Commit Graph
6993 Commits
Author SHA1 Message Date
Mark AndrewsandEvan Hunt 2671666ef8 improve clang / cmocka integration
(cherry picked from commit cb913177ae)
2019-03-05 11:04:46 -08:00
Tinderbox UserandEvan Hunt 4b1b4e1f78 prep 9.11.6rc1 2019-02-20 19:54:38 -08:00
Matthijs MekkingandEvan Hunt 8f64928e2e Update keyfetch_done compute_tag check
If in keyfetch_done the compute_tag fails (because for example the
algorithm is not supported), don't crash, but instead ignore the
key.

(cherry picked from commit b1d5411569ae10830b63f07560091193646cc739)
2019-02-20 19:54:20 -08:00
Matthijs MekkingandEvan Hunt acae423ef4 Don't free key in compute_tag in case of failure
If `dns_dnssec_keyfromrdata` failed we don't need to call
`dst_key_free` because no `dstkey` was created.  Doing so
nevertheless will result in an assertion failure.

This can happen if the key uses an unsupported algorithm.

(cherry picked from commit 7a1ca39b950b7d5230b605ac60f15a1cb94e3d69)
2019-02-20 19:54:20 -08:00
Mark Andrews 28e054c36c teach proto_c to look in the source directory for out of tree builds
(cherry picked from commit c0d4ff5796)
2019-02-20 09:46:07 +11:00
Mark Andrews 78bb82abd3 remove redundant assignment
(cherry picked from commit f475dc75b1)
2019-02-19 10:26:00 +11:00
Mark Andrews 434fcb5f1e remove seen_dname
(cherry picked from commit 63c03cdb2d)
2019-02-19 10:24:45 +11:00
Mark Andrews 333ce68d35 fix memory leak
(cherry picked from commit 7114d16098)
2019-02-19 09:38:09 +11:00
Mark Andrews d50b1ecd9c assert result is ISC_R_SUCCESS
(cherry picked from commit 76a1c1531a)
2019-02-19 08:00:30 +11:00
Mark Andrews 495d4153ad fix AMTRELAY name
(cherry picked from commit a9fadafecd)
2019-02-08 14:10:37 +11:00
Mark Andrews 4b955e8257 add top of range checks
(cherry picked from commit 8d69e15988)
2019-02-08 10:28:28 +11:00
Evan HuntandMark Andrews 37ad2d4de3 Add support for ZONEMD
(cherry picked from commit 3183663dd4)
2019-02-08 08:33:09 +11:00
Mark Andrews 060dd0a372 Add support for ATMRELAY
(cherry picked from commit 66922ee7af)
2019-02-08 08:33:08 +11:00
Evan Hunt a6afd50cb9 Change #4148 wasn't complete
- there was a memory leak when using negotiated TSIG keys.
- TKEY responses could only be signed when using a newly negotiated
  key; if an existent matching TSIG was found in in the keyring it
  would not be used.

(cherry picked from commit 73ba24fb36)
2019-01-31 09:29:22 -08:00
Matthijs MekkingandEvan Hunt 326d40ab08 allow TSIG key to be added to message structure after parsing
up until now, message->tsigkey could only be set during parsing
of the request, but gss-tsig allows one to be created afterward.

(cherry picked from commit 879fc0285e)
2019-01-30 12:34:02 -08:00
Petr MenšíkandEvan Hunt af021f136e Do not fail on NULL passed to OpenSSL_free
Some plugins might call it after deconstruction. Do not crash if there
is no reason for it.

(cherry picked from commit a26673a088)
2019-01-29 15:42:51 -08:00
Evan Hunt 665122be0d Revert "Merge branch 'ondrej/fix-race-condition-in-dnstap-v9_11' into 'v9_11'"
This reverts merge request !1345
2019-01-23 13:56:26 -05:00
Evan HuntandMark Andrews e511187ebd removed a debugging fprintf
(cherry picked from commit 6c478a3dae)
2019-01-21 17:01:11 +11:00
Witold KręcickiandEvan Hunt aa9866c390 If possible don't use forwarders when priming the resolver.
If we try to fetch a record from cache and need to look into
hints database we assume that the resolver is not primed and
start dns_resolver_prime(). Priming query is supposed to return
NSes for "." in ANSWER section and glue records for them in
ADDITIONAL section, so that we can fill that info in 'regular'
cache and not use hints db anymore.
However, if we're using a forwarder the priming query goes through
it, and if it's configured to return minimal answers we won't get
the addresses of root servers in ADDITIONAL section. Since the
only records for root servers we have are in hints database we'll
try to prime the resolver with every single query.

This patch adds a DNS_FETCHOPT_NOFORWARD flag which avoids using
forwarders if possible (that is if we have forward-first policy).
Using this flag on priming fetch fixes the problem as we get the
proper glue. With forward-only policy the problem is non-existent,
as we'll never ask for root server addresses because we'll never
have a need to query them.

Also added a test to confirm priming queries are not forwarded.

(cherry picked from commit b49310ac06)
(cherry picked from commit f8963ad70e)
2019-01-16 22:27:52 -08:00
Petr MenšíkandMark Andrews 3442c69911 Make sure null atributes are never used
Add INSIST to pubattr fetching where null might occur in therory. Make
sure null is never dereferenced.

(cherry picked from commit fe9ef0d9f5)
2019-01-17 09:00:42 +11:00
Mark AndrewsandEvan Hunt bf6133ea61 adjust timeout to allow for ECN negotiation failures
(cherry picked from commit dadb924be7)
2019-01-15 17:30:20 -08:00
Ondřej Surý 5c73b97715 Fix race condition in cleanup part of dns_dt_create()
(cherry picked from commit 482dd7eed3)
2019-01-15 09:51:25 +01:00
Mark Andrews 8bb42d7812 update refreshkeytime
(cherry picked from commit ca977e3976)
2019-01-09 19:48:58 +11:00
Mark Andrews 3266d3c4da maybe_numeric failed to handle NUL in text region.
(cherry picked from commit ee23780246)
2019-01-09 19:08:22 +11:00
Mark Andrews 58cc1ee718 Ensure base64/base32/hex fields in DNS records that should be non-empty are.
(cherry picked from commit 5e8b772ad1)
2019-01-09 18:52:50 +11:00
Mark Andrews 6750780e88 allow for up 100 records or 64K of data to be in a ncache entry
(cherry picked from commit 604889e627)
2019-01-09 16:17:07 +11:00
Mark AndrewsandEvan Hunt e4f7d6c418 explictly convert ISC_R_NOSPACE from dns_message_parse to DNS_R_FORMERR and remove from dns_result_torcode
(cherry picked from commit 0c42a9c0ab)
2019-01-08 20:51:27 -08:00
Michał Kępień 3db9f56718 Track forwarder timeouts in fetch contexts
Since following a delegation resets most fetch context state, address
marks (FCTX_ADDRINFO_MARK) set inside lib/dns/resolver.c are not
preserved when a delegation is followed.  This is fine for full
recursive resolution but when named is configured with "forward first;"
and one of the specified forwarders times out, triggering a fallback to
full recursive resolution, that forwarder should no longer be consulted
at each delegation point subsequently reached within a given fetch
context.

Add a new badnstype_t enum value, badns_forwarder, and use it to mark a
forwarder as bad when it times out in a "forward first;" configuration.
Since the bad server list is not cleaned when a fetch context follows a
delegation, this prevents a forwarder from being queried again after
falling back to full recursive resolution.  Yet, as each fetch context
maintains its own list of bad servers, this change does not cause a
forwarder timeout to prevent that forwarder from being used by other
fetch contexts.

(cherry picked from commit 33350626f9)
2019-01-08 08:34:37 +01:00
Matthijs MekkingandOndřej Surý 1360a1fa1a Move REQUIRE outside comment unsupported alg
(cherry picked from commit 5ca649967e)
2018-12-20 04:50:08 -05:00
Matthijs MekkingandOndřej Surý 040e132f16 Allow unsupported alg in zone /w dnssec-signzone
dnssec-signzone should sign a zonefile that contains a DNSKEY record
with an unsupported algorithm.  Current behavior is that it will
fail, hitting a fatal error.  The fix detects unsupported algorithms
and will not try to add it to the keylist.

Also when determining the maximum iterations for NSEC3, don't take
into account DNSKEY records in the zonefile with an unsupported
algorithm.

(cherry picked from commit 1dd11fc754)
2018-12-20 04:50:08 -05:00
Ondřej Surý 11cce88a41 gcc defines __SANITIZE_ADDRESS__ and not __ADDRESS_SANITIZER__, use the correct #define
(cherry picked from commit 8903d68d69)
2018-12-19 12:46:05 +01:00
Ondřej Surý 8fbd61343a Disable RTLD_DEEPBIND when compiled under AddressSanitizer
(cherry picked from commit cad6b39cab)
2018-12-19 10:51:09 +01:00
Mark Andrews da49d1cfc3 add unit tests for dns_rdatatype_atcname, dns_rdatatype_atparent and iszonecutauth
(cherry picked from commit f2f7711977)
2018-12-14 14:44:20 +11:00
Mark Andrews 587c81ac99 create dns_rdatatype_atcname to split records that can appear along side CNAME from DNSSEC; dns_rdatatype_iszonecutauth allowed too many types
(cherry picked from commit f4ceb12b69)
2018-12-14 14:29:46 +11:00
Mark Andrews ed232e96d1 log a error if we don't explicitly know that a error has been logged in zone_sign
(cherry picked from commit b108376a10)
2018-12-10 15:13:53 +11:00
Mark Andrews f8dc30d18b Properly detect bottom of zone when sign_a_node() is not called
(cherry picked from commit 9eec02a81f)
2018-12-07 12:20:09 +11:00
Mark Andrews c0a3c48802 add missing DBC checks for catz and add isc_magic checks; add DBC checks to ht.c
(cherry picked from commit a487473fc5)
(cherry picked from commit 17d9fa3cc7)
2018-11-29 15:05:17 +11:00
Mark Andrews 12f2ea418c update zname with the current zone anme
(cherry picked from commit 0708e43d3f)
2018-11-28 23:34:42 +11:00
Mark Andrews 156195dac6 address coverity side effect in assert warning
(cherry picked from commit 2156a5b610)
2018-11-23 10:21:53 +11:00
Ondřej SurýandMark Andrews 2386be289c Use strlcpy in place where strncpy(s, ...) + s[sizeof(s)-1] = \0; was used
(cherry picked from commit 175f06949f)
2018-11-22 08:11:31 +11:00
Evan Hunt 58314571ef remove (or hide behind a 'verbose' flag) extra output from system tests
(cherry picked from commit 8f15219f36)
2018-11-16 13:00:49 -08:00
Evan Hunt 2ed9b06ab8 remove ATF source code and Atffiles
(cherry picked from commit 8c4d50c6bc)
(cherry picked from commit 33f428efda)
2018-11-15 17:52:00 -08:00
JoeyandEvan Hunt 49cfe448da convert update_test; remove ATF from lib/dns/tests
(cherry picked from commit 336d5a5374)
(cherry picked from commit 4beba42654)
2018-11-15 17:51:56 -08:00
Evan Hunt 3a8eff4589 convert gost_test
(cherry picked from commit 28296fc57c)
2018-11-15 17:51:47 -08:00
JoeyandEvan Hunt f919fb6e0e convert tsig_test
(cherry picked from commit 92a3762cb6)
(cherry picked from commit ea300146a8)
2018-11-15 17:51:42 -08:00
JoeyandEvan Hunt ab76e6a8b7 convert time_test
(cherry picked from commit 2c7e6947fa)
(cherry picked from commit 132bdcb954)
2018-11-15 17:51:35 -08:00
JoeyandEvan Hunt e938089e20 convert sigs_test
(cherry picked from commit eda6281f98)
(cherry picked from commit 34855ec13b)
2018-11-15 17:51:30 -08:00
JoeyandEvan Hunt 2ba04b17a8 convert rsa_test
(cherry picked from commit b915cdbf0b)
(cherry picked from commit c00f2c9434)
2018-11-15 17:51:24 -08:00
JoeyandEvan Hunt e0b408a5ee convert resolver_test
(cherry picked from commit 2837a821e8)
(cherry picked from commit bd3bb7cb89)
2018-11-15 17:51:12 -08:00
JoeyandEvan Hunt 0f2b87f0ae convert rbt_serialize_test
(cherry picked from commit dfd90dbb82)
(cherry picked from commit 5e44278871)
2018-11-15 17:51:06 -08:00