ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
28,102 Commits 589 Branches 805 Tags
3f95f4ffbb516ae19d742cf9d81f745bb282f28d
Commit Graph

233 Commits

Author SHA1 Message Date
Tony Finch
1b1d63acd8 Fixes for rndc nta user interface 
Tell the user explicitly about their mistakes:

* Unknown options, e.g. -list instead of -dump
  or -delete instead of -remove.

* Unknown view names.

* Excess arguments.

Include the view name in `rndc nta -dump` output, for consistency with
the NTA add and remove actions.

When removing an NTA from all views, do not abort with an error if the
NTA was not found in one of the views.
 2018-11-05 22:01:28 -08:00
Ondřej Surý
09fd5c442b Convert the system tests that were using DSA to use a default algorithm defined in conf.sh 2018-10-05 11:16:13 +02:00
Ondřej Surý
3994b1f9c2 Remove support for obsoleted and insecure DSA and DSA-NSEC3-SHA1 algorithms 2018-10-05 09:21:43 +02:00
Evan Hunt
2f0897caff add a test case 2018-10-04 23:33:18 -07:00
Evan Hunt
7ecd699e81 add a system test 2018-08-14 13:28:02 -07:00
Mark Andrews
75888a1f16 improve forensics 2018-06-27 07:27:06 -04:00
Evan Hunt
8d923a05a9 ensure that we attempt to validate glue if it's signed 
- incidentally fixed a bug in the dnssec system test where TTLs in the
  answer section rather than the additional section were being checked
 2018-06-08 11:39:25 -07:00
Ondřej Surý
2b8fab6828 Remove genrandom command and all usage of specific random files throughout the system test suite 2018-05-16 09:54:35 +02:00
Mukund Sivaraman
303391ea41 Add system test 2018-05-16 08:15:36 +02:00
Ondřej Surý
3f66b8acb0 Update tests to not use '>&-' that closes file descriptor, but instead use correct redirection to '>/dev/null' 2018-05-11 12:44:27 +02:00
Evan Hunt
30b988f09a Fix a testing error when using python3 on certain dates 
Date conversion was broken in python3 for dates with
leading zeroes in both month and day.
 2018-04-26 23:02:40 -07:00
Evan Hunt
c592655c0f new option "dnskey-sig-validity" 
- overrides "sig-validity-interval" for DNSKEY, CDNSKEY and CDS RRSIGs
 2018-04-20 12:12:08 -07:00
Evan Hunt
ccfe778c01 migrate tests from bin/tests/dnssec-signzone to bin/tests/system/dnssec 
- added tests to the dnssec system test that duplicate the ones
  from bin/tests/dnssec-signzone
- changed cleanall.sh so it doesn't automatically remove all
  key files, because there are now some of those that are part of the
  distribution
 2018-03-09 14:12:48 -08:00
Evan Hunt
0e52fbd0b3 clean up test output 
- removed a few remaing places where output wasn't being passed
  through echo_i or cat_i
- added a "digcomp" function to conf.sh.in to send digcomp.pl output
  through cat_i and return the correct exit value
- set SYSTESTDIR when calling echo_i from nsX directories, so that
  the test name will always be printed correctly
- fixed a test name typo in conf.sh.in
 2018-02-26 23:37:05 -08:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Evan Hunt
0c559199bf final cleanup 
- add CHANGES note
- update copyrights and license headers
- add -j to the make commands in .gitlab-ci.yml to take
  advantage of parallelization in the gitlab CI process
 2018-02-22 22:58:15 -08:00
Evan Hunt
c032c54dda parallelize most system tests 2018-02-22 15:29:02 -08:00
Mark Andrews
4d1bbe308d 4847. [bug] dnssec-dnskey-kskonly was not being honoured for 
CDS and CDNSKEY. [RT #46755]
 2017-12-13 12:40:36 +11:00
Mark Andrews
80739779fc read dig.out.ns3.test$n rather than dig.out.ns2.test$n 2017-10-25 15:02:36 +11:00
Mark Andrews
969d923536 4783. [test] dnssec: 'check that NOTIFY is sent at the end of 
NSEC3 chain generation failed' required more time
                        on some machines for the IXFR to complete. [RT #46388]
 2017-10-25 09:21:14 +11:00
Mark Andrews
6b8e4d6e69 4782. [test] dnssec: 'checking positive and negative validation 
with negative trust anchors' required more time to
                        complete on some machines. [RT #46386]
 2017-10-25 09:13:05 +11:00
Mark Andrews
b41c1aacbc 4759. [func] Add logging channel "trust-anchor-telementry" to 
record trust-anchor-telementry in incoming requests.
                        Both _ta-XXXX.<anchor>/NULL and EDNS KEY-TAG options
                        are logged.  [RT #46124]
 2017-10-06 13:01:14 +11:00
Evan Hunt
20502f35dd [master] allow CDS/CDNSKEY records to be signed with only KSK 
4721.	[func]		'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
			options now apply to CDNSKEY and DS records as well
			as DNSKEY. Thanks to Tony Finch. [RT #45689]
 2017-09-12 23:09:48 -07:00
Mark Andrews
0f1fc8f421 specify algorithm; remove partial duplicate test; add missing test numbers 2017-09-01 14:52:26 +10:00
Evan Hunt
45afdb2672 [master] remove default algorithm in dnssec-keygen 
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
 2017-08-30 18:51:11 -07:00
Mark Andrews
0aed466565 4693. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]
 2017-08-31 07:57:50 +10:00
Mark Andrews
52fd57c989 4681. [bug] Log messages from the validator now include the 
associated view unless the view is "_default/IN"
                        or "_dnsclient/IN". [RT #45770]
 2017-08-16 09:29:20 +10:00
Evan Hunt
c8b76b0168 [master] remove sigchase reference in system test 2017-08-09 13:25:15 -07:00
Evan Hunt
61367c604c [master] refactor resquery_response() and related functions 
4669.	[func]		Iterative query logic in resolver.c has been
			refactored into smaller functions and commented,
			for improved readability, maintainability and
			testability. [RT #45362]
 2017-08-04 16:08:11 -07:00
Michał Kępień
c150f68609 [master] Clarify error message printed by dnssec-dsfromkey 
4663.	[cleanup]	Clarify error message printed by dnssec-dsfromkey.
			[RT #21731]
 2017-07-28 10:29:22 +02:00
Mark Andrews
f7a22ae512 loop waiting for ns4/managed-keys.bind to be written 2017-07-04 15:53:12 +10:00
Mukund Sivaraman
03be5a6b4e Improve performance for delegation heavy answers and also general query performance (#44029) 2017-04-22 09:22:44 +05:30
Mukund Sivaraman
b0dbcba2d2 Validate glue before adding it to the additional section (#45062) 2017-04-21 14:51:24 +05:30
Mukund Sivaraman
dd7d1df874 Increase minimum RSA keygen size to 1024 bits (#36895) 2017-04-21 12:00:40 +05:30
Tinderbox User
a9e8198788 update copyright notice / whitespace 2017-01-12 23:45:41 +00:00
Mark Andrews
0c43d50368 remove false positives due to bad grep [RT #44178] 2017-01-12 13:59:10 +11:00
Witold Krecicki
358dfaee18 4487. [test] Make system tests work on Windows. [RT #42931] 2016-10-19 17:18:42 +02:00
Evan Hunt
af05768c0e [master] reset ret between NTA tests 2016-10-05 21:06:54 -07:00
Mark Andrews
f20179857a 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries 
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]
 2016-07-22 20:02:17 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
c1bf332c7c silence rm error message 2016-06-20 14:33:33 +10:00
Mark Andrews
eff62988e6 checking that default nta's were lifted due to lifetime were not robust 2016-06-20 14:29:11 +10:00
Mark Andrews
3f0de196f7 report subtest number 2016-06-17 10:50:33 +10:00
Mark Andrews
3635d8f910 do not overflow exit status. [RT #42643] 2016-06-14 13:48:39 +10:00
Evan Hunt
3cd204c4a4 [master] fixed revoked key regression 
4436.	[bug]		Fixed a regression introduced in change #4337 which
			caused signed domains with revoked KSKs to fail
			validation. [RT #42147]
 2016-04-14 18:52:52 -07:00
Jeremy C. Reed
81780ffd74 use -r $RANDFILE for test using keygen 
stops hang
this is for ticket #41898
 2016-03-11 09:27:15 -05:00
Mark Andrews
7c52595464 4331. [func] When loading managed signed zones detect if the 
RRSIG's inception time is in the future and regenerate
                        the RRSIG immediately. [RT #41808]
 2016-03-10 17:01:08 +11:00
Mark Andrews
08913705e9 specify what to copy 
(cherry picked from commit 88624c9c32)
 2016-02-05 13:54:47 +11:00
Tinderbox User
b7f3400f3b update copyright notice / whitespace 2016-01-28 23:45:29 +00:00
Mark Andrews
832ab79d1f 4305. [bug] dnssec-signzone was not removing unnecessary rrsigs 
from the zone's apex. [RT #41483]
 2016-01-28 15:42:34 +11:00