Evan Hunt
4a0beb64be
[master] start prep for 9.10.0b1
2014-02-19 21:39:35 -08:00
Evan Hunt
9576baafc0
[master] assert if sitok/sitbad are insane
2014-02-19 21:26:31 -08:00
Mark Andrews
d17d32a7bf
set setok/sitbad
2014-02-20 16:16:53 +11:00
Evan Hunt
7adf0928b9
[master] revised previous
2014-02-19 21:13:39 -08:00
Evan Hunt
fc73ba3528
[master] update README
2014-02-19 21:04:28 -08:00
Mark Andrews
f0c00f10a0
report if sit is good/bad
2014-02-20 15:55:09 +11:00
Mark Andrews
51d6d7eea4
continue rather than break
2014-02-20 15:20:12 +11:00
Mark Andrews
45b8dc626a
add #ifdef notdef check of DNS_OPT_EXPIRE length
2014-02-20 15:06:49 +11:00
Evan Hunt
6cba0b8e61
[expireopt] format expire time
2014-02-20 14:57:47 +11:00
Mark Andrews
16134801ce
3750. [experimental] Partially implement EDNS EXPIRE option as described
...
in draft-andrews-dnsext-expire-00. Retrivial of
remaining time to expiry from slave zones is supported.
EXPIRE uses an experimental option code (65002) and
is subject to change. [RT #35416 ]
2014-02-20 14:56:20 +11:00
Mark Andrews
801b958a5c
s/DNS_EDNSOPTIONS/DNS_EDNSOPTIONS/
2014-02-20 14:00:54 +11:00
Mark Andrews
72ba6ba736
define DNS_OPT_EDNSOPTIONS
2014-02-20 13:55:21 +11:00
Mark Andrews
86a85a3bbd
don't error on rpz percentage checks as they fail inconsistently on virtual machines
2014-02-20 12:22:14 +11:00
Evan Hunt
2af7d81efd
[master] unbalanced tag
2014-02-19 17:15:51 -08:00
Evan Hunt
98091cb21d
[master] add tuning option for win32
2014-02-19 16:35:40 -08:00
Evan Hunt
4357e13a4b
[master] whitespace
2014-02-19 15:54:57 -08:00
Mark Andrews
e676a59686
update copyrights
2014-02-20 10:53:11 +11:00
Evan Hunt
d7b9756a21
[master] ENDS client-subnet in dig
...
3749. [func] "dig +subnet" sends an EDNS client subnet option
containing the specified address/prefix when
querying. (Thanks to Wilmer van der Gaast.)
[RT #35415 ]
2014-02-19 15:51:02 -08:00
Tinderbox User
1361e03890
update copyright notice
2014-02-19 23:46:31 +00:00
Francis Dupont
f1a6c8e78c
WIN32 master fixes
2014-02-19 23:17:52 +01:00
Evan Hunt
fd75aaa2b9
[master] change tag
2014-02-19 07:51:22 -08:00
Mark Andrews
e0c6a3944d
silence Function returns no value
2014-02-20 00:27:36 +11:00
Mark Andrews
ab830e68aa
silence unreachable statement by adding #if/#endif
2014-02-20 00:24:56 +11:00
Mark Andrews
969728a667
--with-openssl=no failed
2014-02-19 20:25:12 +11:00
Mark Andrews
f45c36fb19
add client cookie in hmacsha*
2014-02-19 20:19:36 +11:00
Mark Andrews
7e2e41df67
3748. [func] Use delve to test dns_client interfaces. [RT #35383 ]
2014-02-19 19:33:21 +11:00
Evan Hunt
7f5bdf7f40
[master] fix dns_resolver_destroyfetch race
...
3747. [bug] A race condition could lead to a core dump when
destroying a resolver fetch object. [RT #35385 ]
2014-02-18 23:32:02 -08:00
Evan Hunt
35f6a21f5f
[master] max-zone-ttl
...
3746. [func] New "max-zone-ttl" option enforces maximum
TTLs for zones. If loading a zone containing a
higher TTL, the load fails. DDNS updates with
higher TTLs are accepted but the TTL is truncated.
(Note: Currently supported for master zones only;
inline-signing slaves will be added.) [RT #38405 ]
2014-02-18 23:26:50 -08:00
Mark Andrews
880c48d818
set ISC_OPENSSL_LIBS to DST_OPENSSL_LIBS for want_openssl_aes=yes
2014-02-19 18:14:13 +11:00
Evan Hunt
db955e6f01
[master] add SIT and the new stats counters to README
2014-02-18 22:52:06 -08:00
Evan Hunt
6a3fa181d1
[master] add "--with-tuning=large" option
...
3745. [func] "configure --with-tuning=large" adjusts various
compiled-in constants and default settings to
values suited to large servers with abundant
memory. [RT #29538 ]
2014-02-18 22:36:14 -08:00
Mark Andrews
fb507b955e
test for AES_encrypt and fall back to sha256
2014-02-19 15:22:31 +11:00
Mark Andrews
0a5927a14f
add 3rd
2014-02-19 13:33:24 +11:00
Mark Andrews
08d4b8d120
update SIT description
2014-02-19 13:15:40 +11:00
Evan Hunt
96a3590505
[master] edit
2014-02-18 17:59:43 -08:00
Mark Andrews
b5f6271f4d
3744. [experimental] SIT: send and process Source Identity Tokens
...
(which are similar to DNS Cookies by Donald Eastlake)
and are designed to help clients detect off path
spoofed responses and for servers to detect legitimate
clients.
SIT use a experimental EDNS option code (65001).
SIT can be enabled via --enable-developer or
--enable-sit. It is on by default in Windows.
RRL processing as been updated to know about SIT with
legitimate clients not being rate limited. [RT #35389 ]
2014-02-19 12:53:42 +11:00
Mark Andrews
43c1433ef2
add attributes to fatal, warn and delve_log
2014-02-19 07:25:29 +11:00
Mark Andrews
657f0f11ac
use return rather than exit
2014-02-19 07:15:27 +11:00
Evan Hunt
9201e2b2f2
[master] remove extra isc_buffer_init
2014-02-17 18:21:37 -08:00
Tinderbox User
c96e7744e0
regen master
2014-02-18 01:05:03 +00:00
Tinderbox User
3fd910dec5
update copyright notice
2014-02-17 23:46:29 +00:00
Tinderbox User
6025cbbe84
newcopyrights
2014-02-17 23:30:14 +00:00
Mark Andrews
38eabfcee7
3743. [bug] delegation-only flag wasn't working in forward zone
...
declarations despite being documented. This is
needed to support turning off forwarding and turning
on delegation only at the same name. [RT #35392 ]
2014-02-18 10:09:07 +11:00
Mark Andrews
7b9cb698dd
update descrition
2014-02-18 10:03:52 +11:00
Evan Hunt
88af212a4d
[master] correct delegation-only doc
2014-02-17 14:22:53 -08:00
Evan Hunt
5efcb3a3e2
[master] fix test errors
...
- require 5.006_001
- cut off the least significant figures of rrsig dates before
comparison to avoid integer overflow
2014-02-17 08:40:02 -08:00
Mark Andrews
846cb7015b
unchecked isc_mem_get calls; fix loop over getaddrinfo results
2014-02-18 02:07:37 +11:00
Mark Andrews
0e8cfb69d1
a4 and a6 were being referenced out of scope
2014-02-18 01:53:21 +11:00
Mark Andrews
5114325978
3742. [port] linux: libcap support: curval was used before it
...
was declared. [RT #35387 ]
2014-02-18 00:27:15 +11:00
Mark Andrews
823eadf26d
#include <isc/string.h>
2014-02-17 12:22:42 +11:00
