1. 06 Mar, 2019 1 commit
    • Michał Kępień's avatar
      Look for named plugins in ${libdir}/named · 1a9fc624
      Michał Kępień authored
      When the "library" part of a "plugin" configuration stanza does not
      contain at least one path separator, treat it as a filename and assume
      it is a name of a shared object present in the named plugin installation
      directory.  Absolute and relative paths can still be used and will be
      used verbatim.  Get the full path to a plugin before attempting to
      check/register it so that all relevant log messages include the same
      plugin path (apart from the one logged when the full path cannot be
      determined).
      1a9fc624
  2. 16 Jan, 2019 1 commit
  3. 20 Dec, 2018 1 commit
  4. 14 Dec, 2018 1 commit
  5. 11 Dec, 2018 1 commit
  6. 06 Dec, 2018 5 commits
    • Michał Kępień's avatar
      add a function for processing a list of configured plugins · 42349687
      Michał Kępień authored
      Add a new libisccfg function, cfg_pluginlist_foreach(), which allows an
      arbitrary callback to be invoked for every "plugin" stanza present in a
      configuration object.  Use this function for both loading plugins and
      checking their configuration in order to reduce duplication of
      configuration processing code present in bin/named/server.c and
      lib/bind9/check.c.
      42349687
    • Evan Hunt's avatar
      name change from "hook modules" to "plugins" · fd20f10d
      Evan Hunt authored
      - "hook" is now used only for hook points and hook actions
      - the "hook" statement in named.conf is now "plugin"
      - ns_module and ns_modlist are now ns_plugin and ns_plugins
      - ns_module_load is renamed ns_plugin_register
      - the mandatory functions in plugin modules (hook_register,
        hook_check, hook_version, hook_destroy) have been renamed
      fd20f10d
    • Evan Hunt's avatar
      8da0c0e7
    • Evan Hunt's avatar
      restore filter-aaaa syntax checking · 7a47e4d8
      Evan Hunt authored
      - added functionality to check hook parameters in named-checkconf,
        and restored the checkconf tests that were removed from the
        filter-aaaa test.
      7a47e4d8
    • Evan Hunt's avatar
      add a parser to filter-aaaa.so and pass in the parameters · 9911c835
      Evan Hunt authored
      - make some cfg-parsing functions global so they can be run
        from filter-aaaa.so
      - add filter-aaaa options to the hook module's parser
      - mark filter-aaaa options in named.conf as obsolete, remove
        from named and checkconf, and update the filter-aaaa test not to
        use checkconf anymore
      - remove filter-aaaa-related struct members from dns_view
      9911c835
  7. 03 Dec, 2018 1 commit
  8. 14 Nov, 2018 1 commit
  9. 08 Nov, 2018 1 commit
  10. 25 Oct, 2018 1 commit
  11. 24 Oct, 2018 5 commits
    • Michał Kępień's avatar
      Define a default master server list for the root zone · 2c69734b
      Michał Kępień authored
      To minimize the effort required to set up IANA root zone mirroring,
      define a default master server list for the root zone and use it when
      that zone is to be mirrored and no master server list was explicitly
      specified.  Contents of that list are taken from RFC 7706 and are
      subject to change in future releases.
      
      Since the static get_masters_def() function in bin/named/config.c does
      exactly what named_zone_configure() in bin/named/zoneconf.c needs to do,
      make the former non-static and use it in the latter to prevent code
      duplication.
      2c69734b
    • Michał Kępień's avatar
      Prevent mirror zones from being used when recursion is disabled · 34dc674f
      Michał Kępień authored
      Since mirror zone data is treated as cache data for access control
      purposes, configuring a mirror zone and disabling recursion at the same
      time would effectively prevent mirror zone data from being used since
      disabling recursion also disables cache access to all clients by
      default.  Even though this behavior can be inhibited by configuration,
      mirror zones are a recursive resolver feature and thus recursion is now
      required to use them.
      
      Ignore the fact that certain configurations might still trick named into
      assuming recursion is enabled when it effectively is not since this
      change is not meant to put a hard policy in place but rather just to
      prevent accidental mirror zone misuse.
      34dc674f
    • Michał Kępień's avatar
      Clean up handling of NOTIFY settings for mirror zones · 1d49b01c
      Michał Kępień authored
      Previous way of handling NOTIFY settings for mirror zones was a bit
      tricky: any value of the "notify" option was accepted, but it was
      subsequently overridden with dns_notifytype_explicit.  Given the way
      zone configuration is performed, this resulted in the following
      behavior:
      
        - if "notify yes;" was set explicitly at any configuration level or
          inherited from default configuration, it was silently changed and so
          only hosts specified in "also-notify", if any, were notified,
      
        - if "notify no;" was set at any configuration level, it was
          effectively honored since even though zone->notifytype was silently
          set to dns_notifytype_explicit, the "also-notify" option was never
          processed due to "notify no;" being set.
      
      Effectively, this only allowed the hosts specified in "also-notify" to
      be notified, when either "notify yes;" or "notify explicit;" was
      explicitly set or inherited from default configuration.
      
      Clean up handling of NOTIFY settings for mirror zones by:
      
        - reporting a configuration error when anything else than "notify no;"
          or "notify explicit;" is set for a mirror zone at the zone level,
      
        - overriding inherited "notify yes;" setting with "notify explicit;"
          for mirror zones,
      
        - informing the user when the "notify" setting is overridden, unless
          the setting in question was inherited from default configuration.
      1d49b01c
    • Michał Kępień's avatar
      Handle "type mirror;" when parsing zone configuration · 4a83ccf0
      Michał Kępień authored
      Add a new zone type, CFG_ZONE_MIRROR, to libisccfg, in order to limit
      the list of options which are considered valid for mirror zones.  Update
      the relevant configuration checks.
      4a83ccf0
    • Michał Kępień's avatar
      Fix the configuration type used by the "server-addresses" option · b3245768
      Michał Kępień authored
      Contrary to what the documentation states, the "server-addresses"
      static-stub zone option does not accept custom port numbers.  Fix the
      configuration type used by the "server-addresses" option to ensure
      documentation matches source code.  Remove a check_zoneconf() test which
      is unnecessary with this fix in place.
      b3245768
  12. 09 Sep, 2018 3 commits
  13. 31 Aug, 2018 1 commit
  14. 08 Aug, 2018 3 commits
  15. 19 Jul, 2018 1 commit
  16. 26 Jun, 2018 1 commit
  17. 25 May, 2018 1 commit
    • Evan Hunt's avatar
      remove the experimental authoritative ECS support from named · e3244493
      Evan Hunt authored
      - mark the 'geoip-use-ecs' option obsolete; warn when it is used
        in named.conf
      - prohibit 'ecs' ACL tags in named.conf; note that this is a fatal error
        since simply ignoring the tags could make ACLs behave unpredictably
      - re-simplify the radix and iptable code
      - clean up dns_acl_match(), dns_aclelement_match(), dns_acl_allowed()
        and dns_geoip_match() so they no longer take ecs options
      - remove the ECS-specific unit and system test cases
      - remove references to ECS from the ARM
      e3244493
  18. 20 Apr, 2018 1 commit
  19. 09 Apr, 2018 1 commit
    • Michał Kępień's avatar
      Use dns_fixedname_initname() where possible · 4df4a8e7
      Michał Kępień authored
      Replace dns_fixedname_init() calls followed by dns_fixedname_name()
      calls with calls to dns_fixedname_initname() where it is possible
      without affecting current behavior and/or performance.
      
      This patch was mostly prepared using Coccinelle and the following
      semantic patch:
      
          @@
          expression fixedname, name;
          @@
          -	dns_fixedname_init(&fixedname);
          	...
          -	name = dns_fixedname_name(&fixedname);
          +	name = dns_fixedname_initname(&fixedname);
      
      The resulting set of changes was then manually reviewed to exclude false
      positives and apply minor tweaks.
      
      It is likely that more occurrences of this pattern can be refactored in
      an identical way.  This commit only takes care of the low-hanging fruit.
      4df4a8e7
  20. 18 Mar, 2018 2 commits
  21. 08 Mar, 2018 1 commit
  22. 25 Feb, 2018 2 commits
  23. 23 Feb, 2018 1 commit
  24. 09 Feb, 2018 2 commits
  25. 07 Feb, 2018 1 commit