1. 05 Oct, 2018 1 commit
  2. 04 Oct, 2018 1 commit
  3. 03 Oct, 2018 1 commit
  4. 28 Sep, 2018 2 commits
  5. 09 Sep, 2018 2 commits
  6. 07 Sep, 2018 4 commits
  7. 31 Aug, 2018 1 commit
  8. 29 Aug, 2018 1 commit
  9. 28 Aug, 2018 8 commits
  10. 23 Aug, 2018 3 commits
  11. 22 Aug, 2018 1 commit
    • Michał Kępień's avatar
      Fix reloading inline-signed zones · 54315839
      Michał Kępień authored
      While "rndc reload" causes dns_zone_asyncload() to be called for the
      signed version of an inline-signed zone, the subsequent zone_load() call
      causes the raw version to be reloaded from storage.  This means that
      DNS_ZONEFLG_LOADPENDING gets set for the signed version of the zone by
      dns_zone_asyncload() before the reload is attempted, but zone_postload()
      is only called for the raw version and thus DNS_ZONEFLG_LOADPENDING is
      cleared for the raw version, but not for the signed version.  This in
      turn prevents zone maintenance from happening for the signed version of
      the zone.
      
      Until commit 29b7efdd, this problem
      remained dormant because DNS_ZONEFLG_LOADPENDING was previously
      immediately, unconditionally cleared after zone loading was started
      (whereas it should only be cleared when zone loading is finished or an
      error occurs).  This behavior caused other issues [1] and thus had to be
      changed.
      
      Fix reloading inline-signed zones by clearing DNS_ZONEFLG_LOADPENDING
      for the signed version of the zone once the raw version reload
      completes.  Take care not to clear it prematurely during initial zone
      load.  Also make sure that DNS_ZONEFLG_LOADPENDING gets cleared when
      zone_postload() encounters an error or returns early, to prevent other
      scenarios from resulting in the same problem.  Add comments aiming to
      help explain code flow.
      
      [1] see RT #47076
      54315839
  12. 16 Aug, 2018 1 commit
  13. 14 Aug, 2018 1 commit
  14. 13 Aug, 2018 1 commit
  15. 08 Aug, 2018 2 commits
  16. 19 Jul, 2018 3 commits
  17. 11 Jul, 2018 3 commits
  18. 10 Jul, 2018 1 commit
  19. 28 Jun, 2018 3 commits
    • Michał Kępień's avatar
      Fall back to normal recursion when mirror zone data is unavailable · 8d996fd7
      Michał Kępień authored
      If transferring or loading a mirror zone fails, resolution should still
      succeed by means of falling back to regular recursive queries.
      Currently, though, if a slave zone is present in the zone table and not
      loaded, a SERVFAIL response is generated.  Thus, mirror zones need
      special handling in this regard.
      
      Add a new dns_zt_find() flag, DNS_ZTFIND_MIRROR, and set it every time a
      domain name is looked up rather than a zone itself.  Handle that flag in
      dns_zt_find() in such a way that a mirror zone which is expired or not
      yet loaded is ignored when looking up domain names, but still possible
      to find when the caller wants to know whether the zone is configured.
      This causes a fallback to recursion when mirror zone data is unavailable
      without making unloaded mirror zones invisible to code checking a zone's
      existence.
      8d996fd7
    • Michał Kępień's avatar
      Ensure delegations inside mirror zones are properly handled for non-recursive queries · 179d5faa
      Michał Kępień authored
      When a resolver is a regular slave (i.e. not a mirror) for some zone,
      non-recursive queries for names below that slaved zone will return a
      delegation sourced from it.  This behavior is suboptimal for mirror
      zones as their contents should rather be treated as validated, cached
      DNS responses.  Modify query_delegation() and query_zone_delegation() to
      permit clients allowed cache access to check its contents for a better
      answer when responding to non-recursive queries.
      179d5faa
    • Michał Kępień's avatar
      Perform basic resolution checks with a mirror zone in use · c9accfde
      Michał Kępień authored
      Make ns3 mirror the "root" zone from ns1 and query the former for a
      properly signed record below the root.  Ensure ns1 is not queried during
      resolution and that the AD bit is set in the response.
      c9accfde