- 07 Oct, 2020 2 commits
-
-
Mark Andrews authored
Wait for isc_nm_stoplistening() to complete See merge request isc-projects/bind9!4217
-
Mark Andrews authored
The controllistener could be freed before the event posted by isc_nm_stoplistening() has been processed. This commit adds a reference counter to the controllistener to determine when to free the listener.
-
- 06 Oct, 2020 7 commits
-
-
Mark Andrews authored
Resolve "The fuzzer dns_message_parse.c is leaking memory." Closes #2200 See merge request isc-projects/bind9!4239
-
Mark Andrews authored
-
Mark Andrews authored
Silence Coverity REVERSE_INULL report Closes #2198 See merge request isc-projects/bind9!4234
-
Mark Andrews authored
message does not need to be tested to NULL
-
Matthijs Mekking authored
Avoid a non-standard bashism: use of "==" in "test". See merge request isc-projects/bind9!4235
-
Håvard Eidnes authored
-
Mark Andrews authored
render_buf was too big See merge request isc-projects/bind9!4231
-
- 05 Oct, 2020 22 commits
-
-
Mark Andrews authored
It was misdeclared as a array of pointers (uint8_t*[]) and there where too many elements (64 * 1024) instead of (64 * 1024 - 1).
-
Ondřej Surý authored
Resolve "DNS Flag Day 2020" Closes #2183 See merge request isc-projects/bind9!4179
-
Ondřej Surý authored
-
Ondřej Surý authored
This commits uses the isc__nm_socket_dontfrag() helper function to enable setting DF bit on the outgoing UDP packets.
-
Ondřej Surý authored
The dig should behave closely to how the resolver code in `named` work, so we need to change the buffer size in dig, mdig and host too.
-
Ondřej Surý authored
* the legacy test with -T maxudp512 will just fail, e.g. if the packets larger than 512 octets are dropped along the path, the proper response is to fail * digdelv test was just expecting default server EDNS buffer size to be 4096, the test needed only slight adjustment
-
Ondřej Surý authored
The DNS Flag Day 2020 aims to remove the IP fragmentation problem from the UDP DNS communication. In this commit, we implement the required changes and simplify the logic for picking the EDNS Buffer Size. 1. The defaults for `edns-udp-size`, `max-udp-size` and `nocookie-udp-size` have been changed to `1232` (the value picked by DNS Flag Day 2020). 2. The probing heuristics that would try 512->4096->1432->1232 buffer sizes has been removed and the resolver will always use just the `edns-udp-size` value. 3. Instead of just disabling the PMTUD mechanism on the UDP sockets, we now set IP_DONTFRAG (IPV6_DONTFRAG) flag. That means that the UDP packets won't get ever fragmented. If the ICMP packets are lost the UDP will just timeout and eventually be retried over TCP.
-
Ondřej Surý authored
Refactor the setsockopt() code in network manager into helper functions See merge request isc-projects/bind9!4227
-
Ondřej Surý authored
The SO_REUSEADDR, SO_REUSEPORT and SO_REUSEPORT_LB has different meaning on different platform. In this commit, we split the function to set the reuse of address/port and setting the load-balancing into separate functions. The libuv library already have multiplatform support for setting SO_REUSEADDR and SO_REUSEPORT that allows binding to the same address and port, but unfortunately, when used after the load-balancing socket options have been already set, it overrides the previous setting, so we need our own helper function to enable the SO_REUSEADDR/SO_REUSEPORT first and then enable the load-balancing socket option.
-
Ondřej Surý authored
On POSIX based systems both uv_os_sock_t and uv_os_fd_t are both typedef to int. That's not true on Windows, where uv_os_sock_t is SOCKET and uv_os_fd_t is HANDLE and they differ in level of indirection.
-
Ondřej Surý authored
The isc__nm_socket_freebind() has been refactored to match other isc__nm_socket_...() helper functions and take uv_os_fd_t and sa_family_t as function arguments.
-
Ondřej Surý authored
This commits add isc__nm_socket_dontfrag() helper functions.
-
Ondřej Surý authored
The setting of SO_REUSE**** and SO_INCOMING_CPU have been moved into a separate helper functions.
-
Matthijs Mekking authored
Resolve "rndc trigger rollover" Closes #1749 See merge request !4004
-
Matthijs Mekking authored
These tests don't require a specific algorithm so they should use the DEFAULT_ALGORITHM from 'conf.sh.common'.
-
Matthijs Mekking authored
It is better to add new result codes than to overload existing codes.
-
Matthijs Mekking authored
While working on 'rndc dnssec -rollover' I noticed the following (small) issues: - The key files where updated with hints set to "-when" and that should always be "now. - The kasp system test did not properly update the test number when calling 'rndc dnssec -checkds' (and ensuring that works). - There was a missing ']' in the rndc.c help output.
-
Matthijs Mekking authored
When users (accidentally) try to roll an inactive key, throw an error.
-
Matthijs Mekking authored
This command is similar in arguments as -checkds so refactor the 'named_server_dnssec' function accordingly. The only difference are that: - It does not take a "publish" or "withdrawn" argument. - It requires the key id to be set (add a check to make sure). Add tests that will trigger rollover immediately and one that schedules a test in the future.
-
Matthijs Mekking authored
Add to the keymgr a function that will schedule a rollover. This basically means setting the time when the key needs to retire, and updating the key lifetime, then update the state file. The next time that named runs the keymgr the new lifetime will be taken into account.
-
Matthijs Mekking authored
Change condition for rndc dumpdb -expired See merge request isc-projects/bind9!4219
-
Matthijs Mekking authored
After backporting #1870 to 9.11-S I saw that the condition check there is different than in the main branch. In 9.11-S "stale" can mean stale and serve-stale, or not active (awaiting cleanup). In 9.16 and later versions, "stale" is stale and serve-stale, and "ancient" means not active (awaiting cleanup). An "ancient" RRset is one that is not active (TTL expired) and is not eligble for serve-stale. Update the condition for rndc dumpdb -expired to closer match what is in 9.11-S.
-
- 02 Oct, 2020 9 commits
-
-
Matthijs Mekking authored
Resolve "dnssec-policy behaviour for algorithm 15 keys different to algorithm 8 keys" Closes #2171 See merge request !4199
-
Matthijs Mekking authored
Sometimes, not all keys have been created in time before 'check_keys' is called. Run a 'retry_quiet' on checking the number of keys before continuing checking the key data.
-
Matthijs Mekking authored
The minimal size for RSASHA1, RSASHA256 is 512, but due to bad assignment it was set to 1024.
-
Matthijs Mekking authored
This test case is unrelated to the fix for #2171 but was added to reproduce the problem.
-
Matthijs Mekking authored
The 'wait_for_nsec' does not need to add TSIG because it calls 'dig_with_opts' and that already checks for TSIG.
-
Matthijs Mekking authored
This is a bug that needs to be noted.
-
Matthijs Mekking authored
The kasp code had bad implicit size values for the cryptographic algorithms Ed25519 and Ed448. When creating keys they would never match the dnssec-policy, leading to new attempts to create keys. These algorithms were previously not yet added to the system tests, due to lack of availability on some systems.
-
Matthijs Mekking authored
Use the testcrypto script to see if these algorithms are supported by openssl. If so, add the specific configuration to the named.conf file and touch a file to indicate support. If the file exists, the corresponding setup and tests are performed.
-
Michał Kępień authored
"rrset-order" fixes and cleanups Closes #2139 See merge request isc-projects/bind9!4195
-