2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Commit Graph

7365 Commits

Author SHA1 Message Date
Mark Andrews
ee7cf180b3 Recognise EDNS Client Tag and EDNS Server Tag 2019-05-09 17:29:23 +10:00
Tony Finch
8785f6fa34 Deprecate SHA-1 CDS records
This affects CDS records generated by `named` and `dnssec-signzone`
based on `-P sync` and `-D sync` key timing instructions.

This is for conformance with the DS/CDS algorithm requirements in
https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update
2019-05-08 18:17:55 -07:00
Mark Andrews
1722728c80 enforce known SSHFP finger print lengths 2019-05-09 08:11:43 +10:00
Mark Andrews
d8798098e8 support printing AAAA in expanded form 2019-05-06 21:50:38 -07:00
Mark Andrews
32ba5a0494 fix whitespace 2019-05-07 10:05:25 +10:00
Mark Andrews
127333c71f return rdatasets when processing ANY queries in client_resfind 2019-05-07 10:05:25 +10:00
Evan Hunt
0fd344e77a attach memory context sooner so that cleanup will work correctly 2019-04-26 18:27:37 -04:00
Mark Andrews
ffaa5a07dd compute the RSAMD5 key id 2019-04-24 08:05:27 +10:00
Witold Kręcicki
7043c6eaf5 When resuming from qname-minimization increase fetches-per-zone counters for the 'new' zone 2019-04-23 10:16:09 -04:00
Mark Andrews
da7f683abf using 0 instead of false 2019-04-23 11:08:06 +10:00
Ondřej Surý
4edbb773a1 Refactor the DNS_RDATASET_FIXED code to use constants instead of ifdefs 2019-04-17 10:35:11 +02:00
Matthijs Mekking
3cb8c49c73 With update-check-ksk also consider offline keys
The option `update-check-ksk` will look if both KSK and ZSK are
available before signing records.  It will make sure the keys are
active and available.  However, for operational practices keys may
be offline.  This commit relaxes the update-check-ksk check and will
mark a key that is offline to be available when adding signature
tasks.
2019-04-11 15:22:30 +02:00
Matthijs Mekking
2e83e3255a Style: some curly brackets 2019-04-11 15:22:30 +02:00
Mark Andrews
b78e128a2f Add debug printfs 2019-04-11 19:19:46 +10:00
Mark Andrews
e73a5b0ce3 Prevent WIRE_INVALID() being called without a argument 2019-04-11 19:19:46 +10:00
Mark Andrews
b089f43b7a Check multi-line output from dns_rdata_tofmttext()
Check that multi-line output from dns_rdata_tofmttext() can be read
back in by dns_rdata_fromtext().
2019-04-11 19:19:46 +10:00
Mark Andrews
1a75a5cee6 Process master file comments and make input invalid again 2019-04-11 19:19:10 +10:00
Mark Andrews
7941a9554f Set 'specials' to match 'specials' in 'lib/dns/master.c' 2019-04-11 18:13:39 +10:00
Mark Andrews
cc5e16e4d3 Fix whitespace so that the names align 2019-04-11 18:13:39 +10:00
Mark Andrews
36f30f5731 Add dns_rdata_totext() and dns_rdata_fromtext() to fromwire
Add dns_rdata_totext() and dns_rdata_fromtext() to fromwire for
valid inputs to ensure that what we accept in dns_rdata_fromwire()
can be written out and read back in.
2019-04-11 18:13:39 +10:00
Mark Andrews
8fd4308bda Initialise mincachettl and minncachettl to zero in dns_view_create. 2019-04-10 14:48:49 +10:00
Mark Andrews
6eb28eda1e add ds unit test 2019-04-10 13:37:03 +10:00
Mark Andrews
b274f3fad7 enforce DS hash exists 2019-04-10 13:36:08 +10:00
Mark Andrews
7b0a653858 check that from fromtext produces valid towire input 2019-04-10 11:13:52 +10:00
Mark Andrews
82d4931440 for rkey flags MUST be zero 2019-04-09 13:55:30 +10:00
Mark Andrews
2592e91516 check flags for no key in fromwire for *KEY 2019-04-09 13:55:30 +10:00
Mark Andrews
698a6f955e <dns/ecs.h> was missing ISC_LANG_ENDDECLS. 2019-04-09 11:47:26 +10:00
Witold Kręcicki
06021b3529 Fix deadlock in RPZ update code.
In dns_rpz_update_from_db we call setup_update which creates the db
iterator and calls dns_dbiterator_first. This unpauses the iterator and
might cause db->tree_lock to be acquired. We then do isc_task_send(...)
on an event to do quantum_update, which (correctly) after each iteration
calls dns_dbiterator_pause, and re-isc_task_sends itself.

That's an obvious bug, as we're holding a lock over an async task send -
if a task requesting write (e.g. prune_tree) is scheduled on the same
workers queue as update_quantum but before it, it will wait for the
write lock indefinitely, resulting in a deadlock.

To fix it we have to pause dbiterator in setup_update.
2019-04-06 12:22:49 -07:00
Witold Kręcicki
7c960e89ea In resume_qmin check if the fetch context is already shutting down - if so, try to destroy it, don't continue 2019-03-29 14:30:40 +01:00
Witold Kręcicki
51a55ddbb7 Fix assertion failure in nslookup/dig/mdig when message has multiple SIG(0) options.
When parsing message with DNS_MESSAGE_BESTEFFORT (used exclusively in
tools, never in named itself) if we hit an invalid SIG(0) in wrong
place we continue parsing the message, and put the sig0 in msg->sig0.
If we then hit another sig0 in a proper place we see that msg->sig0
is already 'taken' and we don't free name and rdataset, and we don't
set seen_problem. This causes an assertion failure.
This fixes that issue by setting seen_problem if we hit second sig0,
tsig or opt, which causes name and rdataset to be always freed.
2019-03-26 21:15:00 +11:00
Ondřej Surý
8ccce7e24b Make lib/dns/dnstap.pb-c.h private header
This changes dns_dtdata struct to not expose data types from dnstap.pb-c.h to
prevent the need for including this header where not really needed.
2019-03-22 11:38:45 +01:00
Mark Andrews
473987d8d9 Disallow empty ZONEMD hashes
This change is the result of discussions with the authors of
draft-wessels-dns-zone-digest.
2019-03-22 06:49:01 +11:00
Mark Andrews
40a770b932 add brackets for multi-line output 2019-03-21 19:52:27 +11:00
Evan Hunt
b3ff3bf2e4 remove configuration, syntax checking and implementation of dnssec-enable 2019-03-14 23:29:07 -07:00
Petr Menšík
71c4fad592 Fix regression in dnstap_test with native pkcs11
Change to cmocka broken initialization of TZ environment. This time,
commit 1cf1254051 is not soon enough. Has
to be moved more forward, before any other tests. It library is not full
reinitialized on each test.
2019-03-15 01:03:53 -04:00
Mark Andrews
1eba2c5b06 force promotion to unsigned int 2019-03-14 13:34:59 -07:00
Mark Andrews
d8d04edfba assert hevent->rdataset is non NULL 2019-03-14 12:47:53 -07:00
Mark Andrews
719b1d7fdc missing #include <isc/lang.h> 2019-03-15 00:24:33 +11:00
Mark Andrews
ff8bf617e7 add missing MAYBE_UNLOCK 2019-03-13 10:51:56 +11:00
Witold Kręcicki
56183a3917 Fix a race in fctx_cancelquery.
When sending an udp query (resquery_send) we first issue an asynchronous
isc_socket_connect and increment query->connects, then isc_socket_sendto2
and increment query->sends.
If we happen to cancel this query (fctx_cancelquery) we need to cancel
all operations we might have issued on this socket. If we are under very high
load the callback from isc_socket_connect (resquery_udpconnected) might have
not yet been fired. In this case we only cancel the CONNECT event on socket,
and ignore the SEND that's waiting there (as there is an `else if`).
Then we call dns_dispatch_removeresponse which kills the dispatcher socket
and calls isc_socket_close - but if system is under very high load, the send
we issued earlier might still not be complete - which triggers an assertion
because we're trying to close a socket that's still in use.

The fix is to always check if we have incomplete sends on the socket and cancel
them if we do.
2019-03-12 18:42:35 +01:00
Mark Andrews
a520662ed4 allow dlz to signal that the view's transfer acl should be used 2019-03-11 14:27:13 +11:00
Ondřej Surý
a04a390195 Convert *.vcxproj.user to CRLF line endings 2019-03-08 18:01:48 +01:00
Ondřej Surý
c2637c8429 Use ForcedIncludeFiles directive to include config.h everywhere automatically 2019-03-08 17:14:38 +01:00
Ondřej Surý
1b25d8a0ca Remove explicit '#include <config.h>' from the header files (the include should not have been there in the first place) 2019-03-08 15:15:05 +01:00
Ondřej Surý
78d0cb0a7d Use coccinelle to remove explicit '#include <config.h>' from the source files 2019-03-08 15:15:05 +01:00
Michał Kępień
ada6846a10 Make delv use OS-supplied ephemeral port range
Make delv honor the operating system's preferred ephemeral port range
instead of always using the default 1024-65535 range for outgoing
messages.
2019-03-08 13:13:32 +01:00
Tony Finch
0f219714e1 cleanup: use dns_secalg_t and dns_dsdigest_t where appropriate
Use them in structs for various rdata types where they are missing.
This doesn't change the structs since we are replacing explicit
uint8_t field types with aliases for uint8_t.

Use dns_dsdigest_t in library function arguments.

Improve dnssec-cds with these more specific types.
2019-03-08 18:37:50 +11:00
Mark Andrews
1fc7be36eb #include <limits.h> for PATH_MAX, define if not found 2019-03-08 17:15:01 +11:00
Evan Hunt
7f26cad247 silence a warning about potential snprintf overrun 2019-03-08 00:27:49 -05:00
Mark Andrews
cb32cd98bd fix the use of dns_wildcardname as an optimisation in DLZ 2019-03-07 19:59:29 -08:00