Commit Graph
472 Commits
Author SHA1 Message Date
Evan Hunt c31d32434d ensure we try to validate glue records so RRSIG TTLs will be capped 2018-06-08 11:43:20 -07:00
Mukund SivaramanandEvan Hunt 6cd4cb3d2a Don't validate non-pending glue when adding to the additional section
(cherry picked from commit 31bd3147d1)
2018-06-08 11:05:19 -07:00
Mark AndrewsandEvan Hunt 9aba5ca84b add system test for root-key-sentinel
(cherry picked from commit a23b305e6b)
(cherry picked from commit b9e6b124aa)
(cherry picked from commit 9448c4fd21)
(cherry picked from commit 8f139956ba)
2018-06-04 21:38:04 -07:00
Mark AndrewsandEvan Hunt 3890b5d7ba add named.conf option root-key-sentinel
(cherry picked from commit 68e9315c7d)
(cherry picked from commit ee763ef281)
(cherry picked from commit 9a5f308287)
(cherry picked from commit 468a3bcdac)
2018-06-04 21:30:33 -07:00
Mark AndrewsandEvan Hunt 2f20e10942 detect and process root-key-sentinel labels.
(cherry picked from commit 8fc9f64df9)
(cherry picked from commit 7111eff80c)
(cherry picked from commit afa97c6552)
(cherry picked from commit a624e884d4)
2018-06-04 20:06:20 -07:00
Evan Hunt 5a21193fdd update file headers 2018-03-15 11:30:37 -07:00
Ondřej Surý f1736dd4bc Use /* FALLTHROUGH */ comment instead of __attribute__ ((fallthrough)) for consistency 2018-03-15 11:38:32 +01:00
Ondřej Surý a5ea870265 Add __attribute__ ((fallthrough)); in place of implicit fallthrough to satisfy gcc 7 -Wextra 2018-03-15 09:30:18 +01:00
Ondřej Surý 9f830be501 update file headers to remove copyright years 2018-03-15 09:09:15 +01:00
Mark Andrews 79dc8a0013 test devent->sigrdataset rather than devent->rdataset before calling query_putrdataset
(cherry picked from commit e08a31e317)
2018-01-05 12:41:51 +11:00
Tinderbox User f3e5a44f00 update copyright notice / whitespace 2018-01-04 23:47:43 +00:00
Mark Andrews 385d0b66e0 4857. [bug] Maintain attach/detach semantics for event->db,
event->node, event->rdataset and event->sigrdataset
                        in query.c. [RT #46891]

(cherry picked from commit cad79077bd)
2018-01-04 13:20:34 +11:00
Evan Hunt 3dbc4979c6 [v9_9] fix merge error; missing hunk from change 4780
(cherry picked from commit 4d39bffd95)
2017-10-24 10:10:04 -07:00
Evan Hunt 0a5b0a447e [v9_9] omit NS from authority section if it was in answer
4780.	[bug]		When answering ANY queries, don't include the NS
			RRset in the authority section if it was already
			in the answer section. [RT #44543]

(cherry picked from commit b7b76d6b85)
(cherry picked from commit 13435af49a)
2017-10-23 19:38:29 -07:00
Mark Andrews 80dd4971d9 4739. [cleanup] Address clang static analysis warnings. [RT #45952]
(cherry picked from commit f9f3f20d2d)
2017-09-27 13:19:37 +10:00
Evan Hunt d2516c6507 [v9_9] turn on minimal responses for CDS/CDNSKEY
4678.	[cleanup]	Turn on minimal responses for CDNSKEY and CDS in
			addition to DNSKEY and DS. Thanks to Tony Finch.
			[RT #45690]

(cherry picked from commit 391a3a2f20)
2017-08-25 13:32:39 -07:00
Mark Andrews 282980e448 4640. [bug] If query_findversion failed in query_getdb due to
memory failure the error status was incorrectly
                        discarded. [RT #45331]

(cherry picked from commit b551ee14bd)
(cherry picked from commit 18bb24bc37)
2017-06-23 17:19:15 +10:00
Evan Hunt 10f80ef83a [v9_9] fix rpz formerr loop
4531.	[security]	Some RPZ configurations could go into an infinite
			query loop when encountering responses with TTL=0.
			(CVE-2017-3140) [RT #45181]

(cherry picked from commit 3440cf9c60)
(cherry picked from commit a57b289ed0)
2017-05-30 12:43:57 -07:00
Evan Hunt 7334fbc55c [v9_9] Add DLZ db version to activeversions
4628.	[bug]		Fixed a potential reference leak in query_getdb().
			[RT #45247]

(cherry picked from commit 594eadcc34)
2017-05-28 14:34:14 -07:00
Mark Andrews 673dd20a78 remove unused assignments [RT #45147]
(cherry picked from commit 78551a3f2c)
2017-05-03 07:46:34 +10:00
Mukund Sivaraman e315a20bd4 Validate glue before adding it to the additional section (#45062)
(cherry picked from commit b0dbcba2d2)
(cherry picked from commit fec9247b8f)
(cherry picked from commit b958488b2e)
2017-04-21 16:03:28 +05:30
Mark Andrews 35ca802c7b 4575. [security] Dns64 with break-dnssec yes; can result in a
assertion failure. (CVE-2017-3136) [RT #44653]

(cherry picked from commit 3bce12e4b6)
2017-02-15 12:24:33 +11:00
Mark Andrews eaa394fcfa address rpz version issue 2017-01-24 11:21:55 +11:00
Mark Andrews 4b843e0cc8 4556. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
2017-01-24 09:56:20 +11:00
Tinderbox User 3d51a06d9d update copyright notice / whitespace 2017-01-19 23:47:43 +00:00
Mark Andrews 3f4d134e72 use TCP macro
(cherry picked from commit 2fa1676380)
2017-01-19 13:14:11 +11:00
Mark Andrews 3a125854c9 4472. [bug] Named could fail to find the correct NSEC3 records when
a zone was update between looking for the answer and
                        looking for the NSEC3 records proving non-existance
                        of the answer. [RT #43247]
2016-10-05 10:41:05 +11:00
Mark Andrews 0ba8ac54c7 also cleanup node 2016-06-03 18:35:07 +10:00
Mark Andrews e4ae68f50c detach before restore 2016-06-03 18:34:59 +10:00
Mark Andrews 944b398582 reset zversion on restart
(cherry picked from commit b4750b5991)
2016-06-03 14:33:52 +10:00
Mark Andrews cb735b3f90 fix merge error 2016-05-27 18:39:33 +10:00
Mark Andrews dfdf6773a6 REDIRECT macro is 9.11.0+ 2016-05-27 10:06:42 +10:00
Mark Andrews c3fbf330bc 4377. [bug] Don't reuse zero TTL responses beyond the current
client set (excludes ANY/SIG/RRSIG queries).
                        [RT #42142]

(cherry picked from commit aabcb1fde0)
2016-05-27 10:05:52 +10:00
Tinderbox User addd839e4a update copyright notice / whitespace 2016-05-26 23:46:02 +00:00
Mark Andrews 900a63cb04 4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the
probability of reference counting errors as seen
                        in 4365. [RT #42405]

(cherry picked from commit ac11084829)
2016-05-26 13:37:43 +10:00
Mukund Sivaraman 65f562e5e4 Code cleanups (#41656)
(cherry picked from commit 9da98335c1)
(cherry picked from commit b15dde2889)
2016-03-04 13:00:43 +05:30
Mark Andrews 87c8fae1dc add missing line break
(cherry picked from commit 68ecf1c9a5)
2016-02-04 11:52:24 +11:00
Mark Andrews 04e34494ea 4313. [bug] Handle ns_client_replace failures in test mode.
[RT #41190]

(cherry picked from commit d88ba93712)
2016-02-03 15:04:06 +11:00
Evan Hunt 70280057b4 [v9_9] expanded query trace logging
4300.	[cleanup]	Added new querytrace logging. [RT #41155]
2016-01-22 14:33:50 -08:00
Tinderbox User 7b7d845166 update copyright notice / whitespace 2016-01-21 23:46:08 +00:00
Evan Hunt 4b8c357439 [v9_9] hold 2016-01-20 17:32:39 -08:00
Mark Andrews b1fd8ee3ad 4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]
(cherry picked from commit f647c0df9f)

Conflicts:
	CHANGES
	bin/named/query.c
	bin/tests/system/sit/tests.sh
	lib/dns/message.c

(cherry picked from commit d090709551)

Conflicts:
	CHANGES
2015-12-15 20:10:37 +11:00
Mark Andrews 3b8f8695af 4227. [bug] Silence static analysis warnings. [RT #40828
(cherry picked from commit 2a12984ce6)
2015-09-30 14:35:42 +10:00
Mark Andrews 17747a8059 make macro name match category name
(cherry picked from commit 4d085258cc)
2015-09-29 15:05:53 +10:00
Mark Andrews 1c33552240 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759]
(cherry picked from commit 29d52c001f)
(cherry picked from commit a55c3151b2)
2015-03-03 16:52:02 +11:00
Mukund Sivaraman e62afa3177 Add a --enable-querytrace configure switch for very verbose query tracelogging (#37520)
(cherry picked from commit 1783676a64)
(cherry picked from commit b83c20df65)

Conflicts:
	CHANGES
	config.h.in
	configure
	configure.in
2015-02-26 17:04:18 +05:30
Evan Hunt ec856a0ed6 [v9_9] add better servfail logging
3937.	[func]		Added some debug logging to better indicate the
			conditions causing SERVFAILs when resolving.
			[RT #35538]

(cherry picked from commit f5c24a7f48)
(cherry picked from commit 09a87d841f)
2015-02-25 16:05:45 -08:00
Evan Hunt adf9e1c676 [v9_9] silence RPZ log messages
4050.	[cleanup]	Silence occasional spurious "duplicate query" log
			messages from RPZ. [RT #38510]
2015-02-10 15:03:05 -08:00
Mukund Sivaraman 015371d584 Fix a leak of query fetchlock (#38454)
4052.	[bug]		Fix a leak of query fetchlock. [RT #38454]

Conflicts:
	CHANGES
2015-02-03 11:54:16 +05:30
Tinderbox User 9cbd625449 update copyright notice / whitespace 2015-01-20 23:47:26 +00:00