1. 29 Apr, 2021 1 commit
  2. 23 Feb, 2021 1 commit
    • Matthijs Mekking's avatar
      Add purge-keys config option · 313de3a7
      Matthijs Mekking authored
      Add a new option 'purge-keys' to 'dnssec-policy' that will purge key
      files for deleted keys. The option determines how long key files
      should be retained prior to removing the corresponding files from
      disk.
      
      If set to 0, the option is disabled and 'named' will not remove key
      files from disk.
      313de3a7
  3. 17 Feb, 2021 4 commits
    • Evan Hunt's avatar
      allow configuration of "default" http endpoint · 2b2e1a02
      Evan Hunt authored
      specifying "http default" in a listen-on statement sets up
      the default "/dns-query" endpoint. tests and documentation
      have been updated.
      2b2e1a02
    • Evan Hunt's avatar
      move listen-on correctness checks into check.c · 957052ee
      Evan Hunt authored
      errors in listen-on and listen-on-v6 can now be detected
      by named-checkconf.
      957052ee
    • Evan Hunt's avatar
      enable listen-on parameters to be specified in any order · fd763d72
      Evan Hunt authored
      updated the parser to allow the "port", "tls" and "http"
      paramters to "listen-on" and "listen-on-v6" to be specified in any
      order. previously the parser would throw an error if any other order
      was used than port, tls, http.
      fd763d72
    • Evan Hunt's avatar
      require "tls none" for unencrypted HTTP listeners · 07f525ba
      Evan Hunt authored
      unencrypted DoH connections may be used in some operational
      environments where encryption is handled by a reverse proxy,
      but it's going to be relatively rare, so we shouldn't make it
      easy to do by mistake.  this commit changes the syntax for
      listen-on and listen-on-v6 so that if "http" is specified, "tls"
      must also be specified; for unencrypted listeners, "tls none"
      can be used.
      07f525ba
  4. 03 Feb, 2021 1 commit
    • Evan Hunt's avatar
      Add parser support for DoH configuration options · 06951472
      Evan Hunt authored
      This commit adds stub parser support and tests for:
      - an "http" global option for HTTP/2 endpoint configuration.
      - command line options to set http or https port numbers by
        specifying -p http=PORT or -p https=PORT.  (NOTE: this change
        only affects syntax; specifying HTTP and HTTPS ports on the
        command line currently has no effect.)
      - named.conf options "http-port" and "https-port"
      - HTTPSPORT environment variable for use when running tests.
      06951472
  5. 19 Jan, 2021 3 commits
    • Matthijs Mekking's avatar
      Special case tests for lmdb · 437d2714
      Matthijs Mekking authored
      When compiling BIND 9 without lmdb, this is promoted from
      'not operational' to 'not configured', resulting in a failure (and no
      longer a warning) if ldmb-related configuration options are set.
      
      Special case certain system tests to avoid test failures on systems
      that do not have lmdb.
      437d2714
    • Matthijs Mekking's avatar
      Remove a lot of obsoleted options · 87744f21
      Matthijs Mekking authored
      These options were ancient or made obsolete a long time ago, it is
      safe to remove them.
      
      Also stop printing ancient options, they should be treated the same as
      unknown options.
      
      Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
      acache-cleaning-interval, acache-enable, additional-from-auth,
      additional-from-cache, allow-v6-synthesis, dnssec-enable,
      max-acache-size, nosit-udp-size, queryport-pool-ports,
      queryport-pool-updateinterval, request-sit, use-queryport-pool, and
      support-ixfr.
      87744f21
    • Matthijs Mekking's avatar
      Remove the option 'dnssec-lookaside' · df435fc7
      Matthijs Mekking authored
      Obsoleted in 9.15, we can remove the option in 9.17.
      df435fc7
  6. 26 Nov, 2020 4 commits
  7. 11 Nov, 2020 1 commit
    • Diego Fronza's avatar
      Warn if 'stale-refresh-time' < 30 (default) · 5e47a13f
      Diego Fronza authored
      RFC 8767 recommends that attempts to refresh to be done no more
      frequently than every 30 seconds.
      
      Added check into named-checkconf, which will warn if values below the
      default are found in configuration.
      
      BIND will also log the warning during loading of configuration in the
      same fashion.
      5e47a13f
  8. 02 Oct, 2020 1 commit
    • Michał Kępień's avatar
      Add tests for "order none" RRset ordering rules · abdd4c89
      Michał Kępień authored
      Make sure "order none" RRset ordering rules are tested in the
      "rrsetorder" system test just like all other rule types are.  As the
      check for the case of no "rrset-order" rule matching a given RRset also
      tests "order none" (rather than "order random", as the test code may
      suggest at first glance), replace the test code for that case so that it
      matches other "order none" tests.
      abdd4c89
  9. 14 Sep, 2020 1 commit
  10. 07 Aug, 2020 1 commit
  11. 30 Jul, 2020 1 commit
    • Michal Nowak's avatar
      Drop $SYSTEMTESTTOP from bin/tests/system/ · 093af1c0
      Michal Nowak authored
      The $SYSTEMTESTTOP shell variable if often set to .. in various shell
      scripts inside bin/tests/system/, but most of the time it is only
      used one line later, while sourcing conf.sh. This hardly improves
      code readability.
      
      $SYSTEMTESTTOP is also used for the purpose of referencing
      scripts/files living in bin/tests/system/, but given that the
      variable is always set to a short, relative path, we can drop it and
      replace all of its occurrences with the relative path without adversely
      affecting code readability.
      093af1c0
  12. 01 Jul, 2020 4 commits
  13. 22 Jun, 2020 1 commit
  14. 13 May, 2020 1 commit
  15. 05 May, 2020 1 commit
  16. 01 May, 2020 1 commit
  17. 21 Apr, 2020 1 commit
    • Ondřej Surý's avatar
      Complete rewrite the BIND 9 build system · 978c7b2e
      Ondřej Surý authored
      The rewrite of BIND 9 build system is a large work and cannot be reasonable
      split into separate merge requests.  Addition of the automake has a positive
      effect on the readability and maintainability of the build system as it is more
      declarative, it allows conditional and we are able to drop all of the custom
      make code that BIND 9 developed over the years to overcome the deficiencies of
      autoconf + custom Makefile.in files.
      
      This squashed commit contains following changes:
      
      - conversion (or rather fresh rewrite) of all Makefile.in files to Makefile.am
        by using automake
      
      - the libtool is now properly integrated with automake (the way we used it
        was rather hackish as the only official way how to use libtool is via
        automake
      
      - the dynamic module loading was rewritten from a custom patchwork to libtool's
        libltdl (which includes the patchwork to support module loading on different
        systems internally)
      
      - conversion of the unit test executor from kyua to automake ...
      978c7b2e
  18. 16 Apr, 2020 1 commit
    • Matthijs Mekking's avatar
      dnssec-policy: to sign inline or not · 644f0d95
      Matthijs Mekking authored
      When dnssec-policy was introduced, it implicitly set inline-signing.
      But DNSSEC maintenance required either inline-signing to be enabled,
      or a dynamic zone.  In other words, not in all cases you want to
      DNSSEC maintain your zone with inline-signing.
      
      Change the behavior and determine whether inline-signing is
      required: if the zone is dynamic, don't use inline-signing,
      otherwise implicitly set it.
      
      You can also explicitly set inline-signing to yes with dnssec-policy,
      the restriction that both inline-signing and dnssec-policy cannot
      be set at the same time is now lifted.
      
      However, 'inline-signing no;' on a non-dynamic zone with a
      dnssec-policy is not possible.
      644f0d95
  19. 06 Mar, 2020 1 commit
  20. 07 Feb, 2020 5 commits
  21. 14 Jan, 2020 1 commit
  22. 06 Dec, 2019 1 commit
    • Michał Kępień's avatar
      Automatically run clean.sh from run.sh · d8905b7a
      Michał Kępień authored
      The first step in all existing setup.sh scripts is to call clean.sh.  To
      reduce code duplication and ensure all system tests added in the future
      behave consistently with existing ones, invoke clean.sh from run.sh
      before calling setup.sh.
      d8905b7a
  23. 05 Dec, 2019 1 commit
  24. 15 Nov, 2019 2 commits