2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 21:17:54 +00:00

306 Commits

Author SHA1 Message Date
Ondřej Surý
64fe6bbaf2 Replace ISC_PRINT_QUADFORMAT with inttypes.h format constants 2018-08-08 09:36:44 +02:00
Ondřej Surý
c3b8130fe8 Make OpenSSL mandatory 2018-07-19 12:47:03 -04:00
Mark Andrews
33ff03db58 log the remaining -V info at startup 2018-06-25 14:51:28 -07:00
Mark Andrews
87a3dc8ab9 add support -T sigvalinsecs 2018-06-06 15:35:57 +10:00
Mark Andrews
b491ceeb50 move -T parsing to its own function 2018-06-06 13:26:59 +10:00
Ondřej Surý
7ee8a7e69f address win32 build issues
- Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
  HAVE_OPENSSL/HAVE_PKCS11
- Don't enforce the crypto provider from platform.h, just from dst_api.c
  and configure scripts
2018-05-22 16:32:21 -07:00
Ondřej Surý
3a4f820d62 Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API.
The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.

The isc_random family of functions internally use these CSPRNG (if available):

1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library
2018-05-16 09:54:35 +02:00
Ondřej Surý
5311a3b7b5 We use too old Visual Compiler to use scoped variables 2018-04-12 10:37:33 +02:00
Ondřej Surý
11f26b42e3 Replace all usage of non-reentrant strtok() with strtok_r() 2018-04-12 10:37:33 +02:00
Ondřej Surý
b097be17ef Remove unused obsolete isc_hash_* function, and just keep the FNV-1a version 2018-04-04 23:12:14 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Ondřej Surý
ab1b02d274 Update copyright information after !59 merge. 2018-02-23 09:02:49 +01:00
Evan Hunt
1cb250c37c Added a release note, plus minor cleanups. 2018-02-22 13:38:51 -08:00
Ondřej Surý
c2c1e2531b Remove libseccomp based system-call filtering. 2018-02-22 13:41:06 +01:00
Evan Hunt
c89f1bf1b6 [master] turn off memory fill by default
4768.	[func]		By default, memory is no longer filled with tag values
			when it is allocated or freed; this improves
			performance but makes debugging of certain memory
			issues more difficult. "named -M fill" turns memory
			filling back on. (Building "configure
			--enable-developer", turns memory fill on by
			default again; it can then be disabled with
			"named -M nofill".) [RT #45123]
2017-10-09 09:55:37 -07:00
Evan Hunt
995c41e8f0 [master] further restrict update-policy local
4762.	[func]		"update-policy local" is now restricted to updates
			from local addresses. (Previously, other addresses
			were allowed so long as updates were signed by the
			local session key.) [RT #45492]
2017-10-06 15:43:31 -07:00
Evan Hunt
114f95089c [master] cleanup strcat/strcpy
4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]
2017-09-13 00:14:37 -07:00
Evan Hunt
8eb88aafee [master] add libns and remove liblwres
4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                        are no longer supported. [RT #45186]

4707.	[func]		The lightweight resolver daemon and library (lwresd
			and liblwres) have been removed. [RT #45186]

4706.	[func]		Code implementing name server query processing has
			been moved from bin/named to a new library "libns".
			Functions remaining in bin/named are now prefixed
			with "named_" rather than "ns_".  This will make it
			easier to write unit tests for name server code, or
			link name server functionality into new tools.
			[RT #45186]
2017-09-08 13:47:34 -07:00
Mark Andrews
c9ee977f31 added -T keepstderr to keep stderr open when daemonizing [RT #43736] 2016-12-05 10:38:16 +11:00
Mark Andrews
9bfebc4a6a check for LIBRESSL_VERSION_NUMBER
(cherry picked from commit b2c1d6f0a26155acce60530a2accfcf05a9f9e82)
2016-11-01 12:49:23 +11:00
Mark Andrews
1fce0951ed 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-10-31 10:04:37 +11:00
Mark Andrews
8eceb0bffe 4461. [bug] win32: not all external data was properly marked
as external data for windows dll. [RT #43161]
2016-09-07 14:12:11 +10:00
Mark Andrews
c1915935cf 4429. [bug] Address potential use after free on fclose() error.
[RT #42976]
2016-08-08 09:50:34 +10:00
Mark Andrews
f20179857a 4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
to provide feedback to the trust-anchor administrators
                        about how key rollovers are progressing as per
                        draft-ietf-dnsop-edns-key-tag-02.  This can be
                        disabled using 'trust-anchor-telemetry no;'.
                        [RT #40583]
2016-07-22 20:02:17 +10:00
Mark Andrews
557c7221fd 4409. [bug] DNS64 should exlude mapped addresses by default when
a exclude acl is not defined. [RT #42810]
2016-07-11 14:11:34 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Witold Krecicki
19d80ce584 4358. [test] Added American Fuzzy Lop harness that allows
feeding fuzzed packets into BIND.
			[RT #41723]
2016-05-05 11:49:38 +02:00
Mark Andrews
756c643330 4334. [func] 'named -V' now reports zlib version. [RT #41913] 2016-03-13 07:48:11 +11:00
Tinderbox User
62735fcde3 update copyright notice / whitespace 2016-02-23 23:45:35 +00:00
Mark Andrews
a125381c60 update usage 2016-02-23 16:57:02 +11:00
Evan Hunt
f02c22d58a [master] add uname data to named -V
4308.	[func]		Added operating system details to "named -V"
			output. [RT #41452]
2016-01-30 11:06:58 -08:00
Mark Andrews
f06b6a9b14 4247. [port] Require both HAVE_JSON and JSON_C_VERSION to be
defined to report json library version. [RT #41045]
2015-10-29 15:22:41 +11:00
Mukund Sivaraman
930719e876 Update the default value for number of UDP listeners (#40761) 2015-10-03 07:08:55 +05:30
Evan Hunt
a00f9e2f50 [master] merge dyndb
4224.	[func]		Added support for "dyndb", a new interface for loading
			zone data from an external database, developed by
			Red Hat for the FreeIPA project.

			DynDB drivers fully implement the BIND database
			API, and are capable of significantly better
			performance and functionality than DLZ drivers,
			while taking advantage of advanced database
			features not available in BIND such as multi-master
			replication.

			Thanks to Adam Tkac and Petr Spacek of Red Hat.
			[RT #35271]
2015-09-28 23:12:35 -07:00
Evan Hunt
da4a7772eb [master] improve thread support reporting
4083.	[cleanup]	Print of the number of CPUs and UDP listeners
			in the log and in "rndc status" output; indicate
			whether threads are supported in "named -V" output.
			[RT #38811]
2015-03-04 15:56:33 -08:00
Evan Hunt
7ae96d8823 [master] add "lock-file" and fix up singleton code
4080.	[func]		Completed change #4022, adding a "lock-file" option
			to named.conf to override the default lock file,
			in addition to the "named -X <filename>" command
			line option.  Setting the lock file to "none"
			using either method disables the check completely.
			[RT #37908]
2015-03-02 19:27:54 -08:00
Mark Andrews
bb5df338d9 4076. [bug] Named could crash on shutdown with outstanding
reload / reconfig events. [RT #38622]
2015-02-27 12:34:43 +11:00
Evan Hunt
044008f58f [master] version cleanup
4073.	[cleanup]	Add libjson-c version number reporting to
			"named -V"; normalize version number formatting.
			[RT #38056]
2015-02-26 12:21:10 -08:00
Mukund Sivaraman
5a505fc4c2 Add facility to run system test nameds under Valgrind (#38546) 2015-02-25 09:06:45 +05:30
Evan Hunt
07229d51a6 [master] report library version numbers on win32 2015-02-20 23:23:59 -08:00
Evan Hunt
591389c7d4 [master] 5011 tests and fixes
4056.	[bug]		Expanded automatic testing of trust anchor
			management and fixed several small bugs including
			a memory leak and a possible loss of key state
			information. [RT #38458]

4055.	[func]		"rndc managed-keys" can be used to check status
			of trust anchors or to force keys to be refreshed,
			Also, the managed keys data file has easier-to-read
			comments.  [RT #38458]
2015-02-05 17:18:15 -08:00
Tinderbox User
be755f4725 update copyright notice / whitespace 2015-01-22 23:45:26 +00:00
Evan Hunt
9175a4ed63 [master] fixed library version reporting
- forgot to include a CHANGES note
- disabled on windows (it fails to link)
2015-01-22 11:17:03 -08:00
Evan Hunt
84ee90b52d [master] fix 'total use' accounting
4046.   [bug]           Accounting of "total use" in memory context
                        statistics was not correct. [RT #38370]
2015-01-22 09:44:24 -08:00
Mukund Sivaraman
47d837a499 Make named a singleton process [RT#37908]
Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/win32/libdns.def.in
	lib/isc/win32/file.c

The merge also needed to update files in legacy and tcp system tests
(newly introduced in master after branch was created) to introduce use
of lockfile.
2014-12-18 12:31:25 +05:30
Mark Andrews
693d70f96f 4017. [testing] Add system test to check lookups to legacy servers
with broken DNS behaviour. [RT #37965]
2014-12-04 07:01:52 +11:00
Francis Dupont
1831311ac6 added hooks for gperftools CPU profiler [#37339] 2014-10-08 15:14:02 +02:00
Mark Andrews
6979ebf549 3968. [bug] Silence spurious log messages when using 'named -[46]'.
[RT #37308]
2014-10-03 08:05:56 +10:00
Evan Hunt
940b03cef2 [master] release seccomp context when finished 2014-06-16 11:19:40 -07:00
Evan Hunt
6fa84a3e25 [master] enable libseccomp system call filtering
3851.	[func]		Allow libseccomp based system-call filtering
			on Linux; use "configure --enable-seccomp" to
			turn it on.  Thanks to Loganaden Velvindron for
			the contribution. [RT #35347]
2014-05-15 20:29:30 -07:00