Commit Graph

8623 Commits

Author SHA1 Message Date
Tony Finch
bc984ace12 Fix a few cosmetic issues with rndc managed-keys
The handling of class and view arguments was broken, because the code
didn't realise that next_token() would overwrite the class name when
it parsed the view name. The code was trying to implement a syntax
like `refresh [[class] view]`, but it was documented to have a syntax
like `refresh [class [view]]`. The latter is consistent with other rndc
commands, so that is how I have fixed it.

Before:

$ rndc managed-keys refresh in rec
rndc: 'managed-keys' failed: unknown class/type
unknown class 'rec'

After:

$ rndc managed-keys refresh in rec
refreshing managed keys for 'rec'

There were missing newlines in the output from `rndc managed-keys
refresh` and `rndc managed-keys destroy`.

Before:

$ rndc managed-keys refresh
refreshing managed keys for 'rec'refreshing managed keys for 'auth'

After:

$ rndc managed-keys refresh
refreshing managed keys for 'rec'
refreshing managed keys for 'auth'

(cherry picked from commit 6a3b851f72)
2019-01-14 16:16:29 -08:00
Evan Hunt
b241dc58ec b/t/s/dnssec/tests.sh: Cleanup showprivate() function 2019-01-14 12:30:49 -08:00
Evan Hunt
0b4dca553d fix testing errors
- the checkprivate function in the dnssec test set ret=0, erasing
  results from previous tests and making the test appear to have passed
  when it shouldn't have
- checkprivate needed a delay loop to ensure there was time for all
  private signing records to be updated before the test

(cherry picked from commit 82e83d5dc7)
2019-01-13 18:22:44 -08:00
Tony Finch
1ba69a02ff cleanup: alphabetize rndc command dispatch
(cherry picked from commit 66be4108bf)
2019-01-14 12:28:26 +11:00
Mark Andrews
0b8d530c84 Ensure base64/base32/hex fields in DNS records that should be non-empty are.
(cherry picked from commit 5e8b772ad1)
2019-01-09 18:53:29 +11:00
Mark Andrews
675d75e0bc wait longer for dump to complete
(cherry picked from commit 8a8d378def)
2019-01-08 20:17:06 -08:00
Michał Kępień
f63a1fca3e Fix cleanup upon an error before TCP socket creation
When a query times out after a socket is created and associated with a
given dig_query_t structure, calling isc_socket_cancel() causes
connect_done() to be run, which in turn takes care of all necessary
cleanups.  However, certain errors (e.g. get_address() returning
ISC_R_FAMILYNOSUPPORT) may prevent a TCP socket from being created in
the first place.  Since force_timeout() may be used in code handling
such errors, connect_timeout() needs to properly clean up a TCP query
which is not associated with any socket.  Call clear_query() from
connect_timeout() after attempting to send a TCP query to the next
available server if the timed out query does not have a socket
associated with it, in order to prevent dig from hanging indefinitely
due to the dig_query_t structure not being detached from its parent
dig_lookup_t structure.

(cherry picked from commit 13975b32c6)
2019-01-08 11:22:57 +01:00
Michał Kępień
c05c1f1b65 Refactor code sending a query to the next server upon a timeout
When a query times out and another server is available for querying
within the same lookup, the timeout handler - connect_timeout() - is
responsible for sending the query to the next server.  Extract the
relevant part of connect_timeout() to a separate function in order to
improve code readability.

(cherry picked from commit c108fc5c6e)
2019-01-08 11:22:57 +01:00
Michał Kępień
1d0319fd0c Remove dead code handling address family mismatches for TCP sockets
Before commit c2ec022f57, using the "-b"
command line switch for dig did not disable use of the other address
family than the one to which the address supplied to that option
belonged to.  Thus, bind9_getaddresses() could e.g. prepare an
isc_sockaddr_t structure for an IPv6 address when an IPv4 address has
been passed to the "-b" command line option.  To avoid attempting the
impossible (e.g. querying an IPv6 address from a socket bound to an IPv4
address), a certain code block in send_tcp_connect() checked whether the
address family of the server to be queried was the same as the address
family of the socket set up for sending that query; if there was a
mismatch, that particular server address was skipped.

Commit c2ec022f57 made
bind9_getaddresses() fail upon an address family mismatch between the
address the hostname passed to it resolved to and the address supplied
to the "-b" command line option.  Such failures were fatal to dig back
then.

Commit 7f65860391 made
bind9_getaddresses() failures non-fatal, but also ensured that a
get_address() failure in send_tcp_connect() still causes the given query
address to be skipped (and also made such failures trigger an early
return from send_tcp_connect()).

Summing up, the code block handling address family mismatches in
send_tcp_connect() has been redundant since commit
c2ec022f57.  Remove it.

(cherry picked from commit ef1da8731b)
2019-01-08 11:22:57 +01:00
Michał Kępień
82103796af Track forwarder timeouts in fetch contexts
Since following a delegation resets most fetch context state, address
marks (FCTX_ADDRINFO_MARK) set inside lib/dns/resolver.c are not
preserved when a delegation is followed.  This is fine for full
recursive resolution but when named is configured with "forward first;"
and one of the specified forwarders times out, triggering a fallback to
full recursive resolution, that forwarder should no longer be consulted
at each delegation point subsequently reached within a given fetch
context.

Add a new badnstype_t enum value, badns_forwarder, and use it to mark a
forwarder as bad when it times out in a "forward first;" configuration.
Since the bad server list is not cleaned when a fetch context follows a
delegation, this prevents a forwarder from being queried again after
falling back to full recursive resolution.  Yet, as each fetch context
maintains its own list of bad servers, this change does not cause a
forwarder timeout to prevent that forwarder from being used by other
fetch contexts.

(cherry picked from commit 33350626f9)
2019-01-08 08:31:16 +01:00
Mark Andrews
3ea05e59ce indenting
(cherry picked from commit c69ad95238)
2019-01-02 11:51:19 +11:00
Mark Andrews
ee0c468141 update copyrights 2019-01-02 10:25:47 +11:00
Matthijs Mekking
8a67d9d64a Remove dig_with_opts 2018-12-20 15:49:06 +01:00
Matthijs Mekking
25c0e3dde9 Replace DSA with Reserved algorithm
(cherry picked from commit 17cdde1e56)
2018-12-20 15:49:06 +01:00
Matthijs Mekking
82806d855c Add dnssec-signzone tests with unsupported alg
dnssec-signzone should sign a zonefile that contains a DNSKEY record
with an unsupported algorithm.

(cherry picked from commit 6d976b37c1)
2018-12-20 15:49:06 +01:00
Ondřej Surý
39644e4d34 Properly detect msys/msys2 environment in the stop.pl script.
(cherry picked from commit 808dac0760)
2018-12-19 21:31:16 +01:00
Ondřej Surý
e055809c6f gcc defines __SANITIZE_ADDRESS__ and not __ADDRESS_SANITIZER__, use the correct #define
(cherry picked from commit 8903d68d69)
2018-12-19 12:44:51 +01:00
Ondřej Surý
aeb6b97dad Disable RTLD_DEEPBIND when compiled under AddressSanitizer
(cherry picked from commit cad6b39cab)
2018-12-19 10:49:56 +01:00
Ondřej Surý
2e81ab696a Revert "Merge branch '782-cygwin-grep-CRLF-issue-v9_12' into 'v9_12'"
This reverts commit f35df99f1d, reversing
changes made to ccc3be8156.
2018-12-17 12:41:14 +01:00
Mark Andrews
0c19967532 pass the correct object to cfg_obj_log
(cherry picked from commit 53a33f7365)
2018-12-16 19:21:47 -05:00
Curtis Blackburn
9599679d31 minor fixes to dns64 and rndc CRLF fix. rpzrecurse failure
will be addressed in a separate issue

(cherry picked from commit 2ec746dafe)
2018-12-14 19:00:15 -08:00
Curtis Blackburn
bb731398e0 more CRLF fixes (dns64, rndc, rpzrecurse)
(cherry picked from commit 9fc68285ef)
2018-12-14 19:00:15 -08:00
Curtis Blackburn
66fdedfd7b missed one in the digdelv test
(cherry picked from commit bdbf6ede3a)
2018-12-14 19:00:13 -08:00
Curtis Blackburn
06cae98368 digdelv test fixed for CRLF issue
(cherry picked from commit ba1b9ca4d4)
2018-12-14 18:59:32 -08:00
Curtis Blackburn
e0ab5603f7 windows CRLF issues fixed in builtin test
(cherry picked from commit 18e8835044)
2018-12-14 18:50:47 -08:00
Ondřej Surý
a69f38e478 Fix ECC algorithms unused constants in PKCS#11 build 2018-12-14 09:00:12 +01:00
Mark Andrews
1f404e35b6 check that DNSKEY and other occluded data are excluded from the delegating bitmap
(cherry picked from commit 7e4b82103b)
2018-12-14 14:27:50 +11:00
Mark Andrews
58f8ec2b36 check that the time between notify messages is not too small
(cherry picked from commit 47a4e0eeaa)
2018-12-12 10:23:16 +11:00
Mark Andrews
c955498688 allow a small about of time for the syncptr event to be processed
(cherry picked from commit 3bca52ca07)
2018-12-10 09:07:04 -08:00
Michał Kępień
4c23d84285 Check that DNAME is not treated as a delegation when signing
(cherry picked from commit adbca54079)
2018-12-10 17:49:38 +11:00
Mark Andrews
acc8b89720 verify that auto-dnssec maintain generates and signs NSEC3 records with DNAME at the apex
(cherry picked from commit 6b470bbf42)
2018-12-10 17:49:38 +11:00
Mark Andrews
da5d139973 verify that dnssec-signzone generates NSEC3 records with DNAME at the apex
(cherry picked from commit 06e218c421)
2018-12-10 17:12:09 +11:00
Mark Andrews
2a6a3aa0e7 Properly detect bottom of zone when sign_a_node() is not called
(cherry picked from commit 9eec02a81f)
2018-12-07 11:48:03 +11:00
Andreas Hasenack
54242e8e1f add -U to preparse and usage
(cherry picked from commit 665618698e)
2018-12-07 08:39:32 +11:00
Mark Andrews
5338d9d4b7 add more error logging; add event processing logging
(cherry picked from commit 6a5c8ec2ea)
2018-12-06 11:32:09 +11:00
Ondřej Surý
39b02e8538 Change the default algorithm to RSASHA256 and the alternative algorithm to RSASHA1 as those are always supported 2018-12-05 21:55:31 +01:00
Ondřej Surý
f99c69b435 Add DNSKEY and CDNSKEY with unknown algorithm number (PRIVATEDNS) and \0 as content
(cherry picked from commit 00cc0b236a)
2018-12-05 21:14:06 +01:00
Ondřej Surý
b86789ef27 Refactor masterformat to be shellcheck clean and don't use RSAMD5 algorithm in the tests
(cherry picked from commit b13c7ca402)
2018-12-05 21:14:05 +01:00
Ondřej Surý
c996dcfee1 Make the start.pl and stop.pl more Cygwin friendly
(cherry picked from commit 835bad2c5c)
2018-12-04 15:30:41 +01:00
Ondřej Surý
b7c79f6c0f Replace realpath with cd&pwd shell magic 2018-12-03 20:42:01 +01:00
Ondřej Surý
73e26ec1d6 Make calls to the stop.pl always use the test name instead of '.'
(cherry picked from commit e227815af5)
2018-12-03 17:11:15 +01:00
Ondřej Surý
70cbdf3528 stop.pl - refactor
(cherry picked from commit 27ee629e6b)
2018-12-03 17:10:40 +01:00
Ondřej Surý
e8f38da2df Make calls to the start.pl always use the test name instead of '.'
(cherry picked from commit 16b95157e8)
2018-12-03 17:10:26 +01:00
Brian Conry
1ae7ca6606 start.pl - refactor
(cherry picked from commit 0fc8bfef13)
2018-12-03 17:09:48 +01:00
Brian Conry
ee737c8328 start.pl - wait for server to say 'running'
(cherry picked from commit 597049461d)
2018-12-03 17:09:05 +01:00
Ondřej Surý
e3379c44cb Add ALTERNATIVE_ALGORITHM to conf.sh
(cherry picked from commit b2c4c35493)
2018-12-03 09:30:44 +01:00
Ondřej Surý
d1dffe2fd3 Export SYSTEMTESTTOP from run.sh (so, it doesn't have to be defined in each script) and scrub / from the test names
(cherry picked from commit 1b2a3a0ea6)
2018-12-03 09:02:14 +01:00
Tony Finch
7ac356688c catz: improved log message when a zone is overridden
If you have a catalog zone containing 10.in-addr.arpa and an
explicitly-configured version which overrides the catz version,
`named` used to log:

catz: error "success" while trying to add zone "10.in-addr.arpa"

After this patch it logs:

catz: zone "10.in-addr.arpa" is overridden by explicitly configured zone
(cherry picked from commit 16eb35187a)
2018-12-03 15:52:14 +11:00
Mark Andrews
5ee79f833e use documented default key ttl
(cherry picked from commit 6499bdfd8b)
2018-11-30 11:12:51 +11:00
Mark Andrews
096caccf1d add reproducer for [GL #585]
(cherry picked from commit 0ac2a868bb)
2018-11-30 11:12:51 +11:00