Tinderbox User
3bbd725a2c
prep 9.11.4rc2
2018-06-28 05:07:42 +00:00
Mukund Sivaraman
49cd7552be
return FORMERR when question section is empty if COOKIE is not present
...
(cherry picked from commit 06d3106002 )
(cherry picked from commit ed29b84e16 )
2018-06-26 14:44:18 -07:00
Mark Andrews
c45fb6d92a
CHANGES, copyright
...
(cherry picked from commit f7d346357e )
2018-06-26 10:55:44 -07:00
Mark Andrews
316eebb699
construct a symtab of valid in-view targets then check that the target exists
...
(cherry picked from commit e01a4bcb20 )
2018-06-26 10:53:59 -07:00
Michał Kępień
4b0129f34b
Only request permitted capabilities in non-libcap builds
...
While libcap-enabled builds check whether any capability named requests
is within the permitted capability set, non-libcap builds just try
requesting them, which potentially causes a misleading error message to
be output ("Operation not permitted: please ensure that the capset
kernel module is loaded"). Ensure non-libcap builds also check whether
any requested capability is within the permitted capability set.
(cherry picked from commit 8c66f32e53 )
2018-06-26 13:19:58 +02:00
Mark Andrews
ffc58bede6
log the remaining -V info at startup
2018-06-25 15:18:18 -07:00
Mark Andrews
d3982afe5c
the client cookie was being hashed twice when computing the server cookie for sha1 and sha256
...
(cherry picked from commit 4795f0ca89 )
2018-06-22 17:45:32 +10:00
Evan Hunt
a1690b24bc
prepare 9.11.4rc1
2018-06-21 18:54:43 +02:00
Evan Hunt
b330bcb8a1
add a regression test for default allow-recursion settings
2018-06-14 14:47:11 +02:00
Evan Hunt
3d71785ef1
allow-recursion could incorrectly inherit from the default allow-query
2018-06-14 14:47:11 +02:00
Mark Andrews
0c3ddaafb5
Pull out the saving of the zone cut into a separate function
...
(cherry picked from commit 899e56068e )
2018-06-13 12:58:57 +02:00
Michał Kępień
6d8a514ecb
Treat records below a DNAME as out-of-zone data
...
DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains. Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records. Check that DNAME-obscured
records are not signed.
(cherry picked from commit ff7015a0f8 )
2018-06-13 12:58:27 +02:00
Michał Kępień
da430b5f36
Add helper variables in mkeys system test
...
The keyfile and key ID for the original managed key do not change
throughout the mkeys system test. Keep them in helper variables to
prevent calling "cat" multiple times and improve code readability.
(cherry picked from commit 2cad382552 )
2018-06-13 08:08:25 +02:00
Michał Kępień
a23e9821d6
Replace duplicated code snippet with calls to helper functions
...
Reduce code duplication by replacing a code snippet repeated throughout
system tests using "trusted-keys" and/or "managed-keys" configuration
sections with calls to keyfile_to_{managed,trusted}_keys() helper
functions.
(cherry picked from commit dce66f7635 )
2018-06-13 08:08:25 +02:00
Michał Kępień
36d6a6cc76
Add helper functions for converting keyfile data into configuration sections
...
Add a set of helper functions for system test scripts which enable
converting key data from a set of keyfiles to either a "trusted-keys"
section or a "managed-keys" section suitable for including in a
resolver's configuration file.
(cherry picked from commit 21d3658bcb )
2018-06-13 08:08:25 +02:00
Evan Hunt
5bf319c107
complete strtok fix
...
(cherry picked from commit 74c3b9d3b2 )
2018-06-09 23:04:18 -07:00
Evan Hunt
2960bf1a9f
use strtok() instead of strtok_r() in command line processing
...
(cherry picked from commit 1734f1b3b9 )
2018-06-09 22:36:46 -07:00
Evan Hunt
7a00ce2e77
ensure we try to validate glue records so RRSIG TTLs will be capped
2018-06-08 11:41:48 -07:00
Mukund Sivaraman
db12b1a9f9
Add system test
...
(cherry picked from commit a5933fa2bb )
2018-06-08 17:29:45 +10:00
Mukund Sivaraman
441de7dbe3
Add a answer-cookie named config option
...
(cherry picked from commit 2930507357 )
2018-06-08 17:29:28 +10:00
Mark Andrews
34bfd20348
Add support for marking a option as deprecated.
...
(cherry picked from commit befff9452c )
2018-06-08 15:56:01 +10:00
Mark Andrews
1710e5cfca
add duplicate signature test
...
(cherry picked from commit 0db5b087ed )
(cherry picked from commit 1783fa5aba )
2018-06-06 17:21:29 +10:00
Mark Andrews
dd05287a31
add support -T sigvalinsecs
...
(cherry picked from commit 87a3dc8ab9 )
(cherry picked from commit 69340b5ac5 )
2018-06-06 17:17:48 +10:00
Mark Andrews
deee1574da
move -T parsing to its own function
...
(cherry picked from commit b491ceeb50 )
2018-06-06 15:30:55 +10:00
Evan Hunt
81c2298665
use "ip" on linux, falling back to "ifconfig" when it isn't available
...
(cherry picked from commit d7c5400798 )
(cherry picked from commit 3e1a0c2b62 )
2018-06-05 21:46:08 -07:00
Evan Hunt
35f4aafb20
expand address range in ifconfig.sh to include more than one subnet
...
(cherry picked from commit 41b29a436b )
(cherry picked from commit e4487b160c )
2018-06-05 21:46:08 -07:00
Evan Hunt
e229ae6999
add prerequisite check
2018-06-04 17:41:22 -04:00
Mark Andrews
9448c4fd21
add system test for root-key-sentinel
...
(cherry picked from commit a23b305e6b )
(cherry picked from commit b9e6b124aa )
2018-06-04 17:41:22 -04:00
Mark Andrews
9a5f308287
add named.conf option root-key-sentinel
...
(cherry picked from commit 68e9315c7d )
(cherry picked from commit ee763ef281 )
2018-06-04 17:41:22 -04:00
Mark Andrews
afa97c6552
detect and process root-key-sentinel labels.
...
(cherry picked from commit 8fc9f64df9 )
(cherry picked from commit 7111eff80c )
2018-06-04 17:41:21 -04:00
Mark Andrews
f9d19cab7f
4699. [func] Multiple cookie-secret clauses can now be specified.
...
The first one specified is used to generate new
server cookies. [RT #45672 ]
2018-06-04 13:16:28 -07:00
Evan Hunt
32681598cd
attempt to validate glue, but don't drop it if it can't be validated
2018-06-04 01:12:18 -04:00
Mukund Sivaraman
22ff9c9199
Fix acache case too
2018-06-04 01:12:18 -04:00
Mukund Sivaraman
3d62545657
Add system test
...
(cherry picked from commit 303391ea41 )
2018-06-04 01:12:18 -04:00
Mukund Sivaraman
3f59d6c251
Don't validate non-pending glue when adding to the additional section
...
(cherry picked from commit 31bd3147d1 )
2018-06-04 01:12:18 -04:00
Mukund Sivaraman
0aa9c410d7
Don't insert 2nd space between NSEC3 nexthash and typemap fields
...
(cherry picked from commit d4ea1edd2c )
2018-06-04 13:02:44 +10:00
Evan Hunt
eb0964a501
fix openbsd color-display problem in system test output
...
(cherry picked from commit 1e31fdb76d )
2018-05-25 13:01:38 -07:00
Evan Hunt
3fe5acd39f
files were left in place after catz run because of non-portable bracket use
...
(cherry picked from commit af73e16c9c )
2018-05-24 16:18:44 -07:00
Evan Hunt
884e8df7ca
copyrights
2018-05-23 09:55:41 -07:00
Mark Andrews
8543097699
add HOME.ARPA to the list of empty zones
...
(cherry picked from commit 10dd0b3efe )
2018-05-23 11:14:18 +10:00
Mark Andrews
8d96f3a207
fix handling of failed tests
...
(cherry picked from commit 4283f9552f )
2018-05-23 11:13:53 +10:00
Ondřej Surý
188526f41c
Remove $Id markers, Principal Author and Reviewed tags from the full source tree
...
(cherry picked from commit 55a10b7acd )
2018-05-11 14:25:15 +02:00
Ondřej Surý
0cbad1b3fc
Update tests to not use '>&-' that closes file descriptor, but instead use correct redirection to '>/dev/null'
...
(cherry picked from commit 3f66b8acb0 )
2018-05-11 13:11:20 +02:00
Ondřej Surý
18f4f0d1ac
Address GCC 8 -Wstringop-truncation warning
...
(cherry picked from commit 9845c4c4a7 )
2018-05-10 10:54:38 +02:00
Michał Kępień
b4f07af8df
Address GCC 8 -Wformat-truncation warnings
...
(cherry picked from commit 172d0c401e )
2018-05-10 10:54:38 +02:00
Paul Hoffman
d742db122e
add -t type### description to the dig man page
...
(cherry picked from commit 2d957c6b9f )
2018-04-27 00:00:03 -07:00
Michał Kępień
911836509e
Apply raw zone deltas to yet unsigned secure zones
...
When inline signing is enabled for a zone without creating signing keys
for it, changes subsequently applied to the raw zone will not be
reflected in the secure zone due to the dns_update_signaturesinc() call
inside receive_secure_serial() failing. Given that an inline zone will
be served (without any signatures) even with no associated signing keys
being present, keep applying raw zone deltas to the secure zone until
keys become available in an attempt to follow the principle of least
astonishment.
(cherry picked from commit 6acf326969 )
(cherry picked from commit 8a58a60772 )
2018-04-25 12:09:53 -07:00
Evan Hunt
9d99bf0f4b
change "key" to "tsigkey" to silence "short global name" warning
...
(cherry picked from commit 0cc7aa250e )
2018-04-22 12:58:24 -07:00
Evan Hunt
694a1486ca
fix shadowed global variables
...
(cherry picked from commit 9ca3ab1168 )
2018-04-22 12:57:58 -07:00
Mark Andrews
bd3ad6fb59
remove dead code
...
(cherry picked from commit 686edad5c5 )
2018-04-20 18:47:39 -04:00