Commit Graph

8593 Commits

Author SHA1 Message Date
Mark Andrews
acc8b89720 verify that auto-dnssec maintain generates and signs NSEC3 records with DNAME at the apex
(cherry picked from commit 6b470bbf42)
2018-12-10 17:49:38 +11:00
Mark Andrews
da5d139973 verify that dnssec-signzone generates NSEC3 records with DNAME at the apex
(cherry picked from commit 06e218c421)
2018-12-10 17:12:09 +11:00
Mark Andrews
2a6a3aa0e7 Properly detect bottom of zone when sign_a_node() is not called
(cherry picked from commit 9eec02a81f)
2018-12-07 11:48:03 +11:00
Andreas Hasenack
54242e8e1f add -U to preparse and usage
(cherry picked from commit 665618698e)
2018-12-07 08:39:32 +11:00
Mark Andrews
5338d9d4b7 add more error logging; add event processing logging
(cherry picked from commit 6a5c8ec2ea)
2018-12-06 11:32:09 +11:00
Ondřej Surý
39b02e8538 Change the default algorithm to RSASHA256 and the alternative algorithm to RSASHA1 as those are always supported 2018-12-05 21:55:31 +01:00
Ondřej Surý
f99c69b435 Add DNSKEY and CDNSKEY with unknown algorithm number (PRIVATEDNS) and \0 as content
(cherry picked from commit 00cc0b236a)
2018-12-05 21:14:06 +01:00
Ondřej Surý
b86789ef27 Refactor masterformat to be shellcheck clean and don't use RSAMD5 algorithm in the tests
(cherry picked from commit b13c7ca402)
2018-12-05 21:14:05 +01:00
Ondřej Surý
c996dcfee1 Make the start.pl and stop.pl more Cygwin friendly
(cherry picked from commit 835bad2c5c)
2018-12-04 15:30:41 +01:00
Ondřej Surý
b7c79f6c0f Replace realpath with cd&pwd shell magic 2018-12-03 20:42:01 +01:00
Ondřej Surý
73e26ec1d6 Make calls to the stop.pl always use the test name instead of '.'
(cherry picked from commit e227815af5)
2018-12-03 17:11:15 +01:00
Ondřej Surý
70cbdf3528 stop.pl - refactor
(cherry picked from commit 27ee629e6b)
2018-12-03 17:10:40 +01:00
Ondřej Surý
e8f38da2df Make calls to the start.pl always use the test name instead of '.'
(cherry picked from commit 16b95157e8)
2018-12-03 17:10:26 +01:00
Brian Conry
1ae7ca6606 start.pl - refactor
(cherry picked from commit 0fc8bfef13)
2018-12-03 17:09:48 +01:00
Brian Conry
ee737c8328 start.pl - wait for server to say 'running'
(cherry picked from commit 597049461d)
2018-12-03 17:09:05 +01:00
Ondřej Surý
e3379c44cb Add ALTERNATIVE_ALGORITHM to conf.sh
(cherry picked from commit b2c4c35493)
2018-12-03 09:30:44 +01:00
Ondřej Surý
d1dffe2fd3 Export SYSTEMTESTTOP from run.sh (so, it doesn't have to be defined in each script) and scrub / from the test names
(cherry picked from commit 1b2a3a0ea6)
2018-12-03 09:02:14 +01:00
Tony Finch
7ac356688c catz: improved log message when a zone is overridden
If you have a catalog zone containing 10.in-addr.arpa and an
explicitly-configured version which overrides the catz version,
`named` used to log:

catz: error "success" while trying to add zone "10.in-addr.arpa"

After this patch it logs:

catz: zone "10.in-addr.arpa" is overridden by explicitly configured zone
(cherry picked from commit 16eb35187a)
2018-12-03 15:52:14 +11:00
Mark Andrews
5ee79f833e use documented default key ttl
(cherry picked from commit 6499bdfd8b)
2018-11-30 11:12:51 +11:00
Mark Andrews
096caccf1d add reproducer for [GL #585]
(cherry picked from commit 0ac2a868bb)
2018-11-30 11:12:51 +11:00
Mark Andrews
edcb378845 replace strncpy + setting end of array to NUL with strlcpy 2018-11-22 16:43:43 +11:00
Witold Kręcicki
0db061aef9 Fix a small memleak in delv
(cherry picked from commit d00b3f47ba)
2018-11-22 08:22:34 +11:00
Mark Andrews
e9be58edc9 address unchecked return values
(cherry picked from commit ccfd577715)
2018-11-22 06:50:32 +11:00
Evan Hunt
19aaecafeb better system test entropy
- use /dev/urandom in gitlab CI
- use genrandom to get 4k of data instead of 800 bytes
- set this value as RANDOMSIZE in conf.sh
2018-11-17 01:27:06 +00:00
Evan Hunt
cdfac9b1bf echo debug output (D:text) the same as informational (I:text)
(cherry picked from commit dfa1589975)
2018-11-16 11:41:25 -08:00
Tony Finch
2d7969e0a4 dig: a -r option to disable .digrc
(cherry picked from commit fdb74fed9e)
2018-11-15 12:59:29 +11:00
Mark Andrews
d7c484ac7a free tmpzonename and restart_master
(cherry picked from commit 50714a9b35)
2018-11-14 11:41:48 -08:00
Evan Hunt
1b5f73a25b style
(cherry picked from commit e356d93175)
2018-11-14 11:55:21 +11:00
Mark Andrews
ba5726ec2f check that delv -q -m works
(cherry picked from commit 77128c867c)
2018-11-14 11:55:21 +11:00
Mark Andrews
b9b8782144 check that dig -q -m works
(cherry picked from commit f6f07fb41e)
2018-11-14 11:55:21 +11:00
Mark Andrews
46d80fe979 add -q to dash_opts
(cherry picked from commit ba5d28dcfe)
2018-11-14 11:55:21 +11:00
Mark Andrews
999163cd77 dig and mdig failed to properly preparse dash value pairs when value was a seperate argument and started with a dash.
(cherry picked from commit 75fa84b67b)
2018-11-14 11:55:20 +11:00
Michał Kępień
8181ffefe7 Restore localhost fallback in bin/dig/dighost.c
In BIND 9.11 and earlier, dig and similar tools used liblwres for
parsing /etc/resolv.conf.  After getting a list of servers from
liblwres, a tool would check the address family of each server found and
reject those unusable.  When the resulting list of usable servers was
empty, localhost addresses were queried as a fallback.

When liblwres was removed in BIND 9.12, dig and similar tools were
updated to parse /etc/resolv.conf using libirs instead.  As part of that
process, the localhost fallback was removed from bin/dig/dighost.c since
the localhost fallback built into libirs was deemed to be sufficient.
However, libirs only falls back to localhost if it does not find any
name servers at all; if it does find any valid nameserver entry in
/etc/resolv.conf, it just returns it to the caller because it is
oblivious to whether the caller supports IPv4 and/or IPv6 or not.  The
code in bin/dig/dighost.c subsequently filters the returned list of
servers in get_server_list() according to the requested address family
restrictions.  This may result in none of the addresses returned by
libirs being usable, in which case a tool will attempt to work with an
empty server list, causing a hang and subsequently a crash upon user
interruption.

Restore the localhost fallback in bin/dig/dighost.c to prevent the
aforementioned hangs and crashes and ensure recent BIND versions behave
identically to the older ones in the circumstances described above.

(cherry picked from commit 18758392da)
2018-11-13 14:32:51 +01:00
Michał Kępień
9c963ed606 Fix a shutdown race in bin/dig/dighost.c
If a tool using the routines defined in bin/dig/dighost.c is sent an
interruption signal around the time a connection timeout is scheduled to
fire, connect_timeout() may be executed after destroy_libs() detaches
from the global task (setting 'global_task' to NULL), which results in a
crash upon a UDP retry due to bringup_timer() attempting to create a
timer with 'task' set to NULL.  Fix by preventing connect_timeout() from
attempting a retry when shutdown is in progress.

(cherry picked from commit 4621756596)
2018-11-13 13:52:21 +01:00
Mark Andrews
818e6822c4 isc_resource_getlimit under windows only supports isc_resource_openfiles
(cherry picked from commit 896fb585b3)
2018-11-09 12:42:33 +11:00
Ondřej Surý
15a4f74b28 Print isc_stdtime_t with PRIu32
(cherry picked from commit c355e1f38f)
2018-11-09 02:56:48 +07:00
Ondřej Surý
4568669807 Hint the compiler with ISC_UNREACHABLE(); that code after INSIST(0); cannot be reached
(cherry picked from commit 23fff6c569)
2018-11-08 15:09:12 +07:00
Ondřej Surý
1e6329038b Don't assert on failed getrlimit call to allow called to handle this gracefully as it already does, just abort where we need to know the numbers
(cherry picked from commit e2e138a801)
2018-11-08 14:37:14 +07:00
Ondřej Surý
fcd1569e2b Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool
(cherry picked from commit b2b43fd235)
2018-11-08 14:37:14 +07:00
Ondřej Surý
b222783ae9 Add small tweaks to the code to fix compilation when ISC assertions are disabled
While implementing the new unit testing framework cmocka, it was found that the
BIND 9 code doesn't compile when assertions are disabled or replaced with any
function (such as mock_assert() from cmocka unit testing framework) that's not
directly recognized as assertion by the compiler.

This made the compiler to complain about blocks of code that was recognized as
unreachable before, but now it isn't.

The changes in this commit include:

* assigns default values to couple of local variables,
* moves some return statements around INSIST assertions,
* adds __builtin_unreachable(); annotations after some INSIST assertions,
* fixes one broken assertion (= instead of ==)

(cherry picked from commit fbd2e47f51)
2018-11-08 14:05:23 +07:00
Witold Krecicki
070e4135c4 Remove unnecessary sed from autosign test
(cherry picked from commit 82dfb77328)
2018-11-08 12:19:57 +11:00
Witold Krecicki
f49bd1e77f Use 'local' variable in echo functions in tests
(cherry picked from commit 0949b1fe2c)
2018-11-08 12:19:51 +11:00
Witold Kręcicki
5d4074c4e4 Get rid of bashism in CDS test
(cherry picked from commit dbf2e7928e)
2018-11-08 12:14:31 +11:00
Ondřej Surý
9fe7963ec3 Update the IDN documentation for nslookup
(cherry picked from commit b659765869)
2018-11-07 11:32:56 +11:00
Ondřej Surý
a148af6728 Change the dig documentation
(cherry picked from commit 7697923eab)
2018-11-07 11:32:56 +11:00
Ondřej Surý
bee5674283 Update the idna tests for the new non-tty defaults
(cherry picked from commit e8c57a78aa)
2018-11-07 11:32:56 +11:00
Ondřej Surý
cd83fb94c6 Enable IDN processing (both idnin and idnout) only on tty, disable it when the stdout is not a tty
(cherry picked from commit 0e1bf7d017)
2018-11-06 17:10:09 +11:00
Mark Andrews
ce80d59e97 test require-server-cookie with rate-limit
(cherry picked from commit 164370102a)
2018-11-06 10:20:43 +11:00
Michał Kępień
a0c5c01fe5 Check serve-stale behavior with a cold cache
Ensure that serve-stale works as expected when returning stale answers
is enabled, the authoritative server does not respond, and there is no
cached answer available.

(cherry picked from commit 27cfe83a38)
2018-10-31 14:08:44 +01:00
Michał Kępień
9fe44e48b2 Check TTL of stale answers
Make sure that stale answers returned when the serve-stale feature is
enabled have a TTL matching the value of the stale-answer-ttl setting.

(cherry picked from commit 893ab37ce7)
2018-10-31 14:08:43 +01:00