1. 04 Nov, 2019 2 commits
  2. 31 Oct, 2019 2 commits
    • Tony Finch's avatar
      Do not flush the cache for `rndc validation status` · b612e38a
      Tony Finch authored
      And add a note to the man page that `rndc validation` flushes the
      cache when the validation state is changed. (It is necessary to flush
      the cache when turning on validation, to avoid continuing to use
      cryptographically invalid data. It is probably wise to flush the cache
      when turning off validation to recover from lameness problems.)
      b612e38a
    • Tony Finch's avatar
      Include all views in output of `rndc validation status` · bebeadc8
      Tony Finch authored
      The implementation of `rndc validation status` iterates over all the
      views to print their validation status. It takes care to print newlines
      in between, but it also used put a nul byte at the end of the first view
      which truncated the output.
      
      After this change, the nul byte is added at the end so that it prints
      the validation status in all views. The `_bind` view is skipped
      because its validation status is irrelevant.
      bebeadc8
  3. 03 Oct, 2019 2 commits
  4. 12 Sep, 2019 2 commits
  5. 30 Aug, 2019 1 commit
    • Ondřej Surý's avatar
      isc_event_allocate() cannot fail, remove the fail handling blocks · 50e109d6
      Ondřej Surý authored
      isc_event_allocate() calls isc_mem_get() to allocate the event structure.  As
      isc_mem_get() cannot fail softly (e.g. it never returns NULL), the
      isc_event_allocate() cannot return NULL, hence we remove the (ret == NULL)
      handling blocks using the semantic patch from the previous commit.
      50e109d6
  6. 29 Aug, 2019 1 commit
  7. 09 Aug, 2019 1 commit
  8. 23 Jul, 2019 3 commits
  9. 21 Jul, 2019 2 commits
  10. 04 Jul, 2019 2 commits
  11. 03 Jul, 2019 1 commit
    • Evan Hunt's avatar
      fix broken windows build · 81fcde59
      Evan Hunt authored
      The MSVS C compiler requires every struct to have at least one member.
      The dns_geoip_databases_t structure had one set of members for
      HAVE_GEOIP and a different set for HAVE_GEOIP2, and none when neither
      API is in use.
      
      This commit silences the compiler error by moving the declaration of
      dns_geoip_databases_t to types.h as an opaque reference, and commenting
      out the contents of geoip.h when neither version of GeoIP is enabled.
      81fcde59
  12. 27 Jun, 2019 2 commits
    • Evan Hunt's avatar
      implement searching of geoip2 database · 6e0b93e5
      Evan Hunt authored
      - revise mapping of search terms to database types to match the
        GeoIP2 schemas.
      - open GeoIP2 databases when starting up; close when shutting down.
      - clarify the logged error message when an unknown database type
        is configured.
      - add new geoip ACL subtypes to support searching for continent in
        country databases.
      - map geoip ACL subtypes to specific MMDB database queries.
      - perform MMDB lookups based on subtype, saving state between
        queries so repeated lookups for the same address aren't necessary.
      6e0b93e5
    • Evan Hunt's avatar
      fe46d5bc
  13. 25 Jun, 2019 1 commit
    • Ondřej Surý's avatar
      Make the usage of libxml2 opaque to the caller · 0771dd3b
      Ondřej Surý authored
      The libxml2 have previously leaked into the global namespace leading
      to forced -I<include_path> for every compilation unit using isc/xml.h
      header.  This MR fixes the usage making the caller object opaque.
      0771dd3b
  14. 24 Jun, 2019 1 commit
    • Tony Finch's avatar
      When a server reload fails, print a note in `rndc status`. · 8e05e2e9
      Tony Finch authored
      After a failed reload I noticed two problems:
      
      * There was a missing newline in the output of `rndc status` so it
        finished "reload/reconfig in progressserver is up and running"
      * The "reconfig in progress" note should have said "reconfig failed"
      8e05e2e9
  15. 05 Jun, 2019 3 commits
    • Evan Hunt's avatar
      "dnssec-keys" is now a synonym for "managed-keys" · 821f041d
      Evan Hunt authored
      - managed-keys is now deprecated as well as trusted-keys, though
        it continues to work as a synonym for dnssec-keys
      - references to managed-keys have been updated throughout the code.
      - tests have been updated to use dnssec-keys format
      - also the trusted-keys entries have been removed from the generated
        bind.keys.h file and are no longer generated by bindkeys.pl.
      821f041d
    • Evan Hunt's avatar
      deprecate "trusted-keys" · 5ab25218
      Evan Hunt authored
      - trusted-keys is now flagged as deprecated, but still works
      - managed-keys can be used to configure permanent trust anchors by
        using the "static-key" keyword in place of "initial-key"
      - parser now uses an enum for static-key and initial-key keywords
      5ab25218
    • Tony Finch's avatar
      Remove `cleaning-interval` remnants. · a9dca583
      Tony Finch authored
      Since 2008, the cleaning-interval timer has been documented as
      "effectively obsolete" and disabled in the default configuration with
      a comment saying "now meaningless".
      
      This change deletes all the code that implements the cleaning-interval
      timer, except for the config parser in whcih it is now explicitly
      marked as obsolete.
      
      I have verified (using the deletelru and deletettl cache stats) that
      named still cleans the cache after this change.
      a9dca583
  16. 22 Mar, 2019 1 commit
  17. 19 Mar, 2019 3 commits
    • Michał Kępień's avatar
      Move code handling key loading errors into a common function · b85007e0
      Michał Kępień authored
      Some values returned by dstkey_fromconfig() indicate that key loading
      should be interrupted, others do not.  There are also certain subsequent
      checks to be made after parsing a key from configuration and the results
      of these checks also affect the key loading process.  All of this
      complicates the key loading logic.
      
      In order to make the relevant parts of the code easier to follow, reduce
      the body of the inner for loop in load_view_keys() to a single call to a
      new function, process_key().  Move dstkey_fromconfig() error handling to
      process_key() as well and add comments to clearly describe the effects
      of various key loading errors.
      b85007e0
    • Matthijs Mekking's avatar
      4d1ed128
    • Matthijs Mekking's avatar
      Ignore trust anchors using disabled algorithm · 1d45ad8f
      Matthijs Mekking authored
      More specifically: ignore configured trusted and managed keys that
      match a disabled algorithm.  The behavioral change is that
      associated responses no longer SERVFAIL, but return insecure.
      1d45ad8f
  18. 15 Mar, 2019 2 commits
  19. 14 Mar, 2019 1 commit
  20. 08 Mar, 2019 1 commit
  21. 07 Mar, 2019 1 commit
  22. 06 Mar, 2019 1 commit
    • Michał Kępień's avatar
      Look for named plugins in ${libdir}/named · 1a9fc624
      Michał Kępień authored
      When the "library" part of a "plugin" configuration stanza does not
      contain at least one path separator, treat it as a filename and assume
      it is a name of a shared object present in the named plugin installation
      directory.  Absolute and relative paths can still be used and will be
      used verbatim.  Get the full path to a plugin before attempting to
      check/register it so that all relevant log messages include the same
      plugin path (apart from the one logged when the full path cannot be
      determined).
      1a9fc624
  23. 18 Feb, 2019 1 commit
  24. 06 Feb, 2019 1 commit
  25. 25 Jan, 2019 1 commit
  26. 24 Jan, 2019 1 commit