1. 16 Nov, 2018 1 commit
  2. 14 Nov, 2018 1 commit
  3. 08 Nov, 2018 3 commits
  4. 06 Nov, 2018 2 commits
  5. 25 Oct, 2018 2 commits
  6. 24 Oct, 2018 2 commits
    • Michał Kępień's avatar
      Replace the "mirror" zone option with "type mirror;" · 2cb9e8a0
      Michał Kępień authored
      Use a zone's 'type' field instead of the value of its DNS_ZONEOPT_MIRROR
      option for checking whether it is a mirror zone.  This makes said zone
      option and its associated helper function, dns_zone_mirror(), redundant,
      so remove them.  Remove a check specific to mirror zones from
      named_zone_reusable() since another check in that function ensures that
      changing a zone's type prevents it from being reused during
      reconfiguration.
      2cb9e8a0
    • Michał Kępień's avatar
      Define a separate dns_zonetype_t for mirror zones · e1bb8de6
      Michał Kępień authored
      Rather than overloading dns_zone_slave and discerning between a slave
      zone and a mirror zone using a zone option, define a separate enum
      value, dns_zone_mirror, to be used exclusively by mirror zones.  Update
      code handling slave zones to ensure it also handles mirror zones where
      applicable.
      e1bb8de6
  7. 23 Oct, 2018 1 commit
  8. 22 Oct, 2018 1 commit
    • Ondřej Surý's avatar
      Add support for enabling and enforcing FIPS mode in OpenSSL: · c4cee27f
      Ondřej Surý authored
      * Add configure option --enable-fips-mode that detects and enables FIPS mode
      * Add a function to enable FIPS mode and call it on crypto init
      * Log an OpenSSL error when FIPS_mode_set() fails and exit
      * Report FIPS mode status in a separate log message from named
      c4cee27f
  9. 18 Oct, 2018 1 commit
  10. 05 Oct, 2018 1 commit
  11. 03 Oct, 2018 1 commit
  12. 28 Sep, 2018 1 commit
  13. 10 Sep, 2018 2 commits
  14. 28 Aug, 2018 2 commits
  15. 24 Aug, 2018 1 commit
    • Michał Kępień's avatar
      Log a message when "ixfr-from-differences" is set for an inline-signed zone · 087157d1
      Michał Kępień authored
      For inline-signed zones, the value of "ixfr-from-differences" is
      hardcoded to:
      
        - "yes" for the raw version of the zone,
        - "no" for the signed version of the zone.
      
      In other words, any user-provided "ixfr-from-differences" setting is
      effectively ignored for an inline-signed zone.  Ensure the user is aware
      of that by adding a note to the ARM and logging a message when an
      "ixfr-from-differences" option is found at the zone level.
      087157d1
  16. 16 Aug, 2018 1 commit
  17. 14 Aug, 2018 1 commit
    • Evan Hunt's avatar
      option to disable validation under specified names · eaac2057
      Evan Hunt authored
      - added new 'validate-except' option, which configures an NTA with
        expiry of 0xffffffff.  NTAs with that value in the expiry field do not
        expire, are are not written out when saving the NTA table and are not
        dumped by rndc secroots
      eaac2057
  18. 08 Aug, 2018 3 commits
  19. 02 Aug, 2018 1 commit
  20. 27 Jul, 2018 1 commit
  21. 19 Jul, 2018 2 commits
    • Ondřej Surý's avatar
      Make OpenSSL mandatory · c3b8130f
      Ondřej Surý authored
      c3b8130f
    • Michał Kępień's avatar
      Fix handling of TAT sending failures · 8666f8d2
      Michał Kępień authored
      dns_view_zonecut() may associate the dns_rdataset_t structure passed to
      it even if it returns a result different then ISC_R_SUCCESS.  Not
      handling this properly may cause a reference leak.  Fix by ensuring
      'nameservers' is cleaned up in all relevant failure modes.
      8666f8d2
  22. 11 Jul, 2018 2 commits
    • Michał Kępień's avatar
      Send upstream TAT queries for locally served zones · a7657dc1
      Michał Kępień authored
      Trying to resolve a trust anchor telemetry query for a locally served
      zone does not cause upstream queries to be sent as the response is
      determined just by consulting local data.  Work around this issue by
      calling dns_view_findzonecut() first in order to determine the NS RRset
      for a given domain name and then passing the zone cut found to
      dns_resolver_createfetch().
      
      Note that this change only applies to TAT queries generated by the
      resolver itself, not to ones received from downstream resolvers.
      a7657dc1
    • Michał Kępień's avatar
      Extract TAT QNAME preparation to a separate function · 127810e5
      Michał Kępień authored
      Extract the part of dotat() reponsible for preparing the QNAME for a TAT
      query to a separate function in order to limit the number of local
      variables used by each function and improve code readability.
      
      Rename 'name' to 'origin' to better convey the purpose of that variable.
      Also mark it with the const qualifier.
      127810e5
  23. 28 Jun, 2018 1 commit
  24. 26 Jun, 2018 1 commit
  25. 14 Jun, 2018 1 commit
  26. 12 Jun, 2018 4 commits