1. 26 Sep, 2019 1 commit
  2. 30 Aug, 2019 1 commit
  3. 09 May, 2019 1 commit
  4. 03 Apr, 2019 1 commit
    • Michał Kępień's avatar
      Do not rely on default dig options in system tests · b6cce0fb
      Michał Kępień authored
      Some system tests assume dig's default setings are in effect.  While
      these defaults may only be silently overridden (because of specific
      options set in /etc/resolv.conf) for BIND releases using liblwres for
      parsing /etc/resolv.conf (i.e. BIND 9.11 and older), it is arguably
      prudent to make sure that tests relying on specific +timeout and +tries
      settings specify these explicitly in their dig invocations, in order to
      prevent test failures from being triggered by any potential changes to
      current defaults.
  5. 01 Mar, 2019 1 commit
    • Michał Kępień's avatar
      Fix IP regex used in the "resolver" system test · 70ae48e5
      Michał Kępień authored
      If dots are not escaped in the "" regular expressions used for
      checking whether IP address is present in the tested resolver's
      answers, a COOKIE that matches such a regular expression will trigger a
      false positive for the "resolver" system test.  Properly escape dots in
      the aforementioned regular expressions to prevent that from happening.
  6. 19 Dec, 2018 1 commit
  7. 23 Oct, 2018 1 commit
    • Witold Krecicki's avatar
      Set result to SERVFAIL if upstream responded with FORMERR · b5c9a8ca
      Witold Krecicki authored
      Commit ba912435 causes the resolver to
      respond to a client query with FORMERR when all upstream queries sent to
      the servers authoritative for QNAME elicit FORMERR responses.  This
      happens because resolver code returns DNS_R_FORMERR in such a case and
      dns_result_torcode() acts as a pass-through for all arguments which are
      already a valid RCODE.
      The correct RCODE to set in the response returned to the client in the
      case described above is SERVFAIL.  Make sure this happens by overriding
      the RCODE in query_gotanswer(), on the grounds that any format errors in
      the client query itself should be caught long before execution reaches
      that point.  This change should not reduce query error logging accuracy
      as the resolver code itself reports the exact reason for returning a
      DNS_R_FORMERR result using log_formerr().
  8. 22 Aug, 2018 1 commit
    • Michał Kępień's avatar
      Do not treat a referral with a non-empty ANSWER section as an error · 24b9ec55
      Michał Kępień authored
      As part of resquery_response() refactoring [1], a goto statement was
      replaced [2] with a call to a new function - originally called
      rctx_delegation(), now folded into rctx_answer_none() - extracted from
      existing code.  However, one call site of that refactored function does
      not reset the "result" variable, causing a referral with a non-empty
      ANSWER section to be inadvertently treated as an error, which prevents
      resolution of names reliant on servers sending such responses.  Fix by
      resetting the "result" variable to ISC_R_SUCCESS when a response
      containing a non-empty ANSWER section can be treated as a delegation.
      [1] see RT #45362
      [2] see commit e1380a16741a3b4a57e54d7a9ce09dd12691522f
  9. 08 Aug, 2018 1 commit
  10. 23 Feb, 2018 2 commits
  11. 22 Feb, 2018 1 commit
  12. 12 Sep, 2017 1 commit
  13. 02 May, 2017 2 commits
  14. 13 Dec, 2016 2 commits
  15. 31 Oct, 2016 1 commit
  16. 19 Oct, 2016 1 commit
  17. 26 Aug, 2016 1 commit
  18. 24 Aug, 2016 1 commit
  19. 27 Jun, 2016 1 commit
  20. 14 Jun, 2016 1 commit
  21. 21 Mar, 2016 2 commits
  22. 30 Sep, 2015 1 commit
  23. 09 Jul, 2015 1 commit
    • Evan Hunt's avatar
      [master] DDoS mitigation features · 1479200a
      Evan Hunt authored
      3938.	[func]		Added quotas to be used in recursive resolvers
      			that are under high query load for names in zones
      			whose authoritative servers are nonresponsive or
      			are experiencing a denial of service attack.
      			- "fetches-per-server" limits the number of
      			  simultaneous queries that can be sent to any
      			  single authoritative server.  The configured
      			  value is a starting point; it is automatically
      			  adjusted downward if the server is partially or
      			  completely non-responsive. The algorithm used to
      			  adjust the quota can be configured via the
      			  "fetch-quota-params" option.
      			- "fetches-per-zone" limits the number of
      			  simultaneous queries that can be sent for names
      			  within a single domain.  (Note: Unlike
      			  "fetches-per-server", this value is not
      			- New stats counters have been added to count
      			  queries spilled due to these quotas.
      			See the ARM for details of these options. [RT #37125]
  24. 06 Jul, 2015 1 commit
  25. 05 Jul, 2015 1 commit
    • Mark Andrews's avatar
      4152. [func] Implement DNS COOKIE option. This replaces the · ce67023a
      Mark Andrews authored
                              experimental SIT option of BIND 9.10.  The following
                              named.conf directives are avaliable: send-cookie,
                              cookie-secret, cookie-algorithm and nocookie-udp-size.
                              The following dig options are available:
                              +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
  26. 21 May, 2015 1 commit
  27. 19 May, 2015 1 commit
  28. 03 Dec, 2014 1 commit
  29. 10 Sep, 2014 1 commit
  30. 07 Jul, 2014 1 commit
  31. 29 May, 2014 1 commit
  32. 28 May, 2014 1 commit
  33. 09 May, 2014 1 commit
  34. 05 May, 2014 1 commit
    • Mark Andrews's avatar
      3837. [security] A NULL pointer is passed to query_prefetch resulting · b36fc829
      Mark Andrews authored
                              a REQUIRE assertion failure when a fetch is actually
                              initiated.  [ RT #35899]
      Squashed commit of the following:
      commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Sun May 4 22:34:34 2014 +0530
          Fix a comment
      commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03
      Author: Mark Andrews <marka@isc.org>
      Date:   Sun May 4 23:34:25 2014 +1000
          pass the correct name to query_prefetch
  35. 12 Jan, 2014 2 commits