]> git.ipfire.org Git - thirdparty/bind9.git/log
thirdparty/bind9.git
7 years agoadd CHANGES
Mark Andrews [Tue, 23 Apr 2019 23:07:19 +0000 (09:07 +1000)] 
add CHANGES

7 years agoconditionally include <dlfcn.h>
Mark Andrews [Tue, 23 Apr 2019 23:06:08 +0000 (09:06 +1000)] 
conditionally include <dlfcn.h>

7 years agoMerge branch '996-wrong-key-id-is-displayed-for-rsamd5-keys' into 'master'
Mark Andrews [Tue, 23 Apr 2019 22:36:57 +0000 (18:36 -0400)] 
Merge branch '996-wrong-key-id-is-displayed-for-rsamd5-keys' into 'master'

Resolve "Wrong key id is displayed for RSAMD5 keys."

Closes #996

See merge request isc-projects/bind9!1852

7 years agoadd CHANGES
Mark Andrews [Tue, 23 Apr 2019 22:19:08 +0000 (08:19 +1000)] 
add CHANGES

7 years agocompute the RSAMD5 key id
Mark Andrews [Tue, 23 Apr 2019 22:05:27 +0000 (08:05 +1000)] 
compute the RSAMD5 key id

7 years agoMerge branch 'matthijs-fix-dnssec-test-intermittent-failure-kskonly' into 'master'
Matthijs Mekking [Tue, 23 Apr 2019 15:11:19 +0000 (11:11 -0400)] 
Merge branch 'matthijs-fix-dnssec-test-intermittent-failure-kskonly' into 'master'

Fix dnssec test intermittent failure related to kskonly bugfix

See merge request isc-projects/bind9!1836

7 years agoHarden grep key ID calls
Matthijs Mekking [Fri, 19 Apr 2019 09:52:19 +0000 (11:52 +0200)] 
Harden grep key ID calls

Key IDs may accidentally match dig output that is not the key ID (for
example the RRSIG inception or expiration time, the query ID, ...).
Search for key ID + signer name should prevent that, as that is what
only should occur in the RRSIG record, and signer name always follows
the key ID.

7 years agoRemove sleeps
Matthijs Mekking [Fri, 19 Apr 2019 09:38:24 +0000 (11:38 +0200)] 
Remove sleeps

Remove sleep calls from test, rely on wait_for_log().  Make
wait_for_log() and dnssec_loadkeys_on() fail the test if the
appropriate log line is not found.

Slightly adjust the echo_i() lines to print only the key ID (not the
key name).

7 years agoMerge branch '992-fetchcount-increment-in-resume-qmin' into 'master'
Witold Krecicki [Tue, 23 Apr 2019 14:27:12 +0000 (10:27 -0400)] 
Merge branch '992-fetchcount-increment-in-resume-qmin' into 'master'

When resuming from qname-minimization increase fetches-per-zone counters for the 'new' zone

Closes #992

See merge request isc-projects/bind9!1847

7 years agoWhen resuming from qname-minimization increase fetches-per-zone counters for the...
Witold Kręcicki [Tue, 23 Apr 2019 11:50:02 +0000 (13:50 +0200)] 
When resuming from qname-minimization increase fetches-per-zone counters for the 'new' zone

7 years agoMerge branch 'michal/minor-nsupdate-system-test-tweaks' into 'master'
Michał Kępień [Tue, 23 Apr 2019 13:20:06 +0000 (09:20 -0400)] 
Merge branch 'michal/minor-nsupdate-system-test-tweaks' into 'master'

Minor "nsupdate" system test tweaks

See merge request isc-projects/bind9!1837

7 years agoWait more than 1 second for NSEC3 chain changes
Michał Kępień [Tue, 23 Apr 2019 12:59:05 +0000 (14:59 +0200)] 
Wait more than 1 second for NSEC3 chain changes

One second may not be enough for an NSEC3 chain change triggered by an
UPDATE message to complete.  Wait up to 10 seconds when checking whether
a given NSEC3 chain change is complete in the "nsupdate" system test.

7 years agoRemove redundant sleeps
Michał Kępień [Tue, 23 Apr 2019 12:59:05 +0000 (14:59 +0200)] 
Remove redundant sleeps

In the "nsupdate" system test, do not sleep before checking results of
changes which are expected to be processed synchronously, i.e. before
nsupdate returns.

7 years agoMerge branch 'cleanup-socket-references' into 'master'
Mark Andrews [Tue, 23 Apr 2019 04:29:30 +0000 (00:29 -0400)] 
Merge branch 'cleanup-socket-references' into 'master'

use isc_refcount_decrement to decrement NEWCONNSOCK(dev)->references; use...

See merge request isc-projects/bind9!1821

7 years agouse isc_refcount_decrement to decrement NEWCONNSOCK(dev)->references; use isc_refcoun...
Mark Andrews [Thu, 18 Apr 2019 06:51:52 +0000 (16:51 +1000)] 
use isc_refcount_decrement to decrement NEWCONNSOCK(dev)->references; use isc_refcount_increment instead of isc_refcount_init in socket_create

7 years agoMerge branch 'clang-false-positive' into 'master'
Mark Andrews [Tue, 23 Apr 2019 03:19:28 +0000 (23:19 -0400)] 
Merge branch 'clang-false-positive' into 'master'

add assertions to silence clang false positive

See merge request isc-projects/bind9!1808

7 years agoadd assertions to silence clang false positive
Mark Andrews [Tue, 16 Apr 2019 05:34:22 +0000 (15:34 +1000)] 
add assertions to silence clang false positive

7 years agoMerge branch '962-bind-just-disables-gssapi-support-if-no-gssapi-krb5-headers-found...
Mark Andrews [Tue, 23 Apr 2019 02:33:42 +0000 (22:33 -0400)] 
Merge branch '962-bind-just-disables-gssapi-support-if-no-gssapi-krb5-headers-found' into 'master'

Resolve "Bind just disables GSSAPI support if no GSSAPI/KRB5 headers found"

Closes #962

See merge request isc-projects/bind9!1815

7 years agomake 'configure --with-gssapi=yes' fatal if support is not found
Mark Andrews [Wed, 17 Apr 2019 06:32:35 +0000 (16:32 +1000)] 
make 'configure --with-gssapi=yes' fatal if support is not found

7 years agoMerge branch '990-return-servfail' into 'master'
Evan Hunt [Tue, 23 Apr 2019 02:07:50 +0000 (22:07 -0400)] 
Merge branch '990-return-servfail' into 'master'

force SERVFAIL response in the gotanswer failure case

Closes #990

See merge request isc-projects/bind9!1838

7 years agoCHANGES
Evan Hunt [Tue, 23 Apr 2019 01:46:42 +0000 (18:46 -0700)] 
CHANGES

7 years agoforce SERVFAIL response in the gotanswer failure case
Evan Hunt [Tue, 23 Apr 2019 00:19:23 +0000 (17:19 -0700)] 
force SERVFAIL response in the gotanswer failure case

- named could return FORMERR if parsing iterative responses
  ended with a result code such as DNS_R_OPTERR. instead of
  computing a response code based on the result, in this case
  we now just force the response to be SERVFAIL.

7 years agoMerge branch 'incorrect-use-of-bool' into 'master'
Mark Andrews [Tue, 23 Apr 2019 01:25:33 +0000 (21:25 -0400)] 
Merge branch 'incorrect-use-of-bool' into 'master'

using 0 instead of false

See merge request isc-projects/bind9!1820

7 years agousing 0 instead of false
Mark Andrews [Thu, 18 Apr 2019 03:02:30 +0000 (13:02 +1000)] 
using 0 instead of false

7 years agoMerge branch 'michal/win32-system-test-fixes' into 'master'
Michał Kępień [Fri, 19 Apr 2019 09:52:14 +0000 (05:52 -0400)] 
Merge branch 'michal/win32-system-test-fixes' into 'master'

Miscellaneous Windows system test fixes

See merge request isc-projects/bind9!1794

7 years agoUpdate interface lists in ifconfig scripts
Michał Kępień [Fri, 19 Apr 2019 09:21:43 +0000 (11:21 +0200)] 
Update interface lists in ifconfig scripts

Make bin/tests/system/ifconfig.bat also configure addresses ending with
9 and 10, so that the script is in sync with its Unix counterpart.

Update comments listing the interfaces created by ifconfig.{bat,sh} so
that they do not include addresses whose last octet is zero (since an
address like 10.53.1.0/24 is not a valid host address and thus the
aforementioned scripts do not even attempt configuring them).

7 years agoFix the "dnssec" system test on Windows
Michał Kępień [Fri, 19 Apr 2019 09:21:43 +0000 (11:21 +0200)] 
Fix the "dnssec" system test on Windows

On Windows, the bin/tests/system/dnssec/signer/example.db.signed file
contains carriage return characters at the end of each line.  Remove
them before passing the aforementioned file to the awk script extracting
key IDs so that the latter can work properly.

7 years agoDo not wait for lock file cleanup on Windows
Michał Kępień [Fri, 19 Apr 2019 09:21:43 +0000 (11:21 +0200)] 
Do not wait for lock file cleanup on Windows

As signals are currently not handled by named on Windows, instances
terminated using signals are not able to perform a clean shutdown, which
involves e.g. removing the lock file.  Thus, waiting for a given
instance's lock file to be removed beforing assuming it is shut down
is pointless on Windows, so do not even attempt it.

7 years agoMerge branch '979-win32-remove-lock-file-upon-shutdown' into 'master'
Michał Kępień [Fri, 19 Apr 2019 09:20:30 +0000 (05:20 -0400)] 
Merge branch '979-win32-remove-lock-file-upon-shutdown' into 'master'

win32: remove lock file upon shutdown

Closes #979

See merge request isc-projects/bind9!1793

7 years agoAdd CHANGES entry
Michał Kępień [Fri, 19 Apr 2019 08:59:41 +0000 (10:59 +0200)] 
Add CHANGES entry

5214. [bug] win32: named now removes its lock file upon shutdown.
[GL #979]

7 years agowin32: remove lock file upon shutdown
Michał Kępień [Fri, 19 Apr 2019 08:59:41 +0000 (10:59 +0200)] 
win32: remove lock file upon shutdown

Upon named shutdown, the lock file should not just be unlocked but also
removed.

7 years agoMerge branch '978-win32-fix-service-state-reported-during-shutdown' into 'master'
Michał Kępień [Fri, 19 Apr 2019 08:19:34 +0000 (04:19 -0400)] 
Merge branch '978-win32-fix-service-state-reported-during-shutdown' into 'master'

win32: fix service state reported during shutdown

Closes #978

See merge request isc-projects/bind9!1792

7 years agoAdd CHANGES entry
Michał Kępień [Fri, 19 Apr 2019 07:37:51 +0000 (09:37 +0200)] 
Add CHANGES entry

5213. [bug] win32: Eliminated a race which allowed named.exe running
as a service to be killed prematurely during shutdown.
[GL #978]

7 years agowin32: fix service state reported during shutdown
Michał Kępień [Fri, 19 Apr 2019 07:37:51 +0000 (09:37 +0200)] 
win32: fix service state reported during shutdown

When a Windows service receives a request to stop, it should not set its
state to SERVICE_STOPPED until it is completely shut down as doing that
allows the operating system to kill that service prematurely, which in
the case of named may e.g. prevent the PID file and/or the lock file
from being cleaned up.

Set service state to SERVICE_STOP_PENDING when named begins its shutdown
and only report the SERVICE_STOPPED state immediately before exiting.

7 years agoMerge branch '989-check-for-typeof-extension' into 'master'
Ondřej Surý [Thu, 18 Apr 2019 11:16:04 +0000 (07:16 -0400)] 
Merge branch '989-check-for-typeof-extension' into 'master'

Use uintmax_t instead of typeof(x) in the ISC_ALIGN macro on non-GNUC systems

Closes #989

See merge request isc-projects/bind9!1826

7 years agoOn non-GNUC systems, use uintmax_t in the ISC_ALIGN macro
Ondřej Surý [Thu, 18 Apr 2019 09:49:10 +0000 (11:49 +0200)] 
On non-GNUC systems, use uintmax_t in the ISC_ALIGN macro

7 years agoMerge branch 'ondrej/text-files-dont-need-copyright' into 'master'
Ondřej Surý [Thu, 18 Apr 2019 06:53:51 +0000 (02:53 -0400)] 
Merge branch 'ondrej/text-files-dont-need-copyright' into 'master'

Simple text files don't need copyright header

See merge request isc-projects/bind9!1809

7 years agoSimple text files with docs on build or design don't really need copyright on their own
Ondřej Surý [Tue, 16 Apr 2019 07:26:48 +0000 (09:26 +0200)] 
Simple text files with docs on build or design don't really need copyright on their own

7 years agoMerge branch 'ondrej/refactor-DNS_RDATASET_FIXED-code-flow' into 'master'
Ondřej Surý [Wed, 17 Apr 2019 08:46:37 +0000 (04:46 -0400)] 
Merge branch 'ondrej/refactor-DNS_RDATASET_FIXED-code-flow' into 'master'

Refactor the DNS_RDATASET_FIXED code to use macros instead of ifdefs

See merge request isc-projects/bind9!1811

7 years agoRefactor the DNS_RDATASET_FIXED code to use constants instead of ifdefs
Ondřej Surý [Tue, 16 Apr 2019 09:10:22 +0000 (11:10 +0200)] 
Refactor the DNS_RDATASET_FIXED code to use constants instead of ifdefs

7 years agoMerge branch 'placeholder' into 'master'
Evan Hunt [Tue, 16 Apr 2019 19:57:26 +0000 (15:57 -0400)] 
Merge branch 'placeholder' into 'master'

placeholder

See merge request isc-projects/bind9!1813

7 years agoplaceholder
Evan Hunt [Tue, 16 Apr 2019 19:56:59 +0000 (12:56 -0700)] 
placeholder

7 years agoMerge branch '817-out-of-zone-additional' into 'master'
Evan Hunt [Mon, 15 Apr 2019 18:23:16 +0000 (14:23 -0400)] 
Merge branch '817-out-of-zone-additional' into 'master'

out of zone additional data

Closes #817

See merge request isc-projects/bind9!1366

7 years agoCHANGES
Evan Hunt [Thu, 14 Mar 2019 22:02:26 +0000 (15:02 -0700)] 
CHANGES

7 years agorevise "minimal-responses" documentation in the ARM
Evan Hunt [Fri, 12 Apr 2019 21:18:00 +0000 (14:18 -0700)] 
revise "minimal-responses" documentation in the ARM

7 years agoif recursion is allowed and minimal-responses is no, search other databases
Evan Hunt [Sat, 19 Jan 2019 22:47:58 +0000 (14:47 -0800)] 
if recursion is allowed and minimal-responses is no, search other databases

this restores functionality that was removed in commit 03be5a6b4e,
allowing named to search in authoritative zone databases outside the
current zone for additional data, if and only if recursion is allowed
and minimal-responses is disabled.

7 years agoMerge branch '980-util-update_copyrights-now-needs-to-handle-files-with-cr-lf-endings...
Mark Andrews [Fri, 12 Apr 2019 04:28:06 +0000 (00:28 -0400)] 
Merge branch '980-util-update_copyrights-now-needs-to-handle-files-with-cr-lf-endings' into 'master'

Resolve "util/update_copyrights now needs to handle files with CR LF endings."

Closes #980

See merge request isc-projects/bind9!1801

7 years agosupport files which have CR LF ending like those in win32utils
Mark Andrews [Fri, 12 Apr 2019 04:09:01 +0000 (14:09 +1000)] 
support files which have CR LF ending like those in win32utils

7 years agoMerge branch '963-dnstap-check-ra' into 'master'
Evan Hunt [Thu, 11 Apr 2019 22:43:14 +0000 (18:43 -0400)] 
Merge branch '963-dnstap-check-ra' into 'master'

dnstap: if recursion is not available, log queries as AQ instead of CQ

Closes #963

See merge request isc-projects/bind9!1756

7 years agoCHANGES
Evan Hunt [Thu, 11 Apr 2019 22:20:46 +0000 (15:20 -0700)] 
CHANGES

7 years agodnstap: if recursion is not available, log queries as AQ instead of CQ
Evan Hunt [Wed, 27 Mar 2019 16:45:45 +0000 (17:45 +0100)] 
dnstap: if recursion is not available, log queries as AQ instead of CQ

7 years agoMerge branch '972-auto-validation-summary' into 'master'
Evan Hunt [Thu, 11 Apr 2019 15:42:27 +0000 (11:42 -0400)] 
Merge branch '972-auto-validation-summary' into 'master'

configure summary failed to report --disable-auto-validation correctly

Closes #972

See merge request isc-projects/bind9!1768

7 years agoconfigure summary failed to report --disable-auto-validation correctly
Evan Hunt [Thu, 4 Apr 2019 17:43:33 +0000 (10:43 -0700)] 
configure summary failed to report --disable-auto-validation correctly

7 years agoMerge branch '763-matthijs-active-zsk-but-ksk-only-2' into 'master'
Matthijs Mekking [Thu, 11 Apr 2019 13:41:30 +0000 (09:41 -0400)] 
Merge branch '763-matthijs-active-zsk-but-ksk-only-2' into 'master'

Don't sign DNSKEY RRset with ZSK if the KSK is offline and dnskey-kskonly

Closes #763

See merge request isc-projects/bind9!1747

7 years agoWith update-check-ksk also consider offline keys
Matthijs Mekking [Fri, 22 Mar 2019 14:42:10 +0000 (15:42 +0100)] 
With update-check-ksk also consider offline keys

The option `update-check-ksk` will look if both KSK and ZSK are
available before signing records.  It will make sure the keys are
active and available.  However, for operational practices keys may
be offline.  This commit relaxes the update-check-ksk check and will
mark a key that is offline to be available when adding signature
tasks.

7 years agoStyle: some curly brackets
Matthijs Mekking [Thu, 14 Mar 2019 08:44:01 +0000 (09:44 +0100)] 
Style: some curly brackets

7 years agoAdd detail on echo message in autosign test
Matthijs Mekking [Thu, 14 Mar 2019 08:43:14 +0000 (09:43 +0100)] 
Add detail on echo message in autosign test

7 years agoAdd test for ZSK rollover while KSK offline
Matthijs Mekking [Thu, 14 Mar 2019 08:32:20 +0000 (09:32 +0100)] 
Add test for ZSK rollover while KSK offline

This commit adds a lengthy test where the ZSK is rolled but the
KSK is offline (except for when the DNSKEY RRset is changed).  The
specific scenario has the `dnskey-kskonly` configuration option set
meaning the DNSKEY RRset should only be signed with the KSK.

A new zone `updatecheck-kskonly.secure` is added to test against,
that can be dynamically updated, and that can be controlled with rndc
to load the DNSSEC keys.

There are some pre-checks for this test to make sure everything is
fine before the ZSK roll, after the new ZSK is published, and after
the old ZSK is deleted.  Note there are actually two ZSK rolls in
quick succession.

When the latest added ZSK becomes active and its predecessor becomes
inactive, the KSK is offline.  However, the DNSKEY RRset did not
change and it has a good signature that is valid for long enough.
The expected behavior is that the DNSKEY RRset stays signed with
the KSK only (signature does not need to change).  However, the
test will fail because after reconfiguring the keys for the zone,
it wants to add re-sign tasks for the new active keys (in sign_apex).
Because the KSK is offline, named determines that the only other
active key, the latest ZSK, will be used to resign the DNSKEY RRset,
in addition to keeping the RRSIG of the KSK.

The question is: Why do we need to resign the DNSKEY RRset
immediately when a new key becomes active?  This is not required,
only once the next resign task is triggered the new active key
should replace signatures that are in need of refreshing.

7 years agoMerge branch '899-add-totext-fromtext-to-wirechecks' into 'master'
Mark Andrews [Thu, 11 Apr 2019 09:37:58 +0000 (05:37 -0400)] 
Merge branch '899-add-totext-fromtext-to-wirechecks' into 'master'

Run wire check through "totext" and "fromtext" methods including multi-line.

See merge request isc-projects/bind9!1572

7 years agoAdd CHANGES
Mark Andrews [Thu, 21 Mar 2019 11:36:02 +0000 (22:36 +1100)] 
Add CHANGES

7 years agoAdd debug printfs
Mark Andrews [Thu, 28 Feb 2019 07:04:02 +0000 (18:04 +1100)] 
Add debug printfs

7 years agoPrevent WIRE_INVALID() being called without a argument
Mark Andrews [Thu, 28 Feb 2019 07:04:02 +0000 (18:04 +1100)] 
Prevent WIRE_INVALID() being called without a argument

7 years agoCheck multi-line output from dns_rdata_tofmttext()
Mark Andrews [Thu, 28 Feb 2019 06:06:01 +0000 (17:06 +1100)] 
Check multi-line output from dns_rdata_tofmttext()

Check that multi-line output from dns_rdata_tofmttext() can be read
back in by dns_rdata_fromtext().

7 years agoProcess master file comments and make input invalid again
Mark Andrews [Thu, 11 Apr 2019 08:54:24 +0000 (18:54 +1000)] 
Process master file comments and make input invalid again

7 years agoSet 'specials' to match 'specials' in 'lib/dns/master.c'
Mark Andrews [Thu, 28 Feb 2019 06:00:15 +0000 (17:00 +1100)] 
Set 'specials' to match 'specials' in 'lib/dns/master.c'

7 years agoFix whitespace so that the names align
Mark Andrews [Thu, 28 Feb 2019 05:58:56 +0000 (16:58 +1100)] 
Fix whitespace so that the names align

7 years agoAdd dns_rdata_totext() and dns_rdata_fromtext() to fromwire
Mark Andrews [Tue, 26 Feb 2019 23:21:33 +0000 (10:21 +1100)] 
Add dns_rdata_totext() and dns_rdata_fromtext() to fromwire

Add dns_rdata_totext() and dns_rdata_fromtext() to fromwire for
valid inputs to ensure that what we accept in dns_rdata_fromwire()
can be written out and read back in.

7 years agoMerge branch '965-delv-prints-weird-ttl-values-2' into 'master'
Mark Andrews [Wed, 10 Apr 2019 05:24:44 +0000 (01:24 -0400)] 
Merge branch '965-delv-prints-weird-ttl-values-2' into 'master'

Test that dig and delve print correct TTL values.

Closes #965

See merge request isc-projects/bind9!1782

7 years agoadd CHANGES
Mark Andrews [Wed, 10 Apr 2019 04:47:48 +0000 (14:47 +1000)] 
add CHANGES

7 years agoCheck dig TTLs.
Matthijs Mekking [Fri, 5 Apr 2019 13:31:10 +0000 (15:31 +0200)] 
Check dig TTLs.

This also fixes a bug in the tests ($n was not incremented in one
place).

7 years agoCheck delv TTLs.
Mark Andrews [Mon, 1 Apr 2019 07:46:41 +0000 (18:46 +1100)] 
Check delv TTLs.

7 years agoMerge branch '965-delv-prints-weird-ttl-values' into 'master'
Mark Andrews [Wed, 10 Apr 2019 05:04:24 +0000 (01:04 -0400)] 
Merge branch '965-delv-prints-weird-ttl-values' into 'master'

Initialise view->mincachettl and view->minncachettl to zero in dns_view_create.

Closes #965

See merge request isc-projects/bind9!1760

7 years agoAdd CHANGES.
Mark Andrews [Sun, 31 Mar 2019 10:52:38 +0000 (21:52 +1100)] 
Add CHANGES.

7 years agoInitialise mincachettl and minncachettl to zero in dns_view_create.
Mark Andrews [Sun, 31 Mar 2019 10:47:53 +0000 (21:47 +1100)] 
Initialise mincachettl and minncachettl to zero in dns_view_create.

7 years agoMerge branch '899-enforce-hash-in-ds' into 'master'
Mark Andrews [Wed, 10 Apr 2019 04:40:14 +0000 (00:40 -0400)] 
Merge branch '899-enforce-hash-in-ds' into 'master'

enforce DS hash exists

See merge request isc-projects/bind9!1575

7 years agoadd CHANGES
Mark Andrews [Thu, 21 Mar 2019 11:07:10 +0000 (22:07 +1100)] 
add CHANGES

7 years agoadd ds unit test
Mark Andrews [Wed, 27 Feb 2019 04:33:37 +0000 (15:33 +1100)] 
add ds unit test

7 years agoenforce DS hash exists
Mark Andrews [Tue, 26 Feb 2019 23:32:18 +0000 (10:32 +1100)] 
enforce DS hash exists

7 years agoMerge branch '852-run-fromtext-through-fromwire' into 'master'
Mark Andrews [Wed, 10 Apr 2019 01:27:48 +0000 (21:27 -0400)] 
Merge branch '852-run-fromtext-through-fromwire' into 'master'

check that from fromtext produces valid towire input

Closes #852

See merge request isc-projects/bind9!1738

7 years agoadd CHANGES
Mark Andrews [Wed, 10 Apr 2019 01:16:55 +0000 (11:16 +1000)] 
add CHANGES

7 years agocheck that from fromtext produces valid towire input
Mark Andrews [Tue, 5 Feb 2019 06:20:49 +0000 (17:20 +1100)] 
check that from fromtext produces valid towire input

7 years agoMerge branch '971-downgrade-DLZ_DBCLIENTINFO_VERSION-in-dlz_minimal.h' into 'master'
Ondřej Surý [Tue, 9 Apr 2019 19:24:37 +0000 (15:24 -0400)] 
Merge branch '971-downgrade-DLZ_DBCLIENTINFO_VERSION-in-dlz_minimal.h' into 'master'

Downgrade the dns_clientinfo_t structure to not contain dbversion

Closes #971

See merge request isc-projects/bind9!1773

7 years agoDowngrade the dns_clientinfomethod structure to the version in lib/dns/clientinfo.c
Ondřej Surý [Tue, 9 Apr 2019 09:06:08 +0000 (10:06 +0100)] 
Downgrade the dns_clientinfomethod structure to the version in lib/dns/clientinfo.c

7 years agoMerge branch '899-fromwire-check-flags-for-nokey' into 'master'
Mark Andrews [Tue, 9 Apr 2019 04:16:00 +0000 (00:16 -0400)] 
Merge branch '899-fromwire-check-flags-for-nokey' into 'master'

Check KEY flags for empty key in fromwire method

See merge request isc-projects/bind9!1574

7 years agoadd CHANGES
Mark Andrews [Thu, 21 Mar 2019 11:13:33 +0000 (22:13 +1100)] 
add CHANGES

7 years agofor rkey flags MUST be zero
Mark Andrews [Sun, 24 Mar 2019 06:48:22 +0000 (17:48 +1100)] 
for rkey flags MUST be zero

7 years agocheck flags for no key in fromwire for *KEY
Mark Andrews [Tue, 26 Feb 2019 23:35:53 +0000 (10:35 +1100)] 
check flags for no key in fromwire for *KEY

7 years agoMerge branch '976-dns-ecs-h-missing-isc_lang_enddecls' into 'master'
Mark Andrews [Tue, 9 Apr 2019 01:59:30 +0000 (21:59 -0400)] 
Merge branch '976-dns-ecs-h-missing-isc_lang_enddecls' into 'master'

Resolve "dns/ecs.h missing ISC_LANG_ENDDECLS"

Closes #976

See merge request isc-projects/bind9!1774

7 years ago<dns/ecs.h> was missing ISC_LANG_ENDDECLS.
Mark Andrews [Tue, 9 Apr 2019 01:47:26 +0000 (11:47 +1000)] 
<dns/ecs.h> was missing ISC_LANG_ENDDECLS.

7 years agoMerge branch '973-pause-dbiterator-in-rpz' into 'master'
Evan Hunt [Sat, 6 Apr 2019 19:23:37 +0000 (15:23 -0400)] 
Merge branch '973-pause-dbiterator-in-rpz' into 'master'

Fix deadlock in RPZ update code.

Closes #973

See merge request isc-projects/bind9!1770

7 years agoFix deadlock in RPZ update code.
Witold Kręcicki [Thu, 4 Apr 2019 20:05:25 +0000 (22:05 +0200)] 
Fix deadlock in RPZ update code.

In dns_rpz_update_from_db we call setup_update which creates the db
iterator and calls dns_dbiterator_first. This unpauses the iterator and
might cause db->tree_lock to be acquired. We then do isc_task_send(...)
on an event to do quantum_update, which (correctly) after each iteration
calls dns_dbiterator_pause, and re-isc_task_sends itself.

That's an obvious bug, as we're holding a lock over an async task send -
if a task requesting write (e.g. prune_tree) is scheduled on the same
workers queue as update_quantum but before it, it will wait for the
write lock indefinitely, resulting in a deadlock.

To fix it we have to pause dbiterator in setup_update.

7 years agoMerge branch 'placeholder' into 'master'
Evan Hunt [Sat, 6 Apr 2019 19:20:51 +0000 (15:20 -0400)] 
Merge branch 'placeholder' into 'master'

placeholder

See merge request isc-projects/bind9!1771

7 years agoplaceholder
Evan Hunt [Sat, 6 Apr 2019 19:20:16 +0000 (12:20 -0700)] 
placeholder

7 years agoMerge branch '893-do-not-rely-on-default-dig-options-in-system-tests' into 'master' 1769/head
Michał Kępień [Wed, 3 Apr 2019 11:21:56 +0000 (07:21 -0400)] 
Merge branch '893-do-not-rely-on-default-dig-options-in-system-tests' into 'master'

Do not rely on default dig options in system tests

Closes #893

See merge request isc-projects/bind9!1556

7 years agoDo not rely on default dig options in system tests
Michał Kępień [Wed, 3 Apr 2019 10:57:33 +0000 (12:57 +0200)] 
Do not rely on default dig options in system tests

Some system tests assume dig's default setings are in effect.  While
these defaults may only be silently overridden (because of specific
options set in /etc/resolv.conf) for BIND releases using liblwres for
parsing /etc/resolv.conf (i.e. BIND 9.11 and older), it is arguably
prudent to make sure that tests relying on specific +timeout and +tries
settings specify these explicitly in their dig invocations, in order to
prevent test failures from being triggered by any potential changes to
current defaults.

7 years agoMerge branch '966-resume-qmin-shuttingdown' into 'master'
Witold Krecicki [Fri, 29 Mar 2019 15:22:57 +0000 (11:22 -0400)] 
Merge branch '966-resume-qmin-shuttingdown' into 'master'

Fix high load race crash in resolver code

Closes #966

See merge request isc-projects/bind9!1757

7 years agoCHANGES
Witold Kręcicki [Fri, 29 Mar 2019 13:30:53 +0000 (14:30 +0100)] 
CHANGES

7 years agoIn resume_qmin check if the fetch context is already shutting down - if so, try to...
Witold Kręcicki [Fri, 29 Mar 2019 13:30:40 +0000 (14:30 +0100)] 
In resume_qmin check if the fetch context is already shutting down - if so, try to destroy it, don't continue

7 years agoMerge branch '920-see-problem-when-multiple-sigs-with-besteffort-parsing' into 'master'
Mark Andrews [Tue, 26 Mar 2019 10:30:12 +0000 (06:30 -0400)] 
Merge branch '920-see-problem-when-multiple-sigs-with-besteffort-parsing' into 'master'

Address problems with best effort parsing.

Closes #920

See merge request isc-projects/bind9!1606

7 years agoadd CHANGES
Mark Andrews [Tue, 26 Mar 2019 10:18:19 +0000 (21:18 +1100)] 
add CHANGES