mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity
33,209 Commits 660 Branches 820 Tags
c6fd02aed534e21989fafd7b45b132a21c24fdbc
Commit Graph

33209 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthijs Mekking
cf420b2af0 Treat dnssec-policy "none" as a builtin zone 
Configure "none" as a builtin policy. Change the 'cfg_kasp_fromconfig'
api so that the 'name' will determine what policy needs to be
configured.

When transitioning a zone from secure to insecure, there will be
cases when a zone with no DNSSEC policy (dnssec-policy none) should
be using KASP. When there are key state files available, this is an
indication that the zone once was DNSSEC signed but is reconfigured
to become insecure.

If we would not run the keymgr, named would abruptly remove the
DNSSEC records from the zone, making the zone bogus. Therefore,
change the code such that a zone will use kasp if there is a valid
dnssec-policy configured, or if there are state files available.
 2020-12-23 09:02:11 +01:00
Matthijs Mekking
8f2c5e45da Add function to see if dst key uses kasp 
For purposes of zones transitioning back to insecure mode, it is
practical to see if related keys have a state file associated.
 2020-12-23 09:02:11 +01:00
Matthijs Mekking
756674f6d1 Small adjustments to kasp rndc_checkds function 
Slightly better test output, and only call 'load keys' if the
'rndc checkds' call succeeded.
 2020-12-23 09:02:11 +01:00
Matthijs Mekking
fa2e4e66b0 Add tests for going from secure to insecure 
Add two test zones that will be reconfigured to go insecure, by
setting the 'dnssec-policy' option to 'none'.

One zone was using inline-signing (implicitly through dnssec-policy),
the other is a dynamic zone.

Two tweaks to the kasp system test are required: we need to set
when to except the CDS/CDS Delete Records, and we need to know
when we are dealing with a dynamic zone (because the logs to look for
are slightly different, inline-signing prints "(signed)" after the
zone name, dynamic zones do not).
 2020-12-23 09:02:11 +01:00
Mark Andrews
89c35b7164 Merge branch '2245-bind-9-16-8-does-not-honor-cpu-affinity' into 'main' 
Resolve "bind 9.16.8 does not honor CPU affinity"

Closes #2245

See merge request isc-projects/bind9!4395
 2020-12-22 22:17:12 +00:00
Mark Andrews
fc4af548e7 Add CHANGES and release notes for [GL #2245] 2020-12-23 09:16:26 +11:00
Mark Andrews
09f00ad5dd PYTHON may be null 
When Python is not present, PYTHON=$(command -v "@PYTHON@") will exit
the script with 1, prevent that by adding "|| true".
 2020-12-23 09:16:26 +11:00
Matthijs Mekking
f1a097964c Add test for cpu affinity 
Add a test to check BIND 9 honors CPU affinity mask. This requires
some changes to the start script, to construct the named command.
 2020-12-23 09:16:26 +11:00
Mark Andrews
698d9285d4 Only pick CPUs that are part of the existing CPU affinity set when 
assigning a thread to a CPU.
 2020-12-21 15:09:57 +01:00
Mark Andrews
c850a334d9 Merge branch '2348-bin-tools-mdig-compile-link-failure-because-of-missing-isccfg-dependency-3' into 'main' 
Resolve "bin/tools/mdig: compile/link failure because of missing isccfg dependency"

Closes #2348

See merge request isc-projects/bind9!4497
 2020-12-21 02:07:45 +00:00
Mark Andrews
77372e9e24 Handle shared library platforms that don't support inter library dependancies 2020-12-21 01:09:45 +00:00
Mark Andrews
08df4f420a Reorder in library dependancy order 2020-12-21 01:09:45 +00:00
Ondřej Surý
6990f0bc3e Merge branch 'jpmens-main-patch-60230' into 'main' 
Adjust number of rule types from 13 to the 16 there are. (16 is accurately...

See merge request isc-projects/bind9!4507
 2020-12-20 16:50:03 +00:00
JP Mens
4658a1e657 Adjust number of rule types from 13 to the 16 there are. (16 is accurately specified further down in the section.) 2020-12-20 09:56:44 +00:00
Michał Kępień
90972fd782 Merge branch 'v9_17_8-release' into 'main' 
Merge 9.17.8 release branch

See merge request isc-projects/bind9!4500
 2020-12-16 21:15:24 +00:00
Michał Kępień
7c1c021fc5 Set up release notes for BIND 9.17.9 2020-12-16 22:09:14 +01:00
Michał Kępień
909a84c08b Bump BIND_BASELINE_VERSION for ABI checks 2020-12-16 22:09:14 +01:00
Michał Kępień
843c9144c6 Update BIND version to 9.17.8 2020-12-16 22:05:50 +01:00
Michał Kępień
8e47965f41 Add a CHANGES marker 2020-12-16 22:05:50 +01:00
Michał Kępień
2c44266a5a Update library API versions 2020-12-16 22:05:50 +01:00
Michał Kępień
23861dd8a7 Merge branch 'michal/prepare-release-notes-for-bind-9.17.8' into 'v9_17_8-release' 
Prepare release notes for BIND 9.17.8

See merge request isc-private/bind9!224
 2020-12-16 22:05:50 +01:00
Michał Kępień
a5f1af7c14 Prepare release notes for BIND 9.17.8 2020-12-16 22:05:50 +01:00
Michał Kępień
af58fcc92a Add release note for GL #2321 2020-12-16 22:05:50 +01:00
Michał Kępień
552418b68c Add release note for GL #1816 2020-12-16 22:05:50 +01:00
Michał Kępień
bdc45c82c5 Reorder release notes 2020-12-16 22:05:50 +01:00
Michał Kępień
0f889b9c7d Tweak and reword release notes 2020-12-16 22:05:50 +01:00
Michał Kępień
fc111622c2 Tweak and reword recent CHANGES entries 2020-12-16 22:05:50 +01:00
Michał Kępień
2ecff5dc43 Fix formatting of "dnssec-policy" documentation 2020-12-16 22:05:50 +01:00
Michal Nowak
ae05e5b691 Miscellaneous minor documentation updates 2020-12-16 22:05:50 +01:00
Michal Nowak
c99fe579b9 Merge branch 'mnowak/fix-rndc-8-reference-in-named-8-man-page' into 'main' 
Fix a reference to rndc(8) in named(8) manual page

See merge request isc-projects/bind9!4478
 2020-12-14 12:12:54 +00:00
Michal Nowak
befcbcac28 Fix a reference to rndc(8) in named(8) manual page 2020-12-14 13:10:10 +01:00
Ondřej Surý
27f0988b52 Merge branch '2058-print-warning-when-fallback-to-soaserial-increment' into 'main' 
Resolve "`dnssec-signzone -N unixtime` behaves like `increment`"

Closes #2058

See merge request isc-projects/bind9!4487
 2020-12-12 06:52:50 +00:00
Ondřej Surý
ba887a688c Add CHANGES and release notes for GL #2058 2020-12-12 07:15:45 +01:00
Mark Andrews
eb1b29b19e Update dnssec-signzone -N soa-serial-format description 
document the autoincrement when the serial would go backwards.
 2020-12-11 10:48:28 +01:00
Ondřej Surý
ef685bab5c Print warning when falling back to increment soa serial method 
When using the `unixtime` or `date` method to update the SOA serial,
`named` and `dnssec-signzone` would silently fallback to `increment`
method to prevent the new serial number to be smaller than the old
serial number (using the serial number arithmetics).  Add a warning
message when such fallback happens.
 2020-12-11 10:48:28 +01:00
Mark Andrews
3e4f5319ef Merge branch '385-add-a-built-in-ipv4only-arpa-default-zone' into 'main' 
Resolve "Add a built-in ipv4only.arpa default zone."

Closes #385

See merge request isc-projects/bind9!479
 2020-12-11 06:04:47 +00:00
Mark Andrews
ea0dbb5338 Add CHANGES note 2020-12-11 14:21:54 +11:00
Mark Andrews
88943974de Add release note entry 2020-12-11 14:17:52 +11:00
Mark Andrews
6d10a57397 Add RFC 7050 and RFC 8880 to rfc-compliance 2020-12-11 14:17:52 +11:00
Mark Andrews
64c45abab2 Document ipv4only-enable, ipv4only-contact and ipv4only-server. 2020-12-11 14:17:52 +11:00
Mark Andrews
5684c21bcf Generate PTR records for DNS64 mapped ipv4only.arpa reverses. 
Rather than generating CNAMES records pointing into IN-ADDR.ARPA,
generate PTR records directly as the names are known as per RFC 8880.
 2020-12-11 14:17:52 +11:00
Mark Andrews
cdfe660326 Checking synthesis of AAAA of builtin ipv4only.arpa 2020-12-11 14:17:47 +11:00
Mark Andrews
c51ef23c22 Implement ipv4only.arpa forward and reverse zones as per RFC 8880. 2020-12-11 14:16:40 +11:00
Mark Andrews
e4557f4203 Merge branch 'marka-placeholder' into 'main' 
Add placeholders for [GL !4454] and [GL #2324]

See merge request isc-projects/bind9!4485
 2020-12-10 02:43:41 +00:00
Mark Andrews
4257415cfb Add placeholders for [GL !4454] and [GL #2324] 2020-12-10 13:40:56 +11:00
Ondřej Surý
8129fce759 Merge branch 'ondrej/release-notes-doesnt-need-copyright' into 'main' 
Remove the requirement for the release notes to have copyright

See merge request isc-projects/bind9!4483
 2020-12-09 09:48:53 +00:00
Ondřej Surý
cb30d9892d Remove the requirement for the release notes to have copyright 
The release notes doesn't have to have copyright header, it doesn't add
any value there as the release notes are useless outside the project.
 2020-12-09 10:38:05 +01:00
Ondřej Surý
afcfb22fc3 Merge branch 'ondrej/clang-format-11' into 'main' 
Update the clang version to new stable llvm/clang 11

See merge request isc-projects/bind9!4003
 2020-12-08 18:35:25 +00:00
Ondřej Surý
c1eb385fdf Bump the clang version to 11 (stable) 2020-12-08 18:36:23 +01:00
Ondřej Surý
7ba18870dc Reformat sources using clang-format-11 2020-12-08 18:36:23 +01:00