Commit Graph

8558 Commits

Author SHA1 Message Date
Ondřej Surý
15a4f74b28 Print isc_stdtime_t with PRIu32
(cherry picked from commit c355e1f38f)
2018-11-09 02:56:48 +07:00
Ondřej Surý
4568669807 Hint the compiler with ISC_UNREACHABLE(); that code after INSIST(0); cannot be reached
(cherry picked from commit 23fff6c569)
2018-11-08 15:09:12 +07:00
Ondřej Surý
1e6329038b Don't assert on failed getrlimit call to allow called to handle this gracefully as it already does, just abort where we need to know the numbers
(cherry picked from commit e2e138a801)
2018-11-08 14:37:14 +07:00
Ondřej Surý
fcd1569e2b Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool
(cherry picked from commit b2b43fd235)
2018-11-08 14:37:14 +07:00
Ondřej Surý
b222783ae9 Add small tweaks to the code to fix compilation when ISC assertions are disabled
While implementing the new unit testing framework cmocka, it was found that the
BIND 9 code doesn't compile when assertions are disabled or replaced with any
function (such as mock_assert() from cmocka unit testing framework) that's not
directly recognized as assertion by the compiler.

This made the compiler to complain about blocks of code that was recognized as
unreachable before, but now it isn't.

The changes in this commit include:

* assigns default values to couple of local variables,
* moves some return statements around INSIST assertions,
* adds __builtin_unreachable(); annotations after some INSIST assertions,
* fixes one broken assertion (= instead of ==)

(cherry picked from commit fbd2e47f51)
2018-11-08 14:05:23 +07:00
Witold Krecicki
070e4135c4 Remove unnecessary sed from autosign test
(cherry picked from commit 82dfb77328)
2018-11-08 12:19:57 +11:00
Witold Krecicki
f49bd1e77f Use 'local' variable in echo functions in tests
(cherry picked from commit 0949b1fe2c)
2018-11-08 12:19:51 +11:00
Witold Kręcicki
5d4074c4e4 Get rid of bashism in CDS test
(cherry picked from commit dbf2e7928e)
2018-11-08 12:14:31 +11:00
Ondřej Surý
9fe7963ec3 Update the IDN documentation for nslookup
(cherry picked from commit b659765869)
2018-11-07 11:32:56 +11:00
Ondřej Surý
a148af6728 Change the dig documentation
(cherry picked from commit 7697923eab)
2018-11-07 11:32:56 +11:00
Ondřej Surý
bee5674283 Update the idna tests for the new non-tty defaults
(cherry picked from commit e8c57a78aa)
2018-11-07 11:32:56 +11:00
Ondřej Surý
cd83fb94c6 Enable IDN processing (both idnin and idnout) only on tty, disable it when the stdout is not a tty
(cherry picked from commit 0e1bf7d017)
2018-11-06 17:10:09 +11:00
Mark Andrews
ce80d59e97 test require-server-cookie with rate-limit
(cherry picked from commit 164370102a)
2018-11-06 10:20:43 +11:00
Michał Kępień
a0c5c01fe5 Check serve-stale behavior with a cold cache
Ensure that serve-stale works as expected when returning stale answers
is enabled, the authoritative server does not respond, and there is no
cached answer available.

(cherry picked from commit 27cfe83a38)
2018-10-31 14:08:44 +01:00
Michał Kępień
9fe44e48b2 Check TTL of stale answers
Make sure that stale answers returned when the serve-stale feature is
enabled have a TTL matching the value of the stale-answer-ttl setting.

(cherry picked from commit 893ab37ce7)
2018-10-31 14:08:43 +01:00
Mark Andrews
86176a9153 use new packet for response; rename variable to request and response
(cherry picked from commit 280d0ca507)
2018-10-31 16:36:34 +11:00
Ondřej Surý
6062d370b6 Remove double result check leftover
(cherry picked from commit 065ff16e40)
2018-10-30 12:59:21 +01:00
Mark Andrews
dce7bb3f82 Record types which support a empty rdata field were not handling the empty rdata field case.
(cherry picked from commit 2ff57d8a39)
2018-10-30 11:16:43 +11:00
Mark Andrews
b4b006a686 Add support for EID and NIMLOC
(cherry picked from commit fbab100426)
2018-10-25 15:30:58 -07:00
Mark Andrews
f569c8ad26 GID, UID and UINFO could not be loaded using unknown record format.
(cherry picked from commit eb7ca65b78)
2018-10-25 13:34:49 -07:00
Michał Kępień
9dc1b43f3c Display a per-view list of zones in the web interface
The XSL stylesheet used by the web interface does not currently include
any element which would cause a list of zones configured in each view to
be displayed, making the "Zones" section of the web interface empty
unless some zone has been configured with "zone-statistics full;" and
queried.  Since this can be confusing, modify the XSL stylesheet so that
a list of zones configured in each view is displayed in the web
interface.

(cherry picked from commit aeda3f389e)
2018-10-25 10:21:26 +02:00
Michał Kępień
7b9a5ed7d5 Fix the configuration type used by the "server-addresses" option
Contrary to what the documentation states, the "server-addresses"
static-stub zone option does not accept custom port numbers.  Fix the
configuration type used by the "server-addresses" option to ensure
documentation matches source code.  Remove a check_zoneconf() test which
is unnecessary with this fix in place.

(cherry picked from commit b324576858)
2018-10-25 08:58:56 +02:00
Mark Andrews
f6515be8f6 Add support for ATMA
(cherry picked from commit f9ceddd8ca)
2018-10-25 14:08:42 +11:00
Witold Kręcicki
886cc5f64d Set result to SERVFAIL if upstream responded with FORMERR
Commit 2bc4c92ed4 causes the resolver to
respond to a client query with FORMERR when all upstream queries sent to
the servers authoritative for QNAME elicit FORMERR responses.  This
happens because resolver code returns DNS_R_FORMERR in such a case and
dns_result_torcode() acts as a pass-through for all arguments which are
already a valid RCODE.

The correct RCODE to set in the response returned to the client in the
case described above is SERVFAIL.  Make sure this happens by overriding
the RCODE in query_gotanswer(), on the grounds that any format errors in
the client query itself should be caught long before execution reaches
that point.  This change should not reduce query error logging accuracy
as the resolver code itself reports the exact reason for returning a
DNS_R_FORMERR result using log_formerr().

(cherry picked from commit b5c9a8caad)
2018-10-23 14:00:12 +02:00
Ondřej Surý
38777de529 Add support for enabling and enforcing FIPS mode in OpenSSL:
* Add configure option --enable-fips-mode that detects and enables FIPS mode
* Add a function to enable FIPS mode and call it on crypto init
* Log an OpenSSL error when FIPS_mode_set() fails and exit
* Report FIPS mode status in a separate log message from named

(cherry picked from commit c4cee27f9b)
2018-10-22 21:28:34 +02:00
Mark Andrews
39914dd221 reclimit: delegate to ans4 so that ans2 can behave like a real name server
(cherry picked from commit a216135a15)
2018-10-04 13:22:06 +10:00
Mark Andrews
732521e993 chain: change nameserver name so that the delegation matches
(cherry picked from commit 848e42227e)
2018-10-04 12:29:15 +10:00
Mark Andrews
298db257c2 chain: add 'start test' messages to named.run
(cherry picked from commit 524c1317f7)
2018-10-04 12:29:15 +10:00
Mark Andrews
8a0ccb54cd zero: send grep output to /dev/null; set ret=0 at start of 'check repeated recursive lookups of non recurring TTL=0 responses get new values' test so the failed subtest count is correct
(cherry picked from commit a6507af9e3)
2018-10-03 15:38:37 +10:00
Mark Andrews
90fdf40bda improve case presevation
(cherry picked from commit 0fc1b1bffa)
2018-10-02 15:21:22 +10:00
Tinderbox User
7f5e4faed8 prep 9.12.3rc1 2018-09-29 04:21:11 +00:00
Evan Hunt
1bce1f052a use an example domain
(cherry picked from commit b026663c62)
2018-09-28 09:59:28 -07:00
Evan Hunt
6452c017f5 fix chaosnet address comparison
(cherry picked from commit b4dca44ad2)
2018-09-28 08:58:45 -07:00
Evan Hunt
bd7084909b fix problems running dnsrps tests in rpz and rpzrecurse
- set up server correctly when running the second test pass
- reset stats counters before the second pass
- clean up test output

(cherry picked from commit 6d05ec7dc1)
2018-09-27 13:33:05 -07:00
Evan Hunt
5bf0e4f52d fix a typo in usage output
(cherry picked from commit e7c99e42f3)
2018-09-24 15:32:10 -07:00
Evan Hunt
9967c9d2b4 don't use $() in system tests
(cherry picked from commit bf9c60078a)
2018-09-11 13:03:34 -07:00
Evan Hunt
990f0f8a73 add -class option to rndc nta
(cherry picked from commit cc0abf62a1)
2018-09-10 13:14:21 -07:00
Evan Hunt
3b3fc63b2e report when NTAs added to multiple views
- the text returned by "rndc nta" when adding NTAs to multiple views
  was incorrectly terminated after the first line, so users only saw
  on NTA added unless they checked the logs.

(cherry picked from commit 83dc5a704a)
2018-09-10 13:14:18 -07:00
Mark Andrews
995a8401b0 add more missing name in update rule checks
(cherry picked from commit d1f8e116db)
2018-09-10 17:47:59 +10:00
Mark Andrews
8baca39f00 add krb5-* tests to nsupdate system test.
(cherry picked from commit 54c4db569b)
2018-09-10 17:47:59 +10:00
Mark Andrews
f926d28a17 add test addresses 10.53.0.{9,10} and fd92:7065:b8e:ffff::{9,10} 2018-09-10 17:47:59 +10:00
Mark Andrews
eae8d858e5 check that name field is not a valid type
(cherry picked from commit 5fb75a3d75)
2018-09-10 17:16:10 +10:00
Ondřej Surý
3fbceba0a8 Bail-out early in the for install loops instead of continuing because for masks the error in the middle
(cherry picked from commit 25248eb097)
2018-09-03 13:31:17 +02:00
Mark Andrews
259e0b0544 use pack to construct the reply as Net::DNS just get it wrong
(cherry picked from commit feaf381adb)
2018-08-31 18:39:46 +10:00
Mark Andrews
827ef21bb4 report initial RRSIG expiry field values
(cherry picked from commit 8e5abc6cdf)
2018-08-31 13:07:49 +10:00
Witold Kręcicki
90b75d94ff rndc reconfig should not stat on existing zones, just load new ones.
(cherry picked from commit 80a025d1a7)
2018-08-28 17:03:10 +02:00
Michał Kępień
5cc841fa53 Reset dig exit code after a TCP connection is established
The "exitcode" variable is set to 9 if a TCP connection fails, but is
not reset to 0 if a subsequent TCP connection succeeds.  This causes dig
to return a non-zero exit code if it succeeds in getting a TCP response
after a retry.  Fix by resetting "exitcode" to 0 if connect_done()
receives an event with the "result" field set to ISC_R_SUCCESS.

(cherry picked from commit deb3b85cb2)
2018-08-27 14:30:06 +10:00
Ondřej Surý
791663dd60 Whitespace fixes
(cherry picked from commit 31b5360943)
2018-08-24 08:34:44 -04:00
Michał Kępień
e0b9bb1d2c Log a message when "ixfr-from-differences" is set for an inline-signed zone
For inline-signed zones, the value of "ixfr-from-differences" is
hardcoded to:

  - "yes" for the raw version of the zone,
  - "no" for the signed version of the zone.

In other words, any user-provided "ixfr-from-differences" setting is
effectively ignored for an inline-signed zone.  Ensure the user is aware
of that by adding a note to the ARM and logging a message when an
"ixfr-from-differences" option is found at the zone level.

(cherry picked from commit 087157d14f)
2018-08-24 10:21:27 +02:00
Michał Kępień
c12388f5e8 Do not call bin/tools/genrandom unconditionally in system tests
$RANDFILE, i.e. bin/tests/system/random.data, should only be written to
if a system test requires support for cryptography and that file does
not already exist.  Otherwise, when multiple system tests are run in
parallel, that file might get truncated due to bin/tools/genrandom.c
using fopen() with mode "w" when writing the destination file.  With
unfortunate timing, this may cause system tests employing BIND tools
which need entropy (e.g. dnssec-keygen) to fail.

Make sure bin/tests/system/metadata/tests.sh no longer calls
bin/tools/genrandom since $RANDFILE is guaranteed to already be created
by the time bin/tools/genrandom is currently called because
bin/tests/system/metadata/prereq.sh uses bin/tests/system/testcrypto.sh.

Make sure bin/tests/system/sfcache/prereq.sh only writes to $RANDFILE if
it does not already exist.
2018-08-24 09:57:15 +02:00