Update axfr_commit() so that all incoming versions of a mirror zone
transferred using AXFR are verified before being used. If zone
verification fails, discard the received version of the zone, wait until
the next refresh and retry.
This commit reverts the previous change to use system provided
entropy, as (SYS_)getrandom is very slow on Linux because it is
a syscall.
The change introduced in this commit adds a new call isc_nonce_buf
that uses CSPRNG from cryptographic library provider to generate
secure data that can be and must be used for generating nonces.
Example usage would be DNS cookies.
The isc_random() API has been changed to use fast PRNG that is not
cryptographically secure, but runs entirely in user space. Two
contestants have been considered xoroshiro family of the functions
by Villa&Blackman and PCG by O'Neill. After a consideration the
xoshiro128starstar function has been used as uint32_t random number
provider because it is very fast and has good enough properties
for our usage pattern.
The other change introduced in the commit is the more extensive usage
of isc_random_uniform in places where the usage pattern was
isc_random() % n to prevent modulo bias. For usage patterns where
only 16 or 8 bits are needed (DNS Message ID), the isc_random()
functions has been renamed to isc_random32(), and isc_random16() and
isc_random8() functions have been introduced by &-ing the
isc_random32() output with 0xffff and 0xff. Please note that the
functions that uses stripped down bit count doesn't pass our
NIST SP 800-22 based random test.
The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.
The isc_random family of functions internally use these CSPRNG (if available):
1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library
provisioning secondary servers in which a list of
zones to be served is stored in a DNS zone and can
be propagated to slaves via AXFR/IXFR. [RT #41581]
4375. [func] Add support for automatic reallocation of isc_buffer
to isc_buffer_put* functions. [RT #42394]
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #4098]
3535. [func] Add support for setting Differentiated Services Code
Point (DSCP) values in named. Most configuration
options which take a "port" option (e.g.,
listen-on, forwarders, also-notify, masters,
notify-source, etc) can now also take a "dscp"
option specifying a code point for use with
outgoing traffic, if supported by the underlying
OS. [RT #27596]
Squashed commit of the following:
commit bce2efe66d69d60b746b85df49974ca341723169
Author: Mark Andrews <marka@isc.org>
Date: Mon Oct 29 12:59:25 2012 +1100
use 'static dns_rdata_xxxx_t xxxx'
commit 704d3c29acbf2dd350a26f2df82a57cb077ba72e
Author: Mark Andrews <marka@isc.org>
Date: Mon Oct 29 12:35:16 2012 +1100
return ISC_R_NOTFOUND if private record length does not make sense
commit 7596610c12c5685336fc0909860173d2fae359af
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 21:41:17 2012 +1100
check private->length == 5
commit 3836365a3e3e83b057bd940350f032279e080296
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 21:40:50 2012 +1100
properly set private->length
commit a295778ac53109d39ef3a8b233751100edae678b
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 21:13:30 2012 +1100
check dns_rdata_tostruct result
commit e33c37ca9112159e0b2363615bb018d27fa7d1a5
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 21:10:43 2012 +1100
check remove/fopen/chmod return values
commit 3a675e0666aae25d1c51f51ec7bd3fbe25545aae
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:59:10 2012 +1100
check isc_socket_accept result
commit 696923344f4b07ce0dba4cf2675b1cbb6eba7e8e
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:55:40 2012 +1100
change variable scopes
commit b9e9d9ad58270271003e463f10744e0ceaf9ad97
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:53:19 2012 +1100
check inet_pton return value
commit 70698e9589da77e3745efb6ea24b8830addd6ae4
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:52:40 2012 +1100
break -> /* NOTREACHED */
commit 88de9de2e8e201ab2fef16a868f241e8206ea826
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:52:06 2012 +1100
strcpy -> strlcpy
commit 6ba79c7cec0e48014cdfa76e8a9406b7a921556e
Author: Mark Andrews <marka@isc.org>
Date: Sat Oct 27 20:51:26 2012 +1100
check dns_rdata_tostruct return values
