1. 24 Jan, 2019 5 commits
  2. 23 Jan, 2019 4 commits
  3. 22 Jan, 2019 2 commits
  4. 21 Jan, 2019 4 commits
  5. 18 Jan, 2019 12 commits
  6. 16 Jan, 2019 13 commits
    • Evan Hunt's avatar
      Merge branch '752-disable-forwarders-when-priming' into 'master' · 4a827494
      Evan Hunt authored
      If possible don't use forwarders when priming the resolver.
      
      Closes #752
      
      See merge request !1296
      4a827494
    • Witold Krecicki's avatar
      If possible don't use forwarders when priming the resolver. · b49310ac
      Witold Krecicki authored
      If we try to fetch a record from cache and need to look into
      hints database we assume that the resolver is not primed and
      start dns_resolver_prime(). Priming query is supposed to return
      NSes for "." in ANSWER section and glue records for them in
      ADDITIONAL section, so that we can fill that info in 'regular'
      cache and not use hints db anymore.
      However, if we're using a forwarder the priming query goes through
      it, and if it's configured to return minimal answers we won't get
      the addresses of root servers in ADDITIONAL section. Since the
      only records for root servers we have are in hints database we'll
      try to prime the resolver with every single query.
      
      This patch adds a DNS_FETCHOPT_NOFORWARD flag which avoids using
      forwarders if possible (that is if we have forward-first policy).
      Using this flag on priming fetch fixes the problem as we get the
      proper glue. With forward-only policy the problem is non-existent,
      as we'll never ask for root server addresses because we'll never
      have a need to query them.
      
      Also added a test to confirm priming queries are not forwarded.
      b49310ac
    • Mark Andrews's avatar
      Merge branch 'pkcs11-pubattr-check' into 'master' · a97a63ad
      Mark Andrews authored
      Make sure null atributes are never used
      
      See merge request !1353
      a97a63ad
    • Petr Menšík's avatar
      Make sure null atributes are never used · fe9ef0d9
      Petr Menšík authored
      Add INSIST to pubattr fetching where null might occur in therory. Make
      sure null is never dereferenced.
      fe9ef0d9
    • Evan Hunt's avatar
      Merge branch '797-handle-timeouts-when-qminimizing' into 'master' · 3d5826b7
      Evan Hunt authored
      Don't retry query on timeout if we're qname minimizing
      
      Closes #797
      
      See merge request !1293
      3d5826b7
    • Witold Krecicki's avatar
      When a forwarder fails and we're not in a forward-only mode we · cfa2804e
      Witold Krecicki authored
      go back to regular resolution. When this happens the fetch timer is
      already running, and we might end up in a situation where we we create
      a fetch for qname-minimized query and after that the timer is triggered
      and the query is retried (fctx_try) - which causes relaunching of
      qname-minimization fetch - and since we already have a qmin fetch
      for this fctx - assertion failure.
      
      This fix stops the timer when doing qname minimization - qmin fetch
      internal timer should take care of all the possible timeouts.
      cfa2804e
    • Evan Hunt's avatar
      Merge branch '818-improve-mirror-zone-logging' into 'master' · bbb0947e
      Evan Hunt authored
      Improve mirror zone logging
      
      Closes #818
      
      See merge request !1351
      bbb0947e
    • Michał Kępień's avatar
      Add CHANGES entry · 5d37c910
      Michał Kępień authored
      5137.	[func]		named now logs messages whenever a mirror zone becomes
      			usable or unusable for resolution purposes. [GL #818]
      5d37c910
    • Michał Kępień's avatar
      Log a message when a mirror zone becomes unusable · 7d6b8f7c
      Michał Kępień authored
      Log a message if a mirror zone becomes unusable for the resolver (most
      usually due to the zone's expiration timer firing).  Ensure that
      verification failures do not cause a mirror zone to be unloaded
      (instead, its last successfully verified version should be served if it
      is available).
      7d6b8f7c
    • Michał Kępień's avatar
      Log a message when a mirror zone loaded from disk comes into effect · 7665e132
      Michał Kępień authored
      Log a message when a mirror zone is successfully loaded from disk and
      subsequently verified.
      
      This could have been implemented in a simpler manner, e.g. by modifying
      an earlier code branch inside zone_postload() which checks whether the
      zone already has a database attached and calls attachdb() if it does
      not, but that would cause the resulting logs to indicate that a mirror
      zone comes into effect before the "loaded serial ..." message is logged,
      which would be confusing.
      
      Tweak some existing sed commands used in the "mirror" system test to
      ensure that separate test cases comprising it do not break each other.
      7665e132
    • Michał Kępień's avatar
      Log a message when a transferred mirror zone comes into effect · 1c97ace7
      Michał Kępień authored
      Log a message when a mirror zone is successfully transferred and
      verified, but only if no database for that zone was yet loaded at the
      time the transfer was initiated.
      
      This could have been implemented in a simpler manner, e.g. by modifying
      zone_replacedb(), but (due to the calling order of the functions
      involved in finalizing a zone transfer) that would cause the resulting
      logs to suggest that a mirror zone comes into effect before its transfer
      is finished, which would be confusing given the nature of mirror zones
      and the fact that no message is logged upon successful mirror zone
      verification.
      
      Once the dns_zone_replacedb() call in axfr_finalize() is made, it
      becomes impossible to determine whether the transferred zone had a
      database attached before the transfer was started.  Thus, that check is
      instead performed when the transfer context is first created and the
      result of this check is passed around in a field of the transfer context
      structure.  If it turns out to be desired, the relevant log message is
      then emitted just before the transfer context is freed.
      
      Taking this approach means that the log message added by this commit is
      not timed precisely, i.e. mirror zone data may be used before this
      message is logged.  However, that can only be fixed by logging the
      message inside zone_replacedb(), which causes arguably more dire issues
      discussed above.
      
      dns_zone_isloaded() is not used to double-check that transferred zone
      data was correctly loaded since the 'shutdown_result' field of the zone
      transfer context will not be set to ISC_R_SUCCESS unless axfr_finalize()
      succeeds (and that in turn will not happen unless dns_zone_replacedb()
      succeeds).
      1c97ace7
    • Evan Hunt's avatar
      Merge branch '512-acl-config' into 'master' · c13879a6
      Evan Hunt authored
      Resolve "inconsistent comments, documentation and behavior with some ACLs"
      
      Closes #512
      
      See merge request !733
      c13879a6
    • Evan Hunt's avatar
      CHANGES · 03ab07c9
      Evan Hunt authored
      03ab07c9