2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Commit Graph

29069 Commits

Author SHA1 Message Date
Mark Andrews
985d9d9c84 Merge branch 'ifconfig.sh-anywhere' into 'master'
Allow ifconfig to be called from any directory

See merge request isc-projects/bind9!1563
2019-03-11 23:08:52 -04:00
Petr Menšík
38301052e1 Allow ifconfig to be called from any directory
ifconfig.sh depends on config.guess for platform guessing. It uses it to
choose between ifconfig or ip tools to configure interfaces. If
system-wide automake script is installed and local was not found, use
platform guess. It should work well on mostly any sane platform. Still
prefers local guess, but passes when if cannot find it.
2019-03-11 22:19:49 -04:00
Michał Kępień
faa0de1349 Merge branch '928-stabilize-delzsk.example-zone-checks' into 'master'
Stabilize "delzsk.example" zone checks

See merge request isc-projects/bind9!1640
2019-03-11 08:28:13 -04:00
Michał Kępień
e02de04e97 Stabilize "delzsk.example" zone checks
When a zone is converted from NSEC to NSEC3, the private record at zone
apex indicating that NSEC3 chain creation is in progress may be removed
during a different (later) zone_nsec3chain() call than the one which
adds the NSEC3PARAM record.  The "delzsk.example" zone check only waits
for the NSEC3PARAM record to start appearing in dig output while private
records at zone apex directly affect "rndc signing -list" output.  This
may trigger false positives for the "autosign" system test as the output
of the "rndc signing -list" command used for checking ZSK deletion
progress may contain extra lines which are not accounted for.  Ensure
the private record is removed from zone apex before triggering ZSK
deletion in the aforementioned check.

Also future-proof the ZSK deletion progress check by making it only look
at lines it should care about.
2019-03-11 13:02:54 +01:00
Michał Kępień
5ac5d90620 Merge branch '129-dnssec-system-test-tweaks' into 'master'
"dnssec" system test tweaks

Closes #129

See merge request isc-projects/bind9!1545
2019-03-11 08:02:06 -04:00
Mark Andrews
dee1f1a498 ${ttl} must exist and be non null 2019-03-11 12:04:44 +01:00
Michał Kępień
a85cc41486 Make ANSWER TTL capping checks stricter
For checks querying a named instance with "dnssec-accept-expired yes;"
set, authoritative responses have a TTL of 300 seconds.  Assuming empty
resolver cache, TTLs of RRsets in the ANSWER section of the first
response to a given query will always match their authoritative
counterparts.  Also note that for a DNSSEC-validating named resolver,
validated RRsets replace any existing non-validated RRsets with the same
owner name and type, e.g. cached from responses received while resolving
CD=1 queries.  Since TTL capping happens before a validated RRset is
inserted into the cache and RRSIG expiry time does not impose an upper
TTL bound when "dnssec-accept-expired yes;" is set and, as pointed out
above, the original TTLs of the relevant RRsets equal 300 seconds, the
RRsets in the ANSWER section of the responses to expiring.example/SOA
and expired.example/SOA queries sent with CD=0 should always be exactly
120 seconds, never a lower value.  Make the relevant TTL checks stricter
to reflect that.
2019-03-11 12:04:42 +01:00
Michał Kępień
8baf859063 Relax ADDITIONAL TTL capping checks
Always expecting a TTL of exactly 300 seconds for RRsets found in the
ADDITIONAL section of responses received for CD=1 queries sent during
TTL capping checks is too strict since these responses will contain
records cached from multiple DNS messages received during the resolution
process.

In responses to queries sent with CD=1, ns.expiring.example/A in the
ADDITIONAL section will come from a delegation returned by ns2 while the
ANSWER section will come from an authoritative answer returned by ns3.
If the queries to ns2 and ns3 happen at different Unix timestamps,
RRsets cached from the older response will have a different TTL by the
time they are returned to dig, triggering a false positive.

Allow a safety margin of 60 seconds for checks inspecting the ADDITIONAL
section of responses to queries sent with CD=1 to fix the issue.  A
safety margin this large is likely overkill, but it is used nevertheless
for consistency with similar safety margins used in other TTL capping
checks.
2019-03-11 12:04:42 +01:00
Michał Kępień
a597bd52a6 Fix message section checked in a TTL capping test
Commit c032c54dda inadvertently changed
the DNS message section inspected by one of the TTL capping checks from
ADDITIONAL to ANSWER, introducing a discrepancy between that check's
description and its actual meaning.  Revert to inspecting the ADDITIONAL
section in the aforementioned check.
2019-03-11 12:04:42 +01:00
Michał Kępień
9a36a1bba3 Fix NTA-related races
Changes introduced by commit 6b8e4d6e69
were incomplete as not all time-sensitive checks were updated to match
revised "nta-lifetime" and "nta-recheck" values.  Prevent rare false
positives by updating all NTA-related checks so that they work reliably
with "nta-lifetime 12s;" and "nta-recheck 9s;".  Update comments as well
to prevent confusion.
2019-03-11 12:04:42 +01:00
Mark Andrews
8555fe8b4b Merge branch '803-add-return-code-to-allow-dlz-s-allowzonexfr-to-fall-back-to-to-the-view-s-allow-transfer-setting' into 'master'
Resolve "Add return code to allow dlz's allowzonexfr to fall back to to the view's allow-transfer setting."

Closes #803

See merge request isc-projects/bind9!1292
2019-03-10 23:42:17 -04:00
Evan Hunt
7cc241ca39 CHANGES 2019-03-11 14:27:13 +11:00
Evan Hunt
e2062879c1 test the use of the view ACL in DLZ 2019-03-11 14:27:13 +11:00
Mark Andrews
a520662ed4 allow dlz to signal that the view's transfer acl should be used 2019-03-11 14:27:13 +11:00
Ondřej Surý
76085b7e9c Merge branch 'ondrej/restore-flockfile-check' into 'master'
Restore missing check for flockfile and getc_unlocked

See merge request isc-projects/bind9!1653
2019-03-08 15:34:16 -05:00
Ondřej Surý
7eea756858 Restore missing check for flockfile and getc_unlocked 2019-03-08 21:20:20 +01:00
Ondřej Surý
a6bb44493c Merge branch '4-use-autoconf-check-for-lfs-support' into 'master'
autoconf has native support for detecting LFS support

See merge request isc-projects/bind9!1652
2019-03-08 15:14:57 -05:00
Ondřej Surý
0eff9a184a Enable LFS using standard autoconf macros 2019-03-08 20:29:34 +01:00
Ondřej Surý
5caf126267 Merge branch '4-set-crlf-in-all-vcxproj-files' into 'master'
Set crlf in all *.vcxproj.* files

See merge request isc-projects/bind9!1651
2019-03-08 12:05:42 -05:00
Ondřej Surý
a04a390195 Convert *.vcxproj.user to CRLF line endings 2019-03-08 18:01:48 +01:00
Ondřej Surý
1b53e939ed Set crlf in all *.vcxproj.* files 2019-03-08 17:59:44 +01:00
Ondřej Surý
d49e9181a0 Merge branch '4-autoinclude-config.h' into 'master'
Use compiler directive to include config.h as a first file

See merge request isc-projects/bind9!1650
2019-03-08 11:39:20 -05:00
Ondřej Surý
2621db706e Update dev documentation to explicitly mention that #include <config.h> should not be used 2019-03-08 17:14:38 +01:00
Ondřej Surý
c2637c8429 Use ForcedIncludeFiles directive to include config.h everywhere automatically 2019-03-08 17:14:38 +01:00
Ondřej Surý
a96393e837 Don't generate #include <config.h> line from mksymtbl.pl 2019-03-08 15:15:05 +01:00
Ondřej Surý
ccfe54f541 Remove config.h check from util/checklibs.sh 2019-03-08 15:15:05 +01:00
Ondřej Surý
1b25d8a0ca Remove explicit '#include <config.h>' from the header files (the include should not have been there in the first place) 2019-03-08 15:15:05 +01:00
Ondřej Surý
78d0cb0a7d Use coccinelle to remove explicit '#include <config.h>' from the source files 2019-03-08 15:15:05 +01:00
Ondřej Surý
0b9f7f8a38 Add semantic patch to remove occurences of '#include <config.h>' 2019-03-08 15:15:05 +01:00
Ondřej Surý
15c46a397e Use -include directive to always include config.h 2019-03-08 14:33:49 +01:00
Michał Kępień
893c65ce3f Merge branch 'michal/fix-regex-used-for-mangling-druz-dnskey' into 'master'
Fix regex used for mangling druz/DNSKEY (in the "dlv" system test)

See merge request isc-projects/bind9!1641
2019-03-08 08:08:55 -05:00
Michał Kępień
fd13fef299 Fix regex used for mangling druz/DNSKEY
During "dlv" system test setup, the "sed" regex used for mangling the
DNSKEY RRset for the "druz" zone does not include the plus sign ("+"),
which may:

  - cause the replacement to happen near the end of DNSKEY RDATA, which
    can cause the latter to become an invalid Base64 string,

  - prevent the replacement from being performed altogether.

Both cases prevent the "dlv" system test from behaving as intended and
may trigger false positives.  Add the missing character to the
aforementioned regex to ensure the replacement is always performed on
bytes 10-25 of DNSKEY RDATA.
2019-03-08 13:47:13 +01:00
Michał Kępień
570f56ab77 Merge branch '925-make-delv-use-os-supplied-ephemeral-port-range' into 'master'
Make delv use OS-supplied ephemeral port range

Closes #925

See merge request isc-projects/bind9!1611
2019-03-08 07:46:07 -05:00
Michał Kępień
bf98324956 Add CHANGES entry
5180.	[bug]		delv now honors the operating system's preferred
			ephemeral port range. [GL #925]
2019-03-08 13:13:32 +01:00
Michał Kępień
ada6846a10 Make delv use OS-supplied ephemeral port range
Make delv honor the operating system's preferred ephemeral port range
instead of always using the default 1024-65535 range for outgoing
messages.
2019-03-08 13:13:32 +01:00
Mark Andrews
99138abe38 Merge branch 'u/fanf2/sectypes' into 'master'
cleanup: use dns_secalg_t and dns_dsdigest_t where appropriate

See merge request isc-projects/bind9!1498
2019-03-08 03:26:18 -05:00
Tony Finch
0f219714e1 cleanup: use dns_secalg_t and dns_dsdigest_t where appropriate
Use them in structs for various rdata types where they are missing.
This doesn't change the structs since we are replacing explicit
uint8_t field types with aliases for uint8_t.

Use dns_dsdigest_t in library function arguments.

Improve dnssec-cds with these more specific types.
2019-03-08 18:37:50 +11:00
Mark Andrews
f285dd9a08 Merge branch 'marka-define-path-max' into 'master'
#include <limits.h> for PATH_MAX, define if not found

See merge request isc-projects/bind9!1635
2019-03-08 02:21:46 -05:00
Mark Andrews
1fc7be36eb #include <limits.h> for PATH_MAX, define if not found 2019-03-08 17:15:01 +11:00
Evan Hunt
ce6f3d4bb4 Merge branch 'each-silence-warning' into 'master'
silence a warning about potential snprintf overrun

See merge request isc-projects/bind9!1558
2019-03-08 00:46:17 -05:00
Evan Hunt
7f26cad247 silence a warning about potential snprintf overrun 2019-03-08 00:27:49 -05:00
Evan Hunt
3fe7acaa6f Merge branch '902-hang-when-unexpected-errno-encountered-during-log-rename' into 'master'
Resolve "Hang when unexpected errno encountered during log rename"

Closes #902

See merge request isc-projects/bind9!1567
2019-03-08 00:22:35 -05:00
Mark Andrews
435ae2f29a Handle EDQUOT and ENOSPC errors 2019-03-07 21:02:48 -08:00
Evan Hunt
fced495d47 Merge branch '884-patches-to-review-3' into 'master'
fix the use of dns_wildcardname as an optimisation in DLZ

Closes #884

See merge request isc-projects/bind9!1532
2019-03-07 23:18:49 -05:00
Mark Andrews
cb32cd98bd fix the use of dns_wildcardname as an optimisation in DLZ 2019-03-07 19:59:29 -08:00
Evan Hunt
c37e78539c Merge branch 'ckb-statistics-test-nit' into 'master'
the wrong variable was used to count the test cases in one place.

See merge request isc-projects/bind9!1625
2019-03-07 20:32:49 -05:00
Curtis Blackburn
4f60a84e34 the wrong variable was used to count the test cases in one place. 2019-03-07 20:15:14 -05:00
Mark Andrews
dad333b644 Merge branch '927-teach-clang-that-_fail-does-not-return' into 'master'
Resolve "teach clang that _fail() does not return."

Closes #927

See merge request isc-projects/bind9!1621
2019-03-07 20:11:53 -05:00
Mark Andrews
3f2b7e1006 add noreturn attribute 2019-03-07 16:45:04 +11:00
Evan Hunt
a4c60a9f08 Merge branch '865-option-to-disable-information-leak-on-rpz-rewrites-isc-support-14178' into 'master'
Resolve "Option to disable information leak on RPZ rewrites [ISC-support #14178]"

Closes #865

See merge request isc-projects/bind9!1514
2019-03-07 00:16:42 -05:00