Commit Graph

132 Commits

Author SHA1 Message Date
Mark Andrews
86176a9153 use new packet for response; rename variable to request and response
(cherry picked from commit 280d0ca507)
2018-10-31 16:36:34 +11:00
Witold Kręcicki
886cc5f64d Set result to SERVFAIL if upstream responded with FORMERR
Commit 2bc4c92ed4 causes the resolver to
respond to a client query with FORMERR when all upstream queries sent to
the servers authoritative for QNAME elicit FORMERR responses.  This
happens because resolver code returns DNS_R_FORMERR in such a case and
dns_result_torcode() acts as a pass-through for all arguments which are
already a valid RCODE.

The correct RCODE to set in the response returned to the client in the
case described above is SERVFAIL.  Make sure this happens by overriding
the RCODE in query_gotanswer(), on the grounds that any format errors in
the client query itself should be caught long before execution reaches
that point.  This change should not reduce query error logging accuracy
as the resolver code itself reports the exact reason for returning a
DNS_R_FORMERR result using log_formerr().

(cherry picked from commit b5c9a8caad)
2018-10-23 14:00:12 +02:00
Mark Andrews
259e0b0544 use pack to construct the reply as Net::DNS just get it wrong
(cherry picked from commit feaf381adb)
2018-08-31 18:39:46 +10:00
Michał Kępień
367b973835 Do not treat a referral with a non-empty ANSWER section as an error
As part of resquery_response() refactoring [1], a goto statement was
replaced [2] with a call to a new function - originally called
rctx_delegation(), now folded into rctx_answer_none() - extracted from
existing code.  However, one call site of that refactored function does
not reset the "result" variable, causing a referral with a non-empty
ANSWER section to be inadvertently treated as an error, which prevents
resolution of names reliant on servers sending such responses.  Fix by
resetting the "result" variable to ISC_R_SUCCESS when a response
containing a non-empty ANSWER section can be treated as a delegation.

[1] see RT #45362

[2] see commit e1380a16741a3b4a57e54d7a9ce09dd12691522f

(cherry picked from commit 24b9ec555a)
2018-08-22 10:16:08 +02:00
Evan Hunt
d97001a37c caclulate nlabels and set *chainingp correctly 2018-08-08 14:24:15 -07:00
Michał Kępień
655dccf4ea Fix a Net::DNS version quirk in the "resolver" system test
Net::DNS versions older than 0.68 insert a ./ANY RR into the QUESTION
section if the latter is empty.  Since the latest Net::DNS version
available with stock RHEL/CentOS 6 packages is 0.65 and we officially
support that operating system, bin/tests/system/resolver/ans8/ans.pl
should behave consistently for various Net::DNS versions.  Ensure that
by making handleUDP() return the query ID and flags generated by
Net::DNS with 8 zero bytes appended.

(cherry picked from commit 6c3c6aea37)
2018-07-10 15:07:38 +02:00
Michał Kępień
dce66f7635 Replace duplicated code snippet with calls to helper functions
Reduce code duplication by replacing a code snippet repeated throughout
system tests using "trusted-keys" and/or "managed-keys" configuration
sections with calls to keyfile_to_{managed,trusted}_keys() helper
functions.

(cherry picked from commit 120af964ce)
2018-06-13 07:58:39 +02:00
Ondřej Surý
c35de9b383 Remove $Id markers, Principal Author and Reviewed tags from the full source tree
(cherry picked from commit 55a10b7acd)
2018-05-11 14:19:35 +02:00
Evan Hunt
19b5249028 update file headers 2018-03-15 18:40:21 -07:00
Ondřej Surý
557a5c3f78 Update license headers to not include years in copyright in all applicable files
(cherry picked from commit 843d389661)
2018-02-23 10:38:02 +01:00
Evan Hunt
7f1039d8d0 final cleanup
- add CHANGES note
- update copyrights and license headers
- add -j to the make commands in .gitlab-ci.yml to take
  advantage of parallelization in the gitlab CI process

(cherry picked from commit 0c559199bf)
2018-02-23 08:34:37 +01:00
Evan Hunt
2b81f322cb parallelize most system tests
(cherry picked from commit c032c54dda)
2018-02-23 08:31:59 +01:00
Tinderbox User
ffbe6b9537 update copyright notice / whitespace 2017-09-19 23:46:23 +00:00
Mukund Sivaraman
32bcafc316 Change default minimal-responses setting to no-auth-recursive (#46016) 2017-09-19 19:49:02 +05:30
Tinderbox User
1e33899f86 update copyright notice / whitespace 2017-09-12 23:46:14 +00:00
Evan Hunt
25b33bede4 [master] improve handling of qcount=0 replies
4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
			FORMERR if TC=0, and log the error correctly.
			[RT #45836]
2017-09-12 15:26:30 -07:00
Evan Hunt
45afdb2672 [master] remove default algorithm in dnssec-keygen
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
2017-08-30 18:51:11 -07:00
Tinderbox User
b168f3f805 update copyright notice / whitespace 2017-05-02 23:45:36 +00:00
Mark Andrews
33e94f501f 4615. [bug] AD could be set on truncated answer with no records
present in the answer and authority sections.
                        [RT #45140]
2017-05-03 07:51:41 +10:00
Evan Hunt
6ce8a05f6c [master] update copyrights that had been missed recently 2017-04-23 17:06:00 -07:00
Tinderbox User
1f6505a424 update copyright notice / whitespace 2017-04-22 23:45:41 +00:00
Mukund Sivaraman
03be5a6b4e Improve performance for delegation heavy answers and also general query performance (#44029) 2017-04-22 09:22:44 +05:30
Mukund Sivaraman
dd7d1df874 Increase minimum RSA keygen size to 1024 bits (#36895) 2017-04-21 12:00:40 +05:30
Mark Andrews
def6b33bad 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] 2016-12-13 16:27:18 +11:00
Mark Andrews
4914e3ddc6 number all resolver tests 2016-12-13 15:02:32 +11:00
Evan Hunt
5480a74b70 [master] simplify prereq checks by using feature-test.c
4498.	[test]		Simplify prerequisite checks in system tests.
			[RT #43516]
2016-10-31 16:53:37 -07:00
Witold Krecicki
358dfaee18 4487. [test] Make system tests work on Windows. [RT #42931] 2016-10-19 17:18:42 +02:00
Mark Andrews
e1f590a59a remove spurious 'i' 2016-08-26 13:41:57 +10:00
Tinderbox User
fba207e51a update copyright notice / whitespace 2016-08-25 23:45:37 +00:00
Mark Andrews
f431bf02a6 4453. [bug] Prefetching of DS records failed to update their
RRSIGs. [RT #42865]
2016-08-25 09:51:31 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
3635d8f910 do not overflow exit status. [RT #42643] 2016-06-14 13:48:39 +10:00
Tinderbox User
27def92931 update copyright notice / whitespace 2016-03-21 23:45:22 +00:00
Mark Andrews
0993cd5f22 4336. [bug] Don't emit records with zero ttl unless the records
were learnt with a zero ttl. [RT #41687]
2016-03-21 13:22:21 +11:00
Tinderbox User
4688741c5c update copyright notice / whitespace 2015-12-16 23:45:26 +00:00
Mark Andrews
ecfedec0e0 perform a more complete cleanup after running system tests [rt41255] 2015-12-16 11:29:18 +11:00
Evan Hunt
e13d04fda9 [master] fix python script versions
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
2015-11-08 21:34:24 -08:00
Tinderbox User
551e0d486d update copyright notice / whitespace 2015-09-30 23:45:36 +00:00
Mark Andrews
65d59a4307 4232. [test] Add tests for CDS and CDNSKEY with delegation-only.
[RT #40597]
2015-09-30 15:55:14 +10:00
Mark Andrews
dd1bcab25c 4213. [bug] Don't reuse a cache across multiple classes.
[RT #40205]
2015-09-17 14:51:21 +10:00
Tinderbox User
f28c6dc514 update copyright notice / whitespace 2015-09-10 23:46:28 +00:00
Mark Andrews
4ca7391e64 4196. [doc] Improve how "enum + other" types are documented.
[RT #40608]

4195.   [bug]           'max-zone-ttl unlimited;' was broken. [RT #40608]
2015-09-09 17:02:11 +10:00
Evan Hunt
1479200aa0 [master] DDoS mitigation features
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]
2015-07-08 22:53:39 -07:00
Mark Andrews
3e33f4198d 4154. [bug] A OPT record should be included with the FORMERR
response when there is a malformed EDNS option.
                        [RT #39647]

4153.   [bug]           Dig should zero non significant +subnet bits.  Check
                        that non significant ECS bits are zero on receipt.
                        [RT #39647]
2015-07-06 12:52:37 +10:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
2015-07-06 09:44:24 +10:00
Mark Andrews
52a487f71a link against ISC_OPENSSL_LIBS 2015-05-28 11:06:39 +10:00
Tinderbox User
b7b835bfb0 update copyright notice / whitespace 2015-05-24 23:45:24 +00:00
Mark Andrews
936adc1282 link against libisc 2015-05-24 11:58:15 +10:00
Francis Dupont
3759f10fc5 added print.h includes, updated copyrights 2015-05-23 14:21:51 +02:00
Tinderbox User
0dfc0745c4 update copyright notice / whitespace 2015-05-21 23:45:26 +00:00