The implicit ./configure default is to use --with-gssapi=auto. There is
already a GitLab CI job (gcc:stretch:amd64) which uses --without-gssapi.
Add four more forms of the --with-gssapi option to various GitLab CI job
configurations so that its every possible variant is regularly tested.
The autoconf script would call the krb5-config with both gssapi and krb5
libraries as arguments in a single call. It turned out that this is
actually not supported and it breaks some platforms. This commit splits
the call into two separate calls - one for gssapi and one for krb5
library.
Discourage the single source port on general level and document that the
source port cannot be same as the listening port. This applies to
query-source, transfer-source, notify-source, parental-source, and their
respective IPv6 counterparts.
(cherry picked from commit c9a17c878a)
- when transfer-source(-v6), query-source(-v6), notify-source(-v6)
or parental-source(-v6) are specified with a port number, issue a
warning.
- when the port specified is the same as the DNS listener port (i.e.,
53, or whatever was specified as "port" in "options"), issue a fatal
error.
- check that "port" is in range. (previously this was only checked
by named, not by named-checkconf.)
- added checkconf tests.
- incidental fix: removed dead code in check.c:bind9_check_namedconf().
(note: if the DNS port is specified on the command line with "named -p",
that is not conveyed to libbind9, so these checks will not take it into
account.)
(cherry picked from commit 14c8d7dfb7)
The ns3->ns2 forwarding is now done using the IPv6 addresses, so we also
test that the query-source-v6 address is still operational after removal
of interface adjustment.
(cherry picked from commit 8a4c44ca24)
Previously, named would run with a configuration
where *-source-v6 (notify-source-v6, transfer-source-v6 and
query-source-v6) address and port could be simultaneously used for
listening. This is no longer true for BIND 9.16+ and the code that
would do interface adjustments would unexpectedly disable listening on
TCP for such interfaces.
This commit removes the code that would adjust listening interfaces
for addresses/ports configured in *-source-v6 option.
(cherry picked from commit 8ac1d4e0da)
The native PKCS#11 feature has been removed in BIND 9.18, so we need to
add a deprecation notice (warning at ./configure time) to the next 9.16
release.
when "checking lame server clients are dropped below the hard limit",
periodically a query is sent for a name for which the server is
authoritative, to verify that legitimate queries can still be
processed while the server is dealing with a flood of lame delegation
queries. those queries used the same dig options as elsewhere in the
fetchlimit test, including "+tries=1 +timeout=1". on slow systems, a
1-second timeout may be insufficient to get an answer even if the server
is behaving well. this commit increases the timeout for the check
queries to 2 seconds in hopes that will be enough to eliminate test
failures in CI.
(cherry picked from commit 45f330339c)
Document that the interval on new RRSIG records is randomally
chosen between the limits specified by sig-validity-interval.
document the operatations when this occurs.
(cherry picked from commit e65ce00f11)
- fixed a size comparison using "signed int" that failed if the file
size was more than 2GB, since that was treated as a negative number.
- incidentally renamed deserialize32() to just deserialize(). we no
longer have separate 32 and 64 bit rbtdb implementations.
When BIND is running as a Windows Service the ISC library's
initializations initiated by the DLLMain loading procedure are
happening under the Windows Service Manager thread instead of
BIND's main thread.
This commit will make sure that BIND's main thread trampoline has
been initialized before running the main() function.
This commit modifies the MTU of the loopback interface on
Linux systems to 1500, so that oversized UDP packets can
trigger EMSGSIZE errors, and tests that named handles
such errors correctly.
Note that the loopback MTU size has not yet been modified
for other platforms.
(cherry picked from commit cfd058d622)
bump the map zonefile version number to avoid an assertion
failure when loading map files from versions of BIND prior to
the most recent change to the in-memory structure of zone
databases.
(cherry picked from commit 4a68c7be22)
