1. 13 Feb, 2020 2 commits
    • Evan Hunt's avatar
      apply the modified style · e851ed0b
      Evan Hunt authored
    • Ondřej Surý's avatar
      Use clang-tidy to add curly braces around one-line statements · 056e133c
      Ondřej Surý authored
      The command used to reformat the files in this commit was:
      ./util/run-clang-tidy \
      	-clang-tidy-binary clang-tidy-11
      	-clang-apply-replacements-binary clang-apply-replacements-11 \
      	-checks=-*,readability-braces-around-statements \
      	-j 9 \
      	-fix \
      	-format \
      	-style=file \
      clang-format -i --style=format $(git ls-files '*.c' '*.h')
      uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h')
      clang-format -i --style=format $(git ls-files '*.c' '*.h')
  2. 12 Feb, 2020 1 commit
  3. 14 Jan, 2020 1 commit
    • Evan Hunt's avatar
      rename dns_keytable_deletekeynode to dns_keytable_deletekey · 21d3f66f
      Evan Hunt authored
      this function is used by dns_view_untrust() to handle revoked keys, so
      it will still be needed after the keytable/validator refactoring is
      complete, even though the keytable will be storing DS trust anchors
      instead of keys. to simplify the way it's called, it now takes a DNSKEY
      rdata struct instead of a DST key.
  4. 09 Oct, 2019 1 commit
  5. 09 Aug, 2019 1 commit
  6. 07 Aug, 2019 1 commit
    • Ondřej Surý's avatar
      lib/dns/resolver.c: Convert (dns_view_t *)->weakrefs to isc_refcount_t · cd9bbe6d
      Ondřej Surý authored
      There's a deadlock in BIND 9 code where (dns_view_t){ .lock } and
      (dns_resolver_t){ .buckets[i].lock } gets locked in different order.  When
      view->weakrefs gets converted to a reference counting we can reduce the locking
      in dns_view_weakdetach only to cases where it's the last instance of the
      dns_view_t object.
      (cherry picked from commit a7c9a52c)
      (cherry picked from commit 232140ed)
  7. 10 May, 2019 1 commit
    • Michał Kępień's avatar
      Make NTAs work with validating forwarders · 5e804882
      Michał Kępień authored
      If named is configured to perform DNSSEC validation and also forwards
      all queries ("forward only;") to validating resolvers, negative trust
      anchors do not work properly because the CD bit is not set in queries
      sent to the forwarders.  As a result, instead of retrieving bogus DNSSEC
      material and making validation decisions based on its configuration,
      named is only receiving SERVFAIL responses to queries for bogus data.
      Fix by ensuring the CD bit is always set in queries sent to forwarders
      if the query name is covered by an NTA.
  8. 15 Mar, 2019 1 commit
  9. 11 Mar, 2019 1 commit
  10. 06 Dec, 2018 4 commits
    • Evan Hunt's avatar
      name change from "hook modules" to "plugins" · fd20f10d
      Evan Hunt authored
      - "hook" is now used only for hook points and hook actions
      - the "hook" statement in named.conf is now "plugin"
      - ns_module and ns_modlist are now ns_plugin and ns_plugins
      - ns_module_load is renamed ns_plugin_register
      - the mandatory functions in plugin modules (hook_register,
        hook_check, hook_version, hook_destroy) have been renamed
    • Evan Hunt's avatar
      refactor to support multiple module instances · b94945e6
      Evan Hunt authored
      - use a per-view module list instead of global hook_modules
      - create an 'instance' pointer when registering modules, store it in
        the module structure, and use it as action_data when calling
        hook functions - this enables multiple module instances to be set
        up in parallel
      - also some nomenclature changes and cleanup
    • Evan Hunt's avatar
      add a parser to filter-aaaa.so and pass in the parameters · 9911c835
      Evan Hunt authored
      - make some cfg-parsing functions global so they can be run
        from filter-aaaa.so
      - add filter-aaaa options to the hook module's parser
      - mark filter-aaaa options in named.conf as obsolete, remove
        from named and checkconf, and update the filter-aaaa test not to
        use checkconf anymore
      - remove filter-aaaa-related struct members from dns_view
    • Evan Hunt's avatar
      add hook statement to configuration parser · d2f46443
      Evan Hunt authored
      - allow multiple "hook" statements at global or view level
      - add "optional bracketed text" type for optional parameter list
      - load hook module from specified path rather than hardcoded path
      - add a hooktable pointer (and a callback for freeing it) to the
        view structure
      - change the hooktable functions so they no longer update ns__hook_table
        by default, and modify PROCESS_HOOK so it uses the view hooktable, if
        set, rather than ns__hook_table. (ns__hook_table is retained for
        use by unit tests.)
      - update the filter-aaaa system test to load filter-aaaa.so
      - add a prereq script to check for dlopen support before running
        the filter-aaaa system test
      not yet done:
      - configuration parameters are not being passed to the filter-aaaa
        module; the filter-aaaa ACL and filter-aaaa-on-{v4,v6} settings are
        still stored in dns_view
  11. 14 Nov, 2018 1 commit
  12. 23 Oct, 2018 1 commit
  13. 28 Aug, 2018 1 commit
  14. 08 Aug, 2018 2 commits
  15. 12 Jun, 2018 1 commit
  16. 18 Apr, 2018 1 commit
  17. 06 Apr, 2018 2 commits
  18. 23 Feb, 2018 1 commit
  19. 30 Nov, 2017 1 commit
  20. 05 Oct, 2017 1 commit
  21. 05 Sep, 2017 1 commit
  22. 30 Aug, 2017 1 commit
  23. 28 Jul, 2017 1 commit
    • Evan Hunt's avatar
      [master] glue-cache option · 268cea9c
      Evan Hunt authored
      4664.	[func]		Add a "glue-cache" option to enable or disable the
      			glue cache. The default is "no" to reduce memory
      			usage, but enabling this option will improve
      			performance in delegation-heavy zones. [RT #45125]
  24. 13 Jun, 2017 1 commit
  25. 26 Apr, 2017 1 commit
  26. 24 Apr, 2017 1 commit
    • Evan Hunt's avatar
      [master] new-zones-directory option · 2dfb9923
      Evan Hunt authored
      4610.	[func]		The "new-zones-directory" option specifies the
      			location of NZF or NZD files for storing
      			configuration of zones added by "rndc addzone".
      			Thanks to Petr Menšík. [RT #44853]
  27. 22 Apr, 2017 1 commit
  28. 05 Jan, 2017 1 commit
  29. 04 Jan, 2017 1 commit
    • Evan Hunt's avatar
      [master] EDNS padding and keepalive support · 58043325
      Evan Hunt authored
      4549.	[func]		Added support for the EDNS TCP Keepalive option
      			(RFC 7828). [RT #42126]
      4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
      			[RT #42094]
  30. 30 Dec, 2016 1 commit
  31. 12 Aug, 2016 1 commit
  32. 22 Jul, 2016 1 commit
  33. 21 Jul, 2016 1 commit
    • Evan Hunt's avatar
      [master] store "addzone" zone config in a NZD database · eca74c52
      Evan Hunt authored
      4421.	[func]		When built with LMDB (Lightning Memory-mapped
      			Database), named will now use a database to store
      			the configuration for zones added by "rndc addzone"
      			instead of using a flat NZF file. This improves
      			performance of "rndc delzone" and "rndc modzone"
      			significantly. Existing NZF files will
      			automatically by converted to NZD databases.
      			To view the contents of an NZD or to roll back to
      			NZF format, use "named-nzd2nzf". To disable
                              this feature, use "configure --without-lmdb".
                              [RT #39837]
  34. 27 Jun, 2016 1 commit