Mark Andrews
e30652e33a
Make $TTL match dnskey-ttl
...
(cherry picked from commit 16a720357b
2024-01-12 19:56:19 +11:00
Matthijs Mekking
2a6ee4a9a0
Write new DNSKEY TTL to key file
...
When the current DNSKEY TTL does not match the one from the policy,
write the new TTL to disk.
(cherry picked from commit b770740b44
2024-01-12 19:56:19 +11:00
Mark Andrews
59067fc568
Only create private records for DNSKEYs that have changed
...
We don't need to create private records for DNSKEY records that
have only had their TTL's changed.
(cherry picked from commit 27e74b2e4b
2024-01-12 19:56:19 +11:00
Mark Andrews
c1d1f35f13
sync_secure_db failed to handle some TTL changes
...
If the DNSKEY, CDNSKEY or CDS RRset had different TTLs then the
filtering of these RRset resulted in dns_diff_apply failing with
"not exact". Identify tuple pairs that are just TTL changes and
allow them through the filter.
(cherry picked from commit d601a90ea3
2024-01-12 19:56:19 +11:00
Mark Andrews
5bea0d3588
Use the current CDS and CDNSKEY TTLs
...
When adding new CDS and CDNSKEY records use the existing RRset
TTL if they already exist.
(cherry picked from commit 21be35c54e
2024-01-12 19:56:19 +11:00
Mark Andrews
3a0b3e92bd
Update the DNSKEY, CDNSKEY and CDS TTLs to match dnskey-ttl
...
If the TTLs of the DNSKEY, CDNSKEY and CDS do not match the
dnskey-ttl update them by removing all records and re-adding
them with the correct TTL.
(cherry picked from commit dcb7799061
2024-01-12 19:56:19 +11:00
Mark Andrews
9cab1eafee
Test dnssec-policy dnskey-ttl behaviour
...
If the dnskey-ttl in the dnssec-policy doesn't match the DNSKEY's
ttl then the DNSKEY, CDNSKEY and CDS rrset should be updated by
named to reflect the expressed policy. Check that named does this
by creating a zone with a TTL that does not match the policy's TTL
and check that it is correctly updated.
(cherry picked from commit f894bf661f
2024-01-12 19:56:19 +11:00
Arаm Sаrgsyаn
59c0e44d30
Merge branch '4508-crash-in-host-9.18' into 'bind-9.18'
...
[9.18] Fix a possible dig/host crash in "NS search" mode
See merge request isc-projects/bind9!8643
2024-01-11 11:31:11 +00:00
Aram Sargsyan
55cc5fea67
Add a CHANGES note for [GL #4508 ]
...
(cherry picked from commit 1246d982a2
2024-01-11 10:31:37 +00:00
Aram Sargsyan
086f569f52
Print a dig comment about the failed query consistently
...
Dig failed to print a comment about the reason of the unacceptable
query reply got from a server when there was no other query to
start in the lookup's chain.
Add an "else" block to print out the comment even when not starting
up the next query.
(cherry picked from commit 913b20abf8
2024-01-11 10:30:40 +00:00
Aram Sargsyan
11e85d15f9
Fix a possible dig/host crash in "NS search" mode
...
When getting a SERVFAIL reply from a query, 'host' tries to start
the next query in the lookup's list (also true for 'dig +nofail').
However, when running with the '-C' switch (or +nssearch for 'dig'),
all the queries in the lookup start from the beginning, so that logic
brings to a crash because of the attempted start of the query which
was already started.
Don't start the next query in the affected code path when in +nssearch
mode.
(cherry picked from commit f6658b333e
2024-01-11 10:28:22 +00:00
Tom Krizek
5274bba746
Merge branch 'tkrizek/nsupdate-test-flaky-on-freebsd-9.18' into 'bind-9.18'
...
[9.18] Allow nsupdate test rerun on FreeBSD
See merge request isc-projects/bind9!8640
2024-01-10 14:27:42 +00:00
Tom Krizek
7dff007ccd
Allow nsupdate test rerun on FreeBSD
...
The "exceeded time limit waiting for literal 'too many DNS UPDATEs
queued' in ns1/named.run" is prone to fail due to a timing issue.
Despite out efforts to stabilize it, the check still often fails on
FreeBSD in our CI. Allow the test to be re-run on this platform.
(cherry picked from commit 124882476b
2024-01-10 14:52:40 +01:00
Tom Krizek
6bf098e792
Merge branch '1621-statistics-test-rerun-flaky-9.18' into 'bind-9.18'
...
[9.18] Allow statistics test rerun
See merge request isc-projects/bind9!8639
2024-01-10 13:52:18 +00:00
Tom Krizek
7132f6b998
Allow statistics test rerun
...
This test has been unstable for a long while, especially the check
"statistics:verifying active sockets output in named.stats". Allow the
statistics test to be re-run to avoid frequent false positives.
2024-01-10 11:02:55 +01:00
Arаm Sаrgsyаn
ead6670ece
Merge branch 'aram/tests-dighost-fix-intermittent-failure-9.18' into 'bind-9.18'
...
[9.18] Make digdelv test work in different network envs (continued)
See merge request isc-projects/bind9!8637
2024-01-09 15:37:18 +00:00
Aram Sargsyan
cdb16a737e
Make digdelv test work in different network envs (continued)
...
This commit complements the 1e7d83234296f63a9f0b
2024-01-09 14:53:21 +00:00
Tom Krizek
4125ccc252
Merge branch '4521-timeout-in-dig-not-handled-in-rndc-system-test-9.18' into 'bind-9.18'
...
[9.18] Resolve "Timeout in dig not handled in system tests"
See merge request isc-projects/bind9!8633
2024-01-09 10:10:43 +00:00
Tom Krizek
339143e3fc
Handle dig timing out gracefully in upforwd
...
(cherry picked from commit 7b77574b6d
2024-01-09 10:17:49 +01:00
Tom Krizek
a1b67ff038
Handle dig timing out gracefully in staticstub
...
(cherry picked from commit cc7c4760aa
2024-01-09 10:17:49 +01:00
Tom Krizek
d061e2d6ba
Handle dig timing out gracefully in sortlist
...
(cherry picked from commit 2341934f7d
2024-01-09 10:17:48 +01:00
Tom Krizek
b690a44e55
Handle dig timing out gracefully in rpz
...
(cherry picked from commit 99799fba60
2024-01-09 10:17:48 +01:00
Tom Krizek
b51c74f0bb
Handle dig timing out gracefully in rootkeysentinel
...
(cherry picked from commit de569ad97a
2024-01-09 10:17:48 +01:00
Tom Krizek
9a803cc227
Handle dig timing out gracefully in qmin
...
(cherry picked from commit 606985d775
2024-01-09 10:17:48 +01:00
Tom Krizek
db064f3a69
Handle dig timing out gracefully in padding
...
(cherry picked from commit c983449e5e
2024-01-09 10:17:47 +01:00
Tom Krizek
dd146c6915
Handle dig timing out gracefully in nsupdate
...
(cherry picked from commit 3c7291248c
2024-01-09 10:17:47 +01:00
Tom Krizek
19c1660028
Handle dig timing out gracefully in names
...
(cherry picked from commit 410aa5aeab
2024-01-09 10:17:47 +01:00
Tom Krizek
8fcf12ed2a
Handle dig timing out gracefully in masterfile
...
(cherry picked from commit 0bf25138b6
2024-01-09 10:17:47 +01:00
Tom Krizek
abdce0c8df
Handle dig timing out gracefully in logfileconfig
...
(cherry picked from commit 8ece026848
2024-01-09 10:17:47 +01:00
Tom Krizek
a0399f1548
Handle dig timing out gracefully in legacy
...
(cherry picked from commit 2cc90a815e
2024-01-09 10:17:46 +01:00
Tom Krizek
554992ec59
Handle dig timing out gracefully in keepalive
...
(cherry picked from commit c6b267ce4d
2024-01-09 10:17:46 +01:00
Tom Krizek
a2e96ec130
Handle dig timing out gracefully in dnstap
...
(cherry picked from commit fcce010045
2024-01-09 10:17:46 +01:00
Tom Krizek
c57798d341
Handle dig timing out gracefully in cookie
...
(cherry picked from commit 343b3f0f84
2024-01-09 10:17:46 +01:00
Tom Krizek
b1eab3ca7e
Handle dig timing out gracefully in autosign
...
(cherry picked from commit 445ec7cc0f
2024-01-09 10:17:44 +01:00
Tom Krizek
c84e34dbbc
Handle dig timing out gracefully in auth
...
(cherry picked from commit ddb41798d5
2024-01-09 10:06:52 +01:00
Tom Krizek
6dc3ebe494
Handle dig timing out gracefully in allow-query
...
(cherry picked from commit 0d5df1fc02
2024-01-09 10:06:52 +01:00
Mark Andrews
db00e1e913
Handle dig timing out gracefully in serve-stale
...
(cherry picked from commit 4351076d48
2024-01-09 10:06:49 +01:00
Mark Andrews
3b01b47ac3
Handle dig timing out gracefully in rndc
...
(cherry picked from commit 02d9f2eeb9
2024-01-09 10:04:46 +01:00
Tom Krizek
70a86c8151
Merge branch 'tkrizek/xfer-test-dnssec-validation-no-9.18' into 'bind-9.18'
...
[9.18] Add missing dnssec-validation to ns4 in xfer test
See merge request isc-projects/bind9!8632
2024-01-09 09:03:08 +00:00
Tom Krizek
863055767d
Add missing dnssec-validation to ns4 in xfer test
...
This file was missing explicit dnssec-validation. Seems like it was
missed in our previous efforts, probably because of the different
filename / extension. Rename it to end with *.in to reflect that it is a
template file used by copy_setports.
(cherry picked from commit 68234372a5
2024-01-09 10:02:12 +01:00
Tom Krizek
efd095d995
Merge branch '4402-use-our-instance-of-bind-keys-bind-9.18' into 'bind-9.18'
...
[9.18] Resolve "Change system tests to not use dnssec-validation auto"
See merge request isc-projects/bind9!8510
2024-01-09 08:44:50 +00:00
Tom Krizek
d2c5a11ae8
Turn off dnssec-validation in nsec&tsig system tests
...
This is a followup for !8063 , which backported !7999 . The configuration
file layout for these files have changed (main branch has
named-fips.conf), which is probably why these bits were missed during a
backport.
2024-01-08 18:13:47 +01:00
Tom Krizek
ec3a47fc68
Turn off dnssec validation in inline test
...
DNSSEC validation isn't required by the inline test and would send
queries to root name servers.
(cherry picked from commit 66d6394057
2024-01-08 17:30:50 +01:00
Mark Andrews
2c1c7ec639
Stop sending queries to the internet's root servers
...
Disable automatic dnssec validation.
(cherry picked from commit 15a433cb9d
2024-01-08 17:30:42 +01:00
Michal Nowak
2e642030b7
Merge branch 'mnowak/set-up-version-and-release-notes-for-bind-9.18.23' into 'bind-9.18'
...
Set up version and release notes for BIND 9.18.23
See merge request isc-projects/bind9!8628
2024-01-08 12:11:31 +00:00
Michal Nowak
2b8b83cfc6
Set up release notes for BIND 9.18.23
2024-01-08 12:57:56 +01:00
Michal Nowak
52e432008e
Update BIND version to 9.18.23-dev
2024-01-08 12:57:56 +01:00
Aydın Mercan
75677d375e
Merge branch '4467-fix-stats-export-overflow-v9_18' into 'bind-9.18'
...
[9.18] Avoid overflow during statistics dump
See merge request isc-projects/bind9!8574
2024-01-03 18:20:17 +00:00
Aydın Mercan
a83c749115
Use <isc/atomic.h> instead of <stdatomic.h> directly in <isc/types.h>
2024-01-03 20:36:35 +03:00
Aydın Mercan
6c0ae4ef6e
Move atomic statscounter next to the non-atomic definition
...
(cherry picked from commit 9c4dd863a6
2024-01-03 20:36:35 +03:00
