]> git.ipfire.org Git - thirdparty/bind9.git/log
thirdparty/bind9.git
7 years agoMerge branch '117-running-dnssec-keymgr-with-old-keys-inactivates-deletes-them-immedi...
Evan Hunt [Tue, 22 Jan 2019 18:10:47 +0000 (13:10 -0500)] 
Merge branch '117-running-dnssec-keymgr-with-old-keys-inactivates-deletes-them-immediately' into 'master'

Resolve "Running dnssec-keymgr with old keys inactivates/deletes them immediately"

Closes #117

See merge request isc-projects/bind9!1378

7 years agointroducing keymgr need to preserve functionality
Mark Andrews [Tue, 22 Jan 2019 05:42:34 +0000 (16:42 +1100)] 
introducing keymgr need to preserve functionality

7 years agoMerge branch '823-masterformat-test-fix' into 'master'
Evan Hunt [Mon, 21 Jan 2019 07:04:08 +0000 (02:04 -0500)] 
Merge branch '823-masterformat-test-fix' into 'master'

fix broken masterformat test

Closes #823

See merge request isc-projects/bind9!1365

7 years agofix broken masterformat test
Evan Hunt [Sat, 19 Jan 2019 09:48:12 +0000 (01:48 -0800)] 
fix broken masterformat test

- dig command had the @ parameter in the wrong place
- private-dnskey and private-cdnskey are queried in a separate
  loop, which strips 'private-' from the name to determine the qtype

7 years agoMerge branch 'each-remove-fprintf' into 'master'
Mark Andrews [Mon, 21 Jan 2019 01:56:53 +0000 (20:56 -0500)] 
Merge branch 'each-remove-fprintf' into 'master'

clean up debugging fprintf

See merge request isc-projects/bind9!1368

7 years agoremoved a debugging fprintf
Evan Hunt [Mon, 21 Jan 2019 01:38:32 +0000 (17:38 -0800)] 
removed a debugging fprintf

7 years agoMerge branch 'michal/gitlab-ci-cleanup' into 'master'
Michał Kępień [Fri, 18 Jan 2019 13:49:40 +0000 (08:49 -0500)] 
Merge branch 'michal/gitlab-ci-cleanup' into 'master'

GitLab CI cleanup

See merge request isc-projects/bind9!1329

7 years agoAdd comments
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Add comments

7 years agoUnify YAML style used throughout .gitlab-ci.yml
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Unify YAML style used throughout .gitlab-ci.yml

7 years agoTweak pipeline triggering settings
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Tweak pipeline triggering settings

In an attempt to ensure that:

  - all important changes to repository contents are tested,
  - pipelines are not automatically created for every single push,
  - some flexibility is allowed for corner cases,

change pipeline triggering settings so that:

  - full build & test pipelines are only automatically created for merge
    requests and tags (both for creation and updates),

  - pipelines for other repository changes (e.g. pushes to arbitrary
    branches) can only be created manually, using GitLab's web
    interface,

  - merging a merge request only causes jobs pushing the updated ARM to
    GitLab Pages to be run (as semi-linear Git history is enforced and
    thus testing a MR is identical to testing the target branch
    post-merge in terms of code),

  - repository synchronization does not trigger duplicate pipelines in
    projects which are set as mirroring targets.

7 years agoReorder job definitions
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Reorder job definitions

Group jobs by build type and operating system to make the layout of
.gitlab-ci.yml more consistent and improve locality of YAML references.

7 years agoUse a common naming pattern for all jobs
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Use a common naming pattern for all jobs

Make sure all jobs are named using the following pattern:

    [<job-type>:]<build-type>:<system>:<architecture>

where specifying <job-type> is optional for "precheck" and "build" jobs.

This should make it easier to quickly recognize:

  - what kind of actions are performed by each job,
  - which BIND build flavor is used by each job,
  - which operating system image is used by each job.

7 years agoDefine a template for precheck jobs
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Define a template for precheck jobs

7 years agoMerge install_test_job template into the job definition as it is only used once
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Merge install_test_job template into the job definition as it is only used once

7 years agoShorten Docker image definitions by using YAML anchors for runner tags
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Shorten Docker image definitions by using YAML anchors for runner tags

While we are at it, drop use of the "docker" tag since all BIND CI jobs
are currently run inside Docker containers.

7 years agoBuild ARM in the build stage
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Build ARM in the build stage

There is no need to build BIND binaries before building docs and thus
the job building the current version of the ARM can be moved to the
build stage of CI.

7 years agoReplace double colon with a single colon
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Replace double colon with a single colon

7 years agoRemove unused parts of .gitlab-ci.yml
Michał Kępień [Fri, 18 Jan 2019 13:28:47 +0000 (14:28 +0100)] 
Remove unused parts of .gitlab-ci.yml

Remove the following from .gitlab-ci.yml:

  - unused variable definitions,
  - unused Docker image definitions,
  - commands which have no effect,
  - sections which were commented out.

7 years agoMerge branch '752-disable-forwarders-when-priming' into 'master'
Evan Hunt [Wed, 16 Jan 2019 22:52:08 +0000 (17:52 -0500)] 
Merge branch '752-disable-forwarders-when-priming' into 'master'

If possible don't use forwarders when priming the resolver.

Closes #752

See merge request isc-projects/bind9!1296

7 years agoIf possible don't use forwarders when priming the resolver.
Witold Kręcicki [Thu, 3 Jan 2019 13:58:05 +0000 (14:58 +0100)] 
If possible don't use forwarders when priming the resolver.

If we try to fetch a record from cache and need to look into
hints database we assume that the resolver is not primed and
start dns_resolver_prime(). Priming query is supposed to return
NSes for "." in ANSWER section and glue records for them in
ADDITIONAL section, so that we can fill that info in 'regular'
cache and not use hints db anymore.
However, if we're using a forwarder the priming query goes through
it, and if it's configured to return minimal answers we won't get
the addresses of root servers in ADDITIONAL section. Since the
only records for root servers we have are in hints database we'll
try to prime the resolver with every single query.

This patch adds a DNS_FETCHOPT_NOFORWARD flag which avoids using
forwarders if possible (that is if we have forward-first policy).
Using this flag on priming fetch fixes the problem as we get the
proper glue. With forward-only policy the problem is non-existent,
as we'll never ask for root server addresses because we'll never
have a need to query them.

Also added a test to confirm priming queries are not forwarded.

7 years agoMerge branch 'pkcs11-pubattr-check' into 'master'
Mark Andrews [Wed, 16 Jan 2019 21:37:55 +0000 (16:37 -0500)] 
Merge branch 'pkcs11-pubattr-check' into 'master'

Make sure null atributes are never used

See merge request isc-projects/bind9!1353

7 years agoMake sure null atributes are never used
Petr Menšík [Fri, 4 Jan 2019 19:28:35 +0000 (20:28 +0100)] 
Make sure null atributes are never used

Add INSIST to pubattr fetching where null might occur in therory. Make
sure null is never dereferenced.

7 years agoMerge branch '797-handle-timeouts-when-qminimizing' into 'master'
Evan Hunt [Wed, 16 Jan 2019 19:21:08 +0000 (14:21 -0500)] 
Merge branch '797-handle-timeouts-when-qminimizing' into 'master'

Don't retry query on timeout if we're qname minimizing

Closes #797

See merge request isc-projects/bind9!1293

7 years agoWhen a forwarder fails and we're not in a forward-only mode we
Witold Kręcicki [Thu, 3 Jan 2019 12:06:39 +0000 (13:06 +0100)] 
When a forwarder fails and we're not in a forward-only mode we
go back to regular resolution. When this happens the fetch timer is
already running, and we might end up in a situation where we we create
a fetch for qname-minimized query and after that the timer is triggered
and the query is retried (fctx_try) - which causes relaunching of
qname-minimization fetch - and since we already have a qmin fetch
for this fctx - assertion failure.

This fix stops the timer when doing qname minimization - qmin fetch
internal timer should take care of all the possible timeouts.

7 years agoMerge branch '818-improve-mirror-zone-logging' into 'master'
Evan Hunt [Wed, 16 Jan 2019 19:05:20 +0000 (14:05 -0500)] 
Merge branch '818-improve-mirror-zone-logging' into 'master'

Improve mirror zone logging

Closes #818

See merge request isc-projects/bind9!1351

7 years agoAdd CHANGES entry
Michał Kępień [Wed, 16 Jan 2019 14:31:48 +0000 (15:31 +0100)] 
Add CHANGES entry

5137. [func] named now logs messages whenever a mirror zone becomes
usable or unusable for resolution purposes. [GL #818]

7 years agoLog a message when a mirror zone becomes unusable
Michał Kępień [Wed, 16 Jan 2019 14:31:48 +0000 (15:31 +0100)] 
Log a message when a mirror zone becomes unusable

Log a message if a mirror zone becomes unusable for the resolver (most
usually due to the zone's expiration timer firing).  Ensure that
verification failures do not cause a mirror zone to be unloaded
(instead, its last successfully verified version should be served if it
is available).

7 years agoLog a message when a mirror zone loaded from disk comes into effect
Michał Kępień [Wed, 16 Jan 2019 14:31:48 +0000 (15:31 +0100)] 
Log a message when a mirror zone loaded from disk comes into effect

Log a message when a mirror zone is successfully loaded from disk and
subsequently verified.

This could have been implemented in a simpler manner, e.g. by modifying
an earlier code branch inside zone_postload() which checks whether the
zone already has a database attached and calls attachdb() if it does
not, but that would cause the resulting logs to indicate that a mirror
zone comes into effect before the "loaded serial ..." message is logged,
which would be confusing.

Tweak some existing sed commands used in the "mirror" system test to
ensure that separate test cases comprising it do not break each other.

7 years agoLog a message when a transferred mirror zone comes into effect
Michał Kępień [Wed, 16 Jan 2019 14:31:48 +0000 (15:31 +0100)] 
Log a message when a transferred mirror zone comes into effect

Log a message when a mirror zone is successfully transferred and
verified, but only if no database for that zone was yet loaded at the
time the transfer was initiated.

This could have been implemented in a simpler manner, e.g. by modifying
zone_replacedb(), but (due to the calling order of the functions
involved in finalizing a zone transfer) that would cause the resulting
logs to suggest that a mirror zone comes into effect before its transfer
is finished, which would be confusing given the nature of mirror zones
and the fact that no message is logged upon successful mirror zone
verification.

Once the dns_zone_replacedb() call in axfr_finalize() is made, it
becomes impossible to determine whether the transferred zone had a
database attached before the transfer was started.  Thus, that check is
instead performed when the transfer context is first created and the
result of this check is passed around in a field of the transfer context
structure.  If it turns out to be desired, the relevant log message is
then emitted just before the transfer context is freed.

Taking this approach means that the log message added by this commit is
not timed precisely, i.e. mirror zone data may be used before this
message is logged.  However, that can only be fixed by logging the
message inside zone_replacedb(), which causes arguably more dire issues
discussed above.

dns_zone_isloaded() is not used to double-check that transferred zone
data was correctly loaded since the 'shutdown_result' field of the zone
transfer context will not be set to ISC_R_SUCCESS unless axfr_finalize()
succeeds (and that in turn will not happen unless dns_zone_replacedb()
succeeds).

7 years agoMerge branch '512-acl-config' into 'master'
Evan Hunt [Wed, 16 Jan 2019 07:40:58 +0000 (02:40 -0500)] 
Merge branch '512-acl-config' into 'master'

Resolve "inconsistent comments, documentation and behavior with some ACLs"

Closes #512

See merge request isc-projects/bind9!733

7 years agoCHANGES
Evan Hunt [Fri, 16 Nov 2018 07:29:05 +0000 (07:29 +0000)] 
CHANGES

7 years agoimproved documentation
Evan Hunt [Thu, 30 Aug 2018 07:48:44 +0000 (00:48 -0700)] 
improved documentation

7 years agofix incorrect comments
Evan Hunt [Thu, 30 Aug 2018 07:48:37 +0000 (00:48 -0700)] 
fix incorrect comments

7 years agoerror on allow-update and allow-update-forwarding at options/view level
Evan Hunt [Thu, 30 Aug 2018 07:48:28 +0000 (00:48 -0700)] 
error on allow-update and allow-update-forwarding at options/view level

7 years agoMerge branch '816-sparc-assembler-not-recognising-pause-instruction-on-base-v9-arch...
Evan Hunt [Wed, 16 Jan 2019 01:41:43 +0000 (20:41 -0500)] 
Merge branch '816-sparc-assembler-not-recognising-pause-instruction-on-base-v9-arch' into 'master'

Resolve "Sparc assembler not recognising "pause" instruction on base v9 arch"

Closes #816

See merge request isc-projects/bind9!1338

7 years agouse smt_pause instead of pause on sparc
Mark Andrews [Tue, 15 Jan 2019 00:35:40 +0000 (11:35 +1100)] 
use smt_pause instead of pause on sparc

7 years agoMerge branch '792-bind9-doesn-t-tcp-retransmit' into 'master'
Evan Hunt [Wed, 16 Jan 2019 01:21:18 +0000 (20:21 -0500)] 
Merge branch '792-bind9-doesn-t-tcp-retransmit' into 'master'

Resolve "bind9 doesn't tcp retransmit"

Closes #792

See merge request isc-projects/bind9!1284

7 years agoadjust timeout to allow for ECN negotiation failures
Mark Andrews [Fri, 28 Dec 2018 04:16:04 +0000 (15:16 +1100)] 
adjust timeout to allow for ECN negotiation failures

7 years agoMerge branch '590-win32-sample-gai-c-should-call-wsastartup' into 'master'
Mark Andrews [Tue, 15 Jan 2019 05:26:32 +0000 (00:26 -0500)] 
Merge branch '590-win32-sample-gai-c-should-call-wsastartup' into 'master'

Resolve "[Win32] sample-gai.c should call WSAStartup()"

Closes #590

See merge request isc-projects/bind9!1340

7 years agoadd CHANGES
Mark Andrews [Tue, 15 Jan 2019 03:23:21 +0000 (14:23 +1100)] 
add CHANGES

7 years agoensure that WSAStartup is called before getservbyname
Mark Andrews [Tue, 15 Jan 2019 03:19:59 +0000 (14:19 +1100)] 
ensure that WSAStartup is called before getservbyname

7 years agoMerge branch 'u/fanf2/rndc-managed-keys' into 'master'
Evan Hunt [Tue, 15 Jan 2019 00:11:28 +0000 (19:11 -0500)] 
Merge branch 'u/fanf2/rndc-managed-keys' into 'master'

Fix a few cosmetic issues with `rndc managed-keys`

See merge request isc-projects/bind9!1327

7 years agoadd multi-view server and tests
Mark Andrews [Mon, 14 Jan 2019 05:40:00 +0000 (16:40 +1100)] 
add multi-view server and tests

7 years agoadd CHANGES note
Mark Andrews [Mon, 14 Jan 2019 05:09:36 +0000 (16:09 +1100)] 
add CHANGES note

7 years agoFix a few cosmetic issues with `rndc managed-keys`
Tony Finch [Fri, 11 Jan 2019 15:17:04 +0000 (15:17 +0000)] 
Fix a few cosmetic issues with `rndc managed-keys`

The handling of class and view arguments was broken, because the code
didn't realise that next_token() would overwrite the class name when
it parsed the view name. The code was trying to implement a syntax
like `refresh [[class] view]`, but it was documented to have a syntax
like `refresh [class [view]]`. The latter is consistent with other rndc
commands, so that is how I have fixed it.

Before:

$ rndc managed-keys refresh in rec
rndc: 'managed-keys' failed: unknown class/type
unknown class 'rec'

After:

$ rndc managed-keys refresh in rec
refreshing managed keys for 'rec'

There were missing newlines in the output from `rndc managed-keys
refresh` and `rndc managed-keys destroy`.

Before:

$ rndc managed-keys refresh
refreshing managed keys for 'rec'refreshing managed keys for 'auth'

After:

$ rndc managed-keys refresh
refreshing managed keys for 'rec'
refreshing managed keys for 'auth'

7 years agoMerge branch 'ondrej/each-fix-dnssec-test-error-bis' into 'master'
Evan Hunt [Mon, 14 Jan 2019 20:17:56 +0000 (15:17 -0500)] 
Merge branch 'ondrej/each-fix-dnssec-test-error-bis' into 'master'

b/t/s/dnssec/tests.sh: Cleanup showprivate() function

See merge request isc-projects/bind9!1335

7 years agob/t/s/dnssec/tests.sh: Cleanup showprivate() function
Ondřej Surý [Mon, 14 Jan 2019 10:49:55 +0000 (11:49 +0100)] 
b/t/s/dnssec/tests.sh: Cleanup showprivate() function

7 years agoMerge branch 'ondrej/fix-race-condition-in-dnstap' into 'master'
Ondřej Surý [Mon, 14 Jan 2019 10:42:25 +0000 (05:42 -0500)] 
Merge branch 'ondrej/fix-race-condition-in-dnstap' into 'master'

Fix race condition in cleanup part of dns_dt_create()

See merge request isc-projects/bind9!1323

7 years agoAdd CHANGES entry for GL!1323
Witold Kręcicki [Mon, 14 Jan 2019 09:20:56 +0000 (10:20 +0100)] 
Add CHANGES entry for GL!1323

7 years agoFix race condition in cleanup part of dns_dt_create()
Ondřej Surý [Fri, 23 Nov 2018 21:05:08 +0000 (22:05 +0100)] 
Fix race condition in cleanup part of dns_dt_create()

7 years agoMerge branch 'each-fix-dnssec-test-error' into 'master'
Evan Hunt [Mon, 14 Jan 2019 02:09:02 +0000 (21:09 -0500)] 
Merge branch 'each-fix-dnssec-test-error' into 'master'

DNSSEC test error

See merge request isc-projects/bind9!1330

7 years agofix testing errors
Evan Hunt [Fri, 11 Jan 2019 22:37:21 +0000 (14:37 -0800)] 
fix testing errors

- the checkprivate function in the dnssec test set ret=0, erasing
  results from previous tests and making the test appear to have passed
  when it shouldn't have
- checkprivate needed a delay loop to ensure there was time for all
  private signing records to be updated before the test

7 years agoMerge branch 'u/fanf2/rndc-alphabetize' into 'master'
Mark Andrews [Mon, 14 Jan 2019 01:25:41 +0000 (20:25 -0500)] 
Merge branch 'u/fanf2/rndc-alphabetize' into 'master'

cleanup: alphabetize rndc command dispatch

See merge request isc-projects/bind9!1328

7 years agocleanup: alphabetize rndc command dispatch
Tony Finch [Fri, 11 Jan 2019 15:16:35 +0000 (15:16 +0000)] 
cleanup: alphabetize rndc command dispatch

7 years agoMerge branch '801-silence-coverity-issues' into 'master'
Mark Andrews [Thu, 10 Jan 2019 04:02:16 +0000 (23:02 -0500)] 
Merge branch '801-silence-coverity-issues' into 'master'

Resolve "Silence Coverity Issues"

Closes #801

See merge request isc-projects/bind9!1285

7 years agosilence coverity issues; move isc_refcount_decrement out of INSIST
Mark Andrews [Mon, 31 Dec 2018 06:57:16 +0000 (17:57 +1100)] 
silence coverity issues; move isc_refcount_decrement out of INSIST

7 years agoMerge branch '709-get-rid-of-message-catalogs' into 'master'
Ondřej Surý [Wed, 9 Jan 2019 23:07:56 +0000 (18:07 -0500)] 
Merge branch '709-get-rid-of-message-catalogs' into 'master'

Resolve "Get rid of message catalogs"

Closes #709

See merge request isc-projects/bind9!1131

7 years agoAdd CHANGES entry for GL #709
Ondřej Surý [Fri, 23 Nov 2018 21:13:16 +0000 (22:13 +0100)] 
Add CHANGES entry for GL #709

7 years agoDocument removal of message catalogs in the release notes
Ondřej Surý [Fri, 23 Nov 2018 21:11:43 +0000 (22:11 +0100)] 
Document removal of message catalogs in the release notes

7 years agoRemove message catalogs
Ondřej Surý [Fri, 23 Nov 2018 20:35:01 +0000 (21:35 +0100)] 
Remove message catalogs

7 years agoMerge branch '798-dlz-build_querystring-broken' into 'master'
Mark Andrews [Wed, 9 Jan 2019 09:21:26 +0000 (04:21 -0500)] 
Merge branch '798-dlz-build_querystring-broken' into 'master'

Resolve "DLZ build_querystring broken"

Closes #798

See merge request isc-projects/bind9!1281

7 years agocorrectly split query string; cleanups
Mark Andrews [Thu, 27 Dec 2018 00:44:52 +0000 (11:44 +1100)] 
correctly split query string; cleanups

7 years agoMerge branch '784-bind-9-12-3-p1-fatal-error' into 'master'
Mark Andrews [Wed, 9 Jan 2019 08:46:43 +0000 (03:46 -0500)] 
Merge branch '784-bind-9-12-3-p1-fatal-error' into 'master'

Resolve "bind 9.12.3-P1 fatal error"

Closes #784

See merge request isc-projects/bind9!1283

7 years agoadd CHANGES
Mark Andrews [Thu, 27 Dec 2018 02:47:08 +0000 (13:47 +1100)] 
add CHANGES

7 years agoupdate refreshkeytime
Mark Andrews [Thu, 27 Dec 2018 02:44:16 +0000 (13:44 +1100)] 
update refreshkeytime

7 years agoMerge branch 'marka-maybe_numeric-and-nul' into 'master'
Mark Andrews [Wed, 9 Jan 2019 07:58:23 +0000 (02:58 -0500)] 
Merge branch 'marka-maybe_numeric-and-nul' into 'master'

maybe_numeric failed to handle NUL in text region.

Closes #807

See merge request isc-projects/bind9!1319

7 years agomaybe_numeric failed to handle NUL in text region.
Mark Andrews [Fri, 4 Jan 2019 04:22:25 +0000 (15:22 +1100)] 
maybe_numeric failed to handle NUL in text region.

7 years agoMerge branch 'marka-fail-when-required-field-is-missing' into 'master'
Mark Andrews [Wed, 9 Jan 2019 07:27:37 +0000 (02:27 -0500)] 
Merge branch 'marka-fail-when-required-field-is-missing' into 'master'

Ensure base64/base32/hex fields in DNS records that should be non-empty are.

See merge request isc-projects/bind9!1318

7 years agoEnsure base64/base32/hex fields in DNS records that should be non-empty are.
Mark Andrews [Fri, 4 Jan 2019 04:20:04 +0000 (15:20 +1100)] 
Ensure base64/base32/hex fields in DNS records that should be non-empty are.

7 years agoMerge branch '804-large-nsec3-responses-cause-failure-in-adding-records-to-ncache...
Mark Andrews [Wed, 9 Jan 2019 05:06:30 +0000 (00:06 -0500)] 
Merge branch '804-large-nsec3-responses-cause-failure-in-adding-records-to-ncache-and-eventually-formerr-instead-of-nxdomain' into 'master'

Resolve "Large NSEC3 responses cause failure in adding records to ncache and, eventually, FORMERR (instead of NXDOMAIN)"

Closes #804

See merge request isc-projects/bind9!1295

7 years agoadd CHANGES entry
Mark Andrews [Thu, 3 Jan 2019 05:11:19 +0000 (16:11 +1100)] 
add CHANGES entry

7 years agoallow for up 100 records or 64K of data to be in a ncache entry
Mark Andrews [Thu, 3 Jan 2019 05:08:39 +0000 (16:08 +1100)] 
allow for up 100 records or 64K of data to be in a ncache entry

7 years agoMerge branch '804-large-nsec3-responses-cause-failure-in-adding-records-to-ncache...
Mark Andrews [Wed, 9 Jan 2019 04:39:42 +0000 (23:39 -0500)] 
Merge branch '804-large-nsec3-responses-cause-failure-in-adding-records-to-ncache-and-eventually-formerr-instead-of-nxdomain-2' into 'master'

Resolve "Large NSEC3 responses cause failure in adding records to ncache and, eventually, FORMERR (instead of NXDOMAIN)"

Closes #804

See merge request isc-projects/bind9!1298

7 years agoadd CHANGES
Mark Andrews [Wed, 9 Jan 2019 04:07:40 +0000 (15:07 +1100)] 
add CHANGES

7 years agoexplictly convert ISC_R_NOSPACE from dns_message_parse to DNS_R_FORMERR and remove...
Mark Andrews [Mon, 7 Jan 2019 03:05:43 +0000 (14:05 +1100)] 
explictly convert ISC_R_NOSPACE from dns_message_parse to DNS_R_FORMERR and remove from dns_result_torcode

7 years agoMerge branch '812-cookie-test-failed' into 'master'
Evan Hunt [Wed, 9 Jan 2019 04:15:40 +0000 (23:15 -0500)] 
Merge branch '812-cookie-test-failed' into 'master'

Resolve "cookie test failed."

Closes #812

See merge request isc-projects/bind9!1300

7 years agowait longer for dump to complete
Mark Andrews [Mon, 7 Jan 2019 04:18:46 +0000 (15:18 +1100)] 
wait longer for dump to complete

7 years agoMerge branch 'ondrej/disable-CI-in-release-branches' into 'master'
Ondřej Surý [Tue, 8 Jan 2019 13:57:13 +0000 (08:57 -0500)] 
Merge branch 'ondrej/disable-CI-in-release-branches' into 'master'

Run the regular pipelines only for merge requests, and run only the Debian sid...

See merge request isc-projects/bind9!1309

7 years agoRun the regular pipelines only for merge requests, and run only the Debian sid build...
Ondřej Surý [Tue, 8 Jan 2019 13:23:51 +0000 (14:23 +0100)] 
Run the regular pipelines only for merge requests, and run only the Debian sid build for release branches

7 years agoMerge branch '692-dig-fix-cleanup-upon-an-error-before-tcp-socket-creation' into...
Michał Kępień [Tue, 8 Jan 2019 10:57:10 +0000 (05:57 -0500)] 
Merge branch '692-dig-fix-cleanup-upon-an-error-before-tcp-socket-creation' into 'master'

Fix cleanup upon an error before TCP socket creation

Closes #692

See merge request isc-projects/bind9!1100

7 years agoAdd CHANGES entry
Michał Kępień [Tue, 8 Jan 2019 10:17:39 +0000 (11:17 +0100)] 
Add CHANGES entry

5123. [bug] dig could hang indefinitely after encountering an error
before creating a TCP socket. [GL #692]

7 years agoFix cleanup upon an error before TCP socket creation
Michał Kępień [Tue, 8 Jan 2019 10:17:39 +0000 (11:17 +0100)] 
Fix cleanup upon an error before TCP socket creation

When a query times out after a socket is created and associated with a
given dig_query_t structure, calling isc_socket_cancel() causes
connect_done() to be run, which in turn takes care of all necessary
cleanups.  However, certain errors (e.g. get_address() returning
ISC_R_FAMILYNOSUPPORT) may prevent a TCP socket from being created in
the first place.  Since force_timeout() may be used in code handling
such errors, connect_timeout() needs to properly clean up a TCP query
which is not associated with any socket.  Call clear_query() from
connect_timeout() after attempting to send a TCP query to the next
available server if the timed out query does not have a socket
associated with it, in order to prevent dig from hanging indefinitely
due to the dig_query_t structure not being detached from its parent
dig_lookup_t structure.

7 years agoRefactor code sending a query to the next server upon a timeout
Michał Kępień [Tue, 8 Jan 2019 10:17:39 +0000 (11:17 +0100)] 
Refactor code sending a query to the next server upon a timeout

When a query times out and another server is available for querying
within the same lookup, the timeout handler - connect_timeout() - is
responsible for sending the query to the next server.  Extract the
relevant part of connect_timeout() to a separate function in order to
improve code readability.

7 years agoRemove dead code handling address family mismatches for TCP sockets
Michał Kępień [Tue, 8 Jan 2019 10:17:39 +0000 (11:17 +0100)] 
Remove dead code handling address family mismatches for TCP sockets

Before commit c2ec022f5784a2ff844f7d062c2022197dc4ad09, using the "-b"
command line switch for dig did not disable use of the other address
family than the one to which the address supplied to that option
belonged to.  Thus, bind9_getaddresses() could e.g. prepare an
isc_sockaddr_t structure for an IPv6 address when an IPv4 address has
been passed to the "-b" command line option.  To avoid attempting the
impossible (e.g. querying an IPv6 address from a socket bound to an IPv4
address), a certain code block in send_tcp_connect() checked whether the
address family of the server to be queried was the same as the address
family of the socket set up for sending that query; if there was a
mismatch, that particular server address was skipped.

Commit c2ec022f5784a2ff844f7d062c2022197dc4ad09 made
bind9_getaddresses() fail upon an address family mismatch between the
address the hostname passed to it resolved to and the address supplied
to the "-b" command line option.  Such failures were fatal to dig back
then.

Commit 7f658603910358db7ee27ffb9783096250afab62 made
bind9_getaddresses() failures non-fatal, but also ensured that a
get_address() failure in send_tcp_connect() still causes the given query
address to be skipped (and also made such failures trigger an early
return from send_tcp_connect()).

Summing up, the code block handling address family mismatches in
send_tcp_connect() has been redundant since commit
c2ec022f5784a2ff844f7d062c2022197dc4ad09.  Remove it.

7 years agoMerge branch '315-track-forwarder-timeouts-in-fetch-contexts' into 'master'
Michał Kępień [Tue, 8 Jan 2019 10:00:03 +0000 (05:00 -0500)] 
Merge branch '315-track-forwarder-timeouts-in-fetch-contexts' into 'master'

Track forwarder timeouts in fetch contexts

Closes #315

See merge request isc-projects/bind9!826

7 years agoAdd CHANGES entry
Michał Kępień [Tue, 8 Jan 2019 07:29:54 +0000 (08:29 +0100)] 
Add CHANGES entry

5122. [bug] In a "forward first;" configuration, a forwarder
timeout did not prevent that forwarder from being
queried again after falling back to full recursive
resolution. [GL #315]

7 years agoTrack forwarder timeouts in fetch contexts
Michał Kępień [Tue, 8 Jan 2019 07:29:54 +0000 (08:29 +0100)] 
Track forwarder timeouts in fetch contexts

Since following a delegation resets most fetch context state, address
marks (FCTX_ADDRINFO_MARK) set inside lib/dns/resolver.c are not
preserved when a delegation is followed.  This is fine for full
recursive resolution but when named is configured with "forward first;"
and one of the specified forwarders times out, triggering a fallback to
full recursive resolution, that forwarder should no longer be consulted
at each delegation point subsequently reached within a given fetch
context.

Add a new badnstype_t enum value, badns_forwarder, and use it to mark a
forwarder as bad when it times out in a "forward first;" configuration.
Since the bad server list is not cleaned when a fetch context follows a
delegation, this prevents a forwarder from being queried again after
falling back to full recursive resolution.  Yet, as each fetch context
maintains its own list of bad servers, this change does not cause a
forwarder timeout to prevent that forwarder from being used by other
fetch contexts.

7 years agoMerge branch 'marka-fix-stub_dlz_allowzonexfr' into 'master'
Mark Andrews [Mon, 7 Jan 2019 04:06:13 +0000 (23:06 -0500)] 
Merge branch 'marka-fix-stub_dlz_allowzonexfr' into 'master'

return ISC_R_NOTFOUND when name does not match the zone name

See merge request isc-projects/bind9!1299

7 years agoadd CHANGES
Mark Andrews [Mon, 7 Jan 2019 03:38:48 +0000 (14:38 +1100)] 
add CHANGES

7 years agoreturn ISC_R_NOTFOUND when name does not match the zone name
Mark Andrews [Wed, 2 Jan 2019 02:37:31 +0000 (13:37 +1100)] 
return ISC_R_NOTFOUND when name does not match the zone name

7 years agoMerge branch 'placeholder' into 'master'
Evan Hunt [Thu, 3 Jan 2019 19:10:30 +0000 (14:10 -0500)] 
Merge branch 'placeholder' into 'master'

placeholder

See merge request isc-projects/bind9!1297

7 years agoplaceholder
Evan Hunt [Thu, 3 Jan 2019 19:10:05 +0000 (11:10 -0800)] 
placeholder

7 years agoMerge branch 'placeholder' into 'master'
Evan Hunt [Thu, 3 Jan 2019 01:30:47 +0000 (20:30 -0500)] 
Merge branch 'placeholder' into 'master'

placeholder

See merge request isc-projects/bind9!1294

7 years agoplaceholder
Evan Hunt [Thu, 3 Jan 2019 01:30:18 +0000 (17:30 -0800)] 
placeholder

7 years agoMerge branch 'indenting' into 'master'
Mark Andrews [Wed, 2 Jan 2019 00:41:35 +0000 (19:41 -0500)] 
Merge branch 'indenting' into 'master'

indenting

See merge request isc-projects/bind9!1286

7 years agoindenting
Mark Andrews [Tue, 1 Jan 2019 23:11:51 +0000 (10:11 +1100)] 
indenting

7 years agoMerge branch 'copyrights' into 'master'
Mark Andrews [Tue, 1 Jan 2019 23:53:45 +0000 (18:53 -0500)] 
Merge branch 'copyrights' into 'master'

update copyrights

See merge request isc-projects/bind9!1287

7 years agoupdate copyrights
Mark Andrews [Tue, 1 Jan 2019 23:20:43 +0000 (10:20 +1100)] 
update copyrights

7 years agoMerge branch 'marka-readme-typo' into 'master'
Mark Andrews [Thu, 27 Dec 2018 01:38:21 +0000 (20:38 -0500)] 
Merge branch 'marka-readme-typo' into 'master'

fix typo in readme

See merge request isc-projects/bind9!1282

7 years agos/now/no/
Mark Andrews [Thu, 27 Dec 2018 01:37:11 +0000 (12:37 +1100)] 
s/now/no/