2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00

7522 Commits

Author SHA1 Message Date
Aydın Mercan
206d52b727
do not install manpages for unbuilt binaries
Building and installing from a git release installed all manpages
unconditionally even if binaries like dnstap-read were disabled and not
built.

Now the manpage configuration checks for such cases and also cleans up
remaining artifacts and unnecessary pages if the build directory is
reconfigured.
2025-06-30 11:58:13 +03:00
Michal Nowak
b20c71c2dc
Add Alpine Linux 3.22 2025-06-24 13:25:06 +02:00
Aydın Mercan
3bb88f847a
Remove the configblock sphinx extension
The `configblock` extension doesn't work with RHEL 8. However, this
extension isn't needed anymore after the RTD fix and can be safely
removed.
2025-06-23 13:45:09 +03:00
Aydın Mercan
5c9b4f3163
Remove build requirements from building arm
The meson build switched to generating the file grammars and using meson
to build the manpages/ARM. This is because meson doesn't work well when
writing files outside the build directory.

However, this has been suboptimal when someone only wants to build the
documentation (like RTD). Sphinx can now be used outside meson like it
was with autoconf.

Grammars are now updated by the developer with CI checking if one is
needed or not, like clang-format.
2025-06-23 13:45:04 +03:00
Aydın Mercan
3447e1631d
Fix build instructions
There were leftover artifacts and instructions from the transition.
2025-06-23 13:44:58 +03:00
Michal Nowak
e6234542e2
Update Sphinx to 8.2.3
Update Sphinx to its current version pulled in by "pip install
sphinx-rtd-theme" run in a fresh Debian "bookworm" container.
2025-06-19 15:22:02 +02:00
Michal Nowak
ce090c1bd2 BIND 9.21.9
-----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBANamVSTMToLcHCXRu1f52e
 tTJWV3T1GSVrPYXwAGe6EVC7m9CTl06FZ9ZG/ymn1S1++dk4ByVZXf6dODe2Mu0RuqGmyf
 MUEMKXVdj3cEQhgRaMjBXvIZoYAsQlbHO2BEttomq8PhrpLRizDBq4Bv2aThM0XN2QqSGS
 ozwYMcPiGUoMVNcVrC4ZQ+Cptb5C4liqAcpRqrSo8l1vcNg5b1Hk6r7NFPdx542gsGMLae
 wZrnKn3LWz3ZXTGeK2cRmBxm/bydiVSCsc9XjB+tWtIGUpQsfaXqZ7Hs6t+1f1vsnu88oJ
 oi1dRBo3YNRl49UiCukXWayQrPJa8wwxURS9W28JMAAAADZ2l0AAAAAAAAAAZzaGE1MTIA
 AAEUAAAADHJzYS1zaGEyLTUxMgAAAQDG5e4dEY2PWMKlaD1U7LIRSL3Xgl4sKq2wNpD1Co
 T8YFihhgiOzMLoSasGtDwGnDZbRCyRHpk/Q5Zx/z+TpgZ8ILbAnGxEtXU3DU7RzN9I2Ah5
 glVgqahXpI+Oelwv0iC/LCFeivTPNGZ2YHer0BMhV7ZKzWfVk6FpHqGfOVy+t9NG47R9qW
 oLnxtOeosw4q3rXexXuomwPigC5jX8jpeqi7nRNuAWgXrSMfHkKLpPHO3CQd7eE+V3ZXVy
 16jxPqRk5h0R6+y8UqsUMtUNgiY3jQ40TDdkmFp67ffbyFG4YLO0xIdSrdah7/GIAYrD2q
 ZiYxFjuha6iRFbpzEhNLU/
 -----END SSH SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBANamVSTMToLcHCXRu1f52e
 tTJWV3T1GSVrPYXwAGe6EVC7m9CTl06FZ9ZG/ymn1S1++dk4ByVZXf6dODe2Mu0RuqGmyf
 MUEMKXVdj3cEQhgRaMjBXvIZoYAsQlbHO2BEttomq8PhrpLRizDBq4Bv2aThM0XN2QqSGS
 ozwYMcPiGUoMVNcVrC4ZQ+Cptb5C4liqAcpRqrSo8l1vcNg5b1Hk6r7NFPdx542gsGMLae
 wZrnKn3LWz3ZXTGeK2cRmBxm/bydiVSCsc9XjB+tWtIGUpQsfaXqZ7Hs6t+1f1vsnu88oJ
 oi1dRBo3YNRl49UiCukXWayQrPJa8wwxURS9W28JMAAAADZ2l0AAAAAAAAAAZzaGE1MTIA
 AAEUAAAADHJzYS1zaGEyLTUxMgAAAQDDixAWV/o5tDUge27FQsBWfED9HueToMVBQ/jGez
 j+jHw/Cla5HfA3keNs1xqvY4Oodw5bIsfGeja/JjfKkd0du+n4SLa5jsGhIzINBrfxZMMt
 j+caGVOE4qZKofkzRXoBPmkQz1mlW9KvHNM/IfKs4ZWOX5u09Xhd+LX1Jp3Teh+W3s+0Om
 7i2uoOS9E31rK4z9gia6FAvkdbg487W8RFcxMz3nP2BxeJS9WetOg57Oe/UTtIDBJIuzjf
 GlqqRt8YcZI4Sea+/WNrT2Xsi4ogHFnsShVWNPmmc+9axEmxLWW8Q66wV4GFUd5D1QG3eq
 lSTANlzZycVBDB4eGzwyG4
 -----END SSH SIGNATURE-----

Merge tag 'v9.21.9'

BIND 9.21.9
2025-06-19 12:26:58 +02:00
Evan Hunt
20fb3d0524 move makejournal to bin/tools
move the "makejournal" tool from bin/tests/system to bin/tools
and rename it to "named-makejournal". add a man page. update
tests to use the new file location.
2025-06-13 18:16:56 -07:00
Aydın Mercan
5cd6c173ff
replace the build system with meson
Meson is a modern build system that has seen a rise in adoption and some
version of it is available in almost every platform supported.

Compared to automake, meson has the following advantages:

* Meson provides a significant boost to the build and configuration time
  by better exploiting parallelism.

* Meson is subjectively considered to be better in readability.

These merits alone justify experimenting with meson as a way of
improving development time and ergonomics. However, there are some
compromises to ensure the transition goes relatively smooth:

* The system tests currently rely on various files within the source
  directory. Changing this requirement is a non-trivial task that can't
  be currently justified. Currently the last compiled build directory
  writes into the source tree which is in turn used by pytest.

* The minimum version supported has been fixed at 0.61. Increasing this
  value will require choosing a baseline of distributions that can
  package with meson. On the contrary, there will likely be an attempt
  to decrease this value to ensure almost universal support for building
  BIND 9 with meson.
2025-06-11 10:30:12 +03:00
Michal Nowak
62d04402c9
Tweak and reword release notes 2025-06-06 10:38:08 +02:00
Michal Nowak
c5840384cb
Prepare release notes for BIND 9.21.9 2025-06-05 12:01:37 +02:00
Michal Nowak
26f3f74c6c
Generate changelog for BIND 9.21.9 2025-06-05 11:58:49 +02:00
Aram Sargsyan
0f2fba46ad Document the new unreachable cache behavior
Update the documentaion to include information about how the cache's
exponential backoff works, and how to clear the cache.
2025-06-04 09:16:35 +00:00
Evan Hunt
b8f325ae01 Add support for zone templates
A "template" statement can contain the same configuration clauses
as a "zone" statement.  A "zone" statement can now reference a
template, and all the clauses in that template will be used as
default values for the zone. For example:

    template primary {
        type primary;
        file "$name.db";
        initial-file "primary.db";
    };

    zone example.com {
        template primary;
        file "different-name.db"; // overrides the template
    };
2025-06-03 12:03:07 -07:00
Evan Hunt
598ae3f63c Allow zone names to be generated parametrically
Special tokens can now be specified in a zone "file" option
in order to generate the filename parametrically. The first
instead of "$name" in the "file" option is replaced with the
zone origin, the first instance of "$type" is replaced with the
zone type (i.e., primary, secondary, etc), and the first instance
of "$view" is replaced with the view name..

This simplifies the creation of zones using initial-file templates.
For example:

   $ rndc addzone <zonename> \
     { type primary; file "$name.db"; initial-file "template.db"
2025-06-03 12:03:07 -07:00
Evan Hunt
60b129da25 Add zone "initial-file" option
When loading a primary zone for the first time, if the zonefile
does not exist but an "initial-file" option has been set, then a
new file will be copied into place from the path specified by
"initial-file".

This can be used to simplify the process of adding new zones. For
instance, a template zonefile could be used by running:

    $ rndc addzone example.com \
        '{ type primary; file "example.db"; initial-file "template.db"; };'
2025-06-03 12:03:07 -07:00
Michal Nowak
5553256427
Use AlmaLinux for FIPS testing in AWS 2025-05-29 18:36:25 +02:00
Michal Nowak
63947a2062
Replace Oracle Linux Docker images with AlmaLinux ones
To be consistent with the replacing of Oracle Linux QCOW2 images with
AlmaLinux AWS AMIs, also replace Docker images.
2025-05-29 16:54:57 +02:00
Ondřej Surý
4e79e9baae
Give every memory context a name
Instead of giving the memory context names with an explicit call to
isc_mem_setname(), add the name to isc_mem_create() call to have all the
memory contexts an unconditional name.
2025-05-29 05:46:46 +02:00
Michał Kępień
c9bf5df999 Merge tag 'v9.21.8' 2025-05-21 21:23:09 +02:00
Ondřej Surý
8171bf01ed
Deprecate max-rsa-exponent-size, always use 4096 instead
The `max-rsa-exponent-size` could limit the exponents of the RSA
public keys during the DNSSEC verification.  Instead of providing
a cryptic (not cryptographic) knob, hardcode the max exponent to
be 4096 (the theoretical maximum for DNSSEC).
2025-05-21 00:50:08 +02:00
Aram Sargsyan
e42d6b4810 Implement a new 'notify-defer' configuration option
This new option sets the delay, in seconds, to wait before sending
a set of NOTIFY messages for a zone. Whenever a NOTIFY message is
ready to be sent, sending will be deferred for this duration.
2025-05-15 12:24:13 +00:00
Michal Nowak
ff39441874
Make FreeBSD 12.x part of Community-Maintained platforms 2025-05-13 17:01:33 +02:00
Michal Nowak
326e19a65a
Drop Ubuntu 20.04 Focal Fossa
Focal-specific ./configure options were moved to Jammy.
2025-05-13 17:00:43 +02:00
Michał Kępień
44c37b19f0
Reorder release notes 2025-05-08 22:51:59 +02:00
Michał Kępień
ad6fac37e7
Tweak and reword release notes 2025-05-08 22:51:59 +02:00
Michał Kępień
29739a21d4
Prepare release notes for BIND 9.21.8 2025-05-08 22:51:59 +02:00
Michał Kępień
3388084860
Generate changelog for BIND 9.21.8 2025-05-08 22:51:59 +02:00
Michal Nowak
0ea4ebf7d1
Disable linkcheck on www.gnu.org
The check fails with the following error for some time:

    broken    https://www.gnu.org/software/libidn/#libidn2 - HTTPSConnectionPool(host='www.gnu.org', port=443): Max retries exceeded with url: /software/libidn/ (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f5bd4c14590>: Failed to establish a new connection: [Errno 111] Connection refused'))
2025-05-05 11:50:03 +02:00
Aram Sargsyan
70ad94257d Implement tcp-primaries-timeout
The new 'tcp-primaries-timeout' configuration option works the same way
as the existing 'tcp-initial-timeout' option, but applies only to the
TCP connections made to the primary servers, so that the timeout value
can be set separately for them. The default is 15 seconds.

Also, while accommodating zone.c's code to support the new option, make
a light refactoring with the way UDP timeouts are calculated by using
definitions instead of hardcoded values.
2025-04-23 17:03:05 +00:00
Michal Nowak
dcccfb4cf8
Add Fedora 42 2025-04-16 20:18:00 +02:00
Nicki Křížek
c5707cb75a Merge tag 'v9.21.7' 2025-04-16 15:23:14 +02:00
Matthijs Mekking
9880bfff63 Add a note about pregenarating keys for key rolls
With dnssec-policy you can pregenerate keys and if they are eligible,
rather than creating a new key, a key is selected from the pregenerated
keys. A key is eligible if it is unused, i.e it has no key timing
metadata set.
2025-04-14 14:27:25 +00:00
Nicki Křížek
94c0273dce Tweak and reword release notes 2025-04-03 17:39:35 +02:00
Nicki Křížek
e19c8e747b Prepare release notes for BIND 9.21.7 2025-04-03 13:11:46 +02:00
Nicki Křížek
80a71263d7 Generate changelog for BIND 9.21.7 2025-04-03 13:10:36 +02:00
Evan Hunt
522ca7bb54 switch to ISC_LIST_FOREACH everywhere
the pattern `for (x = ISC_LIST_HEAD(...); x != NULL; ISC_LIST_NEXT(...)`
has been changed to `ISC_LIST_FOREACH` throughout BIND, except in a few
cases where the change would be excessively complex.

in most cases this was a straightforward change. in some places,
however, the list element variable was referenced after the loop
ended, and the code was refactored to avoid this necessity.

also, because `ISC_LIST_FOREACH` uses typeof(list.head) to declare
the list elements, compilation failures can occur if the list object
has a `const` qualifier.  some `const` qualifiers have been removed
from function parameters to avoid this problem, and where that was not
possible, `UNCONST` was used.
2025-03-31 13:45:10 -07:00
Ondřej Surý
c27fce26e6
Drop readline alternatives in favor of libedit
The libedit is now ubiquitous and has a licences compatible with
MPL 2.0.  Drop readline (GPL 3.0) and editline (obsolete) support
in favor of libedit.
2025-03-31 15:20:40 +02:00
Mark Andrews
9428e32b13 Add an option to disable ZONEVERSION responses
The option provide-zoneversion controls whether ZONEVERSION is
returned.  This applies to primary, secondary and mirror zones.
2025-03-24 22:16:09 +00:00
Mark Andrews
a4f5c1d5f3 Add option request-zoneversion
This can be set at the option, view and server levels and causes
named to add an EDNS ZONEVERSION option to requests.  Replies are
logged to the 'zoneversion' category.
2025-03-24 22:16:09 +00:00
Andoni Duarte Pintado
8dba96d71e Merge tag 'v9.21.6' 2025-03-19 17:36:14 +01:00
Michal Nowak
1ab889ee21
Disable linkcheck on dl.acm.org
The check fails with the following error for some time:

    403 Client Error: Forbidden for url: https://dl.acm.org/doi/10.1145/1315245.1315298
2025-03-17 17:39:36 +01:00
Matthijs Mekking
f50753f303 Update max-clients-per-query documentation
The new intended behavior is that 'max-clients-per-query' value is
raised to equal 'clients-per-query' if it is lower.
2025-03-13 13:02:28 +00:00
Andoni Duarte Pintado
5dfcedd52d Tweak and reword relase notes 2025-03-11 10:46:21 +01:00
Andoni Duarte Pintado
7c308c2298 Prepare release notes for BIND 9.21.6 2025-03-11 10:46:21 +01:00
Andoni Duarte Pintado
f0b5f0cbce Generate changelog for BIND 9.21.6 2025-03-11 10:46:21 +01:00
Ondřej Surý
552cf64a70
Replace isc_mem_destroy() with isc_mem_detach()
Remove legacy isc_mem_destroy() and just use isc_mem_detach() as
isc_mem_destroy() doesn't play well with call_rcu API.
2025-03-05 11:17:17 +01:00
Doug Freed
0dd046d007 Fix command to generate KSR in DNSSEC guide 2025-02-26 01:08:52 +00:00
Ondřej Surý
04c2c2cbc8
Simplify dns_name_init()
Remove the now-unused offsets parameter from dns_name_init().
2025-02-25 12:17:34 +01:00
Ondřej Surý
08e966df82
Remove offsets from the dns_name and dns_fixedname structures
The offsets were meant to speed-up the repeated dns_name operations, but
it was experimentally proven that there's actually no real-world
benefit.  Remove the offsets and labels fields from the dns_name and the
static offsets fields to save 128 bytes from the fixedname in favor of
calculating labels and offsets only when needed.
2025-02-25 12:17:34 +01:00