mir/bind - bind - Mike's Git repositories

mir/bind

mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 21:17:54 +00:00

Author	SHA1	Message	Date
Matthijs Mekking	77d4afba1b	Introduce new DNSSEC tool dnssec-ksr Introduce a new DNSSEC tool, dnssec-ksr, for creating signed key response (SKR) files, given one or more key signing requests (KSRs). For now it is just a dummy tool, but the future purpose of this utility is to pregenerate ZSKs and signed RRsets for DNSKEY, CDNSKEY, and CDS for a given period that a KSK is to be offline.	2024-04-19 10:41:04 +02:00
Michal Nowak	2ca6bcc99a	Merge branch 'mnowak/revert-874329b3b1a56e58e8caf61d89127441d2cc79a1' into 'main' Revert "Temporarily allow failure of respdiff-long:tsan job" See merge request isc-projects/bind9!8957	2024-04-19 08:37:47 +00:00
Michal Nowak	620cce8f7e	Revert "Temporarily allow failure of respdiff-long:tsan job" This reverts commit 874329b3b1a56e58e8caf61d89127441d2cc79a1. Addressed in isc-projects/bind9#4475.	2024-04-19 10:28:51 +02:00
Ondřej Surý	e4793242eb	Merge branch '4416-fix-reading-multiple-rndc-messages-in-single-TCP-message' into 'main' Rework isccc_ccmsg to support multiple messages per tcp read Closes #4416 See merge request isc-projects/bind9!8956	2024-04-18 18:10:56 +00:00
Ondřej Surý	cbbc0051a3	Add CHANGES note for [GL #4416 ]	2024-04-18 20:09:47 +02:00
Dominik Thalhammer	24ae1157e8	Rework isccc_ccmsg to support multiple messages per tcp read Previously, only a single controlconf message would be processed from a single TCP read even if the TCP read buffer contained multiple messages. Refactor the isccc_ccmsg unit to store the extra buffer in the internal buffer and use the already read data first before reading from the network again. Co-authored-by: Ondřej Surý <ondrej@isc.org> Co-authored-by: Dominik Thalhammer <dominik@thalhammer.it>	2024-04-18 20:08:44 +02:00
Ondřej Surý	e13728413a	Merge branch '4586-don-t-count-expired-future-rrsigs-in-verification-failure-quota' into 'main' Don't count expired / future RRSIGs in verification failure quota Closes #4586 See merge request isc-projects/bind9!8746	2024-04-18 15:07:43 +00:00
Ondřej Surý	5d4233c2c2	Add CHANGES and release notes for [GL #4586 ]	2024-04-18 16:05:32 +02:00
Ondřej Surý	3b9ea189b2	Don't count expired / future RRSIG against quota These don't trigger a public key verification unless dnssec-accept-expired is set.	2024-04-18 16:05:31 +02:00
Petr Špaček	903af2e1de	Merge branch 'pspacek/update-sphinx' into 'main' Update Sphinx version used for documentation build See merge request isc-projects/bind9!8952	2024-04-18 14:00:33 +00:00
Petr Špaček	da607d6a06	Update Sphinx version used for documentation build	2024-04-18 12:46:13 +02:00
Ondřej Surý	bbb2741de8	Merge branch 'ondrej-offload-statschannel' into 'main' Offload the isc_http response processing to worker thread Closes #4680 See merge request isc-projects/bind9!7647	2024-04-18 08:56:06 +00:00
Ondřej Surý	fbea3bb255	Add CHANGES and release note for [GL #4680 ]	2024-04-18 10:53:31 +02:00
Ondřej Surý	c7ed858c6e	Supress the leak detection in xmlGetGlobalState The xmlGetGlobalState allocates per-thread memory that is not properly cleaned up when the libxml2 is used from offloaded threads. Add the function the the LeakSanitizer suppression list.	2024-04-18 10:53:31 +02:00
Ondřej Surý	23835c4afe	Use xmlMemSetup() instead of xmlGcMemSetup() Since we don't have a specialized function for "atomic" allocations, it's better to just use xmlMemSetup() instead of xmlGcMemSetup() according to this: https://mail.gnome.org/archives/xml/2007-August/msg00032.html	2024-04-18 10:53:31 +02:00
Ondřej Surý	950f828cd2	Offload the isc_http response processing to worker thread Prepare the statistics channel data in the offloaded worker thread, so the networking thread is not blocked by the process gathering data from various data structures. Only the netmgr send is then run on the networkin thread when all the data is already there.	2024-04-18 10:53:00 +02:00
Matthijs Mekking	f8a09fd91a	Merge branch '4554-dnssec-policy-jitter' into 'main' Add signatures-jitter option Closes #4554 See merge request isc-projects/bind9!8686	2024-04-18 08:11:18 +00:00
Matthijs Mekking	c3d8932f79	Add checkconf check for signatures-jitter Having a value higher than signatures-validity does not make sense and should be treated as a configuration error.	2024-04-18 09:50:33 +02:00
Matthijs Mekking	8b7785bc23	Add release notes and CHANGES for #4554 Mention the new signature jitter option.	2024-04-18 09:50:31 +02:00
Matthijs Mekking	67f403a423	Implement signature jitter When calculating the RRSIG validity, jitter is now derived from the config option rather than from the refresh value.	2024-04-18 09:50:10 +02:00
Matthijs Mekking	0438d3655b	Refactor code that calculates signature validity There are three code blocks that are (almost) similar, refactor it to one function.	2024-04-18 09:50:10 +02:00
Matthijs Mekking	50bd729019	Update autosign test to use signatures-jitter Now that we have an option to configure jitter, use it in system tests that test jitter.	2024-04-18 09:50:10 +02:00
Matthijs Mekking	2a4daaedca	Add signatures-jitter option Add an option to speficy signatures jitter.	2024-04-18 09:50:10 +02:00
Petr Špaček	c9ff77c067	Merge tag 'v9.19.23'	2024-04-18 09:21:47 +02:00
Mark Andrews	9360d90bf2	Merge branch '4671-calling-dns_qpkey_toname-twice-fails' into 'main' Resolve "Calling dns_qpkey_toname twice fails." Closes #4671 See merge request isc-projects/bind9!8948	2024-04-18 01:05:42 +00:00
Mark Andrews	36c11d9180	Check that name is properly reset by dns_qpkey_toname	2024-04-18 00:17:48 +00:00
Mark Andrews	bf70d4840c	dns_qpkey_toname failed to reset name correctly This could lead to a mismatch between name->length and the rest of the name structure.	2024-04-18 00:17:48 +00:00
Ondřej Surý	fcf2919c93	Merge branch '4475-use-atomics-to-access-trust-access-in-dns_ncache' into 'main' Use atomic operations to access the trust byte in ncache data Closes #4475 See merge request isc-projects/bind9!8946	2024-04-17 19:18:35 +00:00
Mark Andrews	d2fd97f4da	Add CHANGES note for [GL #4475 ]	2024-04-17 17:14:50 +02:00
Ondřej Surý	eb1829b970	Use atomic operations to access the trust byte in ncache data Protect the access to the trust byte in the ncache data with relaxed atomic operation to mimick the current behaviour. This will teach TSAN that the concurrent access is fine.	2024-04-17 17:14:34 +02:00
Mark Andrews	4ef755ffb0	Only copy the name data after we know its actual length This prevents TSAN errors with the ncache code where the trust byte access needs to be protected by a lock. The old code copied the entire region before determining where the name ended. We now determine where the name ends then copy just that data and in doing so avoid reading the trust byte.	2024-04-17 17:14:34 +02:00
Artem Boldariev	90b0038ea0	Merge branch '4434-use-nm-tests-timeouts-for-the-dispatch-test' into 'main' dispatch_test: use the NM tests timeouts Closes #4434 See merge request isc-projects/bind9!8923	2024-04-15 14:25:13 +00:00
Artem Boldariev	7f805659c3	dispatch_test: use the NM tests timeouts This commit makes the dispatch_test use the same timeouts that network manager tests. We do that because the old values appear to be too small for our heavy loaded CI machines, leading to spurious failures on them. The network manager tests are much more stable in this situation and they use somewhat larger timeout values. We use a smaller connection timeouts for the tests which are expected to timeout to not wait for too long.	2024-04-15 16:33:24 +03:00
Mark Andrews	381273f89f	Merge branch '4669-error-sending-notify-to-ipv6-secondary' into 'main' Wrong source address used for IPv6 notify messages Closes #4669 See merge request isc-projects/bind9!8935	2024-04-12 00:16:01 +00:00
Mark Andrews	9cc6b4a68a	Add CHANGES note for [GL #4669 ]	2024-04-11 18:05:25 +00:00
Mark Andrews	7c369ea3d9	Check that notify message was sent over IPv6	2024-04-11 18:05:25 +00:00
Mark Andrews	40fd4cd407	Wrong source address used for IPv6 notify messages The source address field of 'newnotify' was not updated from the default (0.0.0.0) when the destination address was an IPv6 address. This resulted in the messages failing to be sent. Set the source address to :: when the destination address is an IPv6 address.	2024-04-11 18:05:25 +00:00
Petr Špaček	9c712eff0a	Merge branch 'pspacek/releng-changes' into 'main' Move Release issue template to BIND QA repo See merge request isc-projects/bind9!8944	2024-04-11 15:15:49 +00:00
Petr Špaček	d2fa9a642b	Move Release issue template to BIND QA repo It's easier to maintain the template in a single place together with the script used to in the template. In future use script bind9/releng/create_checklist.py from isc-private/bind-qa to generate release issue.	2024-04-11 15:15:32 +00:00
Evan Hunt	c13e8e1859	Merge branch 'each-dupwithoffsets-cannot-fail' into 'main' dns_name_dupwithoffsets() cannot fail See merge request isc-projects/bind9!8945	2024-04-11 03:25:07 +00:00
Evan Hunt	2c88946590	dns_name_dupwithoffsets() cannot fail this function now always returns success; change it to void and clean up its callers.	2024-04-10 22:51:07 -04:00
Petr Špaček	480126919a	Merge branch 'pspacek/set-up-version-and-release-notes-for-bind-9.19.24' into 'main' Set up version and release notes for BIND 9.19.24 See merge request isc-projects/bind9!8939	2024-04-04 19:15:28 +00:00
Petr Špaček	1341a1a734	Set up release notes for BIND 9.19.24	2024-04-04 19:35:03 +02:00
Petr Špaček	b0b4ea3975	Update BIND version to 9.19.24-dev	2024-04-04 19:35:03 +02:00
Petr Špaček	3c0eaff4c6	Update BIND version for release v9.19.23	2024-04-02 18:08:00 +02:00
Petr Špaček	dc9d9a8fdf	Add a CHANGES marker	2024-04-02 18:06:04 +02:00
Petr Špaček	03c9e0b753	Merge branch 'pspacek/prepare-documentation-for-bind-9.19.23' into 'v9.19.23-release' Prepare documentation for BIND 9.19.23 See merge request isc-private/bind9!677	2024-04-02 16:04:47 +00:00
Suzanne Goldlust	4c0db2ee3c	Tweak and reword release notes	2024-04-02 17:45:25 +02:00
Petr Špaček	e4344b7d1a	Add release note for GL #4622 and #4652	2024-04-02 17:31:42 +02:00
Petr Špaček	3989b99a0b	Add release note for GL #4614	2024-04-02 17:31:42 +02:00

1 2 3 4 5 ...

41111 Commits