Commit Graph

486 Commits

Author SHA1 Message Date
Ondřej Surý
62cf6b2e7f Deprecate AES algorithm for DNS cookies
The AES algorithm for DNS cookies was being kept for legacy reasons,
and it can be safely removed in the next major release.  Mark is as
deprecated, so the `named-checkconf` prints a warning when in use.

(cherry picked from commit 67d14b0ee5)
2023-12-05 10:56:19 +01:00
Michal Nowak
771fed4a14 Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
Matthijs Mekking
ed8eba9180 Deprecate auto-dnssec
Deprecate auto-dnssec, add specific log warning to migrate to
dnssec-policy.

Cherry-picking triggered a lot of conflicts, so the changes
were manually picked.

(manually picked from commit f9845dd1)
2022-11-23 13:32:52 +01:00
Petr Špaček
d63bc6af08 Clarify error message about missing inline-signing & dnssec-policy
(cherry picked from commit 058c1744ba)
2022-10-06 10:31:15 +02:00
Matthijs Mekking
30fceec069 dnssec-policy now requires inline-signing
Having implicit inline-signing set for dnssec-policy when there is no
update policy is confusing, so lets make this explicit.

(cherry picked from commit 5ca02fe6e7e591d1fb85936ea4dda720c3d741ef)
2022-09-06 09:06:17 +02:00
Evan Hunt
fb8f102ffc warn about zones with both dnssec-policy and max-zone-ttl
max-zone-ttl in zone/view/options is a no-op if dnssec-policy
is in use, so generate a warning.
2022-07-22 15:24:34 -07:00
Evan Hunt
b6670787d2 prevent a possible buffer overflow in configuration check
corrected code that could have allowed a buffer overfow while
parsing named.conf.

(cherry picked from commit 921043b541)
2022-05-13 20:30:41 -07:00
Ondřej Surý
79b7804ce8 Consistenly use UNREACHABLE() instead of ISC_UNREACHABLE()
In couple places, we have missed INSIST(0) or ISC_UNREACHABLE()
replacement on some branches with UNREACHABLE().  Replace all
ISC_UNREACHABLE() or INSIST(0) calls with UNREACHABLE().
2022-03-28 23:28:05 +02:00
Tony Finch
aaa923845d More explicit dns64 prefix errors
Quote the dns64 prefix in error messages that complain about
problems with it, to avoid confusion with the following ACLs.

Closes #3210

(cherry picked from commit 496c02d32a)
2022-03-25 16:09:12 +01:00
Ondřej Surý
75f9dd8e82 Simplify way we tag unreachable code with only ISC_UNREACHABLE()
Previously, the unreachable code paths would have to be tagged with:

    INSIST(0);
    ISC_UNREACHABLE();

There was also older parts of the code that used comment annotation:

    /* NOTREACHED */

Unify the handling of unreachable code paths to just use:

    UNREACHABLE();

The UNREACHABLE() macro now asserts when reached and also uses
__builtin_unreachable(); when such builtin is available in the compiler.

(cherry picked from commit 584f0d7a7e)
2022-03-25 09:33:51 +01:00
Ondřej Surý
673e53f81d Add FALLTHROUGH macro for __attribute__((fallthrough))
Gcc 7+ and Clang 10+ have implemented __attribute__((fallthrough)) which
is explicit version of the /* FALLTHROUGH */ comment we are currently
using.

Add and apply FALLTHROUGH macro that uses the attribute if available,
but does nothing on older compilers.

In one case (lib/dns/zone.c), using the macro revealed that we were
using the /* FALLTHROUGH */ comment in wrong place, remove that comment.

(cherry picked from commit fe7ce629f4)
2022-03-25 09:30:16 +01:00
Ondřej Surý
2bf7921c7e Update the copyright information in all files in the repository
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.

(cherry picked from commit 58bd26b6cf)
2022-01-11 12:22:09 +01:00
Evan Hunt
6836e3c071 cleanup references to ancient named.conf options
some removed options were still referenced in config.c or the ARM.

(cherry picked from commit 69e25f41ae)
2021-10-12 23:52:39 -07:00
Ondřej Surý
f7adef5162 Mark the masterfile-format type 'map' as deprecated
The map masterfile-format is very fragile and it needs API bump every
time a RBTDB data structures changes.  Also while testing it, we found
out that files larger than 2GB weren't loading and nobody noticed, and
loading many map files were also failing (subject to kernel limits).

Thus we are marking the masterfile-format type 'map' as deprecated and
to be removed in the next stable BIND 9 release.

(cherry picked from commit 6b7a488cbc)
2021-09-17 09:10:29 +02:00
Evan Hunt
4d674b5c41 check port in *-source and *-source-v6 options in named.conf
- when transfer-source(-v6), query-source(-v6), notify-source(-v6)
  or parental-source(-v6) are specified with a port number, issue a
  warning.
- when the port specified is the same as the DNS listener port (i.e.,
  53, or whatever was specified as "port" in "options"), issue a fatal
  error.
- check that "port" is in range. (previously this was only checked
  by named, not by named-checkconf.)
- added checkconf tests.
- incidental fix: removed dead code in check.c:bind9_check_namedconf().

(note: if the DNS port is specified on the command line with "named -p",
that is not conveyed to libbind9, so these checks will not take it into
account.)

(cherry picked from commit 14c8d7dfb7)
2021-09-14 20:32:10 +02:00
Evan Hunt
255d092c40 change CFG_ZONE_MASTER and CFG_ZONE_SLAVE
these values have been renamed as CFG_ZONE_PRIMARY and
CFG_ZONE_SECONDARY.

(cherry picked from commit 679f1c0dad)
2021-08-30 12:00:39 -07:00
Mark Andrews
706f5811c3 Check that primary key names are syntactically valid
(cherry picked from commit 4fa9d8389a)
2021-08-26 00:00:16 +00:00
Matthijs Mekking
9c0e252e2b Add "parental-source[-v6]" config option
Similar to "notify-source" and "transfer-source", add options to
set the source address when querying parental agents for DS records.

(manually picked from commit 2872d6a12e)
2021-07-01 14:48:23 +02:00
Matthijs Mekking
ab26fc2d66 Check parental-agents config
Add checks for "parental-agents" configuration, checking for the option
being at wrong type of zone (only allowed for primaries and
secondaries), duplicate definitions, duplicate references, and
undefined parental clauses (the name referenced in the zone clause
does not have a matching "parental-agent" clause).

(cherry picked from commit 1e763e582b)
2021-07-01 14:48:23 +02:00
Matthijs Mekking
42da0e7790 Change primaries objects to remote-servers
Change the primaries configuration objects to the more generic
remote-servers, that we can reuse for other purposes (such as
parental-agents).

(manually picked from commit 39a961112f)
2021-07-01 14:48:21 +02:00
Matthijs Mekking
068a978ae9 Fix checkconf dnssec-policy inheritance bug
Similar to #2778, the check for 'dnssec-policy' failed to account for
it being inheritable.

(cherry picked from commit 75ec7d1d9f)
2021-06-24 10:41:28 +02:00
Mark Andrews
efbf4ed5e1 Checking of key-directory and dnssec-policy was broken
the checks failed to account for key-directory being inheritable.

(cherry picked from commit d1e283ede1)
2021-06-18 17:29:41 +10:00
Matthijs Mekking
d9fa465ff4 Check key-directory duplicates for kasp zones
Don't allow the same zone with different dnssec-policies in separate
views have the same key-directory.

Track zones plus key-directory in a symtab and if there is a match,
check the offending zone's dnssec-policy name. If the name is "none"
(there is no kasp for the offending zone), or if the name is the same
(the zone shares keys), it is fine, otherwise it is an error (zones
in views using different policies cannot share the same key-directory).

(cherry picked from commit 494e8b2cbd)
2021-05-19 00:44:32 +00:00
Matthijs Mekking
72deed194d Use isdigit instead of checking character range
When looking for key files, we could use isdigit rather than checking
if the character is within the range [0-9].

Use (unsigned char) cast to ensure the value is representable in the
unsigned char type (as suggested by the isdigit manpage).

Change " & 0xff" occurrences to the recommended (unsigned char) type
cast.

(cherry picked from commit 1998ad6c776a9c17c27788b17765dee90d9e25df)
2021-05-05 18:23:53 +02:00
Matthijs Mekking
861b2a14bb Check for filename clashes /w dnssec-policy zones
Just like with dynamic and/or inline-signing zones, check if no two
or more zone configurations set the same filename. In these cases,
the zone files are not read-only and named-checkconf should catch
a configuration where multiple zone statements write to the same file.

Add some bad configuration tests where KASP zones reference the same
zone file.

Update the good-kasp test to allow for two zones configure the same
file name, dnssec-policy none.

(cherry picked from commit 0b5fc0afcfd1a0bb7c1f16b63872b7ee26fb2777)
2021-05-05 18:22:42 +02:00
Mark Andrews
cb77a8efed named-checkconf now detects redefinition of dnssec-policy 'insecure'
(cherry picked from commit dba13d280a)
2021-05-05 17:05:17 +10:00
Matthijs Mekking
375112a623 Add built-in dnssec-policy "insecure"
Add a new built-in policy "insecure", to be used to gracefully unsign
a zone. Previously you could just remove the 'dnssec-policy'
configuration from your zone statement, or remove it.

The built-in policy "none" (or not configured) now actually means
no DNSSEC maintenance for the corresponding zone. So if you
immediately reconfigure your zone from whatever policy to "none",
your zone will temporarily be seen as bogus by validating resolvers.

This means we can remove the functions 'dns_zone_use_kasp()' and
'dns_zone_secure_to_insecure()' again. We also no longer have to
check for the existence of key state files to figure out if a zone
is transitioning to insecure.

(cherry picked from commit 2710d9a11d)
2021-04-30 13:58:22 +02:00
Ondřej Surý
4bbe3e75de Stop including dnstap headers from <dns/dnstap.h>
The <fstrm.h> and <protobuf-c/protobuf-c.h> headers are only directly
included where used and we stopped exposing those headers from libdns
headers.
2021-02-16 12:08:21 +11:00
Mark Andrews
b8fc8742e5 Re-order include directories
${FSTRM_CFLAGS} ${PROTOBUF_C_CFLAGS} ${OPENSSL_CFLAGS} ${LMDB_CFLAGS}
need to appear after all directories in the build tree.
2021-02-16 12:08:21 +11:00
Evan Hunt
57aadd6cea add syntax and setter/getter functions to configure max-ixfr-ratio 2021-01-26 12:38:32 +01:00
Ondřej Surý
0e25af628c Use -release instead of -version-info for internal library SONAMEs
The BIND 9 libraries are considered to be internal only and hence the
API and ABI changes a lot.  Keeping track of the API/ABI changes takes
time and it's a complicated matter as the safest way to make everything
stable would be to bump any library in the dependency chain as in theory
if libns links with libdns, and a binary links with both, and we bump
the libdns SOVERSION, but not the libns SOVERSION, the old libns might
be loaded by binary pulling old libdns together with new libdns loaded
by the binary.  The situation gets even more complicated with loading
the plugins that have been compiled with few versions old BIND 9
libraries and then dynamically loaded into the named.

We are picking the safest option possible and usable for internal
libraries - instead of using -version-info that has only a weak link to
BIND 9 version number, we are using -release libtool option that will
embed the corresponding BIND 9 version number into the library name.

That means that instead of libisc.so.1608 (as an example) the library
will now be named libisc-9.16.10.so.

(cherry picked from commit c605d75ea5)
2021-01-25 15:28:09 +01:00
Tinderbox User
536bc1163a prep 9.16.11 2021-01-21 09:11:54 +01:00
Evan Hunt
1a32a4d001 prevent "primaries" lists from having duplicate names
it is now an error to have two primaries lists with the same
name. this is true regardless of whether the "primaries" or
"masters" keywords were used to define them.

(cherry picked from commit f619708bbf)
2021-01-12 15:21:14 +01:00
Evan Hunt
746aa2581c add "primary-only" as a synonym for "master-only"
update the "notify" option to use RFC 8499 terminology as well.

(cherry picked from commit 424a3cf3cc)
2021-01-12 15:21:14 +01:00
Evan Hunt
04b9cdb53c add "primaries" as a synonym for "masters" in named.conf
as "type primary" is preferred over "type master" now, it makes
sense to make "primaries" available as a synonym too.

added a correctness check to ensure "primaries" and "masters"
cannot both be used in the same zone.

(cherry picked from commit 16e14353b1)
2021-01-12 15:21:14 +01:00
Matthijs Mekking
cf0439cd5f Treat dnssec-policy "none" as a builtin zone
Configure "none" as a builtin policy. Change the 'cfg_kasp_fromconfig'
api so that the 'name' will determine what policy needs to be
configured.

When transitioning a zone from secure to insecure, there will be
cases when a zone with no DNSSEC policy (dnssec-policy none) should
be using KASP. When there are key state files available, this is an
indication that the zone once was DNSSEC signed but is reconfigured
to become insecure.

If we would not run the keymgr, named would abruptly remove the
DNSSEC records from the zone, making the zone bogus. Therefore,
change the code such that a zone will use kasp if there is a valid
dnssec-policy configured, or if there are state files available.

(cherry picked from commit cf420b2af0)
2020-12-23 11:56:33 +01:00
Ondřej Surý
7fc62f829d Add libssl libraries to Windows build
This commit extends the perl Configure script to also check for libssl
in addition to libcrypto and change the vcxproj source files to link
with both libcrypto and libssl.
2020-12-09 10:46:16 +01:00
Ondřej Surý
a35a666a7c Reformat sources using clang-format-11
(cherry picked from commit 7ba18870dc)
2020-12-08 19:34:05 +01:00
Tinderbox User
14620951cc prep 9.16.9 2020-11-26 12:25:53 +01:00
Diego Fronza
24ec021e50 Warn if 'stale-refresh-time' < 30 (default)
RFC 8767 recommends that attempts to refresh to be done no more
frequently than every 30 seconds.

Added check into named-checkconf, which will warn if values below the
default are found in configuration.

BIND will also log the warning during loading of configuration in the
same fashion.
2020-11-11 16:00:22 -03:00
Evan Hunt
df698d73f4 update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
Tinderbox User
a195123ad0 prep 9.16.6 2020-08-06 08:14:40 +00:00
Tinderbox User
b03a635f68 prep 9.16.5 2020-07-15 23:10:55 +02:00
Mark Andrews
b955da48aa Handle namespace clash over 'SEC' on illumos.
(cherry picked from commit 18eef20241)
2020-07-14 09:06:46 +10:00
Evan Hunt
dca3658720 "check-names primary" and "check-names secondary" were ignored
these keywords were added to the parser as synonyms for "master"
and "slave" but were never hooked in to the configuration of named,
so they were ignored. this has been fixed and the option is now
checked for correctness.

(cherry picked from commit ba31b189b4)
2020-06-22 14:30:14 +02:00
Tinderbox User
adab85b815 prep 9.16.4 2020-06-18 10:25:50 +02:00
Evan Hunt
c19a593d3e change "expr == false" to "!expr" in conditionals
(cherry picked from commit 57e54c46e4)
2020-05-25 17:04:04 -07:00
Tinderbox User
046f56f5ab prep 9.16.3 2020-05-19 13:57:36 +02:00
Ondřej Surý
af1b56240f Resolve the overlinking of the system libraries
Originally, every library and binaries got linked to everything, which
creates unnecessary overlinking.  This wasn't as straightforward as it
should be as we still support configuration without libtool for 9.16.

Couple of smaller issues related to include headers and an issue where
sanitizer overload dlopen and dlclose symbols, so we were getting false
negatives in the autoconf test.
2020-05-11 09:49:54 +02:00
Matthijs Mekking
6e3654c434 dnssec-policy: to sign inline or not
When dnssec-policy was introduced, it implicitly set inline-signing.
But DNSSEC maintenance required either inline-signing to be enabled,
or a dynamic zone.  In other words, not in all cases you want to
DNSSEC maintain your zone with inline-signing.

Change the behavior and determine whether inline-signing is
required: if the zone is dynamic, don't use inline-signing,
otherwise implicitly set it.

You can also explicitly set inline-signing to yes with dnssec-policy,
the restriction that both inline-signing and dnssec-policy cannot
be set at the same time is now lifted.

However, 'inline-signing no;' on a non-dynamic zone with a
dnssec-policy is not possible.

(cherry picked from commit 644f0d958a)
2020-04-16 16:04:28 +02:00