upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
6041 commits 18 branches 854 tags 440 MiB
Commit graph

3681 commits

Author SHA1 Message Date
Michael Graff
ef653fbdb1 implement 'notify [ yes | no | explicit ]' 2000-07-24 22:59:44 +00:00
Andreas Gustafsson
6f12e3ca45 Restored the "done" variable removed in 1.150 and made 
the result code check after the loop deal with ISC_R_SUCCESS
instead.  The previous fix had the side effect of keeping multiple
answers to non-ANY queries, causing assertion failures in cache_name()
which is not prepared to deal with this situation
 2000-07-24 20:10:26 +00:00
Brian Wellington
1b1775921e If a message is built for one host, which isn't powered on, the tsig object 
wasn't removed until the xfer object was deleted, so when the xfer tried the
second master, it asserted.
 2000-07-24 05:30:30 +00:00
Michael Sawyer
2f0bfccf31 Remove dead REQUIRE 2000-07-22 00:40:39 +00:00
Michael Sawyer
f592550498 Add comments and make a slight REQUIRE change 2000-07-22 00:27:40 +00:00
Michael Sawyer
0371079513 Wire up key option in masters line. 2000-07-21 23:13:59 +00:00
Brian Wellington
c27767a7b9 tsig keys were not properly ref counted 2000-07-21 23:00:31 +00:00
Brian Wellington
3b2efab212 There's no real difference between the "sring" and "dring" parameters, so 
call them "ring1" and "ring2" instead.  Also remove a bogus assertion.
 2000-07-21 22:38:31 +00:00
Brian Wellington
2483a850e8 The call to dns_tsig_verify doesn't need a keyring. 2000-07-21 22:22:55 +00:00
Andreas Gustafsson
5aa7bca733 dns_rbt_printnode() formatted the node name 
into a buffer of 255 char pointers, not 255 chars; changed it
to use dns_name_format()
 2000-07-21 22:08:42 +00:00
James Brister
c35f1e5937 341. [func] Support 'key' clause in named.conf zone masters 
statement:

                                masters {
                                        10.0.0.1 port 666 key "foo";
                                        10.0.0.2 ;
                                };
 2000-07-21 21:25:01 +00:00
Brian Wellington
a49acbf201 Store tsig keys in an rbt, not a list. 2000-07-21 20:53:59 +00:00
Michael Sawyer
b6e3718b20 Should really allocate memory before trying to use it. 2000-07-21 20:51:44 +00:00
Andreas Gustafsson
e30c4dbe6f typos 2000-07-21 20:37:01 +00:00
Brian Wellington
84a47e20ae If the request was signed with a tsig key, verify the signature on the 
response.
 2000-07-21 20:33:13 +00:00
Brian Wellington
4be64854b4 The wrong name was being duped when a tsig key was generated using tkey. 2000-07-21 20:32:12 +00:00
Michael Sawyer
5813d091e9 Spacing changes 
replace memset with slightly more portable NULL initialization
properly NULL masterkeynames when zone is created
 2000-07-21 20:10:03 +00:00
Michael Sawyer
9b72c4648f Internal code for masters with key entries. Not wired into config yet. 2000-07-21 18:47:23 +00:00
Brian Wellington
d6e6858bb9 If dns_request_getresponse() fails, log it. 2000-07-20 19:34:16 +00:00
Brian Wellington
a5e73f3e9d Having a non-noerror value inn the tsig error field should always return 
DNS_R_TSIGERRORSET in dns_tsig_verify.  Change the result text to reflect
this.
 2000-07-20 19:32:57 +00:00
Andreas Gustafsson
b7ebc6a127 minor tweak to hash function of previous change 2000-07-20 01:15:25 +00:00
Andreas Gustafsson
f969863d54 replaced the hash function in dns_name_hash() by one 
that is simpler, faster, and produces a much more even distribution,
particularly when the data to hash ends with a null byte like domain
names often do
 2000-07-20 01:14:48 +00:00
Andreas Gustafsson
99eba32b06 Removed the code added in revision 1.57: 
"Store CNAMEs and their SIGs (if any) in their own name structure on
  the name list.  I.e. do not mix CNAMEs with non-CNAME data.  Do the
  same thing for DNAMEs."

because it caused DNSSEC validation of responses to ANY queries at
nodes with CNAME records to fail, and no one was able to figure out
why it was added in the first place.  As a beneficial side effect,
findname() now finds names even if they have attribute bits set
differently from the one being searched for.  This supersedes
the fix of revision 1.133.
 2000-07-20 00:05:32 +00:00
Andreas Gustafsson
aa5940281a When handling the response to an ANY query in a secure zone, deal with 
the multiple answer RRsets by validating each one separately.  Also,
eliminated the "done" variable in answer_response() because in the
rare situations where it got set to ISC_TRUE, it caused the function
to return prematurely by exiting a loop with a result of ISC_R_SUCCESS
and hitting a "if (result != ISC_R_NOMORE) return (result);" test
immediately following following the loop.

This should fix [RT #109], "ANY query in secure zone crashes server".
 2000-07-19 23:19:05 +00:00
Brian Wellington
209ec709f3 Use the isc hmac library instead of a separate implementation (not that 
the separate implementation was especially complicated).  dst hmac-md5 should
really go away at some point.
 2000-07-18 18:15:27 +00:00
James Brister
4ca8537286 Removed some debugging cruft. 
Fixed handling of octal/hexadecimal numbers on input.
 2000-07-18 13:19:27 +00:00
Brian Wellington
9df7d74e42 Use isc_base64_decodestring() instead of an explicit lexer. 2000-07-18 01:14:17 +00:00
Brian Wellington
49c8a96fba Don't require that tsig keys must be on a keyring. Also some other cleanup. 2000-07-18 00:46:03 +00:00
Brian Wellington
7a184cd4e5 don't copy a name structure, copy a pointer. 2000-07-18 00:44:52 +00:00
Brian Wellington
f6579931b3 Added calls to isc_log_wouldlog() in additional logging functions. 2000-07-17 23:25:35 +00:00
Brian Wellington
9c4cba349f 334. [func] Added hmac-md5 to libisc. 2000-07-17 17:33:39 +00:00
Andreas Gustafsson
0e65062acb strengthened the check added in the previous change: 
the new query domain must not only be a non-child of the query name,
it must be a parent of the query name (or equal to the query name)
 2000-07-16 18:26:18 +00:00
Andreas Gustafsson
64024eaa4d 333. [bug] The resolver incorrectly accepted referrals to 
subdomains of the query domain, causing an
                        assertion failure.
 2000-07-15 01:02:25 +00:00
David Lawrence
891a1bead8 Use new function dns_name_reset() to make a name have no data, instead 
of dns_name_concatenate(NULL, NULL, name, NULL).

Define DNS_NAME_USELINE to get macroized name functions.  Removed
older FAST_COUNTLABELS and FAST_ISABSOLUTE to use standard name
interface, which are covered by DNS_NAME_USEINLINE.
 2000-07-14 19:17:39 +00:00
David Lawrence
da527e4ff6 332. [func] New function dns_name_reset(). 2000-07-14 19:12:54 +00:00
Brian Wellington
da892e9733 Typo in comment - isc_time_microdiff returns microseconds, not milliseconds. 2000-07-14 16:59:32 +00:00
Andreas Gustafsson
10f4e9668a the INSIST condition of 1.145 was too strong, weakened it; 
dded another INSIST to help track down the INSIST(!external) crash
 2000-07-14 00:37:27 +00:00
Andreas Gustafsson
55da37e18f removed dead code 2000-07-14 00:33:09 +00:00
Brian Wellington
6bc1a64561 If a positive validation fails and it looks like the reason is that there 
are no material DNSSEC signatures, try an insecurity proof.
 2000-07-13 23:52:04 +00:00
Brian Wellington
4250285838 Return DNS_R_NAMETOOLONG in a few places where less useful errors were 
returned before.
 2000-07-13 18:10:18 +00:00
Brian Wellington
618e871c2e Add DNS_R_NAMETOOLONG 2000-07-13 02:41:20 +00:00
Andreas Gustafsson
4532e9e7c6 in isc_log_wouldlog(), deal with the possibility of lctx 
being NULL
 2000-07-13 02:28:18 +00:00
Andreas Gustafsson
0072e42780 use isc_log_wouldlog() in manager_log() 2000-07-13 01:38:40 +00:00
Brian Wellington
2935e25e99 Removed debugging code that is no longer useful. 2000-07-13 01:22:56 +00:00
Andreas Gustafsson
9317787889 use isc_log_wouldlog() 2000-07-13 01:16:22 +00:00
Brian Wellington
febc974d0f Use isc_log_wouldlog() to avoid calling strerror() whenever possible. 2000-07-13 01:13:53 +00:00
Brian Wellington
2e1236ad1e Call isc_log_wouldlog() 2000-07-13 00:30:58 +00:00
Brian Wellington
945c32833b Call isc_log_wouldlog() in a few places. 2000-07-13 00:27:17 +00:00
Andreas Gustafsson
211ac47e07 use isc_log_wouldlog() to avoid unnecessary formatting work 
when the debug level does not warrant logging
 2000-07-13 00:25:38 +00:00
Andreas Gustafsson
30576c592b 330. [func] New function isc_log_wouldlog(). 2000-07-13 00:19:02 +00:00