]> git.ipfire.org Git - thirdparty/bind9.git/log
thirdparty/bind9.git
7 years agoMerge branch 'u/fanf2/dnssec-keymgr-man' into 'master'
Mark Andrews [Mon, 18 Feb 2019 04:43:26 +0000 (23:43 -0500)] 
Merge branch 'u/fanf2/dnssec-keymgr-man' into 'master'

Improve dnssec-keymgr manual

See merge request isc-projects/bind9!1518

7 years agoImprove dnssec-keymgr manual
Tony Finch [Fri, 15 Feb 2019 19:12:10 +0000 (19:12 +0000)] 
Improve dnssec-keymgr manual

Illustrate the syntax for the policy options, with semicolons.

Explicitly mention the "default" policy.

Fix a few typos and remove some redundant wording.

7 years agoMerge branch '879-dnssec-checkds-help' into 'master'
Evan Hunt [Thu, 14 Feb 2019 20:51:39 +0000 (15:51 -0500)] 
Merge branch '879-dnssec-checkds-help' into 'master'

Correct path in dnssec-checkds help

Closes #879

See merge request isc-projects/bind9!1515

7 years agoCorrect path in dnssec-checkds help
Petr Menšík [Thu, 14 Feb 2019 14:23:26 +0000 (15:23 +0100)] 
Correct path in dnssec-checkds help

7 years agoMerge branch '873-do-not-check-sep-bit-for-mirror-zone-trust-anchors' into 'master'
Michał Kępień [Thu, 14 Feb 2019 10:21:46 +0000 (05:21 -0500)] 
Merge branch '873-do-not-check-sep-bit-for-mirror-zone-trust-anchors' into 'master'

Do not check SEP bit for mirror zone trust anchors

Closes #873

See merge request isc-projects/bind9!1506

7 years agoAdd CHANGES entry
Michał Kępień [Thu, 14 Feb 2019 10:03:35 +0000 (11:03 +0100)] 
Add CHANGES entry

5161. [bug] Do not require the SEP bit to be set for mirror zone
trust anchors. [GL #873]

7 years agoDo not check SEP bit for mirror zone trust anchors
Michał Kępień [Thu, 14 Feb 2019 10:03:35 +0000 (11:03 +0100)] 
Do not check SEP bit for mirror zone trust anchors

When a mirror zone is verified, the 'ignore_kskflag' argument passed to
dns_zoneverify_dnssec() is set to false.  This means that in order for
its verification to succeed, a mirror zone needs to have at least one
key with the SEP bit set configured as a trust anchor.  This brings no
security benefit and prevents zones signed only using keys without the
SEP bit set from being mirrored, so change the value of the
'ignore_kskflag' argument passed to dns_zoneverify_dnssec() to true.

7 years agoMerge branch 'michal/improve-stability-of-mirror-zone-tests' into 'master'
Michał Kępień [Thu, 14 Feb 2019 09:59:14 +0000 (04:59 -0500)] 
Merge branch 'michal/improve-stability-of-mirror-zone-tests' into 'master'

Improve stability of mirror zone system tests

See merge request isc-projects/bind9!1505

7 years agoPrevent races when waiting for log messages
Michał Kępień [Thu, 14 Feb 2019 09:41:56 +0000 (10:41 +0100)] 
Prevent races when waiting for log messages

The "mirror" system test checks whether log messages announcing a mirror
zone coming into effect are emitted properly.  However, the helper
functions responsible for waiting for zone transfers and zone loading to
complete do not wait for these exact log messages, but rather for other
ones preceding them, which introduces a possibility of false positives.

This problem cannot be addressed by just changing the log message to
look for because the test still needs to discern between transferring a
zone and loading a zone.

Add two new log messages at debug level 99 (which is what named
instances used in system tests are configured with) that are to be
emitted after the log messages announcing a mirror zone coming into
effect.  Tweak the aforementioned helper functions to only return once
the log messages they originally looked for are followed by the newly
added log messages.  This reliably prevents races when looking for
"mirror zone is now in use" log messages and also enables a workaround
previously put into place in the "mirror" system test to be reverted.

7 years agoImprove reliability of zone verification checks
Michał Kępień [Thu, 14 Feb 2019 09:41:56 +0000 (10:41 +0100)] 
Improve reliability of zone verification checks

In the "mirror" system test, ns3 periodically sends trust anchor
telemetry queries to ns1 and ns2.  It may thus happen that for some
non-recursive queries for names inside mirror zones which are not yet
loaded, ns3 will be able to synthesize a negative answer from the cached
records it obtained from trust anchor telemetry responses.  In such
cases, NXDOMAIN responses will be sent with the root zone SOA in the
AUTHORITY section.  Since the root zone used in the "mirror" system test
has the same serial number as ns2/verify.db.in and zone verification
checks look for the specified serial numbers anywhere in the answer, the
test could be broken if different zone names were used.

The +noauth dig option could be used to address this weakness, but that
would prevent entire responses from being stored for later inspection,
which in turn would hamper troubleshooting test failures.  Instead, use
a different serial number for ns2/verify.db.in than for any other zone
used in the "mirror" system test and check the number of records in the
ANSWER section of each response.

7 years agoFix serial number used in zone verification checks
Michał Kępień [Thu, 14 Feb 2019 09:41:56 +0000 (10:41 +0100)] 
Fix serial number used in zone verification checks

Due to the way the "mirror" system test is set up, it is impossible for
the "verify-unsigned" and "verify-untrusted" zones to contain any serial
number other than the original one present in ns2/verify.db.in.  Thus,
using presence of a different serial number in the SOA records of these
zones as an indicator of problems with mirror zone verification is
wrong.  Look for the original zone serial number instead as that is the
one that will be returned by ns3 if one of the aforementioned zones is
successfully verified.

7 years agoMerge branch '871-add-a-ci-check-for-missing-prereq.sh-scripts' into 'master'
Mark Andrews [Mon, 11 Feb 2019 21:48:12 +0000 (16:48 -0500)] 
Merge branch '871-add-a-ci-check-for-missing-prereq.sh-scripts' into 'master'

Add a CI check for missing prereq.sh scripts

Closes #871

See merge request isc-projects/bind9!1494

7 years agoadd util/check-ans-prereq to precheck
Mark Andrews [Fri, 8 Feb 2019 01:21:59 +0000 (12:21 +1100)] 
add util/check-ans-prereq to precheck

7 years agoadd check-ans-prereq
Mark Andrews [Fri, 8 Feb 2019 01:19:39 +0000 (12:19 +1100)] 
add check-ans-prereq

7 years agoMerge branch '872-dlz-ldap-dname' into 'master'
Evan Hunt [Sun, 10 Feb 2019 20:07:38 +0000 (15:07 -0500)] 
Merge branch '872-dlz-ldap-dname' into 'master'

added DNAME support to DLZ LDAP schema, and fixed a DLZ compile error

Closes #872

See merge request isc-projects/bind9!1502

7 years agoadded DNAME support to DLZ LDAP schema, and fixed a DLZ compile error
Evan Hunt [Sun, 10 Feb 2019 19:49:01 +0000 (11:49 -0800)] 
added DNAME support to DLZ LDAP schema, and fixed a DLZ compile error

Thanks to Roland Gruber for the schema contribution.

7 years agoMerge branch 'u/fanf2/zonemd' into 'master'
Evan Hunt [Fri, 8 Feb 2019 21:16:29 +0000 (16:16 -0500)] 
Merge branch 'u/fanf2/zonemd' into 'master'

Correct ZONEMD expansion in ARM

See merge request isc-projects/bind9!1497

7 years agoCorrect ZONEMD expansion in ARM
Tony Finch [Fri, 8 Feb 2019 17:11:30 +0000 (17:11 +0000)] 
Correct ZONEMD expansion in ARM

7 years agoMerge branch '869-prereq-sh-needed-in-forward-test' into 'master'
Michał Kępień [Fri, 8 Feb 2019 14:05:02 +0000 (09:05 -0500)] 
Merge branch '869-prereq-sh-needed-in-forward-test' into 'master'

Resolve "prereq.sh needed in forward test"

Closes #869

See merge request isc-projects/bind9!1479

7 years agoadded prereq.sh to forward test to detect perl Net::DNS
Curtis Blackburn [Thu, 7 Feb 2019 19:46:58 +0000 (11:46 -0800)] 
added prereq.sh to forward test to detect perl Net::DNS

7 years agoMerge branch '870-add-a-comment-explaining-a-mirror-zone-glitch' into 'master'
Michał Kępień [Fri, 8 Feb 2019 10:49:35 +0000 (05:49 -0500)] 
Merge branch '870-add-a-comment-explaining-a-mirror-zone-glitch' into 'master'

Add a comment explaining a mirror zone glitch

Closes #870

See merge request isc-projects/bind9!1480

7 years agoAdd a comment explaining a mirror zone glitch
Michał Kępień [Thu, 7 Feb 2019 20:56:59 +0000 (21:56 +0100)] 
Add a comment explaining a mirror zone glitch

Explain why in a certain edge case mirror zone data may not be used for
resolution purposes despite being available.

7 years agoMerge branch '867-rrtypes-missing-from-named' into 'master'
Mark Andrews [Fri, 8 Feb 2019 03:08:14 +0000 (22:08 -0500)] 
Merge branch '867-rrtypes-missing-from-named' into 'master'

Resolve "rrtypes missing from named"

Closes #867

See merge request isc-projects/bind9!1490

7 years agoadd AMTRELAY and ZONEMD to ARM
Mark Andrews [Fri, 8 Feb 2019 02:42:14 +0000 (13:42 +1100)] 
add AMTRELAY and ZONEMD to ARM

7 years agofix AMTRELAY name
Mark Andrews [Fri, 8 Feb 2019 02:41:22 +0000 (13:41 +1100)] 
fix AMTRELAY name

7 years agoMerge branch 'each-dnssec-coverage-dots' into 'master'
Evan Hunt [Fri, 8 Feb 2019 01:10:45 +0000 (20:10 -0500)] 
Merge branch 'each-dnssec-coverage-dots' into 'master'

dnssec-coverage was improperly ignoring some zones

See merge request isc-projects/bind9!1487

7 years agoCHANGES
Evan Hunt [Fri, 8 Feb 2019 00:47:26 +0000 (16:47 -0800)] 
CHANGES

7 years agoadjust style, match test to other tests
Evan Hunt [Fri, 8 Feb 2019 00:42:12 +0000 (16:42 -0800)] 
adjust style, match test to other tests

7 years agodnssec-coverage: fix handling of zones without trailing dots
Tony Finch [Thu, 7 Feb 2019 19:00:43 +0000 (19:00 +0000)] 
dnssec-coverage: fix handling of zones without trailing dots

After change 5143, zones listed on the command line without trailing
dots were ignored.

7 years agoMerge branch '867-rrtypes-missing-from-named' into 'master'
Mark Andrews [Thu, 7 Feb 2019 23:25:11 +0000 (18:25 -0500)] 
Merge branch '867-rrtypes-missing-from-named' into 'master'

Resolve "rrtypes missing from named"

Closes #867

See merge request isc-projects/bind9!1484

7 years agoadd top of range checks
Mark Andrews [Thu, 7 Feb 2019 22:37:00 +0000 (09:37 +1100)] 
add top of range checks

7 years agoMerge branch '867-rrtypes-missing-from-named' into 'master'
Mark Andrews [Thu, 7 Feb 2019 21:04:26 +0000 (16:04 -0500)] 
Merge branch '867-rrtypes-missing-from-named' into 'master'

Resolve "rrtypes missing from named"

See merge request isc-projects/bind9!1475

7 years agoCHANGES
Evan Hunt [Thu, 7 Feb 2019 18:27:50 +0000 (10:27 -0800)] 
CHANGES

7 years agoAdd support for ZONEMD
Evan Hunt [Thu, 7 Feb 2019 20:33:53 +0000 (12:33 -0800)] 
Add support for ZONEMD

7 years agoAdd support for ATMRELAY
Mark Andrews [Thu, 7 Feb 2019 07:31:03 +0000 (18:31 +1100)] 
Add support for ATMRELAY

7 years agoMerge branch '207-nslookup-takes-2-argvs-w-o-errors-uses-only-1st-and-last' into...
Mark Andrews [Thu, 7 Feb 2019 09:07:33 +0000 (04:07 -0500)] 
Merge branch '207-nslookup-takes-2-argvs-w-o-errors-uses-only-1st-and-last' into 'master'

Resolve "nslookup takes >2 argvs w/o errors, uses only 1st and last"

Closes #207

See merge request isc-projects/bind9!1382

7 years agoerror out if there are extra command line options
Mark Andrews [Wed, 23 Jan 2019 06:47:59 +0000 (17:47 +1100)] 
error out if there are extra command line options

7 years agoMerge branch 'each-configure-fix' into 'master' v9.13.6
Evan Hunt [Wed, 6 Feb 2019 23:44:09 +0000 (18:44 -0500)] 
Merge branch 'each-configure-fix' into 'master'

configure could fail if cmocka was not detected

See merge request isc-projects/bind9!1474

7 years agoconfigure could fail if cmocka was not detected
Evan Hunt [Wed, 6 Feb 2019 23:26:19 +0000 (15:26 -0800)] 
configure could fail if cmocka was not detected

7 years agoMerge branch 'prep-release'
Tinderbox User [Wed, 6 Feb 2019 22:15:10 +0000 (22:15 +0000)] 
Merge branch 'prep-release'

7 years agoprep 9.13.6
Tinderbox User [Wed, 6 Feb 2019 22:02:20 +0000 (22:02 +0000)] 
prep 9.13.6

7 years agoMerge branch '774-improve-mirror-zone-documentation' into 'master'
Evan Hunt [Wed, 6 Feb 2019 19:03:38 +0000 (14:03 -0500)] 
Merge branch '774-improve-mirror-zone-documentation' into 'master'

Improve mirror zone documentation

Closes #774

See merge request isc-projects/bind9!1449

7 years agoAdd CHANGES entry
Michał Kępień [Wed, 6 Feb 2019 11:46:10 +0000 (12:46 +0100)] 
Add CHANGES entry

5156. [doc] Extended and refined the section of the ARM describing
mirror zones. [GL #774]

7 years agoExtend and refine mirror zone documentation
Michał Kępień [Wed, 6 Feb 2019 11:46:10 +0000 (12:46 +0100)] 
Extend and refine mirror zone documentation

Add a warning about potential performance implications of configuring a
non-root zone as a mirror zone.  Explain in more detail how each mirror
zone version is validated and how validation failures are handled.  Move
the paragraphs describing how to set up IANA root zone mirroring higher
up, so that they can be more easily found by the reader.  Explicitly
state that the "masters" option needs to be present for any mirror zone
which is not the root zone.  Tweak the description of the interaction
between the "dnssec-validation" setting and root zone mirroring to make
it less ambiguous.  Specify what the default "notify" setting is for
mirror zones.

7 years agoMerge branch 'ondrej/use-cmocka-if-available' into 'master'
Ondřej Surý [Wed, 6 Feb 2019 11:39:02 +0000 (06:39 -0500)] 
Merge branch 'ondrej/use-cmocka-if-available' into 'master'

Always use cmocka if available

See merge request isc-projects/bind9!1463

7 years agoFix typo
Ondřej Surý [Wed, 6 Feb 2019 11:08:34 +0000 (12:08 +0100)] 
Fix typo

7 years agoSimplify cmocka detection to use only pkg-config and always use cmocka if available
Ondřej Surý [Wed, 6 Feb 2019 00:30:57 +0000 (01:30 +0100)] 
Simplify cmocka detection to use only pkg-config and always use cmocka if available

7 years agoMerge branch 'michal/explain-hook-action-calling-order-in-more-detail' into 'master'
Matthijs Mekking [Wed, 6 Feb 2019 10:08:25 +0000 (05:08 -0500)] 
Merge branch 'michal/explain-hook-action-calling-order-in-more-detail' into 'master'

Explain hook action calling order in more detail

See merge request isc-projects/bind9!1451

7 years agoExplain hook action calling order in more detail
Matthijs Mekking [Tue, 5 Feb 2019 14:31:35 +0000 (15:31 +0100)] 
Explain hook action calling order in more detail

7 years agoMerge branch '857-inline-system-test-wasn-t-cleaning-k-files-on-restart-if-interrupte...
Mark Andrews [Wed, 6 Feb 2019 05:58:35 +0000 (00:58 -0500)] 
Merge branch '857-inline-system-test-wasn-t-cleaning-k-files-on-restart-if-interrupted' into 'master'

Resolve "inline system test wasn't cleaning K* files on restart if interrupted."

Closes #857

See merge request isc-projects/bind9!1454

7 years agoSimplify the inline clean script
Ondřej Surý [Tue, 5 Feb 2019 21:23:11 +0000 (22:23 +0100)] 
Simplify the inline clean script

7 years agoclean K* files in inline system test directory
Mark Andrews [Tue, 5 Feb 2019 05:58:44 +0000 (16:58 +1100)] 
clean K* files in inline system test directory

7 years agoMerge branch '861-dsdigest-system-test-was-trying-to-read-a-non-existent-file-support...
Mark Andrews [Wed, 6 Feb 2019 05:46:02 +0000 (00:46 -0500)] 
Merge branch '861-dsdigest-system-test-was-trying-to-read-a-non-existent-file-supported' into 'master'

Resolve "dsdigest system test was trying to read a non existent file 'supported'"

Closes #861

See merge request isc-projects/bind9!1467

7 years agosupported no longer exists so just do the default behaviour
Mark Andrews [Wed, 6 Feb 2019 05:18:24 +0000 (16:18 +1100)] 
supported no longer exists so just do the default behaviour

7 years agoMerge branch 'u/fanf2/cleanup-cdnskey-to-ds' into 'master'
Evan Hunt [Wed, 6 Feb 2019 03:57:44 +0000 (22:57 -0500)] 
Merge branch 'u/fanf2/cleanup-cdnskey-to-ds' into 'master'

cleanup: allow building DS directly from CDNSKEY

See merge request isc-projects/bind9!1452

7 years agocleanup: allow building DS directly from CDNSKEY
Tony Finch [Thu, 31 Jan 2019 19:34:21 +0000 (19:34 +0000)] 
cleanup: allow building DS directly from CDNSKEY

Relax an assertion in lib/dns/ds.c so that dnssec-cds does
not have to work around it. This will also be useful for
dnssec-dsfromkey.

7 years agoMerge branch 'u/fanf2/cleanup-dnssec-revoke-help' into 'master'
Evan Hunt [Wed, 6 Feb 2019 03:52:06 +0000 (22:52 -0500)] 
Merge branch 'u/fanf2/cleanup-dnssec-revoke-help' into 'master'

cleanup: fix dnssec-revoke help text

See merge request isc-projects/bind9!1453

7 years agocleanup: fix dnssec-revoke help text
Tony Finch [Fri, 1 Feb 2019 14:48:08 +0000 (14:48 +0000)] 
cleanup: fix dnssec-revoke help text

Correct alignment and alphabetize

7 years agoMerge branch 'u/fanf2/dsfromkey-man' into 'master'
Evan Hunt [Wed, 6 Feb 2019 03:48:20 +0000 (22:48 -0500)] 
Merge branch 'u/fanf2/dsfromkey-man' into 'master'

cleanup: revamp the dnssec-dsfromkey man page and help output

See merge request isc-projects/bind9!1437

7 years agocleanup: revamp the dnssec-dsfromkey man page and help output
Tony Finch [Thu, 31 Jan 2019 16:41:29 +0000 (16:41 +0000)] 
cleanup: revamp the dnssec-dsfromkey man page and help output

* Alphabetize the option lists in the man page and help text

* Make the synopses more consistent between the man page and help
  text, in particular the number of different modes

* Group mutually exclusive options in the man page synopses, and order
  options so that it is more clear which are available in every mode

* Expand the DESCRIPTION to provide an overview of the output modes
  and input modes

* Improve cross-references between options

* Leave RFC citations to the SEE ALSO section, and clarify which RFC
  specifies what

* Clarify list of digest algorithms in dnssec-dsfromkey and dnssec-cds
  man pages

7 years agoMerge branch '859-named-paths' into 'master'
Mark Andrews [Wed, 6 Feb 2019 02:36:40 +0000 (21:36 -0500)] 
Merge branch '859-named-paths' into 'master'

Resolve "print default file paths in named -V"

Closes #859

See merge request isc-projects/bind9!1458

7 years agoCHANGES
Evan Hunt [Tue, 5 Feb 2019 22:29:55 +0000 (14:29 -0800)] 
CHANGES

7 years agoconstruct the rndc.conf path from rndc.key
Evan Hunt [Wed, 6 Feb 2019 00:08:26 +0000 (16:08 -0800)] 
construct the rndc.conf path from rndc.key

7 years agoprint default file paths in 'named -V' output
Evan Hunt [Tue, 5 Feb 2019 22:27:03 +0000 (14:27 -0800)] 
print default file paths in 'named -V' output

7 years agoinitalize a named_g_defaultbindkeys variable
Evan Hunt [Tue, 5 Feb 2019 22:13:04 +0000 (14:13 -0800)] 
initalize a named_g_defaultbindkeys variable

7 years agoMerge branch '860-process_opt-could-be-called-multiple-times-on-the-same-message...
Mark Andrews [Wed, 6 Feb 2019 01:59:31 +0000 (20:59 -0500)] 
Merge branch '860-process_opt-could-be-called-multiple-times-on-the-same-message-in-dig' into 'master'

Resolve "process_opt() could be called multiple times on the same message in dig."

Closes #860

See merge request isc-projects/bind9!1459

7 years agoadd CHANGES
Mark Andrews [Wed, 6 Feb 2019 01:36:37 +0000 (12:36 +1100)] 
add CHANGES

7 years agosend over and undersized cookie
Mark Andrews [Tue, 5 Feb 2019 23:40:03 +0000 (10:40 +1100)] 
send over and undersized cookie

7 years agothe condition test for checking the client cookie value was wrong; don't call process...
Mark Andrews [Tue, 5 Feb 2019 23:08:47 +0000 (10:08 +1100)] 
the condition test for checking the client cookie value was wrong; don't call process_opt multiple times

7 years agoMerge branch '822-test-make-install-in-one-of-the-build-jobs' into 'master'
Ondřej Surý [Tue, 5 Feb 2019 13:41:17 +0000 (08:41 -0500)] 
Merge branch '822-test-make-install-in-one-of-the-build-jobs' into 'master'

Test "make install" in one of the build jobs

Closes #822

See merge request isc-projects/bind9!1450

7 years agoTest "make install" in one of the build jobs
Michał Kępień [Fri, 1 Feb 2019 12:35:53 +0000 (13:35 +0100)] 
Test "make install" in one of the build jobs

Running "make install" in a separate job in the "test" phase of a CI
pipeline causes a lot of object files to be rebuilt due to the way
artifacts are passed between GitLab CI jobs (object files extracted from
the artifacts archive have older modification times than their
respective source files checked out using Git by the worker running the
"install" job).  Test "make install" in one of the build jobs instead,
in order to prevent object rebuilding.

Using 'after_script' for this purpose was not an option because its
failures are ignored.

Duplicating the build script in two places would be error-prone in the
long run and thus was rejected as a solution.  YAML anchors would also
not help in this case.

A "positive" test (`test -n "${RUN_MAKE_INSTALL}" && make install`)
would not work because:

  - it would cause the build script to fail for any job not supposed to
    run "make install",

  - appending `|| :` to the shell pipeline would prevent "make install"
    errors from causing a job failure.

Due to the above, a "negative" test is performed, so that:

  - jobs not supposed to run "make install" succeed immediately,

  - jobs supposed to run "make install" only succeed when "make install"
    succeeds.

7 years agoMerge branch 'each-win-tests' into 'master'
Evan Hunt [Fri, 1 Feb 2019 06:55:25 +0000 (01:55 -0500)] 
Merge branch 'each-win-tests' into 'master'

tests failing on windows due to false crash-on-shutdown reports

See merge request isc-projects/bind9!1446

7 years agodisable the check for crash on shutdown when running under cygwin
Evan Hunt [Fri, 1 Feb 2019 05:35:08 +0000 (21:35 -0800)] 
disable the check for crash on shutdown when running under cygwin

7 years agoMerge branch '513-add-xfer-stats-for-primary-servers' into 'master'
Evan Hunt [Thu, 31 Jan 2019 22:16:13 +0000 (17:16 -0500)] 
Merge branch '513-add-xfer-stats-for-primary-servers' into 'master'

Make primary's transfer log more detailed

See merge request isc-projects/bind9!1427

7 years agoAdd CHANGES entry
Michał Kępień [Thu, 31 Jan 2019 14:43:58 +0000 (15:43 +0100)] 
Add CHANGES entry

5153. [func] Zone transfer statistics (size, number of records, and
number of messages) are now logged for outgoing
transfers as well as incoming ones. [GL #513]

7 years agoAdd system tests for IXFR statistics
Michał Kępień [Thu, 31 Jan 2019 14:43:58 +0000 (15:43 +0100)] 
Add system tests for IXFR statistics

Ensure IXFR statistics are calculated correctly by dig and named, both
for incoming and outgoing transfers.  Disable EDNS when using dig to
request an IXFR so that the same reference file can be used for testing
statistics calculated by both dig and named (dig uses EDNS by default
when sending transfer requests, which affects the number of bytes
transferred).

7 years agoAdd system tests for AXFR statistics
Michał Kępień [Thu, 31 Jan 2019 14:43:58 +0000 (15:43 +0100)] 
Add system tests for AXFR statistics

Ensure AXFR statistics are calculated correctly by dig and named, both
for incoming and outgoing transfers.  Rather than employing a zone which
is already used in the "xfer" system test, create a new one whose AXFR
form spans multiple TCP messages.  Disable EDNS when using dig to
request an AXFR so that the same reference file can be used for testing
statistics calculated by both dig and named (dig uses EDNS by default
when sending transfer requests, which affects the number of bytes
transferred).

7 years agoAdd functions for extracting transfer statistics
Michał Kępień [Thu, 31 Jan 2019 14:43:58 +0000 (15:43 +0100)] 
Add functions for extracting transfer statistics

Add two helper shell functions to facilitate extracting transfer
statistics from dig output and named log files.

7 years agoMaintain and report outgoing transfer statistics
Michał Kępień [Thu, 31 Jan 2019 14:43:58 +0000 (15:43 +0100)] 
Maintain and report outgoing transfer statistics

Transfer statistics are currently only reported for incoming transfers,
even though they are equally useful for outgoing transfers.  Define a
separate structure for keeping track of the number of messages, records,
and bytes sent during each outgoing transfer, along with the time each
outgoing transfer took.  Repurpose the 'nmsg' field of the xfrout_ctx_t
structure for tracking the number of messages actually sent, ensuring it
is only increased after isc_socket_send() indicates success.  Report the
statistics gathered when an outgoing transfer completes.

7 years agoTrack QUESTION section presence using a boolean
Michał Kępień [Thu, 31 Jan 2019 14:43:58 +0000 (15:43 +0100)] 
Track QUESTION section presence using a boolean

The 'nmsg' field of the xfrout_ctx_t structure is an integer, even
though it is only ever compared against 0 (for tracking whether the
QUESTION section has already been sent to the client).  Use a boolean
instead as it is more appropriate and also enables 'nmsg' to be
repurposed.

7 years agoMerge branch 'each-silence-warning' into 'master'
Evan Hunt [Thu, 31 Jan 2019 21:42:38 +0000 (16:42 -0500)] 
Merge branch 'each-silence-warning' into 'master'

silence a spurious dnssec-keygen warning in the dnssec system test

See merge request isc-projects/bind9!1238

7 years agosilence a spurious dnssec-keygen warning in the dnssec system test
Evan Hunt [Sat, 15 Dec 2018 00:58:54 +0000 (16:58 -0800)] 
silence a spurious dnssec-keygen warning in the dnssec system test

the occluded-key test creates both a KEY and a DNSKEY. the second
call to dnssec-keygen calls dns_dnssec_findmatchingkeys(), which causes
a spurious warning to be printed when it sees the type KEY record.
this should be fixed in dnssec.c, but the meantime this change silences
the warning by reversing the order in which the keys are created.

7 years agoMerge branch '714-dnssec-key-logging' into 'master'
Evan Hunt [Thu, 31 Jan 2019 20:32:10 +0000 (15:32 -0500)] 
Merge branch '714-dnssec-key-logging' into 'master'

Resolve "Add logging to DNSSEC key events"

Closes #714

See merge request isc-projects/bind9!1371

7 years agoCHANGES and release note
Evan Hunt [Mon, 21 Jan 2019 05:56:14 +0000 (21:56 -0800)] 
CHANGES and release note

7 years agotest logging of key maintenance events
Evan Hunt [Mon, 21 Jan 2019 06:21:16 +0000 (22:21 -0800)] 
test logging of key maintenance events

7 years agoadd more key maintenance event logging
Evan Hunt [Mon, 21 Jan 2019 04:05:58 +0000 (20:05 -0800)] 
add more key maintenance event logging

log when a key is:
- published in the DNSKEY rrset
- activated
- deactivated
- unpublished from the DNSKEY rrset
- revoked

7 years agoinclude the name when logging that a key is being fetched from key repostitory
Evan Hunt [Mon, 21 Jan 2019 03:37:40 +0000 (19:37 -0800)] 
include the name when logging that a key is being fetched from key repostitory

7 years agoincrease the log level for some key status and managed-key events
Evan Hunt [Mon, 21 Jan 2019 01:31:28 +0000 (17:31 -0800)] 
increase the log level for some key status and managed-key events

some key-related events were logged at DEBUG(3) but seem likely to
be relevant to a typical operator's interests during key rollovers.

7 years agouse log category "dnssec" instead of "zone" for DNSSEC-related events
Evan Hunt [Sun, 20 Jan 2019 18:25:20 +0000 (10:25 -0800)] 
use log category "dnssec" instead of "zone" for DNSSEC-related events

use "dnssec" log category for:
- managed key zone events
- DNSSEC key status changes (activation, deletion, etc)
- zone signing status

7 years agostyle cleanups
Evan Hunt [Sun, 20 Jan 2019 18:13:07 +0000 (10:13 -0800)] 
style cleanups

7 years agoMerge branch '850-catch-shutdown-aborts' into 'master'
Evan Hunt [Thu, 31 Jan 2019 17:27:54 +0000 (12:27 -0500)] 
Merge branch '850-catch-shutdown-aborts' into 'master'

detect crash on shutdown in stop.pl

Closes #850

See merge request isc-projects/bind9!1435

7 years agodetect crash on shutdown in stop.pl
Evan Hunt [Thu, 31 Jan 2019 01:12:40 +0000 (17:12 -0800)] 
detect crash on shutdown in stop.pl

7 years agoMerge branch '849-fix-tkey-leak' into 'master'
Evan Hunt [Thu, 31 Jan 2019 17:15:34 +0000 (12:15 -0500)] 
Merge branch '849-fix-tkey-leak' into 'master'

fix TKEY problems

Closes #849

See merge request isc-projects/bind9!1434

7 years agoChange #4148 wasn't complete
Evan Hunt [Wed, 30 Jan 2019 23:42:04 +0000 (15:42 -0800)] 
Change #4148 wasn't complete

- there was a memory leak when using negotiated TSIG keys.
- TKEY responses could only be signed when using a newly negotiated
  key; if an existent matching TSIG was found in in the keyring it
  would not be used.

7 years agoMerge branch '358-ancient-options' into 'master'
Ondřej Surý [Thu, 31 Jan 2019 11:16:26 +0000 (06:16 -0500)] 
Merge branch '358-ancient-options' into 'master'

make ancient named.conf options fatal

Closes #358

See merge request isc-projects/bind9!1373

7 years agoAdd CHANGES entry for #358.
Evan Hunt [Mon, 21 Jan 2019 07:50:17 +0000 (23:50 -0800)] 
Add CHANGES entry for #358.

7 years agoAncient named.conf options are now a fatal configuration error
Evan Hunt [Mon, 21 Jan 2019 07:50:17 +0000 (23:50 -0800)] 
Ancient named.conf options are now a fatal configuration error

- options that were flagged as obsolete or not implemented in 9.0.0
  are now flagged as "ancient", and are a fatal error
- the ARM has been updated to remove these, along with other
  obsolete descriptions of BIND 8 behavior
- the log message for obsolete options explicitly recommends removal

7 years agoMerge branch '735-remove-ability-to-disable-dbc-assertions' into 'master'
Ondřej Surý [Thu, 31 Jan 2019 10:37:19 +0000 (05:37 -0500)] 
Merge branch '735-remove-ability-to-disable-dbc-assertions' into 'master'

Remove support for compiling without assertions (Both ISC_CHECK_ALL, ISC_CHECK_NONE are now gone)

Closes #735

See merge request isc-projects/bind9!1130

7 years agoAdd CHANGES entry for GL #735.
Ondřej Surý [Thu, 31 Jan 2019 10:15:01 +0000 (11:15 +0100)] 
Add CHANGES entry for GL #735.

7 years agoRemove support for compiling without assertions (Both ISC_CHECK_ALL, ISC_CHECK_NONE...
Ondřej Surý [Fri, 23 Nov 2018 09:25:38 +0000 (10:25 +0100)] 
Remove support for compiling without assertions (Both ISC_CHECK_ALL, ISC_CHECK_NONE are now gone)