ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
27,002 Commits 589 Branches 805 Tags
41b29a436bd668f5b2788cce2bd471675cd9c3c0
Commit Graph

27002 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Evan Hunt
41b29a436b expand address range in ifconfig.sh to include more than one subnet 2018-06-05 21:35:16 -07:00
Mark Andrews
56bbad6b78 Merge branch '316-move-named-t-processing-to-its-own-function' into 'master' 
Resolve "move named -T processing to its own function"

Closes #316

See merge request isc-projects/bind9!343
 2018-06-06 00:26:09 -04:00
Mark Andrews
ef7401e4a7 add CHANGES 2018-06-06 13:30:28 +10:00
Mark Andrews
b491ceeb50 move -T parsing to its own function 2018-06-06 13:26:59 +10:00
Ondřej Surý
f0d97a7cb4 Merge branch 'disable-random-test' into 'master' 
Disable the random_test from the regular kyua run, we are either using cryptolib…

See merge request isc-projects/bind9!341
 2018-06-05 16:57:38 -04:00
Ondřej Surý
edcdfe9619 Disable the random_test from the regular kyua run, we are either using cryptolib PRNG or non-CS PRNG 2018-06-05 22:49:14 +02:00
Ondřej Surý
3d39d805c7 Merge branch '295-remove-ecc-gost' into 'master' 
Resolve "Remove ECC-GOST (GOST R 34.11-94) support"

Closes #295

See merge request isc-projects/bind9!320
 2018-06-05 15:41:18 -04:00
Ondřej Surý
2f7ffadfc0 Add CHANGES entry 
4952.   [protocol]      Remove support for ECC-GOST (GOST R 34.11-94).
			[GL #295]
 2018-06-05 09:14:14 +02:00
Ondřej Surý
e771326f60 Add note about removing ECC-GOST to release notes 2018-06-05 09:14:14 +02:00
Ondřej Surý
27593e65dc Remove support for obsoleted ECC-GOST (GOST R 34.11-94) algorithm 2018-06-05 09:14:14 +02:00
Evan Hunt
57f0949e2b Merge branch 'placeholder' into 'master' 
placeholder

See merge request isc-projects/bind9!339
 2018-06-05 01:08:37 -04:00
Evan Hunt
94567f96ef placeholder 2018-06-04 22:07:58 -07:00
Mark Andrews
3b66a7bbd7 Merge branch 'fanf/bind9-u/fanf2/nsid-logging' into 'master' 
Fanf/bind9 u/fanf2/nsid logging

See merge request isc-projects/bind9!338
 2018-06-04 22:31:00 -04:00
Tony Finch
4862d8ffc1 Add CHANGES and release notes entries 
4957.	[func]		NSID logging (enabled by the "request-nsid" option)
			now has its own "nsid" category, instead of using the
			"resolver" category. [GL !331]
 2018-06-05 12:11:12 +10:00
Tony Finch
abfbedc0b1 Move NSID logging to its own category 
It is very verbose, so it is useful to be able to filter it out.
 2018-06-05 12:10:37 +10:00
Mark Andrews
193cc42b44 Merge branch '281-dont-insert-extra-space-between-nsec3-nexthash-and-typemap' into 'master' 
Resolve "9.11.3-S1 totext_nsec3 inserts a redundant white space between next hash and type map [ISC-support #12887]"

See merge request isc-projects/bind9!313
 2018-06-03 22:34:28 -04:00
Mark Andrews
f98d8115e3 Add CHANGES note 2018-06-04 12:24:00 +10:00
Mukund Sivaraman
b0d9198e03 Add NSEC3 fromtext/totext unittests 2018-06-04 12:21:48 +10:00
Mukund Sivaraman
d4ea1edd2c Don't insert 2nd space between NSEC3 nexthash and typemap fields 2018-06-04 12:21:48 +10:00
Ondřej Surý
374746430d Merge branch 'update-git-replay-merge' into 'master' 
Update git-replay-merge script to use gitlab CLI to push merge request automatically

See merge request isc-projects/bind9!289
 2018-05-31 15:47:16 -04:00
Ondřej Surý
3a643ee5b8 Add *.rej and *.orig to the global .gitignore 2018-05-31 15:39:08 -04:00
Ondřej Surý
cabf9ab27a Update git-replay-merge script to use gitlab CLI to push merge request automatically 2018-05-31 15:39:08 -04:00
Ondřej Surý
4cbe9c501d Merge branch '30-deprecated-dnssec-validation-auto' into 'master' 
Resolve "Update the default for dnssec-validation to auto"

Closes #30

See merge request isc-projects/bind9!145
 2018-05-31 12:40:43 -04:00
Evan Hunt
d91e313337 CHANGES and release note 2018-05-31 18:23:43 +02:00
Evan Hunt
a7a2fa296a update system tests so validation won't fail when using IANA key 
- all tests with "recursion yes" now also specify "dnssec-validation yes",
  and all tests with "recursion no" also specify "dnssec-validation no".
  this must be maintained in all new tests, or else validation will fail
  when we use local root zones for testing.
- clean.sh has been modified where necessary to remove managed-keys.bind
  and viewname.mkeys files.
 2018-05-31 18:22:33 +02:00
Evan Hunt
bef18ecac6 Set "dnssec-validation auto" by default 
- the default setting for dnssec-validation is now "auto", which
  activates DNSSEC validation using the IANA root key.  The old behavior
  can be restored by explicitly setting "dnssec-validation yes", which
  "yes", which activates DNSSEC validation only if keys are explicitly
  configured in named.conf.
- the ARM has been updated to describe the new behavior
 2018-05-31 18:22:32 +02:00
Ondřej Surý
1f743fe0da Merge branch 'ignore-more-files-in-bin-tests-optional' into 'master' 
Add backtrace_test and nsecify to bin/tests/optional/.gitignore

See merge request isc-projects/bind9!331
 2018-05-31 06:15:04 -04:00
Ondřej Surý
192f777ee8 Add backtrace_test and nsecify to bin/tests/optional/.gitignore 2018-05-31 12:06:51 +02:00
Ondřej Surý
3dcc303d10 Merge branch '289-fix-non-threaded-and-windows-builds' into 'master' 
Fixup the Windows and non-threaded builds

See merge request isc-projects/bind9!328
 2018-05-31 05:41:46 -04:00
Ondřej Surý
4f6d6919ab Remove thread_local macro from win32 platform.h 2018-05-30 23:03:22 +02:00
Ondřej Surý
29be9cddaf Uninline isc_nonce_buf 2018-05-30 22:43:39 +02:00
Ondřej Surý
e50210c695 Add isc_entropy_get to libisc.def.in 2018-05-30 22:34:57 +02:00
Ondřej Surý
ed3389a72c Remove return from void function 2018-05-30 22:14:38 +02:00
Ondřej Surý
eb242959cb Add nonce.{c,h} and entropy.c to libisc.vcxproj.* 2018-05-30 22:07:51 +02:00
Ondřej Surý
05d7aa5734 Fix various build failures on Windows (Courtesy of rockerinthelocker) 2018-05-30 15:09:55 +02:00
Ondřej Surý
57c3064785 Remove non-existant GUIDs from bind9.sln.in 2018-05-30 13:27:35 +02:00
Ondřej Surý
430e8d6858 Change the _LOCK macro on Windows and the variable initialization to be more VC compatible 2018-05-30 07:28:19 +02:00
Ondřej Surý
12bdee3aa7 Turn the _LOCK/_UNLOCK in xoshiro128** to no-op for non-threaded builds 2018-05-30 06:37:51 +02:00
Ondřej Surý
28e0b2c4c4 Use isc int types to be able to build with old VS 2018-05-30 06:26:05 +02:00
Evan Hunt
b1e2ecbc03 Merge branch '72-supported-platforms' into 'master' 
add PLATFORMS.md file to list supported platforms

Closes #72

See merge request isc-projects/bind9!315
 2018-05-29 22:33:30 -04:00
Evan Hunt
79bf79082b add PLATFORMS.md/PLATFORMS, for a supported platform list 2018-05-29 22:25:27 -04:00
Curtis Blackburn
09aaed4329 Merge branch '301-rpzrecurse-output' into 'master' 
Resolve "output of the rpzrecurse test is incorrect on windows"

Closes #301

See merge request isc-projects/bind9!327
 2018-05-29 22:14:12 -04:00
Evan Hunt
75d348bed6 bits of conf.sh.in and conf.sh.win32 were out of sync 2018-05-29 22:06:09 -04:00
Evan Hunt
02f591f54c Merge branch 'cleanups' into 'master' 
fix missing config.h and win32 symbols

See merge request isc-projects/bind9!326
 2018-05-29 22:05:24 -04:00
Evan Hunt
3abb2db9e8 fix missing config.h and win32 symbols 2018-05-29 18:39:56 -07:00
Ondřej Surý
0369ee1b85 Merge branch '289-add-non-cs-prng' into 'master' 
Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG

Closes #289

See merge request isc-projects/bind9!325
 2018-05-29 17:08:52 -04:00
Ondřej Surý
a3aed02e43 Add CHANGES entry. 
4956.   [func]          Change isc_random() to be just PRNG using xoshiro128**,
                        and add isc_nonce_buf() that uses CSPRNG. [GL #289]
 2018-05-29 22:58:49 +02:00
Ondřej Surý
ce71d94434 Make the xoshiro128plusplus thread-safe 2018-05-29 22:58:49 +02:00
Ondřej Surý
99ba29bc52 Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG 
This commit reverts the previous change to use system provided
entropy, as (SYS_)getrandom is very slow on Linux because it is
a syscall.

The change introduced in this commit adds a new call isc_nonce_buf
that uses CSPRNG from cryptographic library provider to generate
secure data that can be and must be used for generating nonces.
Example usage would be DNS cookies.

The isc_random() API has been changed to use fast PRNG that is not
cryptographically secure, but runs entirely in user space.  Two
contestants have been considered xoroshiro family of the functions
by Villa&Blackman and PCG by O'Neill.  After a consideration the
xoshiro128starstar function has been used as uint32_t random number
provider because it is very fast and has good enough properties
for our usage pattern.

The other change introduced in the commit is the more extensive usage
of isc_random_uniform in places where the usage pattern was
isc_random() % n to prevent modulo bias.  For usage patterns where
only 16 or 8 bits are needed (DNS Message ID), the isc_random()
functions has been renamed to isc_random32(), and isc_random16() and
isc_random8() functions have been introduced by &-ing the
isc_random32() output with 0xffff and 0xff.  Please note that the
functions that uses stripped down bit count doesn't pass our
NIST SP 800-22 based random test.
 2018-05-29 22:58:21 +02:00
Mark Andrews
1a9a1b48d7 Merge branch '286-new-cppcheck-detected-errors' into 'master' 
Resolve "New cppcheck-detected errors"

See merge request isc-projects/bind9!324
 2018-05-28 19:40:53 -04:00