1. 24 Aug, 2018 2 commits
  2. 23 Aug, 2018 3 commits
  3. 22 Aug, 2018 12 commits
    • Michał Kępień's avatar
      Merge branch '435-fix-reloading-inline-signed-zones-v9_12' into 'v9_12' · 070b6791
      Michał Kępień authored
      [v9_12] Fix reloading inline-signed zones
      
      See merge request !674
      070b6791
    • Michał Kępień's avatar
      Add CHANGES entry · 61a71f82
      Michał Kępień authored
      5015.	[bug]		Reloading all zones caused zone maintenance to cease
      			for inline-signed zones. [GL #435]
      
      (cherry picked from commit f9931f1d)
      61a71f82
    • Michał Kępień's avatar
      Fix reloading inline-signed zones · 7680c7d1
      Michał Kępień authored
      While "rndc reload" causes dns_zone_asyncload() to be called for the
      signed version of an inline-signed zone, the subsequent zone_load() call
      causes the raw version to be reloaded from storage.  This means that
      DNS_ZONEFLG_LOADPENDING gets set for the signed version of the zone by
      dns_zone_asyncload() before the reload is attempted, but zone_postload()
      is only called for the raw version and thus DNS_ZONEFLG_LOADPENDING is
      cleared for the raw version, but not for the signed version.  This in
      turn prevents zone maintenance from happening for the signed version of
      the zone.
      
      Until commit 7c64547d, this problem
      remained dormant because DNS_ZONEFLG_LOADPENDING was previously
      immediately, unconditionally cleared after zone loading was started
      (whereas it should only be cleared when zone loading is finished or an
      error occurs).  This behavior caused other issues [1] and thus had to be
      changed.
      
      Fix reloading inline-signed zones by clearing DNS_ZONEFLG_LOADPENDING
      for the signed version of the zone once the raw version reload
      completes.  Take care not to clear it prematurely during initial zone
      load.  Also make sure that DNS_ZONEFLG_LOADPENDING gets cleared when
      zone_postload() encounters an error or returns early, to prevent other
      scenarios from resulting in the same problem.  Add comments aiming to
      help explain code flow.
      
      [1] see RT #47076
      
      (cherry picked from commit 54315839)
      7680c7d1
    • Michał Kępień's avatar
      Merge branch '482-fix-secure-journal-loading-for-inline-signed-zones-v9_12' into 'v9_12' · 057cedc8
      Michał Kępień authored
      [v9_12] Set DNS_JOURNALOPT_RESIGN when loading the secure journal for an inline-signed zone
      
      See merge request !672
      057cedc8
    • Michał Kępień's avatar
      Add CHANGES entry · 3a269081
      Michał Kępień authored
      5014.	[bug]		Signatures loaded from the journal for the signed
      			version of an inline-signed zone were not scheduled for
      			refresh. [GL #482]
      
      (cherry picked from commit b3b1a908)
      3a269081
    • Michał Kępień's avatar
      Set DNS_JOURNALOPT_RESIGN when loading the secure journal for an inline-signed zone · 8d468a4f
      Michał Kępień authored
      When an inline-signed zone is loaded, the master file for its signed
      version is loaded and then a rollforward of the journal for the signed
      version of the zone is performed.  If DNS_JOURNALOPT_RESIGN is not set
      during the latter phase, signatures loaded from the journal for the
      signed version of the zone will not be scheduled for refresh.  Fix the
      conditional expression determining which flags should be used for the
      dns_journal_rollforward() call so that DNS_JOURNALOPT_RESIGN is set when
      zone_postload() is called for the signed version of an inline-signed
      zone.
      
      Extend bin/tests/system/stop.pl so that it can use "rndc halt" instead
      of "rndc stop" as the former allows master file flushing upon shutdown
      to be suppressed.
      
      (cherry picked from commit 8db550c4)
      8d468a4f
    • Michał Kępień's avatar
      Merge branch... · ab084b86
      Michał Kępień authored
      Merge branch '390-do-not-treat-a-referral-with-a-non-empty-answer-section-as-an-error-v9_12' into 'v9_12'
      
      [v9_12] Do not treat a referral with a non-empty ANSWER section as an error
      
      See merge request !671
      ab084b86
    • Michał Kępień's avatar
      Add CHANGES entry · 899ea537
      Michał Kępień authored
      5013.	[bug]		A referral response with a non-empty ANSWER section was
      			inadvertently being treated as an error. [GL #390]
      
      (cherry picked from commit 2923ab49)
      899ea537
    • Michał Kępień's avatar
      Do not treat a referral with a non-empty ANSWER section as an error · 367b9738
      Michał Kępień authored
      As part of resquery_response() refactoring [1], a goto statement was
      replaced [2] with a call to a new function - originally called
      rctx_delegation(), now folded into rctx_answer_none() - extracted from
      existing code.  However, one call site of that refactored function does
      not reset the "result" variable, causing a referral with a non-empty
      ANSWER section to be inadvertently treated as an error, which prevents
      resolution of names reliant on servers sending such responses.  Fix by
      resetting the "result" variable to ISC_R_SUCCESS when a response
      containing a non-empty ANSWER section can be treated as a delegation.
      
      [1] see RT #45362
      
      [2] see commit e1380a16741a3b4a57e54d7a9ce09dd12691522f
      
      (cherry picked from commit 24b9ec55)
      367b9738
    • Ondřej Surý's avatar
      Merge branch '488-install-compatibility-int-and-boolean-shim-headers' into 'v9_12' · 50b838b4
      Ondřej Surý authored
      Install isc/boolean.h and isc/int.h shim headers
      
      See merge request !670
      50b838b4
    • Ondřej Surý's avatar
      Add install test job · 9257d354
      Ondřej Surý authored
      9257d354
    • Ondřej Surý's avatar
  4. 21 Aug, 2018 3 commits
  5. 15 Aug, 2018 2 commits
  6. 14 Aug, 2018 14 commits
  7. 13 Aug, 2018 2 commits
  8. 11 Aug, 2018 2 commits