Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.
(cherry picked from commit b13a0c8836d2d8bc5b4de1cdfcdb2057c0bb9d93)
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.
(cherry picked from commit 7231383e4cc57caac36d03055e8627b12aa4b91a)
Switch the primary to require 'next_key' for zone transfers then
update the catalog zone to say to use 'next_key'. Next update the
zones contents then check that those changes are seen on the
secondary.
(cherry picked from commit 176e172210)
When looking for changes in a catalog zone member zone we need to
also check if the TSIG key name associated with a primary server
has be added, removed or changed.
(cherry picked from commit 9172bd9b5a)
if ISC_BUFFER_USEINLINE is defined, then macros are used to implement
isc_buffer primitives (isc_buffer_init(), isc_buffer_region(), etc).
otherwise, functions are used. previously, only the functions had
DbC assertions, which made it possible for coding errors to go
undetected. this commit makes the macro versions enforce the same
requirements.
RHEL8 Sphinx does not support all features used in ARM building. But
with few emitted warnings it can build the documentation fine. Simplify
warnings acceptance by allowing make doc SPHINX_W=''.
(cherry picked from commit 3db7e241d2)
Make documentation building successful even on RHEL9 sphinx 3.4.3. It
does not like case-insensitive matching of terms, so provide lowercase
text description with Uppercase word reference.
(cherry picked from commit bc6c6b1184)
dns_rdata_tostruct doesn't need a mctx passed to it for SIG (the signer
is already expanded at this point). About the only time when mctx is
needed is when the structure is to be used after the rdata has been
destroyed.
(cherry picked from commit d6ad56bd9e)
Impact should be visible only in tests or tools because named never
uses view == NULL, which is a necessary condition to trigger this leak.
(cherry picked from commit 69256b3553)
Since the advent of netmgr, named no longer creates a single thread per
CPU, but rather a set of two threads per CPU. Update the man page for
named accordingly to prevent confusion.
Add more text about the importance of properly securing the statistics
channel and what is and what is not considered a security vulnerability.
(cherry-picked from commit 6869c98d36)
If there are duplicate key ids across multiple algorithms expected
output is no met. We have fixed this in on main but decided to not
back port the fix as it will change the statistics channel output.
This change detects when there are duplicate key id across algorithms
as skips the sub test.
(cherry picked from commit ea1d3476a8)