ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,799 Commits 589 Branches 805 Tags
ebf5459c44bc5102a08f3b2fa27829a014e4476e
Commit Graph

215 Commits

Author SHA1 Message Date
Evan Hunt
3abcd7cd8a [master] Revert "[master] tag initializing keys so they can't be used for normal validation" 
This reverts commit 560d8b833e.

This change created a potential race between key refresh queries and
root zone priming queries which could leave the root name servers in
the bad-server cache.
 2017-10-12 10:53:35 -07:00
Evan Hunt
d0c3272eaa [master] copyrights 2017-10-11 21:11:37 -07:00
Evan Hunt
560d8b833e [master] tag initializing keys so they can't be used for normal validation 
4773.	[bug]		Keys specified in "managed-keys" statements
			can now only be used when validating key refresh
			queries during initialization of RFC 5011 key
			maintenance. If initialization fails, DNSSEC
			validation of normal queries will also fail.
			Previously, validation of normal queries could
			succeed using the initializing key, potentially
			masking problems with managed-keys. [RT #46077]
 2017-10-11 21:01:13 -07:00
Michał Kępień
c0f78692ee [master] Sync draft-durand-doa-over-dns snippet in lib/dns/tests/rdata_test.c with draft version -03 2017-10-09 10:52:50 +02:00
Michał Kępień
417218837e [master] Add support for DOA 
4761.	[protocol]	Add support for DOA. [RT #45612]
 2017-10-06 12:22:08 +02:00
Tinderbox User
791aa3e9be update copyright notice / whitespace 2017-09-28 23:45:49 +00:00
Mark Andrews
f735293431 4743. [func] Exclude trust-anchor-telementry queries from 
synth-from-dnssec processing. [RT #46123]
 2017-09-28 16:40:45 +10:00
Mark Andrews
f9f3f20d2d 4739. [cleanup] Address clang static analysis warnings. [RT #45952] 2017-09-27 10:27:09 +10:00
Mark Andrews
d17cf1cade explicitly list test programs 2017-09-21 12:56:33 +10:00
Tinderbox User
cb5bc50c91 update copyright notice / whitespace 2017-09-18 23:48:50 +00:00
Evan Hunt
6e5ae91479 [master] silence compiler warning 2017-09-16 21:01:06 -07:00
Francis Dupont
9c829f4f96 Merged rt31459d (openssl random) 2017-09-16 13:53:29 +02:00
Tinderbox User
33987cb5fd update copyright notice / whitespace 2017-09-13 23:48:32 +00:00
Mukund Sivaraman
e5eca6eebb Fix output string size in GOST unittest 2017-09-14 01:36:08 +05:30
Mukund Sivaraman
93f7384928 Fix gost unittest failure 2017-09-14 00:29:04 +05:30
Mark Andrews
4c9ba9ded8 add #include <isc/string.h> 2017-09-13 23:43:43 +10:00
Evan Hunt
114f95089c [master] cleanup strcat/strcpy 
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]
 2017-09-13 00:14:37 -07:00
Evan Hunt
586e65ea5c [rt31459d] rebased rt31459c 2017-09-12 19:05:46 -07:00
Francis Dupont
90f6140832 Finished merge of rt45019 (openssl hash default) 2017-09-09 10:30:16 +02:00
Evan Hunt
509ba96497 [rt45019] separate DNS_CRYPTO_LIBS from ISC_OPENSSL_LIBS and use both 2017-09-07 22:05:20 -07:00
Tinderbox User
40780aa36f update copyright notice / whitespace 2017-09-06 23:46:23 +00:00
Evan Hunt
e90926bb9e [master] refactor tsig.c 
4701.	[cleanup]	Refactored lib/dns/tsig.c to reduce code
			duplication and simplify the disabling of MD5.
			[RT #45490]
 2017-09-06 10:57:40 -07:00
Mark Andrews
df50751585 4700. [func] Serving of stale answers is now supported. This 
allows named to provide stale cached answers when
                        the authoritative server is under attack.
                        See max-stale-ttl, stale-answer-enable,
                        stale-answer-ttl. [RT #44790]
 2017-09-06 09:58:29 +10:00
Mukund Sivaraman
f2b6eef899 Fix tsig_test.c unittest (OK'd by Mark on Jabber) 2017-08-08 19:45:07 +05:30
Tinderbox User
b74e1c3b50 update copyright notice / whitespace 2017-08-01 23:46:29 +00:00
Michał Kępień
712825d755 [master] Refactor RDATA unit tests 
4667.	[cleanup]	Refactor RDATA unit tests. [RT #45610]
 2017-08-01 12:15:21 +02:00
Tinderbox User
9ab5ec1d72 update copyright notice / whitespace 2017-07-21 23:46:06 +00:00
Mark Andrews
4bf32aa587 4654. [cleanup] Don't use C++ keywords delete, new and namespace. 
[RT #45538]
 2017-07-21 11:52:24 +10:00
Mark Andrews
c0ac259940 4650. [test] Silence coverity warnings in tsig_test.c. [RT #45528] 2017-07-19 14:34:15 +10:00
Mark Andrews
df1297cd0c sort *_test@EXEEXT@ rule sets 2017-07-11 12:12:12 +10:00
Tinderbox User
63582913c9 update copyright notice / whitespace 2017-07-07 23:45:38 +00:00
Mark Andrews
00a235c8e6 add #include <isc/print.h> 2017-07-08 00:47:59 +10:00
Mark Andrews
58f0fb325b 4647. [bug] Change 4643 broke verification of TSIG signed TCP 
message sequences where not all the messages contain
                        TSIG records.  These may be used in AXFR and IXFR
                        responses.  [RT #45509]
 2017-07-07 23:19:05 +10:00
Tinderbox User
61f11922d3 update copyright notice / whitespace 2017-02-04 23:45:35 +00:00
Evan Hunt
650b5e7592 [master] store local and remote addresses in dnstap 
4569.	[func]		Store both local and remote addresses in dnstap
			logging, and modify dnstap-read output format to
			print them. [RT #43595]
 2017-02-03 17:05:58 -08:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Mark Andrews
8e333f42ef 4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure. 
[RT #43601]
 2016-12-27 09:49:02 +11:00
Mark Andrews
56c6fc0dac only call dns_test_begin once 
(cherry picked from commit f13c7b01746a07bef87a386ceff93ccb2a7488a9)
 2016-11-09 10:03:21 +11:00
Mark Andrews
aa44b4682a copyrights/whitespace 2016-11-03 12:41:00 +11:00
Mark Andrews
a0caf66c97 remove review fprintf 2016-11-02 18:03:33 +11:00
Mark Andrews
2b2b85c897 4507. [bug] Name could incorrectly log 'allows updates by IP 
address, which is insecure' [RT #43432]
 2016-11-02 17:53:19 +11:00
Mark Andrews
df17290113 4468. [bug] Address ECS option handling issues. [RT #43191] 2016-09-14 08:22:15 +10:00
Mark Andrews
726cddb564 4454. [bug] 'rndc dnstap -reopen' had a race issue. [RT #43089] 2016-08-25 10:03:22 +10:00
Mark Andrews
888dc0fb4f update copyrights / whitespace 2016-08-23 09:48:35 +10:00
Francis Dupont
fc41d120f0 Merged rt43077 (new RSA verify unit test) 2016-08-22 14:10:21 +02:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
934837913f 4447. [tuning] Allow the fstrm_iothr_init() options to be set using 
named.conf to control how dnstap manages the data
                        flow. [RT #42974]
 2016-08-18 11:16:06 +10:00
Mark Andrews
c4153b554d 4428. [bug] The "test dispatch getnext" unit test could fail 
in a threaded build. [RT #42979]
 2016-08-08 09:35:17 +10:00
Evan Hunt
ffa622d7a3 [master] rndc dnstap -roll 
4411.	[func]		"rndc dnstap -roll" automatically rolls the
			dnstap output file; the previous version is
			saved with ".0" suffix, and earlier versions
			with ".1" and so on. An optional numeric argument
			indicates how many prior files to save. [RT #42830]
 2016-07-13 01:12:47 -07:00
Mark Andrews
ec5e01747a 4408. [func] Continue waiting for expected response when we the 
response we get does not match the request. [RT #41026]
 2016-07-11 13:36:16 +10:00