1. 25 Oct, 2018 6 commits
  2. 24 Oct, 2018 19 commits
    • Evan Hunt's avatar
      Merge branch 'placeholder' into 'master' · 3171f0da
      Evan Hunt authored
      See merge request !890
    • Evan Hunt's avatar
      placeholder · 5888c286
      Evan Hunt authored
    • Ondřej Surý's avatar
      Merge branch '564-mirror-zone-configuration-tweaks-and-cleanups' into 'master' · 7b2eaca5
      Ondřej Surý authored
      Mirror zone configuration tweaks and cleanups
      Closes #564, #375, and #342
      See merge request !815
    • Michał Kępień's avatar
      Add CHANGES entry · 5b699aaa
      Michał Kępień authored
      XXXX.	[func]		A default list of primary servers for the root zone is
      			now built into named, allowing the "masters" statement
      			to be omitted when configuring an IANA root zone
      			mirror. [GL #564]
      XXXX.	[func]		Attempts to use mirror zones with recursion disabled
      			are now considered a configuration error. [GL #564]
      XXXX.	[func]		The only valid zone-level NOTIFY settings for mirror
      			zones are now "notify no;" and "notify explicit;".
      			[GL #564]
      XXXX.	[func]		Mirror zones are now configured using "type mirror;"
      			rather than "mirror yes;". [GL #564]
    • Michał Kępień's avatar
      Update documentation · 7bb3d000
      Michał Kępień authored
    • Michał Kępień's avatar
      Test whether mirror zones can be added and removed dynamically · adbe2caf
      Michał Kępień authored
      Extend the "mirror" zone system test to make sure mirror zones can be
      added and removed dynamically using rndc.
    • Michał Kępień's avatar
      Define a default master server list for the root zone · 2c69734b
      Michał Kępień authored
      To minimize the effort required to set up IANA root zone mirroring,
      define a default master server list for the root zone and use it when
      that zone is to be mirrored and no master server list was explicitly
      specified.  Contents of that list are taken from RFC 7706 and are
      subject to change in future releases.
      Since the static get_masters_def() function in bin/named/config.c does
      exactly what named_zone_configure() in bin/named/zoneconf.c needs to do,
      make the former non-static and use it in the latter to prevent code
    • Michał Kępień's avatar
      Prevent mirror zones from being used when recursion is disabled · 34dc674f
      Michał Kępień authored
      Since mirror zone data is treated as cache data for access control
      purposes, configuring a mirror zone and disabling recursion at the same
      time would effectively prevent mirror zone data from being used since
      disabling recursion also disables cache access to all clients by
      default.  Even though this behavior can be inhibited by configuration,
      mirror zones are a recursive resolver feature and thus recursion is now
      required to use them.
      Ignore the fact that certain configurations might still trick named into
      assuming recursion is enabled when it effectively is not since this
      change is not meant to put a hard policy in place but rather just to
      prevent accidental mirror zone misuse.
    • Michał Kępień's avatar
      Clean up handling of NOTIFY settings for mirror zones · 1d49b01c
      Michał Kępień authored
      Previous way of handling NOTIFY settings for mirror zones was a bit
      tricky: any value of the "notify" option was accepted, but it was
      subsequently overridden with dns_notifytype_explicit.  Given the way
      zone configuration is performed, this resulted in the following
        - if "notify yes;" was set explicitly at any configuration level or
          inherited from default configuration, it was silently changed and so
          only hosts specified in "also-notify", if any, were notified,
        - if "notify no;" was set at any configuration level, it was
          effectively honored since even though zone->notifytype was silently
          set to dns_notifytype_explicit, the "also-notify" option was never
          processed due to "notify no;" being set.
      Effectively, this only allowed the hosts specified in "also-notify" to
      be notified, when either "notify yes;" or "notify explicit;" was
      explicitly set or inherited from default configuration.
      Clean up handling of NOTIFY settings for mirror zones by:
        - reporting a configuration error when anything else than "notify no;"
          or "notify explicit;" is set for a mirror zone at the zone level,
        - overriding inherited "notify yes;" setting with "notify explicit;"
          for mirror zones,
        - informing the user when the "notify" setting is overridden, unless
          the setting in question was inherited from default configuration.
    • Michał Kępień's avatar
      Replace the "mirror" zone option with "type mirror;" · 2cb9e8a0
      Michał Kępień authored
      Use a zone's 'type' field instead of the value of its DNS_ZONEOPT_MIRROR
      option for checking whether it is a mirror zone.  This makes said zone
      option and its associated helper function, dns_zone_mirror(), redundant,
      so remove them.  Remove a check specific to mirror zones from
      named_zone_reusable() since another check in that function ensures that
      changing a zone's type prevents it from being reused during
    • Michał Kępień's avatar
      Define a separate dns_zonetype_t for mirror zones · e1bb8de6
      Michał Kępień authored
      Rather than overloading dns_zone_slave and discerning between a slave
      zone and a mirror zone using a zone option, define a separate enum
      value, dns_zone_mirror, to be used exclusively by mirror zones.  Update
      code handling slave zones to ensure it also handles mirror zones where
    • Michał Kępień's avatar
      Handle "type mirror;" when parsing zone configuration · 4a83ccf0
      Michał Kępień authored
      Add a new zone type, CFG_ZONE_MIRROR, to libisccfg, in order to limit
      the list of options which are considered valid for mirror zones.  Update
      the relevant configuration checks.
    • Ondřej Surý's avatar
      Merge branch '582-fix-server-addresses-configuration-type' into 'master' · 1ab27e3d
      Ondřej Surý authored
      Fix the configuration type used by the "server-addresses" option
      Closes #582
      See merge request !856
    • Michał Kępień's avatar
      Add CHANGES entry · 6b1c0a8e
      Michał Kępień authored
      5048.	[doc]		Documentation incorrectly stated that the
      			"server-addresses" static-stub zone option accepts
      			custom port numbers. [GL #582]
    • Michał Kępień's avatar
      Fix the configuration type used by the "server-addresses" option · b3245768
      Michał Kępień authored
      Contrary to what the documentation states, the "server-addresses"
      static-stub zone option does not accept custom port numbers.  Fix the
      configuration type used by the "server-addresses" option to ensure
      documentation matches source code.  Remove a check_zoneconf() test which
      is unnecessary with this fix in place.
    • Evan Hunt's avatar
      Merge branch 'wpk-temporarily-disable-qmin-for-rpz' into 'master' · ed35755a
      Evan Hunt authored
      Disable qname minimization in RPZ test for now
      See merge request !882
    • Witold Krecicki's avatar
    • Mark Andrews's avatar
      Merge branch '610-address-memory-leak-on-error' into 'master' · fa3d8f7d
      Mark Andrews authored
      Resolve "Address memory leak on error"
      Closes #610
      See merge request !859
    • Mark Andrews's avatar
      free key on error · 607c2d74
      Mark Andrews authored
  3. 23 Oct, 2018 15 commits