1. 09 Jan, 2019 1 commit
  2. 06 Dec, 2018 6 commits
    • Evan Hunt's avatar
      use entirely local persistent data in modules · 74683fbc
      Evan Hunt authored
      - eliminate qctx->hookdata and client->hookflags.
      - use a memory pool to allocate data blobs in the filter-aaaa module,
        and associate them with the client address in a hash table
      - instead of detaching the client in query_done(), mark it for deletion
        and then call ns_client_detach() from qctx_destroy(); this ensures
        that it will still exist when the QCTX_DESTROYED hook point is
    • Evan Hunt's avatar
      clear AD flag when altering response messages · 427e9ca3
      Evan Hunt authored
      - the AD flag was not being cleared correctly when filtering
      - enabled dnssec valdiation in the filter-aaaa test to confirm this
        works correctly now
    • Evan Hunt's avatar
      enable modules to store data in qctx · 81f58e2e
      Evan Hunt authored
      - added a 'hookdata' array to qctx to store pointers to up to
        16 blobs of data which are allocated by modules as needed.
        each module is assigned an ID number as it's loaded, and this
        is the index into the hook data array. this is to be used for
        holding persistent state between calls to a hook module for a
        specific query.
      - instead of using qctx->filter_aaaa, we now use qctx->hookdata.
        (this was the last piece of filter-aaaa specific code outside the
      - added hook points for qctx initialization and destruction. we get
        a filter-aaaa data pointer from the mempool when initializing and
        store it in the qctx->hookdata table; return to to the mempool
        when destroying the qctx.
      - link the view to the qctx so that detaching the client doesn't cause
        hooks to fail
      - added a qctx_destroy() function which must be called after qctx_init;
        this calls the QCTX_DESTROY hook and detaches the view
      - general cleanup and comments
    • Evan Hunt's avatar
      move several query.c helper functions to client.c and rename · e4f0a98b
      Evan Hunt authored
      - these formerly static helper functions have been moved into client.c
        and made external so that they can be used in hook modules as well as
        internally in libns: query_newrdataset, query_putrdataset,
        query_newnamebuf, query_newname, query_getnamebuf, query_keepname,
        query_releasename, query_newdbversion, query_findversion
      - made query_recurse() and query_done() into public functions
        ns_query_recurse() and ns_query_done() so they can be called from
    • Evan Hunt's avatar
      refactor filter-aaaa implementation · d43dcef1
      Evan Hunt authored
       - the goal of this change is for AAAA filtering to be fully contained
         in the query logic, and implemented at discrete points that can be
         replaced with hook callouts later on.
       - the new code may be slightly less efficient than the old filter-aaaa
         implementation, but maximum efficiency was never a priority for AAAA
         filtering anyway.
       - we now use the rdataset RENDERED attribute to indicate that an AAAA
         rdataset should not be included when rendering the message. (this
         flag was originally meant to indicate that an rdataset has already
         been rendered and should not be repeated, but it can also be used to
         prevent rendering in the first place.)
         and DNS_RDATASETGLUE_FILTERAAAA flags are all now unnecessary and
         have been removed.
    • Evan Hunt's avatar
      refactor query.c to make qctx more accessible · 29897b14
      Evan Hunt authored
      - the purpose of this change is allow for more well-defined hook points
        to be available in the query processing logic. some functions that
        formerly didn't have access to 'qctx' do now; this is needed because
        'qctx' is what gets passed when calling a hook function.
      - query_addrdataset() has been broken up into three separate functions
        since it used to do three unrelated things, and what was formerly
        query_addadditional() has been renamed query_additional_cb() for
      - client->filter_aaaa is now qctx->filter_aaaa. (later, it will be moved
        into opaque storage in the qctx, for use by the filter-aaaa module.)
      - cleaned up style and braces
  3. 23 Nov, 2018 1 commit
    • Witold Krecicki's avatar
      - isc_task_create_bound - create a task bound to specific task queue · d5793ecc
      Witold Krecicki authored
        If we know that we'll have a task pool doing specific thing it's better
        to use this knowledge and bind tasks to task queues, this behaves better
        than randomly choosing the task queue.
      - use bound resolver tasks - we have a pool of tasks doing resolutions,
        we can spread the load evenly using isc_task_create_bound
      - quantum set universally to 25
  4. 22 Nov, 2018 2 commits
  5. 08 Nov, 2018 2 commits
  6. 06 Nov, 2018 1 commit
  7. 26 Oct, 2018 1 commit
    • Witold Krecicki's avatar
      Use non-cryptographically-secure PRNG to generate a nonce for cookies. · 6cd89d5e
      Witold Krecicki authored
      Rationale: the nonce here is only used to make sure there is a low
      probability of duplication, according to section B.2 of RFC7873.
      It is only 32-bit, and even if an attacker knows the algorithm used
      to generate nonces it won't, in any way, give him any platform to
      attack the server as long as server secret used to sign the
      (nonce, time) pair with HMAC-SHA1 is secure.
      On the other hand, currently, each packet sent requires (unnecessarily)
      a CS pseudo-random number which is ineffective.
  8. 25 Oct, 2018 1 commit
  9. 03 Oct, 2018 1 commit
  10. 31 Aug, 2018 1 commit
  11. 16 Aug, 2018 1 commit
  12. 08 Aug, 2018 2 commits
  13. 19 Jul, 2018 1 commit
  14. 26 Jun, 2018 2 commits
  15. 21 Jun, 2018 1 commit
  16. 29 May, 2018 1 commit
    • Ondřej Surý's avatar
      Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG · 99ba29bc
      Ondřej Surý authored
      This commit reverts the previous change to use system provided
      entropy, as (SYS_)getrandom is very slow on Linux because it is
      a syscall.
      The change introduced in this commit adds a new call isc_nonce_buf
      that uses CSPRNG from cryptographic library provider to generate
      secure data that can be and must be used for generating nonces.
      Example usage would be DNS cookies.
      The isc_random() API has been changed to use fast PRNG that is not
      cryptographically secure, but runs entirely in user space.  Two
      contestants have been considered xoroshiro family of the functions
      by Villa&Blackman and PCG by O'Neill.  After a consideration the
      xoshiro128starstar function has been used as uint32_t random number
      provider because it is very fast and has good enough properties
      for our usage pattern.
      The other change introduced in the commit is the more extensive usage
      of isc_random_uniform in places where the usage pattern was
      isc_random() % n to prevent modulo bias.  For usage patterns where
      only 16 or 8 bits are needed (DNS Message ID), the isc_random()
      functions has been renamed to isc_random32(), and isc_random16() and
      isc_random8() functions have been introduced by &-ing the
      isc_random32() output with 0xffff and 0xff.  Please note that the
      functions that uses stripped down bit count doesn't pass our
      NIST SP 800-22 based random test.
  17. 25 May, 2018 1 commit
    • Evan Hunt's avatar
      remove the experimental authoritative ECS support from named · e3244493
      Evan Hunt authored
      - mark the 'geoip-use-ecs' option obsolete; warn when it is used
        in named.conf
      - prohibit 'ecs' ACL tags in named.conf; note that this is a fatal error
        since simply ignoring the tags could make ACLs behave unpredictably
      - re-simplify the radix and iptable code
      - clean up dns_acl_match(), dns_aclelement_match(), dns_acl_allowed()
        and dns_geoip_match() so they no longer take ecs options
      - remove the ECS-specific unit and system test cases
      - remove references to ECS from the ARM
  18. 16 May, 2018 1 commit
    • Ondřej Surý's avatar
      Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. · 3a4f820d
      Ondřej Surý authored
      The three functions has been modeled after the arc4random family of
      functions, and they will always return random bytes.
      The isc_random family of functions internally use these CSPRNG (if available):
      1. getrandom() libc call (might be available on Linux and Solaris)
      2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
      3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
      4. crypto library function:
      4a. RAND_bytes in case OpenSSL
      4b. pkcs_C_GenerateRandom() in case PKCS#11 library
  19. 09 Apr, 2018 1 commit
  20. 06 Apr, 2018 1 commit
  21. 23 Feb, 2018 1 commit
  22. 15 Feb, 2018 1 commit
  23. 05 Feb, 2018 1 commit
  24. 12 Jan, 2018 2 commits
  25. 09 Nov, 2017 1 commit
  26. 06 Nov, 2017 1 commit
    • Mukund Sivaraman's avatar
      [master] isc_rng_randombytes() · 7e1df518
      Mukund Sivaraman authored
      4807.	[cleanup]	isc_rng_randombytes() returns a specified number of
      			bytes from the PRNG; this is now used instead of
      			calling isc_rng_random() multiple times. [RT #46230]
  27. 25 Oct, 2017 1 commit
  28. 07 Oct, 2017 1 commit
  29. 06 Oct, 2017 1 commit
  30. 28 Sep, 2017 1 commit
    • Evan Hunt's avatar
      [master] completed and corrected the crypto-random change · 24172bd2
      Evan Hunt authored
      4724.	[func]		By default, BIND now uses the random number
      			functions provided by the crypto library (i.e.,
      			OpenSSL or a PKCS#11 provider) as a source of
      			randomness rather than /dev/random.  This is
      			suitable for virtual machine environments
      			which have limited entropy pools and lack
      			hardware random number generators.
      			This can be overridden by specifying another
      			entropy source via the "random-device" option
      			in named.conf, or via the -r command line option;
      			however, for functions requiring full cryptographic
      			strength, such as DNSSEC key generation, this
      			cannot be overridden. In particular, the -r
      			command line option no longer has any effect on
      			This can be disabled by building with
      			"configure --disable-crypto-rand".
      			[RT #31459] [RT #46047]