ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,682 Commits 589 Branches 805 Tags
a009d03a1abf73c8146c1696ce1100e62c3b9dbb
Commit Graph

8027 Commits

Author SHA1 Message Date
Mark Andrews
a009d03a1a 4748. [cleanup] Sprintf to snprintf coversions. [RT #46132] 2017-10-03 14:54:19 +11:00
Mark Andrews
c85b467dc0 4747. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 3 - synthesize NODATA responses. [RT #40138]
 2017-10-03 11:16:37 +11:00
Tinderbox User
a57a6dbe62 update copyright notice / whitespace 2017-09-29 23:45:51 +00:00
Evan Hunt
3bb6150cae [master] color-coded test output 
4745.	[test]		Add color-coded pass/fail messages to system
			tests when running on terminals that support them.
			[RT #45977]
 2017-09-29 12:20:55 -07:00
Tinderbox User
5fbc5c9225 regen master 2017-09-29 01:08:37 +00:00
Mark Andrews
dc0a792d94 4744. [bug] Suppress trust-anchor-telementry queries if 
validation is disabled. [RT #46131]
 2017-09-29 09:33:06 +10:00
Evan Hunt
24172bd2ee [master] completed and corrected the crypto-random change 
4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]
 2017-09-28 10:09:22 -07:00
Mark Andrews
86e5d14e82 improve forensics 2017-09-28 22:14:30 +10:00
Mark Andrews
e00fdad191 4742. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 2 - synthesis of records from wildcard data.
                        If the dns64 or filter-aaaa* is configured then the
                        involved lookups are currently excluded. [RT #40138]
 2017-09-28 15:16:26 +10:00
Mark Andrews
f9f3f20d2d 4739. [cleanup] Address clang static analysis warnings. [RT #45952] 2017-09-27 10:27:09 +10:00
Mark Andrews
744061a03b 4738. [port] win32: strftime mishandles %Z. [RT #46039] 2017-09-26 23:32:40 +10:00
Mark Andrews
08151d7fce 4737. [cleanup] Address Coverity warnings. [RT #46012] 2017-09-26 23:21:49 +10:00
Mukund Sivaraman
eb1e4cce6c Refactor 
Reviewed on Jabber by Evan.
 2017-09-26 14:54:36 +05:30
Tinderbox User
ffbe6b9537 update copyright notice / whitespace 2017-09-19 23:46:23 +00:00
Mukund Sivaraman
32bcafc316 Change default minimal-responses setting to no-auth-recursive (#46016) 2017-09-19 19:49:02 +05:30
Mukund Sivaraman
e2ed24aa4d Fix use after free when closing an LMDB (#46000) 2017-09-19 19:42:13 +05:30
Tinderbox User
cb5bc50c91 update copyright notice / whitespace 2017-09-18 23:48:50 +00:00
Evan Hunt
49740fb0f2 [master] add I: when echoing information about failed tests 2017-09-18 14:15:37 -07:00
Michał Kępień
f665c724e4 [master] Prevent possible infinite signing loop after retransferring an inline-signed slave using NSEC3 
4727.	[bug]		Retransferring an inline-signed slave using NSEC3
			around the time its NSEC3 salt was changed could result
			in an infinite signing loop. [RT #45080]
 2017-09-18 09:18:45 +02:00
Mark Andrews
0bcb8b0b7c 4725. [bug] Nsupdate: "recvsoa" was incorrectly reported for 
failures in sending the update message.  The correct
                        location to be reported is "update_completed".
                        [RT #46014]
 2017-09-18 14:28:39 +10:00
Francis Dupont
aed87173fd Moved last occurrence of ns_g_entropy to named_g_entropy 2017-09-17 09:50:10 +02:00
Francis Dupont
9c829f4f96 Merged rt31459d (openssl random) 2017-09-16 13:53:29 +02:00
Mark Andrews
3128cd21e3 4723. [bug] Statistics counter DNSTAPdropped was misidentified 
as DNSSECdropped. [RT #46002]
 2017-09-14 23:51:19 +00:00
Tinderbox User
f54a365aeb update copyright notice / whitespace 2017-09-14 23:46:40 +00:00
Evan Hunt
364cabf431 [master] revert dlzexternal changes for portability 2017-09-14 11:33:24 -07:00
Mark Andrews
5fb0c09a5e #include <isc/string.h> 2017-09-14 18:54:46 +10:00
Mark Andrews
cb629cdeda more str{n}{cat,cpy} corrections rt45981_stage2 2017-09-14 18:11:56 +10:00
Mukund Sivaraman
bbe9f1dd95 Link dlzexternal system test's driver against libisc 2017-09-14 13:23:41 +05:30
Tinderbox User
e3bd90ee1b regen master 2017-09-14 01:12:10 +00:00
Tinderbox User
33987cb5fd update copyright notice / whitespace 2017-09-13 23:48:32 +00:00
Mark Andrews
21c12d0107 fix filenamelen so it has the buffer length rather than buffer length - 1 2017-09-14 09:29:28 +10:00
Mukund Sivaraman
188fa6ea68 Add missing <isc/print.h> 2017-09-13 19:44:47 +05:30
Francis Dupont
804ca1d926 Added isc/string.h to shutdown_test which got strlcpy 2017-09-13 14:34:54 +02:00
Evan Hunt
114f95089c [master] cleanup strcat/strcpy 
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]
 2017-09-13 00:14:37 -07:00
Evan Hunt
06b082c230 [rt31459d] fix first if test in setoption 
(cherry picked from commit abda73147d)
 2017-09-12 23:51:51 -07:00
Evan Hunt
20502f35dd [master] allow CDS/CDNSKEY records to be signed with only KSK 
4721.	[func]		'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
			options now apply to CDNSKEY and DS records as well
			as DNSKEY. Thanks to Tony Finch. [RT #45689]
 2017-09-12 23:09:48 -07:00
Evan Hunt
cc24a8725f [rt31459d] update the newer tools 2017-09-12 22:49:35 -07:00
Mark Andrews
e930487ce7 give more time for the initial signing of bits in the inline signing test to complete 2017-09-13 12:18:59 +10:00
Evan Hunt
586e65ea5c [rt31459d] rebased rt31459c 2017-09-12 19:05:46 -07:00
Mark Andrews
abda73147d fix first if test in setoption 2017-09-13 11:57:00 +10:00
Evan Hunt
30973087a0 [master] add prefetch stat counter 
4720.	[func]		Added a statistics counter to track prefetch
			queries. [RT #45847]
 2017-09-12 18:41:47 -07:00
Mark Andrews
34130ee25a 4719. [bug] Address PVS static analyzer warnings. [RT #45946] 2017-09-13 09:50:51 +10:00
Tinderbox User
1e33899f86 update copyright notice / whitespace 2017-09-12 23:46:14 +00:00
Evan Hunt
25b33bede4 [master] improve handling of qcount=0 replies 
4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
			FORMERR if TC=0, and log the error correctly.
			[RT #45836]
 2017-09-12 15:26:30 -07:00
Evan Hunt
534c43860e [master] update copyrights 2017-09-11 17:47:12 -07:00
Evan Hunt
f3ce87e1a1 [master] copyrights 2017-09-11 17:01:09 -07:00
Tinderbox User
0d9572e437 update copyright notice / whitespace 2017-09-11 23:46:33 +00:00
Evan Hunt
b103b0c011 [master] remap getaddrinfo() to irs_getgetaddrinfo() 
The libirs version of getaddrinfo() cannot be called from within BIND9.
 2017-09-11 15:03:57 -07:00
Evan Hunt
2e0493c046 [master] add print.h 2017-09-11 12:37:58 -07:00
Evan Hunt
3363f3147a [master] DNS Response Policy Service API 
4713.	[func]		Added support for the DNS Response Policy Service
			(DNSRPS) API, which allows named to use an external
			response policy daemon when built with
			"configure --enable-dnsrps".  Thanks to Vernon
			Schryver and Farsight Security. [RT #43376]
 2017-09-11 11:57:43 -07:00