1. 10 May, 2019 1 commit
    • Michał Kępień's avatar
      Make NTAs work with validating forwarders · 5e804882
      Michał Kępień authored
      If named is configured to perform DNSSEC validation and also forwards
      all queries ("forward only;") to validating resolvers, negative trust
      anchors do not work properly because the CD bit is not set in queries
      sent to the forwarders.  As a result, instead of retrieving bogus DNSSEC
      material and making validation decisions based on its configuration,
      named is only receiving SERVFAIL responses to queries for bogus data.
      Fix by ensuring the CD bit is always set in queries sent to forwarders
      if the query name is covered by an NTA.
      5e804882
  2. 15 Mar, 2019 1 commit
  3. 11 Mar, 2019 1 commit
  4. 06 Dec, 2018 4 commits
    • Evan Hunt's avatar
      name change from "hook modules" to "plugins" · fd20f10d
      Evan Hunt authored
      - "hook" is now used only for hook points and hook actions
      - the "hook" statement in named.conf is now "plugin"
      - ns_module and ns_modlist are now ns_plugin and ns_plugins
      - ns_module_load is renamed ns_plugin_register
      - the mandatory functions in plugin modules (hook_register,
        hook_check, hook_version, hook_destroy) have been renamed
      fd20f10d
    • Evan Hunt's avatar
      refactor to support multiple module instances · b94945e6
      Evan Hunt authored
      - use a per-view module list instead of global hook_modules
      - create an 'instance' pointer when registering modules, store it in
        the module structure, and use it as action_data when calling
        hook functions - this enables multiple module instances to be set
        up in parallel
      - also some nomenclature changes and cleanup
      b94945e6
    • Evan Hunt's avatar
      add a parser to filter-aaaa.so and pass in the parameters · 9911c835
      Evan Hunt authored
      - make some cfg-parsing functions global so they can be run
        from filter-aaaa.so
      - add filter-aaaa options to the hook module's parser
      - mark filter-aaaa options in named.conf as obsolete, remove
        from named and checkconf, and update the filter-aaaa test not to
        use checkconf anymore
      - remove filter-aaaa-related struct members from dns_view
      9911c835
    • Evan Hunt's avatar
      add hook statement to configuration parser · d2f46443
      Evan Hunt authored
      - allow multiple "hook" statements at global or view level
      - add "optional bracketed text" type for optional parameter list
      - load hook module from specified path rather than hardcoded path
      - add a hooktable pointer (and a callback for freeing it) to the
        view structure
      - change the hooktable functions so they no longer update ns__hook_table
        by default, and modify PROCESS_HOOK so it uses the view hooktable, if
        set, rather than ns__hook_table. (ns__hook_table is retained for
        use by unit tests.)
      - update the filter-aaaa system test to load filter-aaaa.so
      - add a prereq script to check for dlopen support before running
        the filter-aaaa system test
      
      not yet done:
      - configuration parameters are not being passed to the filter-aaaa
        module; the filter-aaaa ACL and filter-aaaa-on-{v4,v6} settings are
        still stored in dns_view
      d2f46443
  5. 14 Nov, 2018 1 commit
  6. 23 Oct, 2018 1 commit
  7. 28 Aug, 2018 1 commit
  8. 08 Aug, 2018 2 commits
  9. 12 Jun, 2018 1 commit
  10. 18 Apr, 2018 1 commit
  11. 06 Apr, 2018 2 commits
  12. 23 Feb, 2018 1 commit
  13. 30 Nov, 2017 1 commit
  14. 05 Oct, 2017 1 commit
  15. 05 Sep, 2017 1 commit
  16. 30 Aug, 2017 1 commit
  17. 28 Jul, 2017 1 commit
    • Evan Hunt's avatar
      [master] glue-cache option · 268cea9c
      Evan Hunt authored
      4664.	[func]		Add a "glue-cache" option to enable or disable the
      			glue cache. The default is "no" to reduce memory
      			usage, but enabling this option will improve
      			performance in delegation-heavy zones. [RT #45125]
      268cea9c
  18. 13 Jun, 2017 1 commit
  19. 26 Apr, 2017 1 commit
  20. 24 Apr, 2017 1 commit
    • Evan Hunt's avatar
      [master] new-zones-directory option · 2dfb9923
      Evan Hunt authored
      4610.	[func]		The "new-zones-directory" option specifies the
      			location of NZF or NZD files for storing
      			configuration of zones added by "rndc addzone".
      			Thanks to Petr Menšík. [RT #44853]
      2dfb9923
  21. 22 Apr, 2017 1 commit
  22. 05 Jan, 2017 1 commit
  23. 04 Jan, 2017 1 commit
    • Evan Hunt's avatar
      [master] EDNS padding and keepalive support · 58043325
      Evan Hunt authored
      4549.	[func]		Added support for the EDNS TCP Keepalive option
      			(RFC 7828). [RT #42126]
      
      4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
      			[RT #42094]
      58043325
  24. 30 Dec, 2016 1 commit
  25. 12 Aug, 2016 1 commit
  26. 22 Jul, 2016 1 commit
  27. 21 Jul, 2016 1 commit
    • Evan Hunt's avatar
      [master] store "addzone" zone config in a NZD database · eca74c52
      Evan Hunt authored
      4421.	[func]		When built with LMDB (Lightning Memory-mapped
      			Database), named will now use a database to store
      			the configuration for zones added by "rndc addzone"
      			instead of using a flat NZF file. This improves
      			performance of "rndc delzone" and "rndc modzone"
      			significantly. Existing NZF files will
      			automatically by converted to NZD databases.
      			To view the contents of an NZD or to roll back to
      			NZF format, use "named-nzd2nzf". To disable
                              this feature, use "configure --without-lmdb".
                              [RT #39837]
      eca74c52
  28. 27 Jun, 2016 1 commit
  29. 26 May, 2016 1 commit
  30. 25 May, 2016 1 commit
    • Evan Hunt's avatar
      [master] minimal-any · 0cbe4489
      Evan Hunt authored
      4371.	[func]		New "minimal-any" option reduces the size of UDP
      			responses for qtype ANY by returning a single
      			arbitrarily selected RRset instead of all RRsets.
      			Thanks to Tony Finch. [RT #41615]
      0cbe4489
  31. 22 Mar, 2016 2 commits
  32. 05 Nov, 2015 1 commit
  33. 02 Oct, 2015 1 commit
    • Evan Hunt's avatar
      [master] dnstap · b66b333f
      Evan Hunt authored
      4235.	[func]		Added support in named for "dnstap", a fast method of
      			capturing and logging DNS traffic, and a new command
      			"dnstap-read" to read a dnstap log file.  Use
      			"configure --enable-dnstap" to enable this
      			feature (note that this requires libprotobuf-c
      			and libfstrm). See the ARM for configuration details.
      
      			Thanks to Robert Edmonds of Farsight Security.
      			[RT #40211]
      b66b333f
  34. 28 Sep, 2015 1 commit