1. 30 Jul, 2020 1 commit
    • Michal Nowak's avatar
      Drop $SYSTEMTESTTOP from bin/tests/system/ · 093af1c0
      Michal Nowak authored
      The $SYSTEMTESTTOP shell variable if often set to .. in various shell
      scripts inside bin/tests/system/, but most of the time it is only
      used one line later, while sourcing conf.sh. This hardly improves
      code readability.
      
      $SYSTEMTESTTOP is also used for the purpose of referencing
      scripts/files living in bin/tests/system/, but given that the
      variable is always set to a short, relative path, we can drop it and
      replace all of its occurrences with the relative path without adversely
      affecting code readability.
      093af1c0
  2. 01 Jul, 2020 1 commit
    • Evan Hunt's avatar
      further tidying of primary/secondary terminology in system tests · e43b3c1f
      Evan Hunt authored
      this changes most visble uses of master/slave terminology in tests.sh
      and most uses of 'type master' or 'type slave' in named.conf files.
      files in the checkconf test were not updated in order to confirm that
      the old syntax still works. rpzrecurse was also left mostly unchanged
      to avoid interference with DNSRPS.
      e43b3c1f
  3. 05 May, 2020 1 commit
  4. 01 May, 2020 1 commit
  5. 21 Apr, 2020 1 commit
    • Ondřej Surý's avatar
      Complete rewrite the BIND 9 build system · 978c7b2e
      Ondřej Surý authored
      The rewrite of BIND 9 build system is a large work and cannot be reasonable
      split into separate merge requests.  Addition of the automake has a positive
      effect on the readability and maintainability of the build system as it is more
      declarative, it allows conditional and we are able to drop all of the custom
      make code that BIND 9 developed over the years to overcome the deficiencies of
      autoconf + custom Makefile.in files.
      
      This squashed commit contains following changes:
      
      - conversion (or rather fresh rewrite) of all Makefile.in files to Makefile.am
        by using automake
      
      - the libtool is now properly integrated with automake (the way we used it
        was rather hackish as the only official way how to use libtool is via
        automake
      
      - the dynamic module loading was rewritten from a custom patchwork to libtool's
        libltdl (which includes the patchwork to support module loading on different
        systems internally)
      
      - conversion of the unit test executor from kyua to automake parallel driver
      
      - conversion of the system test executor from custom make/shell to automake
        parallel driver
      
      - The GSSAPI has been refactored, the custom SPNEGO on the basis that
        all major KRB5/GSSAPI (mit-krb5, heimdal and Windows) implementations
        support SPNEGO mechanism.
      
      - The various defunct tests from bin/tests have been removed:
        bin/tests/optional and bin/tests/pkcs11
      
      - The text files generated from the MD files have been removed, the
        MarkDown has been designed to be readable by both humans and computers
      
      - The xsl header is now generated by a simple sed command instead of
        perl helper
      
      - The <irs/platform.h> header has been removed
      
      - cleanups of configure.ac script to make it more simpler, addition of multiple
        macros (there's still work to be done though)
      
      - the tarball can now be prepared with `make dist`
      
      - the system tests are partially able to run in oot build
      
      Here's a list of unfinished work that needs to be completed in subsequent merge
      requests:
      
      - `make distcheck` doesn't yet work (because of system tests oot run is not yet
        finished)
      
      - documentation is not yet built, there's a different merge request with docbook
        to sphinx-build rst conversion that needs to be rebased and adapted on top of
        the automake
      
      - msvc build is non functional yet and we need to decide whether we will just
        cross-compile bind9 using mingw-w64 or fix the msvc build
      
      - contributed dlz modules are not included neither in the autoconf nor automake
      978c7b2e
  6. 16 Apr, 2020 1 commit
    • Matthijs Mekking's avatar
      dnssec-policy: to sign inline or not · 644f0d95
      Matthijs Mekking authored
      When dnssec-policy was introduced, it implicitly set inline-signing.
      But DNSSEC maintenance required either inline-signing to be enabled,
      or a dynamic zone.  In other words, not in all cases you want to
      DNSSEC maintain your zone with inline-signing.
      
      Change the behavior and determine whether inline-signing is
      required: if the zone is dynamic, don't use inline-signing,
      otherwise implicitly set it.
      
      You can also explicitly set inline-signing to yes with dnssec-policy,
      the restriction that both inline-signing and dnssec-policy cannot
      be set at the same time is now lifted.
      
      However, 'inline-signing no;' on a non-dynamic zone with a
      dnssec-policy is not possible.
      644f0d95
  7. 06 Mar, 2020 1 commit
  8. 07 Feb, 2020 2 commits
  9. 05 Dec, 2019 1 commit
  10. 15 Nov, 2019 1 commit
  11. 06 Nov, 2019 1 commit
    • Matthijs Mekking's avatar
      Introduce dnssec-policy configuration · a50d707f
      Matthijs Mekking authored
      This commit introduces the initial `dnssec-policy` configuration
      statement. It has an initial set of options to deal with signature
      and key maintenance.
      
      Add some checks to ensure that dnssec-policy is configured at the
      right locations, and that policies referenced to in zone statements
      actually exist.
      
      Add some checks that when a user adds the new `dnssec-policy`
      configuration, it will no longer contain existing DNSSEC
      configuration options.  Specifically: `inline-signing`,
      `auto-dnssec`, `dnssec-dnskey-kskonly`, `dnssec-secure-to-insecure`,
      `update-check-ksk`, `dnssec-update-mode`, `dnskey-sig-validity`,
      and `sig-validity-interval`.
      
      Test a good kasp configuration, and some bad configurations.
      a50d707f
  12. 30 Aug, 2019 1 commit
  13. 09 Aug, 2019 2 commits
  14. 04 Jul, 2019 1 commit
  15. 28 Jun, 2019 1 commit
    • Matthijs Mekking's avatar
      named-checkconf -i: ignore deprecate warnings · 0b879096
      Matthijs Mekking authored
      Adds a new option to named-checkconf, -i.  If set, named-checkconf
      will not warn you about deprecated options.  This allows people
      to use named-checkconf in automated deployment precoesses where an
      operator only cares if their conf is valid, even if it is not optimal.
      
      This was added as a request as part of introducing a policy on
      removing named.conf options.
      0b879096
  16. 06 Jun, 2019 1 commit
  17. 05 Jun, 2019 5 commits
  18. 08 May, 2019 1 commit
  19. 15 Mar, 2019 1 commit
  20. 31 Jan, 2019 1 commit
    • Evan Hunt's avatar
      Ancient named.conf options are now a fatal configuration error · ff3dace1
      Evan Hunt authored
      - options that were flagged as obsolete or not implemented in 9.0.0
        are now flagged as "ancient", and are a fatal error
      - the ARM has been updated to remove these, along with other
        obsolete descriptions of BIND 8 behavior
      - the log message for obsolete options explicitly recommends removal
      ff3dace1
  21. 09 Sep, 2018 2 commits
  22. 25 May, 2018 1 commit
    • Evan Hunt's avatar
      remove the experimental authoritative ECS support from named · e3244493
      Evan Hunt authored
      - mark the 'geoip-use-ecs' option obsolete; warn when it is used
        in named.conf
      - prohibit 'ecs' ACL tags in named.conf; note that this is a fatal error
        since simply ignoring the tags could make ACLs behave unpredictably
      - re-simplify the radix and iptable code
      - clean up dns_acl_match(), dns_aclelement_match(), dns_acl_allowed()
        and dns_geoip_match() so they no longer take ecs options
      - remove the ECS-specific unit and system test cases
      - remove references to ECS from the ARM
      e3244493
  23. 23 Feb, 2018 1 commit
  24. 22 Feb, 2018 1 commit
  25. 09 Feb, 2018 4 commits
  26. 07 Feb, 2018 2 commits
  27. 29 Oct, 2017 3 commits