1. 30 Jul, 2020 1 commit
    • Michal Nowak's avatar
      Drop $SYSTEMTESTTOP from bin/tests/system/ · 093af1c0
      Michal Nowak authored
      The $SYSTEMTESTTOP shell variable if often set to .. in various shell
      scripts inside bin/tests/system/, but most of the time it is only
      used one line later, while sourcing conf.sh. This hardly improves
      code readability.
      
      $SYSTEMTESTTOP is also used for the purpose of referencing
      scripts/files living in bin/tests/system/, but given that the
      variable is always set to a short, relative path, we can drop it and
      replace all of its occurrences with the relative path without adversely
      affecting code readability.
      093af1c0
  2. 14 Jul, 2020 1 commit
  3. 01 Jul, 2020 2 commits
    • Evan Hunt's avatar
      further tidying of primary/secondary terminology in system tests · e43b3c1f
      Evan Hunt authored
      this changes most visble uses of master/slave terminology in tests.sh
      and most uses of 'type master' or 'type slave' in named.conf files.
      files in the checkconf test were not updated in order to confirm that
      the old syntax still works. rpzrecurse was also left mostly unchanged
      to avoid interference with DNSRPS.
      e43b3c1f
    • Evan Hunt's avatar
      add "primaries" as a synonym for "masters" in named.conf · 16e14353
      Evan Hunt authored
      as "type primary" is preferred over "type master" now, it makes
      sense to make "primaries" available as a synonym too.
      
      added a correctness check to ensure "primaries" and "masters"
      cannot both be used in the same zone.
      16e14353
  4. 25 Jun, 2020 1 commit
  5. 25 May, 2020 1 commit
  6. 19 May, 2020 1 commit
  7. 01 May, 2020 2 commits
  8. 30 Apr, 2020 1 commit
  9. 21 Apr, 2020 1 commit
    • Ondřej Surý's avatar
      Complete rewrite the BIND 9 build system · 978c7b2e
      Ondřej Surý authored
      The rewrite of BIND 9 build system is a large work and cannot be reasonable
      split into separate merge requests.  Addition of the automake has a positive
      effect on the readability and maintainability of the build system as it is more
      declarative, it allows conditional and we are able to drop all of the custom
      make code that BIND 9 developed over the years to overcome the deficiencies of
      autoconf + custom Makefile.in files.
      
      This squashed commit contains following changes:
      
      - conversion (or rather fresh rewrite) of all Makefile.in files to Makefile.am
        by using automake
      
      - the libtool is now properly integrated with automake (the way we used it
        was rather hackish as the only official way how to use libtool is via
        automake
      
      - the dynamic module loading was rewritten from a custom patchwork to libtool's
        libltdl (which includes the patchwork to support module loading on different
        systems internally)
      
      - conversion of the unit test executor from kyua to automake parallel driver
      
      - conversion of the system test executor from custom make/shell to automake
        parallel driver
      
      - The GSSAPI has been refactored, the custom SPNEGO on the basis that
        all major KRB5/GSSAPI (mit-krb5, heimdal and Windows) implementations
        support SPNEGO mechanism.
      
      - The various defunct tests from bin/tests have been removed:
        bin/tests/optional and bin/tests/pkcs11
      
      - The text files generated from the MD files have been removed, the
        MarkDown has been designed to be readable by both humans and computers
      
      - The xsl header is now generated by a simple sed command instead of
        perl helper
      
      - The <irs/platform.h> header has been removed
      
      - cleanups of configure.ac script to make it more simpler, addition of multiple
        macros (there's still work to be done though)
      
      - the tarball can now be prepared with `make dist`
      
      - the system tests are partially able to run in oot build
      
      Here's a list of unfinished work that needs to be completed in subsequent merge
      requests:
      
      - `make distcheck` doesn't yet work (because of system tests oot run is not yet
        finished)
      
      - documentation is not yet built, there's a different merge request with docbook
        to sphinx-build rst conversion that needs to be rebased and adapted on top of
        the automake
      
      - msvc build is non functional yet and we need to decide whether we will just
        cross-compile bind9 using mingw-w64 or fix the msvc build
      
      - contributed dlz modules are not included neither in the autoconf nor automake
      978c7b2e
  10. 20 Apr, 2020 1 commit
  11. 09 Mar, 2020 1 commit
    • Matthijs Mekking's avatar
      Fix dnssec test · aebb2aaa
      Matthijs Mekking authored
      There is a failure mode which gets triggered on heavily loaded
      systems. A key change is scheduled in 5 seconds to make ZSK2 inactive
      and ZSK3 active, but `named` takes more than 5 seconds to progress
      from `rndc loadkeys` to the query check. At this time the SOA RRset
      is already signed by the new ZSK which is not expected to be active
      at that point yet.
      
      Split up the checks to test the case where RRsets are signed
      correctly with the offline KSK (maintained the signature) and
      the active ZSK.  First run, RRsets should be signed with the still
      active ZSK2, second run RRsets should be signed with the new active
      ZSK3.
      aebb2aaa
  12. 04 Mar, 2020 1 commit
    • Evan Hunt's avatar
      list "validate-except" entries in "rndc nta -d" and "rndc secroots" · 7a3fa9f5
      Evan Hunt authored
      - no longer exclude these entries when dumping the NTA table
      - indicate "validate-except" entries with the keyword "permanent" in
        place of an expiry date
      - add a test for this feature, and update other tests to account for
        the presence of extra lines in some rndc outputs
      - incidentally removed the unused function dns_ntatable_dump()
      - CHANGES, release note
      7a3fa9f5
  13. 21 Feb, 2020 1 commit
  14. 07 Feb, 2020 1 commit
  15. 06 Feb, 2020 1 commit
  16. 30 Jan, 2020 5 commits
  17. 23 Jan, 2020 1 commit
  18. 16 Jan, 2020 1 commit
  19. 15 Jan, 2020 1 commit
  20. 14 Jan, 2020 1 commit
  21. 13 Jan, 2020 1 commit
    • Tony Finch's avatar
      Fix line spacing in `rndc secroots` · 5b600c2c
      Tony Finch authored
      Before this change, there was a missing blank line between the
      negative trust anchors for one view, and the heading line for the next
      view. This is because dns_ntatable_totext() omits the last newline.
      There is an example of the incorrect output below; the fixed output
      has a blank line before "Start view auth".
      
      secure roots as of 21-Oct-2019 12:03:23.500:
      
       Start view rec
         Secure roots:
      
      ./RSASHA256/20326 ; managed
      
         Negative trust anchors:
      
      example.com: expiry 21-Oct-2019 13:03:15.000
       Start view auth
         Secure roots:
      
      ./RSASHA256/20326 ; managed
      
         Negative trust anchors:
      
      example.com: expiry 21-Oct-2019 13:03:07.000
      5b600c2c
  22. 09 Dec, 2019 1 commit
  23. 15 Nov, 2019 3 commits
    • Evan Hunt's avatar
      use DS style trust anchors in all system tests · 54a682ea
      Evan Hunt authored
      this adds functions in conf.sh.common to create DS-style trust anchor
      files. those functions are then used to create nearly all of the trust
      anchors in the system tests.
      
      there are a few exceptions:
       - some tests in dnssec and mkeys rely on detection of unsupported
         algorithms, which only works with key-style trust anchors, so those
         are used for those tests in particular.
       - the mirror test had a problem with the use of a CSK without a
         SEP bit, which still needs addressing
      
      in the future, some of these tests should be changed back to using
      traditional trust anchors, so that both types will be exercised going
      forward.
      54a682ea
    • Evan Hunt's avatar
      refactor create_keydata · 4d3ed3f4
      Evan Hunt authored
      use empty placeholder KEYDATA records for all trust anchors, not just
      DS-style trust anchors.
      
      this revealed a pre-existing bug: keyfetch_done() skips keys without
      the SEP bit when populating the managed-keys zone. consequently, if a
      zone only has a single ZSK which is configured as trust anchor and no
      KSKs, then no KEYDATA record is ever written to the managed-keys zone
      when keys are refreshed.
      
      that was how the root server in the dnssec system test was configured.
      however, previously, the KEYDATA was created when the key was
      initialized; this prevented us from noticing the bug until now.
      
      configuring a ZSK as an RFC 5011 trust anchor is not forbidden by the
      spec, but it is highly unusual and not well defined.  so for the time
      being, I have modified the system test to generate both a KSK and ZSK
      for the root zone, enabling the test to pass.
      
      we should consider adding code to detect this condition and allow keys
      without the SEP bit to be used as trust anchors if no key with the SEP
      bit is available, or at minimum, log a warning.
      4d3ed3f4
    • Evan Hunt's avatar
      3fede8a7
  24. 07 Nov, 2019 1 commit
    • Evan Hunt's avatar
      convert ns_client and related objects to use netmgr · 53f0b6c3
      Evan Hunt authored
      - ns__client_request() is now called by netmgr with an isc_nmhandle_t
        parameter. The handle can then be permanently associated with an
        ns_client object.
      - The task manager is paused so that isc_task events that may be
        triggred during client processing will not fire until after the netmgr is
        finished with it. Before any asynchronous event, the client MUST
        call isc_nmhandle_ref(client->handle), to prevent the client from
        being reset and reused while waiting for an event to process. When
        the asynchronous event is complete, isc_nmhandle_unref(client->handle)
        must be called to ensure the handle can be reused later.
      - reference counting of client objects is now handled in the nmhandle
        object.  when the handle references drop to zero, the client's "reset"
        callback is used to free temporary resources and reiniialize it,
        whereupon the handle (and associated client) is placed in the
        "inactive handles" queue.  when the sysstem is shutdown and the
        handles are cleaned up, the client's "put" callback is called to free
        all remaining resources.
      - because client allocation is no longer handled in the same way,
        the '-T clienttest' option has now been removed and is no longer
        used by any system tests.
      - the unit tests require wrapping the isc_nmhandle_unref() function;
        when LD_WRAP is supported, that is used. otherwise we link a
        libwrap.so interposer library and use that.
      53f0b6c3
  25. 06 Nov, 2019 1 commit
  26. 28 Aug, 2019 1 commit
  27. 09 Aug, 2019 1 commit
  28. 08 Aug, 2019 1 commit
  29. 02 Aug, 2019 1 commit
  30. 31 Jul, 2019 1 commit
  31. 28 Jun, 2019 1 commit
    • Michał Kępień's avatar
      Add and use keyfile_to_key_id() helper function · 7d6eaad1
      Michał Kępień authored
      When trying to extract the key ID from a key file name, some test code
      incorrectly attempts to strip all leading zeros.  This breaks tests when
      keys with ID 0 are generated.  Add a new helper shell function,
      keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
      test code whenever a key ID needs to be extracted from a key file name.
      7d6eaad1
  32. 05 Jun, 2019 1 commit