ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
22,982 Commits 589 Branches 805 Tags
39a5e136fb97993c012d2c8ff3091f71fa983d8a
Commit Graph

2764 Commits

Author SHA1 Message Date
Mark Andrews
39a5e136fb skip subtest if cryptography not compiled in 2014-12-06 00:48:52 +11:00
Mark Andrews
017aa9aef6 4019. [func] If named is not configured to validate the answer 
then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]
 2014-12-05 17:47:26 +11:00
Mark Andrews
12065c231e clean up intermediates 2014-12-05 08:28:15 +11:00
Mark Andrews
76b242bb77 pre-sign the zones 2014-12-05 07:28:29 +11:00
Tinderbox User
b9097be03b update copyright notice / whitespace 2014-12-03 23:45:24 +00:00
Mark Andrews
693d70f96f 4017. [testing] Add system test to check lookups to legacy servers 
with broken DNS behaviour. [RT #37965]
 2014-12-04 07:01:52 +11:00
Mark Andrews
ea3aa401bc 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]
 2014-12-03 11:34:07 +11:00
Tinderbox User
a3d2295829 update copyright notice / whitespace 2014-12-02 23:45:23 +00:00
Mark Andrews
6444de08d1 4014. [bug] When including a master file origin_changed was 
not being properly set leading to a potentially
                        spurious 'inherited owner' warning. [RT #37919]
 2014-12-03 09:42:30 +11:00
Evan Hunt
aafd2f2637 [master] remove obsolete 'relay' test 2014-12-02 13:57:35 -08:00
Francis Dupont
5c5c6d289d Add a TCP only option to server/peer 2014-12-02 14:17:59 +01:00
Tinderbox User
523ad879ce update copyright notice / whitespace 2014-11-24 23:53:16 +00:00
Mark Andrews
d040fa2f1c 4011. [bug] master's list port and dscp inheritance was not 
properly implemented. [RT #37792]
 2014-11-24 11:25:06 +11:00
Mark Andrews
7301df07cf extend the permissible number of queries to 25 from 24 2014-11-24 10:20:39 +11:00
Evan Hunt
92384667ff [master] delv +tcp 
4009.	[func]		delv: added a +tcp option. [RT #37855]
 2014-11-21 09:42:04 -08:00
Mark Andrews
d65fb496fb use perl not awk to do serial additions 2014-11-21 18:08:04 +11:00
Tinderbox User
5d35f07318 update copyright notice / whitespace 2014-11-20 23:45:24 +00:00
Evan Hunt
05e448935c [master] refactor max-recursion-queries 
- the counters weren't set correctly when fetches timed out.
  instead we now pass down a counter object.
 2014-11-19 18:21:02 -08:00
Tinderbox User
4ccffa13aa update copyright notice / whitespace 2014-11-19 23:45:22 +00:00
Mukund Sivaraman
077350a407 Add .gitignore 2014-11-19 15:03:01 +05:30
Evan Hunt
c4f54e5bd1 [master] add max-recursion-queries 
also fixes and documentation for max-recursion-depth
 2014-11-18 22:02:02 -08:00
Mark Andrews
f9ee67d9ce %zu is not universally available 2014-11-19 12:10:06 +11:00
Tinderbox User
e208712faa update copyright notice / whitespace 2014-11-18 23:45:22 +00:00
Evan Hunt
3230429e17 [master] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:24:44 -08:00
Tinderbox User
11dc1b1508 update copyright notice 2014-11-17 23:45:20 +00:00
Evan Hunt
0ada3802ea [master] awk portability fix 2014-11-17 12:22:18 -08:00
Evan Hunt
a0b4f6d952 [master] geoip security fixes 
4003.	[security]	When geoip-directory was reconfigured during
			named run-time, the previously loaded GeoIP
			data could remain, potentially causing wrong
			ACLs to be used or wrong results to be served
			based on geolocation. [RT #37720]

4002.	[security]	Lookups in GeoIP databases that were not
			loaded could cause an assertion failure.
			[RT #37679]

4001.	[security]	The caching of GeoIP lookups did not always
			handle address families correctly, potentially
			resulting in an assertion failure. [RT #37672]
 2014-11-16 08:43:22 -08:00
Evan Hunt
e32d354f75 [master] allow arbitrary-size rndc output 
4005.	[func]		The buffer used for returning text from rndc
			commands is now dynamically resizable, allowing
			arbitrarily large amounts of text to be sent back
			to the client. (Prior to this change, it was
			possible for the output of "rndc tsig-list" to be
			truncated.) [RT #37731]
 2014-11-14 15:58:54 -08:00
Mukund Sivaraman
16c86a4980 Update .gitgnore files (ISC-Bugs #37773) 2014-11-11 11:47:02 +05:30
Tinderbox User
6d0a639bd0 update copyright notice 2014-11-06 23:45:21 +00:00
Evan Hunt
3cc8c7d630 [master] fix nxrrset in nxdomain redirection 
4000.	[bug]		NXDOMAIN redirection incorrectly handled NXRRSET
			from the redirect zone. [RT #37722]
 2014-11-04 23:49:56 -08:00
Evan Hunt
ce96d4326c [master] new mkeys and nzf naming format 
3999.	[func]		"mkeys" and "nzf" files are now named after
			their corresponding views, unless the view name
			contains characters that would be incompatible
			with use in a filename (i.e., slash, backslash,
			or capital letters). If a view name does contain
			these characters, the files will still be named
			using a cryptographic hash of the view name.
			Regardless of this, if a file using the old name
			format is found to exist, it will continue to be
			used. [RT #37704]
 2014-11-04 19:43:27 -08:00
Mark Andrews
1feee79e1f 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:24:39 +11:00
Tinderbox User
12b386e1a6 update copyright notice 2014-10-30 23:45:21 +00:00
Mark Andrews
0f5144163c 3993. [func] Dig now supports EDNS negotiation by default. 
(dig +[no]ednsnegotiation). [RT #37604]
 2014-10-30 23:13:12 +11:00
Mark Andrews
00fb0253c9 3991. [func] Add the ability to buffer logging output by specifying 
"buffered yes;" when defining a channel. [RT #26561]
 2014-10-30 11:37:05 +11:00
Mark Andrews
a5c7cfbac4 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]
 2014-10-30 11:05:26 +11:00
Tinderbox User
6932de75ef update copyright notice 2014-10-21 23:45:24 +00:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Evan Hunt
498b061031 [master] allow 1-week nta-lifetime/nta-recheck 
3983.	[bug]		Change #3940 was incomplete: negative trust anchors
			could be set to last up to a week, but the
			"nta-lifetime" and "nta-recheck" options were
			still limted to one day. [RT #37522]
 2014-10-20 13:40:17 -07:00
Evan Hunt
7cf2122e0d [master] change 3977 altered expected linecount from secroots 2014-10-18 16:50:32 -07:00
Mark Andrews
72775a79fe 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]
 2014-10-18 13:09:09 +11:00
Mark Andrews
44ef2206d7 allow for the set of ttls to be empty 2014-10-16 14:46:44 +11:00
Mark Andrews
d9aaf7acce make test more robust in the face of server failures 2014-10-16 12:34:12 +11:00
Evan Hunt
1cbc394e7c [master] add redirect zone to checkconf -z test 2014-10-09 18:30:34 -07:00
Evan Hunt
ca0ee90361 [master] turn off servfail cache in masterformat test 2014-10-09 09:30:46 -07:00
Mark Andrews
c81d56c03e 3971. [bug] Reduce the cascasding failures due to a bad $TTL line 
in named-checkconf / named-checkzone. [RT #37138]
 2014-10-05 08:29:34 +11:00
Mark Andrews
39fb5f2a5d verifying inline zones work with views requires crypto to be configured 2014-10-04 18:06:04 +10:00
Evan Hunt
12002ea49e [master] add delv system test 
3969.	[test]		Added 'delv' system test. [RT #36901]
 2014-10-02 22:37:20 -07:00
Tinderbox User
7a3f584cfc update copyright notice 2014-10-02 23:45:25 +00:00