mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 13:08:06 +00:00
Code Issues Releases Wiki Activity
28,361 Commits 660 Branches 820 Tags
Commit Graph

341 Commits

Author SHA1 Message Date
Evan Hunt
d43dcef139 refactor filter-aaaa implementation 
- the goal of this change is for AAAA filtering to be fully contained
   in the query logic, and implemented at discrete points that can be
   replaced with hook callouts later on.
 - the new code may be slightly less efficient than the old filter-aaaa
   implementation, but maximum efficiency was never a priority for AAAA
   filtering anyway.
 - we now use the rdataset RENDERED attribute to indicate that an AAAA
   rdataset should not be included when rendering the message. (this
   flag was originally meant to indicate that an rdataset has already
   been rendered and should not be repeated, but it can also be used to
   prevent rendering in the first place.)
 - the DNS_MESSAGERENDER_FILTER_AAAA, NS_CLIENTATTR_FILTER_AAAA,
   and DNS_RDATASETGLUE_FILTERAAAA flags are all now unnecessary and
   have been removed.
 2018-12-06 10:29:10 -08:00
Ondřej Surý
23fff6c569 Hint the compiler with ISC_UNREACHABLE(); that code after INSIST(0); cannot be reached 2018-11-08 12:22:17 +07:00
Ondřej Surý
b2b43fd235 Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool 2018-11-08 12:21:53 +07:00
Ondřej Surý
994e656977 Replace custom isc_boolean_t with C standard bool type 2018-08-08 09:37:30 +02:00
Ondřej Surý
cb6a185c69 Replace custom isc_u?intNN_t types with C99 u?intNN_t types 2018-08-08 09:37:28 +02:00
Witold Kręcicki
c8aa1ee9e6 libdns refactoring: get rid of multiple versions of dns_dt_create, dns_view_setcache, dns_zt_apply, dns_message_logfmtpacket, dns_message_logpacket, dns_ssutable_checkrules and dns_ttl_totext 2018-04-06 08:04:41 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Mark Andrews
6bd6bd6d62 cast to unsigned 2018-02-16 10:20:38 +11:00
Mark Andrews
2b803b3463 prevent implict conversion to signed 2018-02-16 10:20:38 +11:00
Mark Andrews
9d5a0abe81 4841. [bug] Address -fsanitize=undefined warnings. [RT #46786] 2017-12-06 21:00:14 +11:00
Evan Hunt
65314b0fd8 [master] "enable-filter-aaaa" no longer optional 
4786.	[func]		The "filter-aaaa-on-v4" and "filter-aaaa-on-v6"
			options are no longer conditionally compiled.
			[RT #46340]
 2017-10-25 00:33:51 -07:00
Evan Hunt
8eb88aafee [master] add libns and remove liblwres 
4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                        are no longer supported. [RT #45186]

4707.	[func]		The lightweight resolver daemon and library (lwresd
			and liblwres) have been removed. [RT #45186]

4706.	[func]		Code implementing name server query processing has
			been moved from bin/named to a new library "libns".
			Functions remaining in bin/named are now prefixed
			with "named_" rather than "ns_".  This will make it
			easier to write unit tests for name server code, or
			link name server functionality into new tools.
			[RT #45186]
 2017-09-08 13:47:34 -07:00
Mark Andrews
0aed466565 4693. [func] Synthesis of responses from DNSSEC-verified records. 
Stage 1 covers NXDOMAIN synthesis from NSEC records.
                        This is controlled by synth-from-dnssec and is enabled
                        by default. [RT #40138]
 2017-08-31 07:57:50 +10:00
Mark Andrews
07741d43c8 4688. [protocol] Check and display EDNS KEY TAG options (RFC 8145) in 
messages. [RT #44804]
 2017-08-25 08:38:19 +10:00
Evan Hunt
581c1526ab [master] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]
 2017-06-27 11:39:19 -07:00
Mark Andrews
33e94f501f 4615. [bug] AD could be set on truncated answer with no records 
present in the answer and authority sections.
                        [RT #45140]
 2017-05-03 07:51:41 +10:00
Mukund Sivaraman
03be5a6b4e Improve performance for delegation heavy answers and also general query performance (#44029) 2017-04-22 09:22:44 +05:30
Mark Andrews
87ff6241e4 dns_master_styleflags returns dns_masterstyle_flags_t 2017-02-20 17:39:20 +11:00
Evan Hunt
4f744a027f [master] fix dig +ednsopt padding error 
4556.	[bug]		Sending an EDNS Padding option using "dig
			+ednsopt" could cause a crash in dig. [RT #44462]
 2017-01-19 23:52:41 -08:00
Evan Hunt
2e703d7b61 [master] expand the flags field in dns_master_style 
4550.	[cleanup]	Increased the number of available master file
			output style flags from 32 to 64. [RT #44043]
 2017-01-10 10:40:47 -08:00
Tinderbox User
f557aeef7c update copyright notice / whitespace 2017-01-05 23:45:24 +00:00
Evan Hunt
6d25cd0502 [master] remove inline variable declaration (broke win32) 2017-01-04 11:17:06 -08:00
Evan Hunt
5804332588 [master] EDNS padding and keepalive support 
4549.	[func]		Added support for the EDNS TCP Keepalive option
			(RFC 7828). [RT #42126]

4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
			[RT #42094]
 2017-01-04 09:16:30 -08:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Evan Hunt
b3aebb5890 [master] silence warning 2016-12-28 17:54:16 -08:00
Tinderbox User
4ef83f4333 update copyright notice / whitespace 2016-12-28 23:48:39 +00:00
Mark Andrews
f3bf3905c3 4517. [security] Named could mishandle authority sections that were 
missing RRSIGs triggering an assertion failure.
                        (CVE-2016-9444) [RT # 43632]

(cherry picked from commit 1df30cfd27c5a3c57fce357c54aaf6c702227d51)
 2016-12-29 10:39:51 +11:00
wpk
e910d18007 4545. [func] Make dnstap-read output more functionally usable. 
[RT #43642]

4544.	[func]		Add message/payload size to dnstap-read YAML output.
			[RT #43622]
 2016-12-28 11:57:28 +01:00
Mark Andrews
def6b33bad 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] 2016-12-13 16:27:18 +11:00
Mark Andrews
df17290113 4468. [bug] Address ECS option handling issues. [RT #43191] 2016-09-14 08:22:15 +10:00
Mark Andrews
2bd0922cf9 4467. [security] It was possible to trigger a assertion when rendering 
a message. [RT #43139]
 2016-09-09 11:29:48 +10:00
Mark Andrews
58d622d96d 4462. [bug] Don't describe a returned EDNS COOKIE as "good" 
when there isn't a valid server cookie. [RT #43167]
 2016-09-08 11:34:19 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Evan Hunt
395e6865d5 [master] fix ECS with family==0 
4341.	[bug]		Correct the handling of ECS options with
			address family 0. [RT #41377]
 2016-03-23 08:54:46 -07:00
Mark Andrews
33a4294f44 4330. [protocol] Identify the PAD option as "PAD" when printing out 
a message.
 2016-03-10 16:53:06 +11:00
Mukund Sivaraman
9da98335c1 Code cleanups (#41656) 2016-03-04 12:18:17 +05:30
Mark Andrews
8d00c5ab2c 4312. [bug] dig's unknown dns and edns flags (MBZ value) logging 
was not consistent. [RT #41600]
 2016-02-02 14:19:22 +11:00
Evan Hunt
2879ee2c72 [master] fix unchecked result 
4295.	[bug]		An unchecked result in dns_message_pseudosectiontotext()
			could allow incorrect text formatting of EDNS EXPIRE
			options. [RT #41437]
 2016-01-20 17:19:19 -08:00
Tinderbox User
feb1ccdaf1 update copyright notice / whitespace 2016-01-05 23:45:26 +00:00
Evan Hunt
0302fcbf7e [master] check addrlen/scopelen fit within family address length 2016-01-05 13:39:44 -08:00
Evan Hunt
1330ae5fc2 [master] check ECS address length 2016-01-05 12:17:54 -08:00
Tinderbox User
0796eca5f7 update copyright notice / whitespace 2015-12-31 11:45:08 +00:00
Mark Andrews
292eb9c4e4 4286. [security] render_ecs errors were mishandled when printing out 
a OPT record resulting in a assertion failure.
                        (CVE-2015-8705) [RT #41397]

(cherry picked from commit 3e0c1603a835c678b07f1147909bf196988ee0d3)
 2015-12-31 22:19:46 +11:00
Mark Andrews
f647c0df9f 4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257] 2015-12-15 19:49:40 +11:00
Mark Andrews
c8821d124c 4260. [security] Insufficient testing when parsing a message allowed 
records with an incorrect class to be be accepted,
                        triggering a REQUIRE failure when those records
                        were subsequently cached. (CVE-2015-8000) [RT #4098]
 2015-11-16 13:12:20 +11:00
Mark Andrews
8475bed9de 4249. [func] Improve error reporting of TSIG / SIG(0) records in 
the wrong location. [RT #40953]
 2015-10-29 17:03:03 +11:00
Evan Hunt
b66b333f59 [master] dnstap 
4235.	[func]		Added support in named for "dnstap", a fast method of
			capturing and logging DNS traffic, and a new command
			"dnstap-read" to read a dnstap log file.  Use
			"configure --enable-dnstap" to enable this
			feature (note that this requires libprotobuf-c
			and libfstrm). See the ARM for configuration details.

			Thanks to Robert Edmonds of Farsight Security.
			[RT #40211]
 2015-10-02 12:32:42 -07:00
Mark Andrews
f43e5c8ed2 4210. [cleanup] Silence use after free false positive. [RT #40743] 2015-09-17 14:05:19 +10:00
Mark Andrews
bd08b82891 add warning not about handling malformed option content 2015-07-07 10:25:09 +10:00
Mark Andrews
46fc714aa0 dig +ednsopt=<invalid> could trigger a assertion failure [RT #39990] 2015-07-06 23:03:51 +10:00