1. 12 Aug, 2019 2 commits
    • Matthijs Mekking's avatar
      Make rbtdb maintain stale counters · a8b29e05
      Matthijs Mekking authored
      When updating the statistics for RRset types, if a header is marked
      stale or ancient, the appropriate statistic counters are decremented,
      then incremented.
      
      Also fix some out of date comments.
      
      (cherry picked from commit a3af2c57)
      a8b29e05
    • Matthijs Mekking's avatar
      Print out ancient type stats with '~' prefix. · ca4c9f3b
      Matthijs Mekking authored
      The stale RR types are now printed with '#'.  This used to be the
      prefix for RR types that were marked ancient, but commit
      df507515 changed the meaning.  It is
      probably better to keep '#' for stale RR types and introduce a new
      prefix for reintroducing ancient type stat counters.
      
      (cherry picked from commit c9d56a81)
      ca4c9f3b
  2. 08 Aug, 2019 9 commits
  3. 06 Aug, 2019 2 commits
  4. 02 Aug, 2019 1 commit
  5. 31 Jul, 2019 3 commits
    • Mark Andrews's avatar
      check that bits 64..71 in a dns64 prefix are zero · f0fa5ce3
      Mark Andrews authored
      (cherry picked from commit a7ec7eb6)
      f0fa5ce3
    • Michał Kępień's avatar
      Make root hints consistent with authoritative data · 558ee243
      Michał Kępień authored
      Multiple resolvers in the "wildcard" system test are configured with a
      single root hint: "ns.root-servers.nil", pointing to 10.53.0.1, which is
      inconsistent with authoritative data served by ns1.  This may cause
      intermittent resolution failures, triggering false positives for the
      "wildcard" system test.  Prevent this from happening by making ns2, ns3,
      and ns5 use root hints corresponding to the contents of ns1/root.db.in.
      
      (cherry picked from commit dd430c30)
      558ee243
    • Michał Kępień's avatar
      Make root hints consistent with authoritative data · df4d771e
      Michał Kępień authored
      The ns2 named instance in the "staticstub" system test is configured
      with a single root hint commonly used in BIND system tests
      (a.root-servers.nil with an address of 10.53.0.1), which is inconsistent
      with authoritative data served by ns1.  This may cause intermittent
      resolution failures, triggering false positives for the "staticstub"
      system test.  Prevent this from happening by making ns1 serve data
      corresponding to the contents of bin/tests/system/common/root.hint.
      
      (cherry picked from commit 4b5e1da0)
      df4d771e
  6. 30 Jul, 2019 5 commits
    • Michał Kępień's avatar
      Fix awk invocation in the "verify" system test · 5159597d
      Michał Kępień authored
      Appending output of a command to the same file as the one that command
      is reading from is a dangerous practice.  It seems to have accidentally
      worked with all the awk implementations we have tested against so far,
      but for BusyBox awk, doing this may result in the input/output file
      being written to in an infinite loop.  Prevent this from happening by
      redirect awk output to a temporary file and appending its contents to
      the original file in a separate shell pipeline.
      
      (cherry picked from commit bb9c1654)
      5159597d
    • Michał Kępień's avatar
      Extend prerequisites for the "xfer" system test · 61981b36
      Michał Kępień authored
      The Net::DNS Perl module needs the Digest::HMAC module to support TSIG.
      However, since the latter is not a hard requirement for the former, some
      packagers do not make Net::DNS depend on Digest::HMAC.  If Net::DNS is
      installed on a host but Digest::HMAC is not, the "xfer" system test
      breaks in a very hard-to-debug way (ans5 returns TSIG RRs with empty
      RDATA, which prevents TSIG-signed SOA queries and transfers from
      working).  Prevent this from happening by making the "xfer" system test
      explicitly require Digest::HMAC apart from Net::DNS.
      
      (cherry picked from commit b10d28d1)
      61981b36
    • Michał Kępień's avatar
      Make "digdelv" system test work with BusyBox sed · fe7dec85
      Michał Kępień authored
      The BusyBox version of sed treats leading '\+' in a regular expression
      to be matched as a syntax error ("Repetition not preceded by valid
      expression"), which triggers false positives for the "digdelv" system
      test.  Make the relevant sed invocations work portably across all sed
      implementations by removing the leading backslash.
      
      (cherry picked from commit 266e3ed5)
      fe7dec85
    • Michał Kępień's avatar
      Make "autosign" system test work with BusyBox awk · fdd926d7
      Michał Kępień authored
      The BusyBox version of awk treats some variables which other awk
      implementations consider to be decimal values as octal values.  This
      intermittently breaks key event interval calculations in the "autosign"
      system test, trigger false positives for it.  Prevent the problem from
      happening by stripping leading zeros from the affected awk variables.
      
      (cherry picked from commit ad008f7d)
      fdd926d7
    • Michał Kępień's avatar
      Always include <errno.h> instead of <sys/errno.h> · 3f341b99
      Michał Kępień authored
      Including <sys/errno.h> instead of <errno.h> raises a compiler warning
      when building against musl libc.  Always include <errno.h> instead of
      <sys/errno.h> to prevent that compilation warning from being triggered
      and to achieve consistency in this regard across the entire source tree.
      
      (cherry picked from commit b5cd1460)
      3f341b99
  7. 29 Jul, 2019 1 commit
    • Michał Kępień's avatar
      Make root hints consistent with authoritative data · 7bcb5a31
      Michał Kępień authored
      Resolvers in the "filter-aaaa" system test are configured with a single
      root hint: "ns.rootservers.net", pointing to 10.53.0.1.  However,
      querying ns1 for "ns.rootservers.net" results in NXDOMAIN answers.
      Since the TTL for the root hint is set to 0, it may happen that a
      resolver's ADB will be asked to return any known addresses for
      "ns.rootservers.net", but it will only have access to a cached NXDOMAIN
      answer for that name and an expired root hint, which will result in a
      resolution failure, triggering a false positive for the "filter-aaaa"
      system test.  Prevent this from happening by making all the root hints
      consistent with authoritative data served by ns1.
      
      (cherry picked from commit c19ebde1)
      7bcb5a31
  8. 25 Jul, 2019 1 commit
  9. 23 Jul, 2019 1 commit
  10. 22 Jul, 2019 1 commit
  11. 21 Jul, 2019 3 commits
  12. 09 Jul, 2019 2 commits
  13. 04 Jul, 2019 1 commit
  14. 03 Jul, 2019 1 commit
    • Evan Hunt's avatar
      fix broken windows build · 2b8cdc06
      Evan Hunt authored
      The MSVS C compiler requires every struct to have at least one member.
      The dns_geoip_databases_t structure had one set of members for
      HAVE_GEOIP and a different set for HAVE_GEOIP2, and none when neither
      API is in use.
      
      This commit silences the compiler error by moving the declaration of
      dns_geoip_databases_t to types.h as an opaque reference, and commenting
      out the contents of geoip.h when neither version of GeoIP is enabled.
      
      (cherry picked from commit 81fcde59)
      2b8cdc06
  15. 28 Jun, 2019 2 commits
    • Michał Kępień's avatar
      Add and use keyfile_to_key_id() helper function · 6045adbd
      Michał Kępień authored
      When trying to extract the key ID from a key file name, some test code
      incorrectly attempts to strip all leading zeros.  This breaks tests when
      keys with ID 0 are generated.  Add a new helper shell function,
      keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
      test code whenever a key ID needs to be extracted from a key file name.
      
      (cherry picked from commit 7d6eaad1)
      6045adbd
    • Michał Kępień's avatar
      dnstap-read: clear buffer before expanding it · 1a1e550f
      Michał Kępień authored
      When printing a packet, dnstap-read checks whether its text form takes
      up more than the 2048 bytes allocated for the output buffer by default.
      If that is the case, the output buffer is automatically expanded, but
      the truncated output is left in the buffer, resulting in malformed data
      being printed.  Clear the output buffer before expanding it to prevent
      this issue from occurring.
      
      (cherry picked from commit 3549abe8)
      1a1e550f
  16. 27 Jun, 2019 5 commits
    • Evan Hunt's avatar
      add geoip2 system test · 049d8a31
      Evan Hunt authored
      (cherry picked from commit 9a1caf99)
      049d8a31
    • Evan Hunt's avatar
      implement searching of geoip2 database · 0283ab75
      Evan Hunt authored
      - revise mapping of search terms to database types to match the
        GeoIP2 schemas.
      - open GeoIP2 databases when starting up; close when shutting down.
      - clarify the logged error message when an unknown database type
        is configured.
      - add new geoip ACL subtypes to support searching for continent in
        country databases.
      - map geoip ACL subtypes to specific MMDB database queries.
      - perform MMDB lookups based on subtype, saving state between
        queries so repeated lookups for the same address aren't necessary.
      
      (cherry picked from commit 6e0b93e5)
      0283ab75
    • Evan Hunt's avatar
      add HAVE_GEOIP2 #ifdef branches, without implementing yet · 7fc92bee
      Evan Hunt authored
      (cherry picked from commit fe46d5bc)
      7fc92bee
    • Evan Hunt's avatar
      add a search for GeoIP2 libraries in configure · 6a7e8057
      Evan Hunt authored
      - "--with-geoip" is used to enable the legacy GeoIP library.
      - "--with-geoip2" is used to enable the new GeoIP2 library
        (libmaxminddb), and is on by default if the library is found.
      - using both "--with-geoip" and "--with-geoip2" at the same time
        is an error.
      - an attempt is made to determine the default GeoIP2 database path at
        compile time if pkg-config is able to report the module prefix. if
        this fails, it will be necessary to set the path in named.conf with
        geoip-directory
      - Makefiles have been updated, and a stub lib/dns/geoip2.c has been
        added for the eventual GeoIP2 search implementation.
      
      (cherry picked from commit fea6b5bf)
      6a7e8057
    • Matthijs Mekking's avatar
      DNSSEC sign metrics: CHANGES, doc, release note · 04c8c43f
      Matthijs Mekking authored
      Add some information about the new statistic-channel DNS sign
      metrics. Also add a CHANGES and release note entry.
      
      (cherry picked from commit 3a3f40e3)
      04c8c43f