ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
22,727 Commits 589 Branches 805 Tags
bdab9fe78f384beab7968e236dc424ef8b9db702
Commit Graph

520 Commits

Author SHA1 Message Date
Mark Andrews
9efce3c577 3981. [bug] Cache DS/NXDOMAIN independently of other query types. 
[RT #37467]

(cherry picked from commit 72775a79fe)
 2014-10-18 13:09:40 +11:00
Mark Andrews
04df7dff0d 3945. [bug] Invalid wildcard expansions could be incorrectly 
accepted by the validator. [RT #37093]

(cherry picked from commit 2fa1fc5332)
 2014-09-05 12:11:49 +10:00
Evan Hunt
6c004123f9 [v9_10] complete change #3925 
- don't use fwdname in dns_view_findzonecut()

(cherry picked from commit 27d6642e8b)
 2014-08-22 14:58:17 -07:00
Mark Andrews
a8f79ce26b remove redundant isc_sockaddr_format call 2014-08-08 21:28:18 +10:00
Mark Andrews
0b9336e775 3912. [bug] Address some unrecoverable lookup failures. [RT #36330] 
(cherry picked from commit c5734964e6)
 2014-08-06 14:18:47 +10:00
Mark Andrews
ffd72eb9a0 3904. [func] Add the RPZ SOA to the additional section. [RT36507] 
(cherry picked from commit 3a55d43527)
 2014-07-31 10:53:20 +10:00
Mark Andrews
29b682f68d attempt to silence leaked lock false positive 2014-06-04 15:23:07 +10:00
Mark Andrews
666e734005 correct EDNSOK sense 2014-05-22 22:02:29 +10:00
Mark Andrews
624b99c749 3857. [bug] Make it harder for a incorrect NOEDNS classification 
to be made. [RT #36020]
 2014-05-22 21:39:20 +10:00
Mark Andrews
653b4fbf79 remove unused assignment 
(cherry picked from commit a771e8c154d85dea18c2ae77dbc082d197ba433a)
 2014-05-22 00:57:29 +10:00
Mark Andrews
56f9a15e47 3855. [bug] Limit smoothed round trip time aging to no more than 
once a second. [RT #32909]

(cherry picked from commit 0fe0789181)
 2014-05-21 10:16:20 +10:00
Evan Hunt
22cededc29 [v9_10] reduce EDNS logging noise 
3831.	[cleanup]	Reduce logging noise when EDNS state changes occur.
			[RT #35843]

(cherry picked from commit 2b78610512)
 2014-04-29 17:07:03 -07:00
Mark Andrews
469bbe0f97 3810. [bug] Work around broken nameservers that fail to ignore 
unknown EDNS options. [RT #35766]
 2014-04-17 15:43:38 +10:00
Mark Andrews
b4a819a44f othererror should not include badvers now that we have a badvers counter 2014-03-25 16:46:11 +11:00
Tinderbox User
9d7e943c3d update copyright notice 2014-03-19 23:46:06 +00:00
Mark Andrews
a78ffa0cc8 only set FCTX_ADDRINFO_NOSIT if we don't have a existing sit 2014-03-20 07:17:00 +11:00
Mark Andrews
09ab38c151 3790. [bug] Handle broken nameservers that send BADVERS in 
response to unknown EDNS options.  Maintain
                        statistics on BADVERS responses.
 2014-03-20 05:00:55 +11:00
Evan Hunt
f6d0284ec2 [master] fix memory leak 2014-03-04 08:56:09 -08:00
Evan Hunt
e69790ac00 [master] printable NSID logging 
3774.	[func]		When using "request-nsid", log the NSID value in
			printable form as well as hex. [RT #20864]
 2014-03-03 20:51:14 -08:00
Mark Andrews
53ebc0959b #ifdef notyet error handling for bad sit 2014-02-24 23:49:21 +11:00
Mark Andrews
9e39bafd2e adjust SIT computation 2014-02-24 09:29:49 +11:00
Evan Hunt
9576baafc0 [master] assert if sitok/sitbad are insane 2014-02-19 21:26:31 -08:00
Mark Andrews
d17d32a7bf set setok/sitbad 2014-02-20 16:16:53 +11:00
Mark Andrews
801b958a5c s/DNS_EDNSOPTIONS/DNS_EDNSOPTIONS/ 2014-02-20 14:00:54 +11:00
Mark Andrews
72ba6ba736 define DNS_OPT_EDNSOPTIONS 2014-02-20 13:55:21 +11:00
Francis Dupont
f1a6c8e78c WIN32 master fixes 2014-02-19 23:17:52 +01:00
Evan Hunt
7f5bdf7f40 [master] fix dns_resolver_destroyfetch race 
3747.	[bug]		A race condition could lead to a core dump when
			destroying a resolver fetch object. [RT #35385]
 2014-02-18 23:32:02 -08:00
Evan Hunt
6a3fa181d1 [master] add "--with-tuning=large" option 
3745.	[func]		"configure --with-tuning=large" adjusts various
			compiled-in constants and default settings to
			values suited to large servers with abundant
			memory. [RT #29538]
 2014-02-18 22:36:14 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Evan Hunt
1d761cb453 [master] delve 
3741.	[func]		"delve" (domain entity lookup and validation engine):
			A new tool with dig-like semantics for performing DNS
			lookups, with internal DNSSEC validation, using the
			same resolver and validator logic as named. This
			allows easy validation of DNSSEC data in environments
			with untrustworthy resolvers, and assists with
			troubleshooting of DNSSEC problems. (Note: not yet
			available on win32.) [RT #32406]
 2014-02-16 13:03:17 -08:00
Tinderbox User
2cf1d5b098 update copyright notice 2014-01-12 23:46:23 +00:00
Mark Andrews
c24b6b4a40 fix for pre C99 compiler 2014-01-13 09:29:25 +11:00
Mark Andrews
fb756ba304 3703. [func] Prefetch about to expire records if they are queried 
for, see prefetch option for details. [RT #35041]
 2014-01-12 21:29:15 +11:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Evan Hunt
9b895f30f1 [master] fix insecure delegation across static-stub zones 
3689.	[bug]		Fixed a bug causing an insecure delegation from one
			static-stub zone to another to fail with a broken
			trust chain. [RT #35081]
 2013-12-12 22:19:33 -08:00
Mark Andrews
c3c8823fed 3681. [port] Update the Windows build system to support feature 
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]
 2013-12-04 12:47:23 +11:00
Mark Andrews
0bfc15fe59 missing FCTXTRACE2 macro RT#34914 2013-10-21 15:51:43 +11:00
Mark Andrews
f45818b82a add comment 2013-07-26 10:25:45 +10:00
Evan Hunt
9d4ec6d2c5 [master] "flushtree -all" no longer optional 
Updated CHANGES note:
3606.	[func]		"rndc flushtree" now flushes matching
			records in the address database and bad cache
                        as well as the DNS cache. (Previously only the
                        DNS cache was flushed.) [RT #33970]
 2013-06-30 18:53:48 -07:00
Evan Hunt
9fa5a723e1 [master] "rndc flushtree -all <name>" 
3606.	[func]		"rndc flushtree -all" flushes matching
			records in the ADB and bad cache as well as
			the DNS cache.  (Without the "-all" option,
			flushtree will still only flush records from
			the DNS cache.) [RT #33970]
 2013-06-26 14:59:32 -07:00
Tinderbox User
8e9b13f510 update copyright notice 2013-06-12 23:46:16 +00:00
Mark Andrews
baa9d706bd move declaration to begining of block 2013-06-12 21:06:00 +10:00
Mark Andrews
8e15d5eb3a 3593. [func] Update EDNS processing to better track remote server 
capabilities. [RT #30655]
 2013-06-12 11:31:30 +10:00
Evan Hunt
276457f7a3 [master] assertion failure in resolver.c 
3584.	[security]	Caching data from an incompletely signed zone could
			trigger an assertion failure in resolver.c [RT #33690]
 2013-06-04 11:22:47 -07:00
Mark Andrews
b4914b3d69 3551. [bug] resolver.querydscp[46] were uninitialized. [RT #32686] 2013-04-19 12:36:02 +10:00
Evan Hunt
b99bfa184b [master] unify internal and export libraries 
3550.	[func]		Unified the internal and export versions of the
			BIND libraries, allowing external clients to use
			the same libraries as BIND. [RT #33131]
 2013-04-10 13:49:57 -07:00
Mark Andrews
4adf97c32f 3548. [bug] The NSID request code in resolver.c was broken 
resulting in invalid EDNS options being sent.
                        [RT #33153]
 2013-04-08 16:29:26 +10:00
Mark Andrews
8013077aa7 3541. [bug] The parts if libdns was not being properly initialized 
in when built in libexport mode. [RT #33028]
 2013-04-03 17:27:40 +11:00
Evan Hunt
67adc03ef8 [master] add DSCP support 
3535.	[func]		Add support for setting Differentiated Services Code
			Point (DSCP) values in named.  Most configuration
			options which take a "port" option (e.g.,
			listen-on, forwarders, also-notify, masters,
			notify-source, etc) can now also take a "dscp"
			option specifying a code point for use with
			outgoing traffic, if supported by the underlying
			OS. [RT #27596]
 2013-03-22 14:05:33 -07:00