Tinderbox User
a06917d08f
update copyright notice / whitespace
2016-11-02 23:51:39 +00:00
Mark Andrews
51fe40fd59
4504. [security] Allow the maximum number of records in a zone to
...
be specified. This provides a control for issues
raised in CVE-2016-6170. [RT #42143 ]
(cherry picked from commit 5f8412a4cb
2016-11-03 10:46:37 +11:00
Mukund Sivaraman
995cda9432
Some general cleanup ( #42827 )
...
(cherry picked from commit e65cd9946147ed813864e7a3b8948f
2016-07-13 15:00:36 +05:30
Mark Andrews
d9cc1ed8ea
4405. [bug] Change 4342 introduced a regression where you could
...
not remove a delegation in a NSEC3 signed zone using
OPTOUT via nsupdate. [RT #42702 ]
(cherry picked from commit d811a7d9ef
2016-07-06 10:26:02 +10:00
Mark Andrews
aa63052317
4387. [bug] Change 4336 was not complete leading to SERVFAIL
...
being return as NS records expired. [RT #42683 ]
(cherry picked from commit b56bd9b59f
2016-06-22 15:43:05 +10:00
Tinderbox User
7167442d14
update copyright notice / whitespace
2016-05-27 23:46:03 +00:00
Mark Andrews
cf195d6467
4379. [bug] An INSIST could be triggered if a zone contains
...
RRSIG records with expiry fields that loop
using serial number arithmetic. [RT #40571 ]
(cherry picked from commit 9268297baa
2016-05-27 15:26:48 +10:00
Mark Andrews
6aec5717c7
4341. [bug] 'rndc flushtree' could fail to clean the tree if there
...
wasn't a node at the specified name. [RT #41846 ]
(cherry picked from commit 6214c3c93a
2016-03-24 11:38:17 +11:00
Mark Andrews
a84d2e5e04
4338. [bug] Reimplement change 4324 as it wasn't properly doing
...
all the required book keeping. [RT #41941 ]
(cherry picked from commit 558278974e
2016-03-23 11:06:52 +11:00
Mark Andrews
0f8b11d8cd
4336. [bug] Don't emit records with zero ttl unless the records
...
were learnt with a zero ttl. [RT #41687 ]
(cherry picked from commit 0993cd5f22
2016-03-21 14:34:30 +11:00
Tinderbox User
dc16fb4615
update copyright notice / whitespace
2016-03-04 23:46:07 +00:00
Mukund Sivaraman
f0e2a58862
Revert DEFAULT_NODE_LOCK_COUNT back to 7 ( #40997 )
...
(cherry picked from commit 09b9ffc029
2016-03-04 16:31:07 +05:30
Evan Hunt
b5957e6c2d
[v9_9] recursively clean empty interior nodes when deleting database records
...
4324. [bug] When deleting records from a zone database, interior
nodes could be left empty but not deleted, damaging
search performance afterward. [RT #40997 ]
(cherry picked from commit 44c86318eddb06cd726c
2016-03-03 21:19:59 -08:00
Mark Andrews
246cad50c6
4207. [bug] Handle class mismatches with raw zone files.
...
[RT #40746 ]
(cherry picked from commit 0f2ecf4b5c
2015-09-16 10:44:32 +10:00
Mark Andrews
a146e6c683
4107. [bug] Address potential deadlock when updating zone content.
...
[RT #39269 ]
(cherry picked from commit ef0e674456
2015-04-18 13:45:36 +10:00
Mark Andrews
5abfe27109
don't set rdh_ttl in init_rdataset
...
(cherry picked from commit def6608a44
2015-04-17 23:50:36 +10:00
Mark Andrews
6433ff7b93
4104. [bug] Address uninitialized elements. [RT #39252 ]
...
(cherry picked from commit f1a261ba2d
2015-04-17 14:09:00 +10:00
Mark Andrews
fc07bc787f
4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708 ]
...
(cherry picked from commit af669cb4fd374fce8495
2015-02-27 11:05:33 +11:00
Evan Hunt
f560e081dc
[v9_9] silence warning
2015-01-22 09:09:12 -08:00
Mark Andrews
3c7fdfbf1f
4042. [bug] zone.c:iszonesecure was being called too late.
...
[RT #38371 ]
(cherry picked from commit 22e3e00ac9
2015-01-21 13:19:43 +11:00
Tinderbox User
9cbd625449
update copyright notice / whitespace
2015-01-20 23:47:26 +00:00
Evan Hunt
57f015bd2a
[v9_9] clean up gcc -Wshadow warnings
...
4039. [cleanup] Cleaned up warnings from gcc -Wshadow. [RT #37381 ]
2015-01-20 14:55:41 -08:00
Mark Andrews
398a63d660
4038. [bug] Add 'rpz' flag to node and use it to determine whether
...
to call dns_rpz_delete. This should prevent unbalanced
add / delete calls. [RT #36888
(cherry picked from commit cc0a48a381
2015-01-20 17:48:51 +11:00
Mark Andrews
025efe0cd5
3890. [bug] RRSIG sets that were not loaded in a single transaction
...
at start up where not being correctly added to
re-signing heaps. [RT #36302 ]
(cherry picked from commit 63e1ac1e09
2014-07-07 12:18:29 +10:00
Mark Andrews
9a0f6d0772
add init_count
2014-06-25 12:43:09 +10:00
Mark Andrews
8e046deca5
more statics that were optimised out
2014-06-25 11:23:07 +10:00
Mark Andrews
60079a5c0a
add is a structure element name
...
(cherry picked from commit c21e9f1a92
2014-06-25 09:47:38 +10:00
Mark Andrews
242cb88843
3887. [cleanup] Make all static symbols in rbtdb64 end in "64" so
...
they are easier to use in a debugger. [RT #36373 ]
2014-06-25 08:20:18 +10:00
Mark Andrews
5f19d979cd
3834. [bug] The re-signing heaps were not being updated soon enough
...
leading to multiple re-generations of the same RRSIG
when a zone transfer was in progress. [RT #35273 ]
(cherry picked from commit 5d739300d1
2014-04-30 11:58:37 +10:00
Evan Hunt
0ed727f405
[v9_9] use ANSI prototypes, clean up some casts
...
(cherry picked from commit b454c03196
2014-03-04 10:48:05 -08:00
Tinderbox User
864ca7ce33
update copyright notice
2014-01-09 23:45:53 +00:00
Evan Hunt
8c7ce6d3e6
[v9_9] replace memcpy() with memmove().
...
3698. [cleanup] Replaced all uses of memcpy() with memmove().
[RT #35120 ]
(cherry picked from commit ebe54c7d2221c6a0a4b3d96bcae3280c823a45e6)
2014-01-08 16:38:56 -08:00
Mark Andrews
485380894a
3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
...
was no data at the node. [RT #35080 ]
(cherry picked from commit 161e803a56
2013-12-17 09:13:18 +11:00
Mark Andrews
cf3decc59c
3688. [bug] loadnode could return a freed node on out of memory.
...
[RT #35106 ]
2013-12-12 12:50:12 +11:00
Mark Andrews
e2a54c4408
3577. [bug] Handle zero TTL values better. [RT #33411 ]
...
(cherry picked from commit 5f238c3c64
2013-05-29 18:12:22 +10:00
Evan Hunt
62ebf6bbef
[v9_9] address two more possible acache asserts
...
3555. [bug] Address theoretical race conditions in acache.c
(change #3553 was incomplete). [RT #33252 ]
(cherry picked from commit ff5ac6d421
2013-04-25 18:03:28 -07:00
Evan Hunt
268f738ff2
[v9_9] double free caused assertion in acache
...
3553. [bug] Address suspected double free in acache. [RT #33252 ]
(cherry picked from commit 11b04b18f8ecb7c0119a7a6b6bbf8f5bad789c9a)
(cherry picked from commit 3673e8535584457ec1a79b6a30ddf4d182b0f921)
2013-04-25 10:41:23 -07:00
Evan Hunt
55bbac8bfe
[v9_9] RPZ speed up (phase 1, single RPZ)
...
3496. [func] Improvements to RPZ performance. The "response-policy"
syntax now includes a "min-ns-dots" clause, with
default 1, to exclude top-level domains from
NSIP and NSDNAME checking. --enable-rpz-nsip and
--enable-rpz-nsdname are now the default. [RT #32251 ]
Response policy (rpz) changes to
- add zone statistics
- speed up by adding min-ns-dots to the response-policy syntax
with a default of 1
- detect and reject policy zones with a database other than rbt
only rbtdb has rpz hooks
- allow empty response-policy{} statement
- make --enable-rpz-nsip and --enable-rpz-nsdname the default
2013-02-25 14:32:36 -08:00
Tinderbox User
0042c4ef10
update copyright notice
2013-02-18 23:45:42 +00:00
Mark Andrews
c1402b00d3
3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
...
dns_dlzcreate() failed to properly initialize
dlzdb.link. When cloning a rdataset do not copy
the link contents. [RT #32651 ]
Squashed commit of the following:
commit c36c49cbdaeec8b2506dffadbffa543283702fa2
Author: Mark Andrews <marka@isc.org >
Date: Mon Feb 18 23:24:57 2013 +1100
don't copy the link when cloning a rdataset
commit 9fef5827edcc925075832dcce900eeca9057456d
Author: Mark Andrews <marka@isc.org >
Date: Mon Feb 18 23:23:25 2013 +1100
initialise the dlzdb link; don't return a stale pointer on error
commit a13c584732eae2dde48920a73886b54f1fe6b030
Author: Mark Andrews <marka@isc.org >
Date: Mon Feb 18 23:21:59 2013 +1100
turn on ISC_LIST_CHECKINIT
Conflicts:
lib/dns/dlz.c
2013-02-19 07:31:26 +11:00
Mark Andrews
e8a622d76a
silence clang --analyze warnings
2012-11-30 18:51:22 +11:00
Mark Andrews
7858fff018
null pointer derefernce on out of memory
2012-11-30 00:58:32 +11:00
Mark Andrews
db899cbc4d
3425. [bug] "acacheentry" reference counting was broken resulting
...
in use after free. [RT #31908 ]
2012-11-27 16:04:09 +11:00
Mark Andrews
bf6acccf9d
3390. [bug] Silence clang compiler warnings. [RT #30417 ]
2012-10-06 13:21:18 +10:00
ckb
6235fc5a0e
3348. [security] prevent RRSIG data from being cached if a negative
...
record matching the covering type exists at a higher
trust level. Such data already can't be retrieved from
the cache since change 3218 -- this prevents it
being inserted into the cache as well. [RT #26809 ]
2012-07-09 13:23:35 -05:00
Mark Andrews
5f348a21be
3332. [bug] Re-use cached DS rrsets if possible. [RT 29446]
2012-06-07 12:57:33 +10:00
Vernon Schryver
f05089ea5c
For rt26172:
...
Add
- optional "recursive-only yes|no" to the response-policy statement
- optional max-policy-ttl to limit the lies that "recursive-only no"
can introduce into resolvers' caches
- test that queries with RD=0 are not rewritten by default
- performance smoke test
Change encoding of PASSTHRU action to "rpz-passthru".
(The old encoding is still accepted.)
Fix rt26180 assert botch in zone_findrdataset() in this branch
as well.
Fix missing signatures on NOERROR results despite RPZ hits
when there are signatures and the client asks for DNSSEC,
2012-06-01 01:03:43 +00:00
Mark Andrews
2490e43c67
3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps. [RT #28571 ]
2012-04-11 10:44:24 +10:00
Tinderbox User
c201888c2a
regen v9_9
2012-03-07 01:59:30 +00:00
Evan Hunt
f94af76649
Revert "added gitignore, removed cvsignore"
...
This reverts commit e8ae173655
2012-03-05 08:24:17 -08:00
