Artem Boldariev
67d74e228f
Update Release notes [GL #3725 ]
...
Mention that TLS session resumption for Mutual TLS has been fixed.
2022-12-14 18:08:51 +02:00
Artem Boldariev
d8e04cdbc7
Update CHANGES [GL #3725 ]
...
Mention that TLS session resumption for Mutual TLS has been fixed.
2022-12-14 18:07:03 +02:00
Artem Boldariev
d5d31c6ba1
Extend the 'doth' system test with a Mutual TLS resumption check
...
This commit adds a simple check to the 'doth' system test which
ensures that session resumption when Mutual TLS is used works as
expected.
2022-12-14 18:06:20 +02:00
Artem Boldariev
837fef78b1
Fix TLS session resumption via IDs when Mutual TLS is used
...
This commit fixes TLS session resumption via session IDs when
client certificates are used. To do so it makes sure that session ID
contexts are set within server TLS contexts. See OpenSSL documentation
for 'SSL_CTX_set_session_id_context()', the "Warnings" section.
2022-12-14 18:06:20 +02:00
Tony Finch
39e57ab133
Merge branch 'fanf-dnssec-algorithm-loglevel' into 'main'
...
List supported DNSSEC algorithms at log level NOTICE
See merge request isc-projects/bind9!7217
2022-12-14 11:02:15 +00:00
Tony Finch
72f8d03cad
List supported DNSSEC algorithms at log level NOTICE
...
NOTICE matches the other startup messages. WARNING weirdly
suggests the list is a problem.
2022-12-14 11:01:22 +00:00
Ondřej Surý
27376b9a8e
Merge branch '3736-fix-intermittent-memory-leak-in-forward-system-test' into 'main'
...
Fix intermittent memory leak in dns_resolver unit
Closes #3736
See merge request isc-projects/bind9!7214
2022-12-14 09:48:37 +00:00
Ondřej Surý
7292ee6d92
Fix intermittent memory leak in dns_resolver unit
...
A rdataset could have been left unassociated on the error path in the
resume_dslookup() in the dns_resolver unit. Clone the rdataset after
the error check, so it's not cloned before we check whether we can make
further progress chasing DS records.
2022-12-14 10:48:06 +01:00
Mark Andrews
282d4ea645
Merge branch '3737-fix-initialisation-of-local-in-isdotlocal-in-dig' into 'main'
...
Resolve "fix initialisation of local. in isdotlocal in dig"
Closes #3737
See merge request isc-projects/bind9!7213
2022-12-13 23:27:50 +00:00
Mark Andrews
8ce163bbc5
Properly initialise local_ndata in isdotlocal in dig
...
Remove the trailing '\0' so that the length field of the dns_name_t
structure is correct. The old data just happens to work with
dns_name_issubdomain but would fail with dns_name_equal.
2022-12-13 23:05:30 +00:00
Tony Finch
5f6ec1fbe3
Merge branch 'fanf-rsasha236' into 'main'
...
Fix a typo RSASHA236 -> RSASHA256
See merge request isc-projects/bind9!7206
2022-12-13 16:58:59 +00:00
Tony Finch
c18a9a208d
Fix a typo RSASHA236 -> RSASHA256
...
Use dns_secalg_format() to avoid error-prone repetition.
2022-12-13 16:58:02 +00:00
Tom Krizek
baf9c9f1ee
Merge branch 'tkrizek/set-up-version-and-release-notes-for-bind-9.19.9' into 'main'
...
Set up version and release notes for bind 9.19.9
See merge request isc-projects/bind9!7218
2022-12-13 16:18:03 +00:00
Tom Krizek
0e16e9e8d1
Set up release notes for BIND 9.19.9
2022-12-13 16:45:13 +01:00
Tom Krizek
38a9338fe4
Update BIND version to 9.19.9-dev
2022-12-13 16:44:52 +01:00
Tom Krizek
eac4314684
Update BIND version for release
2022-12-12 14:20:08 +01:00
Tom Krizek
1b03cf1503
Add a CHANGES marker
2022-12-12 14:02:56 +01:00
Tom Krizek
0e2f297986
Merge branch 'michal/prepare-documentation-for-bind-9.19.8' into 'v9_19_8-release'
...
Prepare documentation for BIND 9.19.8
See merge request isc-private/bind9!487
2022-12-12 12:56:59 +00:00
Michał Kępień
bd71684f07
Add release note for GL #3721
2022-12-12 12:11:01 +01:00
Michał Kępień
815694d018
Reorder release notes
2022-12-12 12:11:01 +01:00
Michał Kępień
d4801a9163
Tweak and reword release notes
2022-12-12 12:11:01 +01:00
Michał Kępień
64985af9fc
Prepare release notes for BIND 9.19.8
2022-12-12 12:11:01 +01:00
Michał Kępień
98bb01a22b
Restore release note for GL #3570
2022-12-12 12:11:01 +01:00
Ondřej Surý
b432a2e6b9
Merge branch '3731-attach-keyfileio-to-zone' into 'main'
...
Implement proper reference counting for dns_keyfileio_t
Closes #3731
See merge request isc-projects/bind9!7203
2022-12-09 14:14:25 +00:00
Ondřej Surý
79115a0c3b
Implement proper reference counting for dns_keyfileio_t
...
Instead of relying on hash table search when using the keys, implement a
proper reference counting in dns_keyfileio_t objects, and attach/detach
the objects to the zone.
2022-12-09 14:27:44 +01:00
Petr Špaček
9dea2b99ee
Merge branch 'pspacek/configure-doh-help-fix' into 'main'
...
Fix configure --disable-doh help text
See merge request isc-projects/bind9!7118
2022-12-08 09:49:27 +00:00
Petr Špaček
5ec272007d
Fix configure --disable-doh help text
...
This is technically fixup for 2bb454182b!4926
2022-12-08 10:48:24 +01:00
Tom Krizek
91c9f1d087
Merge branch 'tkrizek/revert-3678-serve-stale-servfail' into 'main'
...
Revert "Merge branch '3678-serve-stale-servfailing-unexpectedly' into 'main'"
See merge request isc-projects/bind9!7183
2022-12-08 09:31:29 +00:00
Tom Krizek
ba1607747c
Revert "Merge branch '3678-serve-stale-servfailing-unexpectedly' into 'main'"
...
This reverts commit 629f66ea8e84a7be327e
2022-12-08 10:30:44 +01:00
Ondřej Surý
855498ee6b
Merge branch '3727-fix-off-by-one-reference-counting-in-zonemgr_keymgmt_delete' into 'main'
...
Release unused key file IO lock objects
Closes #3727
See merge request isc-projects/bind9!7178
2022-12-08 09:24:10 +00:00
Ondřej Surý
56a997b0b5
Add CHANGES and release note for [GL #3727 ]
2022-12-08 08:32:59 +01:00
Ondřej Surý
fb1acd6736
Release unused key file IO lock objects
...
Due to off-by-one error in zonemgr_keymgmt_delete, unused key file IO
lock objects were never freed and they were kept until the server
shutdown. Adjust the returned value by -1 to accomodate the fact that
the atomic_fetch_*() functions return the value before the operation and
not current value after the operation.
2022-12-08 08:30:30 +01:00
Mark Andrews
26cc205334
Merge branch '3613-redo-dumping-expired-rdatasets' into 'main'
...
Resolve "TTL issue with resolver's cached and expired results for qtype ANY queries"
Closes #3613
See merge request isc-projects/bind9!7085
2022-12-07 22:46:45 +00:00
Mark Andrews
485e968087
Add CHANGES note for [GL #3613 ]
2022-12-07 22:20:02 +00:00
Mark Andrews
1a39328feb
Remove different zero TTL handling for rdataset iterator
...
Zero TTL handling does not need to be different for 'rdatasetiter_first'
and 'rdatasetiter_next' and it interacts badly with 'bind_rdatadataset'
which makes different determinations.
2022-12-07 22:20:02 +00:00
Mark Andrews
85048ddeee
Add dns_db_allrdatasets options
...
'DNS_DB_STALEOK' returns stale rdatasets as well as current rdatasets.
'DNS_DB_EXPIREDOK' returns expired rdatasets as well as current
rdatasets. This option is currently only set when DNS_DB_STALEOK is
also set.
2022-12-07 22:20:02 +00:00
Mark Andrews
7695c36a5d
Extend dns_db_allrdatasets to control interation results
...
Add an options parameter to control what rdatasets are returned when
iteratating over the node. Specific modes will be added later.
2022-12-07 22:20:02 +00:00
Mark Andrews
3bdab2d111
Properly select active rdatasets when iterating across node
...
Active rdatasets where not being properly selected in rdatasetiter_first
and rdatasetiter_next.
2022-12-07 22:20:02 +00:00
Mark Andrews
e49f83499a
Check TTLs of mixed TTL ANY response with expired records
2022-12-07 22:20:02 +00:00
Mark Andrews
90249e4aa5
Revert "Fix rndc dumpdb -expired for stuck cache contents"
...
This reverts commit f8d866c6ef
2022-12-07 22:20:02 +00:00
Mark Andrews
bc64205c58
Merge branch '3724-update-dig-tcp-documentation' into 'main'
...
Resolve "Update dig +tcp documentation"
Closes #3724
See merge request isc-projects/bind9!7172
2022-12-07 21:59:25 +00:00
Mark Andrews
b5951f0411
Add reference to +tcp for +ignore
2022-12-07 21:38:18 +00:00
Ondřej Surý
7dc6984367
Merge branch '3676-remove-operating-system-resource-limits' into 'main'
...
Mark setting operating system limits from named.conf as ancient
Closes #3676
See merge request isc-projects/bind9!7079
2022-12-07 18:50:30 +00:00
Ondřej Surý
01c58e6d40
Add CHANGES and release note for [GL #3676 ]
2022-12-07 19:42:55 +01:00
Ondřej Surý
e2262c2112
Remove isc_resource API and set limits directly in named_os unit
...
The only function left in the isc_resource API was setting the file
limit. Replace the whole unit with a simple getrlimit to check the
maximum value of RLIMIT_NOFILE and set the maximum back to rlimit_cur.
This is more compatible than trying to set RLIMIT_UNLIMITED on the
RLIMIT_NOFILE as it doesn't work on Linux (see man 5 proc on
/proc/sys/fs/nr_open), neither it does on Darwin kernel (see man 2
getrlimit).
The only place where the maximum value could be raised under privileged
user would be BSDs, but the `named_os_adjustnofile()` were not called
there before. We would apply the increased limits only on Linux and Sun
platforms.
2022-12-07 19:40:00 +01:00
Ondřej Surý
0c62c0bdb7
Mark setting operating system limits from named.conf as ancient
...
After deprecating the operating system limits settings (coresize,
datasize, files and stacksize), mark them as ancient and remove the code
that sets the values from config.
2022-12-07 19:40:00 +01:00
Ondřej Surý
0d3936646d
Merge branch 'ondrej-fix-missing-zone_check-in-checkds-system-test' into 'main'
...
Fix missing zone_check() call in checkds test
See merge request isc-projects/bind9!7161
2022-12-07 18:14:34 +00:00
Ondřej Surý
718831bfcc
Fix missing zone_check() call in checkds test
...
The bad2-dswithdrawn.checkds tests were missing call to the
zone_checks() contributing to intermittent timing failures of the
checkds system test.
2022-12-07 19:14:10 +01:00
Ondřej Surý
fd97400586
Merge branch '3708-remove-dead-code-from-dns_cache-unit' into 'main'
...
Remove dead code from dns_cache_flush()
Closes #3708
See merge request isc-projects/bind9!7141
2022-12-07 18:11:32 +00:00
Ondřej Surý
715343c31d
Remove dead code from dns_cache_flush()
...
After removing the cache cleaning mechanism, we don't need to db
iterator in dns_cache_flush() anymore.
2022-12-07 19:11:08 +01:00
