1. 08 Nov, 2018 2 commits
  2. 24 Oct, 2018 4 commits
    • Michał Kępień's avatar
      Define a default master server list for the root zone · 2c69734b
      Michał Kępień authored
      To minimize the effort required to set up IANA root zone mirroring,
      define a default master server list for the root zone and use it when
      that zone is to be mirrored and no master server list was explicitly
      specified.  Contents of that list are taken from RFC 7706 and are
      subject to change in future releases.
      
      Since the static get_masters_def() function in bin/named/config.c does
      exactly what named_zone_configure() in bin/named/zoneconf.c needs to do,
      make the former non-static and use it in the latter to prevent code
      duplication.
      2c69734b
    • Michał Kępień's avatar
      Clean up handling of NOTIFY settings for mirror zones · 1d49b01c
      Michał Kępień authored
      Previous way of handling NOTIFY settings for mirror zones was a bit
      tricky: any value of the "notify" option was accepted, but it was
      subsequently overridden with dns_notifytype_explicit.  Given the way
      zone configuration is performed, this resulted in the following
      behavior:
      
        - if "notify yes;" was set explicitly at any configuration level or
          inherited from default configuration, it was silently changed and so
          only hosts specified in "also-notify", if any, were notified,
      
        - if "notify no;" was set at any configuration level, it was
          effectively honored since even though zone->notifytype was silently
          set to dns_notifytype_explicit, the "also-notify" option was never
          processed due to "notify no;" being set.
      
      Effectively, this only allowed the hosts specified in "also-notify" to
      be notified, when either "notify yes;" or "notify explicit;" was
      explicitly set or inherited from default configuration.
      
      Clean up handling of NOTIFY settings for mirror zones by:
      
        - reporting a configuration error when anything else than "notify no;"
          or "notify explicit;" is set for a mirror zone at the zone level,
      
        - overriding inherited "notify yes;" setting with "notify explicit;"
          for mirror zones,
      
        - informing the user when the "notify" setting is overridden, unless
          the setting in question was inherited from default configuration.
      1d49b01c
    • Michał Kępień's avatar
      Replace the "mirror" zone option with "type mirror;" · 2cb9e8a0
      Michał Kępień authored
      Use a zone's 'type' field instead of the value of its DNS_ZONEOPT_MIRROR
      option for checking whether it is a mirror zone.  This makes said zone
      option and its associated helper function, dns_zone_mirror(), redundant,
      so remove them.  Remove a check specific to mirror zones from
      named_zone_reusable() since another check in that function ensures that
      changing a zone's type prevents it from being reused during
      reconfiguration.
      2cb9e8a0
    • Michał Kępień's avatar
      Define a separate dns_zonetype_t for mirror zones · e1bb8de6
      Michał Kępień authored
      Rather than overloading dns_zone_slave and discerning between a slave
      zone and a mirror zone using a zone option, define a separate enum
      value, dns_zone_mirror, to be used exclusively by mirror zones.  Update
      code handling slave zones to ensure it also handles mirror zones where
      applicable.
      e1bb8de6
  3. 20 Sep, 2018 1 commit
  4. 08 Aug, 2018 3 commits
  5. 02 Aug, 2018 1 commit
  6. 11 Jul, 2018 1 commit
    • Michał Kępień's avatar
      Do not reuse zones whose "mirror" setting was changed · dbfd19c6
      Michał Kępień authored
      Update named_zone_reusable() so that it does not consider a zone to be
      eligible for reuse if its old value of the "mirror" option differs from
      the new one.  This causes "rndc reconfig" to create a new zone structure
      whenever the value of the "mirror" option is changed, which ensures that
      the previous zone database is not reused and that flags are properly set
      in responses sourced from zones whose "mirror" setting was changed at
      runtime.
      dbfd19c6
  7. 28 Jun, 2018 3 commits
    • Michał Kępień's avatar
      Disable notifies for mirror zones unless also-notify is used · dd30f53e
      Michał Kępień authored
      Since the mirror zone feature is expected to mostly be used for the root
      zone, prevent slaves from sending NOTIFY messages for mirror zones by
      default.  Retain the possibility to use "also-notify" as it might be
      useful in certain cases.
      dd30f53e
    • Michał Kępień's avatar
      Disable outgoing mirror zone transfers by default · 3af412c0
      Michał Kępień authored
      As mirror zone data should be treated the way validated, cached DNS
      responses are, outgoing mirror zone transfers should be disabled unless
      they are explicitly enabled by zone configuration.
      3af412c0
    • Michał Kępień's avatar
      Add new "mirror" slave zone option · 49201f10
      Michał Kępień authored
      Add a new slave-only boolean configuration option, "mirror", along with
      its corresponding dns_zoneopt_t enum and a helper function for checking
      whether that option was set for a given zone.  This commit does not
      introduce any behavior changes yet.
      49201f10
  8. 06 Jun, 2018 1 commit
  9. 25 May, 2018 1 commit
    • Evan Hunt's avatar
      remove the experimental authoritative ECS support from named · e3244493
      Evan Hunt authored
      - mark the 'geoip-use-ecs' option obsolete; warn when it is used
        in named.conf
      - prohibit 'ecs' ACL tags in named.conf; note that this is a fatal error
        since simply ignoring the tags could make ACLs behave unpredictably
      - re-simplify the radix and iptable code
      - clean up dns_acl_match(), dns_aclelement_match(), dns_acl_allowed()
        and dns_geoip_match() so they no longer take ecs options
      - remove the ECS-specific unit and system test cases
      - remove references to ECS from the ARM
      e3244493
  10. 20 Apr, 2018 1 commit
  11. 09 Apr, 2018 1 commit
    • Michał Kępień's avatar
      Use dns_fixedname_initname() where possible · 4df4a8e7
      Michał Kępień authored
      Replace dns_fixedname_init() calls followed by dns_fixedname_name()
      calls with calls to dns_fixedname_initname() where it is possible
      without affecting current behavior and/or performance.
      
      This patch was mostly prepared using Coccinelle and the following
      semantic patch:
      
          @@
          expression fixedname, name;
          @@
          -	dns_fixedname_init(&fixedname);
          	...
          -	name = dns_fixedname_name(&fixedname);
          +	name = dns_fixedname_initname(&fixedname);
      
      The resulting set of changes was then manually reviewed to exclude false
      positives and apply minor tweaks.
      
      It is likely that more occurrences of this pattern can be refactored in
      an identical way.  This commit only takes care of the low-hanging fruit.
      4df4a8e7
  12. 06 Apr, 2018 1 commit
  13. 23 Feb, 2018 1 commit
  14. 15 Feb, 2018 1 commit
  15. 07 Feb, 2018 2 commits
  16. 15 Dec, 2017 2 commits
  17. 06 Oct, 2017 1 commit
    • Evan Hunt's avatar
      [master] further restrict update-policy local · 995c41e8
      Evan Hunt authored
      4762.	[func]		"update-policy local" is now restricted to updates
      			from local addresses. (Previously, other addresses
      			were allowed so long as updates were signed by the
      			local session key.) [RT #45492]
      995c41e8
  18. 08 Sep, 2017 1 commit
    • Evan Hunt's avatar
      [master] add libns and remove liblwres · 8eb88aaf
      Evan Hunt authored
      4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                              are no longer supported. [RT #45186]
      
      4707.	[func]		The lightweight resolver daemon and library (lwresd
      			and liblwres) have been removed. [RT #45186]
      
      4706.	[func]		Code implementing name server query processing has
      			been moved from bin/named to a new library "libns".
      			Functions remaining in bin/named are now prefixed
      			with "named_" rather than "ns_".  This will make it
      			easier to write unit tests for name server code, or
      			link name server functionality into new tools.
      			[RT #45186]
      8eb88aaf
  19. 02 May, 2017 2 commits
  20. 26 Dec, 2016 1 commit
  21. 02 Nov, 2016 1 commit
  22. 27 Jun, 2016 1 commit
  23. 22 Jun, 2016 1 commit
  24. 26 May, 2016 2 commits
  25. 16 Sep, 2015 1 commit
  26. 09 Sep, 2015 1 commit
  27. 20 Jan, 2015 2 commits