At the beginning of qname minimization we get fctx->finds filled with what's
in the cache at this point, in worst case root servers. After doing full
run querying for NSes at different levels we need to clean it and refill
it with proper values from cache.
Remove the following functions in order to simplify socket code:
- isc_socket_recvv()
- isc_socket_sendtov()
- isc_socket_sendtov2()
- isc_socket_sendv()
Remove the following functions in order to simplify socket code:
- isc_socket_recvv()
- isc_socket_sendtov()
- isc_socket_sendtov2()
- isc_socket_sendv()
While isc_buffer_copyregion() calls isc_buffer_reserve() to ensure the
target buffer will have enough available space to append the contents of
the source region to it, the variables used for subsequently checking
available space are not updated accordingly after that call. This
prevents isc_buffer_copyregion() from working as expected for
auto-reallocated buffers: ISC_R_NOSPACE will be returned if enough space
is not already available in the target buffer before it is reallocated.
Fix by calling isc_buffer_used() and isc_buffer_availablelength()
directly instead of assigning their return values to local variables.
Add some basic checks for isc_buffer_copyregion() to ensure it behaves
as expected for both fixed-size buffers and buffers which can be
automatically reallocated. Adjust the list of headers included by
lib/isc/tests/buffer_test.c so that it matches what that test program
really uses.
If an RPZ zone is to be freed during an update, canceling the
update_quantum() event is not enough because the resources released when
an update completes also need to be accounted for. Failure to do this
results in a hang upon shutdown. Fix by copying cleanup code from the
end of update_quantum() to rpz_detach().
If another RPZ update is pending when processing the previous one nears
completion and min-update-interval is set to 0, isc_timer_reset() gets
called with 'interval' set to 0, which triggers an assertion failure.
To prevent such a scenario from causing a crash, queue the update event
directly instead of asking the timer thread to do it.
Rationale: the nonce here is only used to make sure there is a low
probability of duplication, according to section B.2 of RFC7873.
It is only 32-bit, and even if an attacker knows the algorithm used
to generate nonces it won't, in any way, give him any platform to
attack the server as long as server secret used to sign the
(nonce, time) pair with HMAC-SHA1 is secure.
On the other hand, currently, each packet sent requires (unnecessarily)
a CS pseudo-random number which is ineffective.
To minimize the effort required to set up IANA root zone mirroring,
define a default master server list for the root zone and use it when
that zone is to be mirrored and no master server list was explicitly
specified. Contents of that list are taken from RFC 7706 and are
subject to change in future releases.
Since the static get_masters_def() function in bin/named/config.c does
exactly what named_zone_configure() in bin/named/zoneconf.c needs to do,
make the former non-static and use it in the latter to prevent code
duplication.
Since mirror zone data is treated as cache data for access control
purposes, configuring a mirror zone and disabling recursion at the same
time would effectively prevent mirror zone data from being used since
disabling recursion also disables cache access to all clients by
default. Even though this behavior can be inhibited by configuration,
mirror zones are a recursive resolver feature and thus recursion is now
required to use them.
Ignore the fact that certain configurations might still trick named into
assuming recursion is enabled when it effectively is not since this
change is not meant to put a hard policy in place but rather just to
prevent accidental mirror zone misuse.
