Michał Kępień
c6bf43a821
Make NTAs work with validating forwarders
...
If named is configured to perform DNSSEC validation and also forwards
all queries ("forward only;") to validating resolvers, negative trust
anchors do not work properly because the CD bit is not set in queries
sent to the forwarders. As a result, instead of retrieving bogus DNSSEC
material and making validation decisions based on its configuration,
named is only receiving SERVFAIL responses to queries for bogus data.
Fix by ensuring the CD bit is always set in queries sent to forwarders
if the query name is covered by an NTA.
(cherry picked from commit 5e80488270
2019-05-09 20:37:37 -07:00
Mark Andrews
7dd4fa9da3
enforce known SSHFP finger print lengths
...
(cherry picked from commit 1722728c80
2019-05-09 08:48:28 +10:00
Mark Andrews
d5d4ddd764
using 0 instead of false
...
(cherry picked from commit da7f683abf
2019-04-23 11:45:33 +10:00
Mark Andrews
b27ef87c38
Add debug printfs
...
(cherry picked from commit b78e128a2f
2019-04-11 19:47:44 +10:00
Mark Andrews
86bb6e23ce
Prevent WIRE_INVALID() being called without a argument
...
(cherry picked from commit e73a5b0ce3
2019-04-11 19:47:44 +10:00
Mark Andrews
1eb7267e60
Check multi-line output from dns_rdata_tofmttext()
...
Check that multi-line output from dns_rdata_tofmttext() can be read
back in by dns_rdata_fromtext().
(cherry picked from commit b089f43b7a
2019-04-11 19:47:44 +10:00
Mark Andrews
14c2db8c5d
Process master file comments and make input invalid again
...
(cherry picked from commit 1a75a5cee6
2019-04-11 19:47:43 +10:00
Mark Andrews
4395311280
Set 'specials' to match 'specials' in 'lib/dns/master.c'
...
(cherry picked from commit 7941a9554f
2019-04-11 19:47:43 +10:00
Mark Andrews
56a534ab06
Add dns_rdata_totext() and dns_rdata_fromtext() to fromwire
...
Add dns_rdata_totext() and dns_rdata_fromtext() to fromwire for
valid inputs to ensure that what we accept in dns_rdata_fromwire()
can be written out and read back in.
(cherry picked from commit 36f30f5731
2019-04-11 19:47:43 +10:00
Mark Andrews
480bcb314d
add ds unit test
...
(cherry picked from commit 6eb28eda1e
2019-04-10 14:44:05 +10:00
Mark Andrews
d006ae2195
check that from fromtext produces valid towire input
...
(cherry picked from commit 7b0a653858
2019-04-10 13:24:17 +10:00
Mark Andrews
53a62e2977
for rkey flags MUST be zero
...
(cherry picked from commit 82d4931440
2019-04-09 14:22:50 +10:00
Mark Andrews
07d024a4da
check flags for no key in fromwire for *KEY
...
(cherry picked from commit 2592e91516
2019-04-09 14:22:50 +10:00
Ondřej Surý
7485a4332e
Make lib/dns/dnstap.pb-c.h private header
...
This changes dns_dtdata struct to not expose data types from dnstap.pb-c.h to
prevent the need for including this header where not really needed.
(cherry picked from commit 8ccce7e24b
2019-03-22 12:07:31 +01:00
Mark Andrews
753d77c51f
Disallow empty ZONEMD hashes
...
This change is the result of discussions with the authors of
draft-wessels-dns-zone-digest.
(cherry picked from commit 473987d8d9
2019-03-22 06:52:10 +11:00
Petr Menšík
7885bbff99
Fix regression in dnstap_test with native pkcs11
...
Change to cmocka broken initialization of TZ environment. This time,
commit 1cf125405171c4fad592
2019-03-15 16:17:52 +11:00
Mark Andrews
7c78e5b90a
improve clang / cmocka integration
...
(cherry picked from commit cb913177ae
2019-03-05 10:42:01 -08:00
Mark Andrews
76a1c1531a
assert result is ISC_R_SUCCESS
2019-02-19 07:57:14 +11:00
Mark Andrews
a9fadafecd
fix AMTRELAY name
2019-02-08 13:54:13 +11:00
Mark Andrews
8d69e15988
add top of range checks
2019-02-08 09:37:00 +11:00
Evan Hunt
3183663dd4
Add support for ZONEMD
2019-02-07 12:34:14 -08:00
Mark Andrews
66922ee7af
Add support for ATMRELAY
2019-02-07 10:28:19 -08:00
Ondřej Surý
3a3e75042d
Remove support for compiling without assertions (Both ISC_CHECK_ALL, ISC_CHECK_NONE are now gone)
2019-01-31 11:16:08 +01:00
Ondřej Surý
e2cdf066ea
Remove message catalogs
2019-01-09 23:44:26 +01:00
Mark Andrews
f2f7711977
add unit tests for dns_rdatatype_atcname, dns_rdatatype_atparent and iszonecutauth
2018-12-14 13:21:35 +11:00
Ondřej Surý
a2e38f758d
Add lib/dns/tests/testdata/dnstap/dnstap.file to .gitignore
2018-12-11 11:32:24 +01:00
Ondřej Surý
e69dc0dbc7
Remove RSAMD5 support
2018-12-11 11:32:24 +01:00
Ondřej Surý
ef87b1e60b
Don't check the memory leaks in the libdns tests as they hide the cmocka assertion failures
2018-12-04 09:00:42 +01:00
Ondřej Surý
a688a43faf
Move the CMocka include directories from CFLAGS to CINCLUDES where it belongs to not get overriden later by the default CFLAGS rule
2018-11-26 16:16:34 +01:00
Mark Andrews
2156a5b610
address coverity side effect in assert warning
2018-11-22 17:57:54 -05:00
Ondřej Surý
2f3eee5a4f
isc_mutex_init returns 'void'
2018-11-22 11:51:49 +00:00
Evan Hunt
8f15219f36
remove (or hide behind a 'verbose' flag) extra output from system tests
2018-11-16 20:46:14 +00:00
Evan Hunt
8c4d50c6bc
remove ATF source code and Atffiles
2018-11-14 20:17:04 -08:00
Joey
336d5a5374
convert update_test; remove ATF from lib/dns/tests
2018-11-14 20:17:04 -08:00
Joey
92a3762cb6
convert tsig_test
2018-11-14 20:17:04 -08:00
Joey
2c7e6947fa
convert time_test
2018-11-14 20:17:04 -08:00
Joey
eda6281f98
convert sigs_test
2018-11-14 20:17:04 -08:00
Joey
b915cdbf0b
convert rsa_test
2018-11-14 20:17:04 -08:00
Joey
2837a821e8
convert resolver_test
2018-11-14 20:17:04 -08:00
Joey
dfd90dbb82
convert rbt_serialize_test
2018-11-14 20:17:04 -08:00
Joey
1b48e710d5
convert name_test
2018-11-14 20:17:04 -08:00
Joey
4ba08bb119
convert master_test
2018-11-14 20:17:04 -08:00
Joey
e38901154d
convert keytable_test
2018-11-14 20:17:04 -08:00
Joey
9a464ef869
convert private_test
2018-11-14 20:17:04 -08:00
Evan Hunt
98d5abb73c
convert dbversion_test
2018-11-14 20:17:04 -08:00
Joey
ad923f82b1
convert dst_test
2018-11-14 20:17:04 -08:00
Joey
005e19ad3f
convert db_test
2018-11-14 20:17:04 -08:00
Evan Hunt
8d347788b0
convert dispatch_test
2018-11-14 20:17:04 -08:00
Evan Hunt
01a193ff6c
convert zonemgr_test
2018-11-14 20:17:04 -08:00
Evan Hunt
0a4f6122de
convert zt_test
2018-11-14 20:17:04 -08:00
