2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 21:47:59 +00:00

36567 Commits

Author SHA1 Message Date
Artem Boldariev
502c78c339 Update CHANGES [GL #3415]
Mention that the settings are now applied properly on reconfiguration.
2022-06-28 15:43:18 +03:00
Artem Boldariev
d2e13ddf22 Update the set of HTTP endpoints on reconfiguration
This commit ensures that on reconfiguration the set of HTTP
endpoints (=paths) is being updated within HTTP listeners.
2022-06-28 15:42:38 +03:00
Artem Boldariev
e72962d5f1 Update max concurrent streams limit in HTTP listeners on reconfig
This commit ensures that HTTP listeners concurrent streams limit gets
updated properly on reconfiguration.
2022-06-28 15:42:38 +03:00
Artem Boldariev
a2379135fa Update HTTP listeners quotas on reconfiguration
This commit ensures that on reconfiguration a proper value for HTTP
connections limit is picked up.

The commit also refactors how listeners settings are updated so that
there is less code duplication.
2022-06-28 15:42:38 +03:00
Artem Boldariev
3f0b310772 Store HTTP quota size inside a listenlist instead of the quota
This way only quota size is passed to the interface/listener
management code instead of a quota object. Thus, we can implement
updating the quota object size instead of recreating the object.
2022-06-28 15:42:38 +03:00
Matthijs Mekking
806b89abe1 Merge branch 'matthijs-dnssec-policy-defaults-in-config-dot-c' into 'main'
Move built-in dnssec-policies into defaultconf

See merge request isc-projects/bind9!6467
2022-06-28 12:35:46 +00:00
Matthijs Mekking
d8dae61832 Add isccfg duration utility functions
Add function isccfg_duration_toseconds and isccfg_parse_duration to get
rid of code duplication.
2022-06-28 11:56:31 +02:00
Matthijs Mekking
8e18fa5874 Fix a bug in the duration_fromtext function
The function actually did not enforce that the duration string starts
with a P (or p), just that there is a P (or p) in the string.
2022-06-28 11:56:31 +02:00
Matthijs Mekking
c2a7950417 Also inherit from "default" for "insecure" policy
Remove the duplication from the defaultconf and inherit the values
not set in the "insecure" policy from the "default" policy. Therefore,
we must insist that the first read built-in policy is the default one.
2022-06-28 11:56:31 +02:00
Matthijs Mekking
80b55f9cfa Add change entry for dnssec-policy in defaultconf 2022-06-28 11:56:31 +02:00
Matthijs Mekking
5d6f0de84b Nit changes in keymgr and kasp
Use the ISC_MAX define instead of "x = a > b ? a : b" paradigm.

Remove an unneeded include.
2022-06-28 11:56:31 +02:00
Matthijs Mekking
20acb8d3a3 When loading dnssec-policies, inherit from default
Most of the settings (durations) are already inheriting from the default
because they use the constants from lib/dns/kasp.h. We need them as
constants so we can use them in named-checkconf to verify the policy
parameters.

The NSEC(3) parameters and keys should come from the actual default
policy. Change the call to cfg_kasp_fromconfig() to include the default
kasp. We also no longer need to corner case where config is NULL we load
the built-in policy: the built-in policies are now loaded when config is
set to named_g_config.

Finally, add a debug log (it is useful to see which policies are being
loaded).
2022-06-28 11:56:31 +02:00
Matthijs Mekking
5ff414e986 Store built-in dnssec-policies in defaultconf
Update the defaultconf with the built-in policies. These will now be
printed with "named -C".

Change the defines in kasp.h to be strings, so they can be concatenated
in the defaultconf. This means when creating a kasp structure, we no
longer initialize the defaults (this is fine because only kaspconf.c
uses dns_kasp_create() and it inherits from the default policy).

In kaspconf.c, the default values now need to be parsed from string.

Introduce some variables so we don't need to do get_duration multiple
times on the same configuration option.

Finally, clang-format-14 decided to do some random formatting changes.
2022-06-28 11:56:31 +02:00
Matthijs Mekking
a28d919503 Move duration structure to libisccfg/duration
Having the duration structure and parsing code here, it becomes
more accessible to be used in other places.
2022-06-28 11:56:31 +02:00
Michał Kępień
1854bd93ba Merge branch '3216-run-sslyze-in-gitlab-ci' into 'main'
[CVE-2022-1183] Run sslyze in GitLab CI

Closes #3216

See merge request isc-projects/bind9!6365
2022-06-27 21:08:40 +00:00
Michał Kępień
4f12892740 Also test DNS-over-TLS code using sslyze
Since sslyze can test any TLS-enabled server, also use it for exercising
DNS-over-TLS code rather than just DNS-over-HTTPS code.
2022-06-27 22:50:00 +02:00
Michał Kępień
e97b4697cf Add regression test for CVE-2022-1183
If sslyze is available in PATH, run it in a loop as part of the "doth"
system test.
2022-06-27 22:50:00 +02:00
Matthijs Mekking
c7146ce90a Merge branch '3422-dnssec-policy-clarifications' into 'main'
Add some clarifications wrt dynamic zones

Closes #3422

See merge request isc-projects/bind9!6487
2022-06-27 09:03:54 +00:00
Matthijs Mekking
fb517eb52a Add some clarifications wrt dynamic zones
These were suggested by GitLab user @elmaimbo.
2022-06-27 11:01:33 +02:00
Petr Špaček
24908151a9 Merge branch '3169-named-conf-intro-and-links' into 'main'
Reworked named.conf introduction and link anchors

See merge request isc-projects/bind9!6459
2022-06-24 14:38:46 +00:00
Ron Aitchison
d44cb9f194
Added explanations or Argument, Value, and Directive to the ARM 2022-06-24 16:20:46 +02:00
Petr Špaček
bb2a19d655
Add link to glob definition for include directive 2022-06-24 09:40:51 +02:00
Suzanne Goldlust
f4503061ba
Minor text nitpicking around dnssec-policy grammar reference 2022-06-24 09:40:51 +02:00
Petr Špaček
fbcaa44851
Remove ambiguous link anchors for logging { file } statement
Unfortunatelly logging and zone blocks use file statements with
different semantics but the same name.

There is no sane way to disambiguate them in text, so let's remove the
link anchor from logging so we can link to the file statement in zone.

My assumption is that linking to logging { file } is very unlikely
because logging is self-contained in one block but zone config is all
over the place.
2022-06-24 09:40:51 +02:00
Petr Špaček
d6b2423c99
Remove ambiguous link anchors for keys statement
Unfortunatelly dnssec-policy and servers blocks use keys statements with
a totally different grammar and semantics but the same name.
There is no sane way to disambiguate them in text, so let's remove the
link anchors to prevent errorneous linking.
2022-06-24 09:40:51 +02:00
Petr Špaček
caf2675ef8
Change statement->argument terminology for control channel
control { inet ... allow keys read-only }; are not actual statements
but in fact arguments of a statement. Remove .. namedconf:statement::
syntax to avoid collisions with other statements of the same name.
2022-06-24 09:40:51 +02:00
Petr Špaček
3233414a53
Deduplicate dnssec-policy definition in the ARM 2022-06-24 09:40:51 +02:00
Petr Špaček
fa2ba5423b
Deduplicate null definition in the ARM logging section 2022-06-24 09:40:51 +02:00
Petr Špaček
cd1b9aa052
Deduplicate {use,avoid}-v{4,6}-udp-ports definitions in the ARM
Statements affected:
use-v4-udp-ports
use-v6-udp-ports
avoid-v4-udp-ports
avoid-v6-udp-ports
2022-06-24 09:40:00 +02:00
Petr Špaček
6e634c43cd
Deduplicate request-expire definition in the ARM 2022-06-24 08:14:32 +02:00
Petr Špaček
22e6c8a29e
Deduplicate provide-ixfr definition in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
14389bc446
Deduplicate request-ixfr definition in the ARM
Let's be consistent and put all definitions in the options block.
2022-06-24 08:14:31 +02:00
Petr Špaček
08a3cd7ae4
Deduplicate notify-source, notify-source-v6 definitions in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
e91529a48b
Deduplicate request-nsid definition in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
92a125b9c4
Deduplicate query-source, query-source-v6 definitions in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
538f5a7520
Deduplicate transfer-source, transfer-source-v6 definitions in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
b6eb0b298d
Deduplicate transfer-format definition in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
7937c4bc9c
Deduplicate send-cookie definition in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
8ac82b4f30
Deduplicate max-udp-size definition in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
624bbf403c
Deduplicate edns-udp-size definition in the ARM 2022-06-24 08:14:31 +02:00
Petr Špaček
405a0931ea
Deduplicate max-zone-ttl definition in the ARM
This is confusing as hell, but we cannot fix that in the manual itself.
At least now the user is made aware of two distinct defaults.
2022-06-24 08:14:31 +02:00
Petr Špaček
420a7331a8
Deduplicate allow-update definition in the ARM 2022-06-24 08:14:29 +02:00
Ron Aitchison
cf85e776c6
Reference new named.conf description instead of man page 2022-06-24 08:12:52 +02:00
Ron Aitchison
31e3d1aaf7
Remove line numbering from config file examples 2022-06-24 08:12:52 +02:00
Ron Aitchison
c40a983334
Changed all references from clause to block 2022-06-24 08:12:52 +02:00
Ron Aitchison
b01262b7f2
Restructure introduction to named.conf in the ARM 2022-06-24 08:12:52 +02:00
Petr Špaček
e5b7022dcb
Add link anchors to statements and blocks in the ARM
All statements now use .. namedconf:statement:: or
.. rndcconf:statement:: syntax provided by our Sphinx extension.

This has several consequences:
- It changes how statement headings are rendered
- Statements are indexed and show up as separate items in doc
  search results (in the HTML version)
- Statements can be linked to using either :any:`statement` or
  :namedconf:ref:`statement` syntax (not used in this commit)
- Statements can be categorized and printed using ..
  namedconf:statatementlist:: syntax (not used in this commit)
2022-06-24 08:12:50 +02:00
Mark Andrews
0d4084289b Merge branch '3420-rrsetorder-update-status' into 'main'
rrsetorder: add missing update of status

Closes #3420

See merge request isc-projects/bind9!6466
2022-06-23 07:24:53 +00:00
Mark Andrews
669c42cd95 Replace expr's with $((expression)) shell constucts
Also make indenting consistent.
2022-06-23 17:05:15 +10:00
Mark Andrews
da63e63c41 Add missing update of status variable in rrsetorder system test 2022-06-23 17:05:14 +10:00