Francis Dupont	c59a7b0629	missing updates in recent changes	2009-09-24 14:39:17 +00:00
Evan Hunt	63a1800105	Fix several problems introduced by rt19943	2009-09-24 04:36:28 +00:00
Automatic Updater	d48690af7a	update copyright notice	2009-09-23 23:47:56 +00:00
Evan Hunt	53c22b8e0d	2685. [bug] Fixed dnssec-signzone -S handling of revoked keys. Also, added warnings when revoking a ZSK, as this is not defined by protocol (but is legal). [RT #19943]	2009-09-23 16:01:57 +00:00
Mark Andrews	4d0e2cf9b9	2684. [bug] dnssec-signzone should clean the old NSEC chain when signing with NSEC3 and vica versa. [RT #20301]	2009-09-23 14:05:11 +00:00
Francis Dupont	e25451b66c	pkcs11 tools were moved (20067)	2009-09-23 10:54:46 +00:00
Evan Hunt	8436cc14ba	2684. [cleanup] dig: formalize +ad and +cd as synonyms for +adflag and +cdflag. [RT #19305]	2009-09-23 06:21:36 +00:00
Mark Andrews	011d0b7dc8	2683. [bug] dnssec-signzone should clean out old NSEC3 chains when the NSEC3 parameters used to sign the zone change. [RT #20246]	2009-09-23 04:30:16 +00:00
Francis Dupont	2f4d747a26	"configure --enable-symtable=all" failed to build. [RT #20282 ]	2009-09-22 08:47:55 +00:00
Automatic Updater	d2ebd5d5fb	regen	2009-09-19 01:14:52 +00:00
Francis Dupont	b67b58ebe7	small improvement (rt20291)	2009-09-18 22:08:55 +00:00
Francis Dupont	b0dafbb309	spelling	2009-09-18 13:14:47 +00:00
Francis Dupont	1def913211	config.h issue is fixed: cleanup	2009-09-18 11:07:04 +00:00
Evan Hunt	0e32dda176	add include <config.h>, and update comments to use the new names	2009-09-17 23:46:34 +00:00
Francis Dupont	be728633c1	init .cvsignore	2009-09-17 22:55:59 +00:00
Francis Dupont	8b5a11217c	from contrib/pkcs11-keygen	2009-09-17 22:51:59 +00:00
Automatic Updater	4765fc7c3f	update copyright notice	2009-09-15 23:48:09 +00:00
Evan Hunt	d514c0dc9b	2679. [func] dig -k can now accept TSIG keys in named.conf format. [RT #20031]	2009-09-15 03:13:44 +00:00
Automatic Updater	f8e3e03cac	regen	2009-09-15 01:14:42 +00:00
Mark Andrews	a12c8549d6	2678. [func] Treat DS queries as if "minimal-response yes;" was set. [RT #20258]	2009-09-14 23:13:37 +00:00
Evan Hunt	b843f577bb	2677. [func] Changes to key metadata behavior: - Keys without "publish" or "active" dates set will no longer be used for smart signing. However, those dates will be set to "now" by default when a key is created; to generate a key but not use it yet, use dnssec-keygen -G. - New "inactive" date (dnssec-keygen/settime -I) sets the time when a key is no longer used for signing but is still published. - The "unpublished" date (-U) is deprecated in favor of "deleted" (-D). [rt20247]	2009-09-14 18:45:45 +00:00
Evan Hunt	a457576b58	"dnssec-lookaside auto" crashed if named was built without openssl [rt20231]	2009-09-10 01:49:29 +00:00
Automatic Updater	31f1c9a241	regen	2009-09-09 23:30:30 +00:00
Mark Andrews	14cd8ac04c	2672. [bug] Don't enable searching in 'host' when doing reverse lookups. [RT #20218]	2009-09-08 23:23:22 +00:00
Automatic Updater	c7d32c0b0f	regen	2009-09-08 01:14:42 +00:00
Francis Dupont	210970a248	two votes for keys -> key pair	2009-09-07 23:11:48 +00:00
Francis Dupont	1f821c1058	merge rt19294	2009-09-07 12:58:33 +00:00
Evan Hunt	30a60d2aff	On some slower systems the startup is delayed and this causes an apparent transfer failure on the initial calls to dig. Adding a test here to make sure the zones are fully loaded before attempting to query them.	2009-09-04 17:14:58 +00:00
Evan Hunt	8d0a1ede2f	RT #20213 : - correctly use -K option in dnssec-keygen - fix an improper free() in dnssec-revoke - fix grammar in dnssec-settime	2009-09-04 16:57:22 +00:00
Mark Andrews	06eb464ae2	ALG_FORMATSIZE -> 20	2009-09-04 02:31:29 +00:00
Mark Andrews	2d13af354a	isc_resourcevalue_t is unsigned. use %ISC_PRINT_QUADFORMATu	2009-09-04 00:49:50 +00:00
Francis Dupont	9916d13704	oldkey must be initialized to NULL	2009-09-03 13:43:52 +00:00
Automatic Updater	2895f101b5	regen	2009-09-03 01:14:42 +00:00
Evan Hunt	9f8d002a66	silence win32 compiler warnings	2009-09-03 00:12:23 +00:00
Automatic Updater	d7201de09b	update copyright notice	2009-09-02 23:48:03 +00:00
Evan Hunt	eab9975bcf	2668. [func] Several improvements to dnssec-* tools, including: - dnssec-keygen and dnssec-settime can now set key metadata fields 0 (to unset a value, use "none") - dnssec-revoke sets the revocation date in addition to the revoke bit - dnssec-settime can now print individual metadata fields instead of always printing all of them, and can print them in unix epoch time format for use by scripts [RT #19942]	2009-09-02 06:29:01 +00:00
Automatic Updater	823ca3c14f	update copyright notice	2009-09-01 23:47:45 +00:00
Tatuya JINMEI 神明達哉	ee537376ad	avoid using @< (which some make don't seem to understand) for portability	2009-09-01 22:30:28 +00:00
Evan Hunt	93ebf0fc08	- add .cvsignore files - silence tinderbox warnings about missing config.h in a few files.	2009-09-01 20:13:44 +00:00
Tatuya JINMEI 神明達哉	a27fe4c990	2667. [func] Add support for logging stack backtrace on assertion failure (not available for all platforms). [RT #19780] 9.7.0	2009-09-01 18:40:25 +00:00
Tatuya JINMEI 神明達哉	44de0b1f7d	2666. [func] Added an 'options' argument to dns_name_fromstring() (API change from 9.7.0a2). [RT #20196]	2009-09-01 17:36:51 +00:00
Evan Hunt	85be60e3c8	2665. [func] Clarify syntax for managed-keys {} statement, add ARM documentation about RFC 5011 support. [RT #19874]	2009-09-01 07:14:26 +00:00
Mark Andrews	479b80d4d7	2663. [func] win32: allow named to run as a service using "NT AUTHORITY\LocalService" as the account. [RT #19977]	2009-09-01 06:51:47 +00:00
Tatuya JINMEI 神明達哉	307d208450	2660. [func] Add a new set of DNS libraries for non-BIND9 applications. See README.libdns. [RT #19369]	2009-09-01 00:22:28 +00:00
Automatic Updater	ad671240d6	regen	2009-08-29 01:14:37 +00:00
Automatic Updater	5ac9ef9448	update copyright notice	2009-08-28 23:48:02 +00:00
Evan Hunt	41eeb37b51	2659. [doc] Clarify dnssec-keygen doc: key name must match zone name for DNSSEC keys. [RT #19938]	2009-08-28 21:47:02 +00:00
Evan Hunt	747abb4993	2658. [bug] dnssec-settime and dnssec-revoke didn't process key file paths correctly. [RT #20078]	2009-08-28 03:13:08 +00:00
Automatic Updater	163af735c2	regen	2009-08-27 01:14:39 +00:00
Jeremy Reed	35490da615	Update date for manpage. Add -l to synopsis sections. (It is already documented.) Mention the RFC number for DLV. Not adding a CHANGES entry. No official release since this was added. The previous CHANGES entries for this are 2611 and 2636.	2009-08-26 21:56:05 +00:00
Jeremy Reed	de10c46b2a	Add -l to synopsis. For RT BUG 20147. Not adding a CHANGES entry as is so minor and the -l addition is in 2630 which is not in any official release. Also update the date for the manual page.	2009-08-26 21:34:44 +00:00
Automatic Updater	da035d9f44	update copyright notice	2009-08-25 23:47:51 +00:00
Mark Andrews	2bee3c2e70	CHANGES	2009-08-25 06:47:06 +00:00
Mark Andrews	18114698b4	2654. [bug] Improve error reporting on duplicated names for deny-answer-xxx. [RT #20164]	2009-08-25 02:42:46 +00:00
Mark Andrews	88471538d6	2652. [func] Provide more detail about what record is being deleted. [RT #20061]	2009-08-17 07:18:41 +00:00
Evan Hunt	813b34ebec	2650. [bug] Assertion failure in dnssec-signzone when trying to read keyset-* files. [RT #20075]	2009-08-14 01:07:00 +00:00
Mark Andrews	de3200acf4	silence format warnings: treat uid/gid as longs when printing	2009-08-13 07:04:38 +00:00
Mark Andrews	50eab6c2aa	silence compiler warnings	2009-08-13 04:13:58 +00:00
Automatic Updater	0a7e3c7d09	update copyright notice	2009-08-05 23:47:43 +00:00
Evan Hunt	2ac8f58412	needed fixes for windows build	2009-08-05 18:43:37 +00:00
Evan Hunt	3a87540047	2644. [bug] Change #2628 caused a regression on some systems; named was unable to write the PID file and would fail on startup. [RT #20001]	2009-08-05 17:35:33 +00:00
Mark Andrews	6beee732e4	2643. [bug] Stub zones interacted badly with NSEC3 support. [RT #19777]	2009-08-05 02:09:04 +00:00
Evan Hunt	4103d428a9	use genrandom to produce random data for input to ddns-confgen	2009-07-30 15:11:41 +00:00
Automatic Updater	0282f038eb	update copyright notice	2009-07-29 23:47:43 +00:00
Evan Hunt	9069215eac	2641. [bug] Fixed an error in parsing update-policy syntax, added a regression test to check it. [RT #20007]	2009-07-29 17:52:00 +00:00
Mark Andrews	bd190a40a8	2640. [security] A specially crafted update packet will cause named to exit. [RT #20000]	2009-07-28 15:45:43 +00:00
Mark Andrews	99a0cd0236	fix comment	2009-07-21 03:27:38 +00:00
Tatuya JINMEI 神明達哉	2847ddeaf1	misc. bug fixes including null pointer dereference and memory leak. [RT #19953] I don't update CHANGES as this code has never been publicly released.	2009-07-21 02:57:39 +00:00
Mark Andrews	97725b410a	2628. [bug] Install arpaname. [RT #19957 ]	2009-07-21 02:41:01 +00:00
Mark Andrews	520cea04a2	2627. [func] Rationalize dnssec-signzone's signwithkey() calling. [RT #19959]	2009-07-21 01:22:27 +00:00
Automatic Updater	fd0b768f4c	regen	2009-07-21 01:13:24 +00:00
Francis Dupont	938dfe6dcd	re-indent (to be finished)	2009-07-20 12:11:58 +00:00
Francis Dupont	85f5bb5274	fix extra space after now- in now-revoked	2009-07-20 11:56:35 +00:00
Automatic Updater	52c1cac19a	regen	2009-07-20 01:13:18 +00:00
Automatic Updater	26d8ffe715	update copyright notice	2009-07-19 23:47:55 +00:00
Evan Hunt	f73695f9bd	fix a merge error from rebasing dnssec-settime (an assignment was left in place that was supposed to have been removed--this was already reviewed, I just merged the fix wrong)	2009-07-19 16:11:53 +00:00
Evan Hunt	dba9901bb7	update cvsignore	2009-07-19 05:33:10 +00:00
Evan Hunt	2a3574f8d4	windows portability fix (review by mgraff)	2009-07-19 05:26:05 +00:00
Evan Hunt	9edd523c22	more win32 build fixes	2009-07-19 05:06:48 +00:00
Evan Hunt	da520bccdd	add settime project files for win32 build	2009-07-19 04:56:47 +00:00
Automatic Updater	0a7ed88633	regen	2009-07-19 04:27:56 +00:00
Evan Hunt	553ead32ff	2636. [func] Simplify zone signing and key maintenance with the dnssec-* tools. Major changes: - all dnssec-* tools now take a -K option to specify a directory in which key files will be stored - DNSSEC can now store metadata indicating when they are scheduled to be published, acttivated, revoked or removed; these values can be set by dnssec-keygen or overwritten by the new dnssec-settime command - dnssec-signzone -S (for "smart") option reads key metadata and uses it to determine automatically which keys to publish to the zone, use for signing, revoke, or remove from the zone [RT #19816]	2009-07-19 04:18:05 +00:00
Automatic Updater	4a979d3577	update copyright notice	2009-07-17 23:47:41 +00:00
Evan Hunt	aeff7de836	2634. [port] win32: Add support for libxml2, enable statschannel. [RT #19773]	2009-07-17 06:25:45 +00:00
Automatic Updater	3cddb2c552	regen	2009-07-15 01:13:11 +00:00
Mark Andrews	fb8db7fc3f	2631. [bug] Handle "//", "/./" and "/../" in mkdirpath(). [RT #19926 ]	2009-07-15 00:36:37 +00:00
Automatic Updater	3e12c54de2	update copyright notice	2009-07-14 23:47:54 +00:00
Evan Hunt	08f860f800	2630. [func] Improved syntax for DDNS autoconfiguration: use "update-policy local;" to switch on local DDNS in a zone. [RT #19875]	2009-07-14 22:54:57 +00:00

... 34 35 36 37 38 ...

8425 commits