ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,654 Commits 589 Branches 805 Tags
33c548251110c6991d017a1e071959972b6664d1
Commit Graph

476 Commits

Author SHA1 Message Date
Mark Andrews
d090709551 4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257] 
(cherry picked from commit f647c0df9f)

Conflicts:
	CHANGES
	bin/named/query.c
	bin/tests/system/sit/tests.sh
	lib/dns/message.c
 2015-12-15 20:02:37 +11:00
Mark Andrews
48bb15b354 add TCP macro 2015-10-22 12:07:33 +11:00
Mark Andrews
42d7d1b5ed 4242. [bug] Replace the client if not already replaced when 
prefetching. [RT #41001]

(cherry picked from commit 0526268c2b)
 2015-10-22 10:59:11 +11:00
Mark Andrews
81db2c08f1 4227. [bug] Silence static analysis warnings. [RT #40828 
(cherry picked from commit 2a12984ce6)
 2015-09-30 14:35:05 +10:00
Mark Andrews
e312d43579 make macro name match category name 
(cherry picked from commit 4d085258cc)
 2015-09-29 15:04:03 +10:00
Mukund Sivaraman
92260722dc Fix RPZ bugs related to wildcard triggers (#40357) 
(cherry picked from commit bf350c9f1a)

Conflicts:
	CHANGES
	bin/tests/system/rpzrecurse/tests.sh
 2015-08-18 19:48:42 +05:30
Evan Hunt
2e398e72f0 [v9_10] log outdated rpz settings regardless of enable-querytrace 2015-06-10 10:23:32 -07:00
Evan Hunt
34d5a93026 [v9_10] rpz_ver check was ineffective 2015-06-09 15:06:00 -07:00
Evan Hunt
f89d03dc9e [v9_10] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:19:19 -07:00
Evan Hunt
a6a15bb069 [v9_10] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:54 -07:00
Mukund Sivaraman
765bcb44ac Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 
(cherry picked from commit 705cea35a8)
 2015-05-21 11:17:58 +05:30
Evan Hunt
8655100300 [v9_10] revert erroneous cleanup 2015-05-20 13:45:16 -07:00
Evan Hunt
c2999f0646 [v9_10] address compiler warnings 2015-05-20 00:11:10 -07:00
Evan Hunt
04defaf799 [v9_10] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]

(cherry picked from commit 7e6cf6fc6e)
 2015-05-19 15:56:40 -07:00
Mark Andrews
a55c3151b2 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 
(cherry picked from commit 29d52c001f)
 2015-03-03 16:49:37 +11:00
Mukund Sivaraman
b83c20df65 Add a --enable-querytrace configure switch for very verbose query tracelogging (#37520) 
(cherry picked from commit 1783676a64)
 2015-02-26 16:52:38 +05:30
Evan Hunt
09a87d841f [v9_10] add better servfail logging 
3937.	[func]		Added some debug logging to better indicate the
			conditions causing SERVFAILs when resolving.
			[RT #35538]

(cherry picked from commit f5c24a7f48)
 2015-02-25 16:05:31 -08:00
Evan Hunt
5d26333c87 [v9_10] silence RPZ log messages 
4050.	[cleanup]	Silence occasional spurious "duplicate query" log
			messages from RPZ. [RT #38510]
 2015-02-10 15:01:46 -08:00
Mukund Sivaraman
718b30d039 Fix a leak of query fetchlock (#38454) 
4052.	[bug]		Fix a leak of query fetchlock. [RT #38454]

(cherry picked from commit 4eefa351cc)
 2015-02-03 11:47:44 +05:30
Tinderbox User
3817256ab9 update copyright notice / whitespace 2015-01-20 23:47:01 +00:00
Evan Hunt
1ef4faabd5 [v9_10] clean up gcc -Wshadow warnings 
4039.	[cleanup]	Cleaned up warnings from gcc -Wshadow. [RT #37381]
 2015-01-20 13:43:35 -08:00
Mark Andrews
dc6882addd 4010. [cleanup] Clear the prefetchable state when initiating a prefetch. 
[RT #37399]

(cherry picked from commit 092d3b76db)
 2014-11-24 11:20:20 +11:00
Evan Hunt
6c049c57d9 [v9_10] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.

(cherry picked from commit 05e448935c)
 2014-11-19 18:26:46 -08:00
Evan Hunt
6fd51d5088 [v9_10] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:48:20 -08:00
Evan Hunt
56293cd148 [v9_10] fix nxrrset in nxdomain redirection 
4000.	[bug]		NXDOMAIN redirection incorrectly handled NXRRSET
			from the redirect zone. [RT #37722]

(cherry picked from commit 3cc8c7d630)
 2014-11-04 23:53:54 -08:00
Mark Andrews
0597c5fd5e 3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833] 
(cherry picked from commit cef76ee5bd)
 2014-08-22 15:46:35 +10:00
Tinderbox User
8cf1c91c10 update copyright notice 2014-07-31 23:45:48 +00:00
Mark Andrews
ffd72eb9a0 3904. [func] Add the RPZ SOA to the additional section. [RT36507] 
(cherry picked from commit 3a55d43527)
 2014-07-31 10:53:20 +10:00
Mark Andrews
c849d67fdb More changes for: 
3864.   [bug]           RPZ didn't work well when being used as forwarder.
                        [RT #36060]
 2014-05-30 08:46:54 +10:00
Mukund Sivaraman
509856d414 Fix number of args to rpz_log_rewrite() 2014-05-29 18:37:54 +05:30
Mark Andrews
e3befb38c9 3864. [bug] RPZ didn't work well when being used as forwarder. 
[RT #36060]
 2014-05-29 17:02:36 +10:00
Mark Andrews
5defbb76ea 3863. [bug] The "E" flag was missing from the query log as a 
unintended side effect of code rearrangement to
                        support EDNS EXPIRE. [RT #36117]
 2014-05-29 08:05:39 +10:00
Mark Andrews
2b9dccddb9 3842. [bug] Adjust RRL log-only logging category. [RT #35945] 
(cherry picked from commit 2c172a42b3)
 2014-05-11 11:00:19 +10:00
Mark Andrews
29e6ce6e60 3837. [security] A NULL pointer is passed to query_prefetch resulting 
a REQUIRE assertion failure when a fetch is actually
                        initiated.  [ RT #35899]

Squashed commit of the following:

commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00
Author: Mukund Sivaraman <muks@isc.org>
Date:   Sun May 4 22:34:34 2014 +0530

    Fix a comment

commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03
Author: Mark Andrews <marka@isc.org>
Date:   Sun May 4 23:34:25 2014 +1000

    pass the correct name to query_prefetch

(cherry picked from commit b36fc8294e)
 2014-05-05 10:12:39 +10:00
Evan Hunt
e29c2b3903 [master] fix misuses of isc__buffer functions, update comment 2014-03-06 17:26:21 -08:00
Evan Hunt
a2fd1de97d [master] fix DLZ coredump 
3777.	[bug]		EDNS EXPIRE code could dump core when processing
			DLZ queries. [RT #35493]
 2014-03-06 11:06:30 -08:00
Tinderbox User
20a96edbf9 update copyright notice 2014-02-20 23:46:35 +00:00
Mark Andrews
80b37f909a increment dns_nsstatscounter_recursclients when prefetching 2014-02-21 01:40:54 +11:00
Mark Andrews
47cb20eae1 add EDNS EXPIRE processing on ixfr and axfr out 2014-02-20 17:51:31 +11:00
Mark Andrews
16134801ce 3750. [experimental] Partially implement EDNS EXPIRE option as described 
in draft-andrews-dnsext-expire-00.  Retrivial of
                        remaining time to expiry from slave zones is supported.

                        EXPIRE uses an experimental option code (65002) and
                        is subject to change. [RT #35416]
 2014-02-20 14:56:20 +11:00
Mark Andrews
e0c6a3944d silence Function returns no value 2014-02-20 00:27:36 +11:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Evan Hunt
31f6244cc2 [master] tcp and udp stats counters 
3739.	[func]		Added per-zone stats counters to track TCP and
			UDP queries. [RT #35375]
 2014-02-15 20:57:00 -08:00
Mark Andrews
fef19ce621 fix for pre C99 compiler 2014-01-13 17:07:52 +11:00
Tinderbox User
2cf1d5b098 update copyright notice 2014-01-12 23:46:23 +00:00
Mark Andrews
fb756ba304 3703. [func] Prefetch about to expire records if they are queried 
for, see prefetch option for details. [RT #35041]
 2014-01-12 21:29:15 +11:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Mark Andrews
fa467e60c5 3693. [security] memcpy was incorrectly called with overlapping 
ranges resulting in malformed names being generated
                        on some platforms.  This could cause INSIST failures
                        when serving NSEC3 signed zones.  [RT #35120]
 2013-12-20 10:58:32 +11:00
Mark Andrews
225146b2c8 3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026] 2013-11-18 11:22:59 +11:00