GitLab

Tony Finch authored May 31, 2018 and Mark Andrews committed Jun 05, 2018

4957.	[func]		NSID logging (enabled by the "request-nsid" option)
			now has its own "nsid" category, instead of using the
			"resolver" category. [GL !331]

Tony Finch authored May 31, 2018 and Mark Andrews committed Jun 05, 2018

It is very verbose, so it is useful to be able to filter it out.

Resolve "9.11.3-S1 totext_nsec3 inserts a redundant white space between next hash and type map [ISC-support #12887]"

See merge request isc-projects/bind9!313

Update git-replay-merge script to use gitlab CLI to push merge request automatically

See merge request isc-projects/bind9!289

Resolve "Update the default for dnssec-validation to auto"

Closes #30

See merge request isc-projects/bind9!145

Evan Hunt authored May 16, 2018 and Ondřej Surý committed May 31, 2018

- all tests with "recursion yes" now also specify "dnssec-validation yes",
  and all tests with "recursion no" also specify "dnssec-validation no".
  this must be maintained in all new tests, or else validation will fail
  when we use local root zones for testing.
- clean.sh has been modified where necessary to remove managed-keys.bind
  and viewname.mkeys files.

Evan Hunt authored May 16, 2018 and Ondřej Surý committed May 31, 2018

- the default setting for dnssec-validation is now "auto", which
  activates DNSSEC validation using the IANA root key.  The old behavior
  can be restored by explicitly setting "dnssec-validation yes", which
  "yes", which activates DNSSEC validation only if keys are explicitly
  configured in named.conf.
- the ARM has been updated to describe the new behavior

Add backtrace_test and nsecify to bin/tests/optional/.gitignore

See merge request isc-projects/bind9!331

Fixup the Windows and non-threaded builds

See merge request isc-projects/bind9!328

add PLATFORMS.md file to list supported platforms

Closes #72

See merge request isc-projects/bind9!315

Resolve "output of the rpzrecurse test is incorrect on windows"

Closes #301

See merge request !327

fix missing config.h and win32 symbols

See merge request !326

Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG

Closes #289

See merge request !325

4956.   [func]          Change isc_random() to be just PRNG using xoshiro128**,
                        and add isc_nonce_buf() that uses CSPRNG. [GL #289]

This commit reverts the previous change to use system provided
entropy, as (SYS_)getrandom is very slow on Linux because it is
a syscall.

The change introduced in this commit adds a new call isc_nonce_buf
that uses CSPRNG from cryptographic library provider to generate
secure data that can be and must be used for generating nonces.
Example usage would be DNS cookies.

The isc_random() API has been changed to use fast PRNG that is not
cryptographically secure, but runs entirely in user space.  Two
contestants have been considered xoroshiro family of the functions
by Villa&Blackman and PCG by O'Neill.  After a consideration the
xoshiro128starstar function has been used as uint32_t random number
provider because it is very fast and has good enough properties
for our usage pattern.

The other change introduced in the commit is the more extensive usage
of isc_random_uniform in places where the usage pattern was
isc_random() % n to prevent modulo bias.  For usage patterns where
only 16 or 8 bits are needed (DNS Message ID), the isc_random()
functions has been renamed to isc_random32(), and isc_random16() and
isc_random8() functions have been introduced by &-ing the
isc_random32() output with 0xffff and 0xff.  Please note that the
functions that uses stripped down bit count doesn't pass our
NIST SP 800-22 based random test.

Resolve "New cppcheck-detected errors"

See merge request !324

Resolve "Follow-up from "Remove ECS authoritative implementation from BIND""

Closes #293

See merge request !322