Commit Graph

8305 Commits

Author SHA1 Message Date
Tinderbox User
3bbd725a2c prep 9.11.4rc2 2018-06-28 05:07:42 +00:00
Mukund Sivaraman
49cd7552be return FORMERR when question section is empty if COOKIE is not present
(cherry picked from commit 06d3106002)
(cherry picked from commit ed29b84e16)
2018-06-26 14:44:18 -07:00
Mark Andrews
c45fb6d92a CHANGES, copyright
(cherry picked from commit f7d346357e)
2018-06-26 10:55:44 -07:00
Mark Andrews
316eebb699 construct a symtab of valid in-view targets then check that the target exists
(cherry picked from commit e01a4bcb20)
2018-06-26 10:53:59 -07:00
Michał Kępień
4b0129f34b Only request permitted capabilities in non-libcap builds
While libcap-enabled builds check whether any capability named requests
is within the permitted capability set, non-libcap builds just try
requesting them, which potentially causes a misleading error message to
be output ("Operation not permitted: please ensure that the capset
kernel module is loaded").  Ensure non-libcap builds also check whether
any requested capability is within the permitted capability set.

(cherry picked from commit 8c66f32e53)
2018-06-26 13:19:58 +02:00
Mark Andrews
ffc58bede6 log the remaining -V info at startup 2018-06-25 15:18:18 -07:00
Mark Andrews
d3982afe5c the client cookie was being hashed twice when computing the server cookie for sha1 and sha256
(cherry picked from commit 4795f0ca89)
2018-06-22 17:45:32 +10:00
Evan Hunt
a1690b24bc prepare 9.11.4rc1 2018-06-21 18:54:43 +02:00
Evan Hunt
b330bcb8a1 add a regression test for default allow-recursion settings 2018-06-14 14:47:11 +02:00
Evan Hunt
3d71785ef1 allow-recursion could incorrectly inherit from the default allow-query 2018-06-14 14:47:11 +02:00
Mark Andrews
0c3ddaafb5 Pull out the saving of the zone cut into a separate function
(cherry picked from commit 899e56068e)
2018-06-13 12:58:57 +02:00
Michał Kępień
6d8a514ecb Treat records below a DNAME as out-of-zone data
DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains.  Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records.  Check that DNAME-obscured
records are not signed.

(cherry picked from commit ff7015a0f8)
2018-06-13 12:58:27 +02:00
Michał Kępień
da430b5f36 Add helper variables in mkeys system test
The keyfile and key ID for the original managed key do not change
throughout the mkeys system test.  Keep them in helper variables to
prevent calling "cat" multiple times and improve code readability.

(cherry picked from commit 2cad382552)
2018-06-13 08:08:25 +02:00
Michał Kępień
a23e9821d6 Replace duplicated code snippet with calls to helper functions
Reduce code duplication by replacing a code snippet repeated throughout
system tests using "trusted-keys" and/or "managed-keys" configuration
sections with calls to keyfile_to_{managed,trusted}_keys() helper
functions.

(cherry picked from commit dce66f7635)
2018-06-13 08:08:25 +02:00
Michał Kępień
36d6a6cc76 Add helper functions for converting keyfile data into configuration sections
Add a set of helper functions for system test scripts which enable
converting key data from a set of keyfiles to either a "trusted-keys"
section or a "managed-keys" section suitable for including in a
resolver's configuration file.

(cherry picked from commit 21d3658bcb)
2018-06-13 08:08:25 +02:00
Evan Hunt
5bf319c107 complete strtok fix
(cherry picked from commit 74c3b9d3b2)
2018-06-09 23:04:18 -07:00
Evan Hunt
2960bf1a9f use strtok() instead of strtok_r() in command line processing
(cherry picked from commit 1734f1b3b9)
2018-06-09 22:36:46 -07:00
Evan Hunt
7a00ce2e77 ensure we try to validate glue records so RRSIG TTLs will be capped 2018-06-08 11:41:48 -07:00
Mukund Sivaraman
db12b1a9f9 Add system test
(cherry picked from commit a5933fa2bb)
2018-06-08 17:29:45 +10:00
Mukund Sivaraman
441de7dbe3 Add a answer-cookie named config option
(cherry picked from commit 2930507357)
2018-06-08 17:29:28 +10:00
Mark Andrews
34bfd20348 Add support for marking a option as deprecated.
(cherry picked from commit befff9452c)
2018-06-08 15:56:01 +10:00
Mark Andrews
1710e5cfca add duplicate signature test
(cherry picked from commit 0db5b087ed)
(cherry picked from commit 1783fa5aba)
2018-06-06 17:21:29 +10:00
Mark Andrews
dd05287a31 add support -T sigvalinsecs
(cherry picked from commit 87a3dc8ab9)
(cherry picked from commit 69340b5ac5)
2018-06-06 17:17:48 +10:00
Mark Andrews
deee1574da move -T parsing to its own function
(cherry picked from commit b491ceeb50)
2018-06-06 15:30:55 +10:00
Evan Hunt
81c2298665 use "ip" on linux, falling back to "ifconfig" when it isn't available
(cherry picked from commit d7c5400798)
(cherry picked from commit 3e1a0c2b62)
2018-06-05 21:46:08 -07:00
Evan Hunt
35f4aafb20 expand address range in ifconfig.sh to include more than one subnet
(cherry picked from commit 41b29a436b)
(cherry picked from commit e4487b160c)
2018-06-05 21:46:08 -07:00
Evan Hunt
e229ae6999 add prerequisite check 2018-06-04 17:41:22 -04:00
Mark Andrews
9448c4fd21 add system test for root-key-sentinel
(cherry picked from commit a23b305e6b)
(cherry picked from commit b9e6b124aa)
2018-06-04 17:41:22 -04:00
Mark Andrews
9a5f308287 add named.conf option root-key-sentinel
(cherry picked from commit 68e9315c7d)
(cherry picked from commit ee763ef281)
2018-06-04 17:41:22 -04:00
Mark Andrews
afa97c6552 detect and process root-key-sentinel labels.
(cherry picked from commit 8fc9f64df9)
(cherry picked from commit 7111eff80c)
2018-06-04 17:41:21 -04:00
Mark Andrews
f9d19cab7f 4699. [func] Multiple cookie-secret clauses can now be specified.
The first one specified is used to generate new
                        server cookies.  [RT #45672]
2018-06-04 13:16:28 -07:00
Evan Hunt
32681598cd attempt to validate glue, but don't drop it if it can't be validated 2018-06-04 01:12:18 -04:00
Mukund Sivaraman
22ff9c9199 Fix acache case too 2018-06-04 01:12:18 -04:00
Mukund Sivaraman
3d62545657 Add system test
(cherry picked from commit 303391ea41)
2018-06-04 01:12:18 -04:00
Mukund Sivaraman
3f59d6c251 Don't validate non-pending glue when adding to the additional section
(cherry picked from commit 31bd3147d1)
2018-06-04 01:12:18 -04:00
Mukund Sivaraman
0aa9c410d7 Don't insert 2nd space between NSEC3 nexthash and typemap fields
(cherry picked from commit d4ea1edd2c)
2018-06-04 13:02:44 +10:00
Evan Hunt
eb0964a501 fix openbsd color-display problem in system test output
(cherry picked from commit 1e31fdb76d)
2018-05-25 13:01:38 -07:00
Evan Hunt
3fe5acd39f files were left in place after catz run because of non-portable bracket use
(cherry picked from commit af73e16c9c)
2018-05-24 16:18:44 -07:00
Evan Hunt
884e8df7ca copyrights 2018-05-23 09:55:41 -07:00
Mark Andrews
8543097699 add HOME.ARPA to the list of empty zones
(cherry picked from commit 10dd0b3efe)
2018-05-23 11:14:18 +10:00
Mark Andrews
8d96f3a207 fix handling of failed tests
(cherry picked from commit 4283f9552f)
2018-05-23 11:13:53 +10:00
Ondřej Surý
188526f41c Remove $Id markers, Principal Author and Reviewed tags from the full source tree
(cherry picked from commit 55a10b7acd)
2018-05-11 14:25:15 +02:00
Ondřej Surý
0cbad1b3fc Update tests to not use '>&-' that closes file descriptor, but instead use correct redirection to '>/dev/null'
(cherry picked from commit 3f66b8acb0)
2018-05-11 13:11:20 +02:00
Ondřej Surý
18f4f0d1ac Address GCC 8 -Wstringop-truncation warning
(cherry picked from commit 9845c4c4a7)
2018-05-10 10:54:38 +02:00
Michał Kępień
b4f07af8df Address GCC 8 -Wformat-truncation warnings
(cherry picked from commit 172d0c401e)
2018-05-10 10:54:38 +02:00
Paul Hoffman
d742db122e add -t type### description to the dig man page
(cherry picked from commit 2d957c6b9f)
2018-04-27 00:00:03 -07:00
Michał Kępień
911836509e Apply raw zone deltas to yet unsigned secure zones
When inline signing is enabled for a zone without creating signing keys
for it, changes subsequently applied to the raw zone will not be
reflected in the secure zone due to the dns_update_signaturesinc() call
inside receive_secure_serial() failing.  Given that an inline zone will
be served (without any signatures) even with no associated signing keys
being present, keep applying raw zone deltas to the secure zone until
keys become available in an attempt to follow the principle of least
astonishment.

(cherry picked from commit 6acf326969)
(cherry picked from commit 8a58a60772)
2018-04-25 12:09:53 -07:00
Evan Hunt
9d99bf0f4b change "key" to "tsigkey" to silence "short global name" warning
(cherry picked from commit 0cc7aa250e)
2018-04-22 12:58:24 -07:00
Evan Hunt
694a1486ca fix shadowed global variables
(cherry picked from commit 9ca3ab1168)
2018-04-22 12:57:58 -07:00
Mark Andrews
bd3ad6fb59 remove dead code
(cherry picked from commit 686edad5c5)
2018-04-20 18:47:39 -04:00