1. 15 Nov, 2019 5 commits
    • Evan Hunt's avatar
    • Evan Hunt's avatar
      use DS-style trust anchor to verify 5011 key refresh query · a8f89e9a
      Evan Hunt authored
      note: this also needs further refactoring.
      - when initializing RFC 5011 for a name, we populate the managed-keys
        zone with KEYDATA records derived from the initial-key trust anchors.
        however, with initial-ds trust anchors, there is no key. but the
        managed-keys zone still must have a KEYDATA record for the name,
        otherwise zone_refreshkeys() won't refresh that key. so, for
        initial-ds trust anchors, we now add an empty KEYDATA record and set
        the key refresh timer so that the real keys will be looked up as soon
        as possible.
      - when a key refresh query is done, we verify it against the
        trust anchor; this is done in two ways, one with the DS RRset
        set up during configuration if present, or with the keys linked
        from each keynode in the list if not.  because there are two different
        verification methods, the loop structure is overly complex and should
        be simplified.
      - the keyfetch_done() and sync_keyzone() functions are both too long
        and should be broken into smaller functions.
    • Evan Hunt's avatar
      allow DS trust anchors to be set in keytable · 854af5a3
      Evan Hunt authored
      note: this is a frankensteinian kluge which needs further refactoring.
      the keytable started as an RBT where the node->data points to a list of
      dns_keynode structures, each of which points to a single dst_key.
      later it was modified so that the list could instead point to a single
      "null" keynode structure, which does not reference a key; this means
      a trust anchor has been configured but the RFC 5011 refresh failed.
      in this branch it is further updated to allow the first keynode in
      the list to point to an rdatalist of DS-style trust anchors.  these will
      be used by the validator to populate 'val->dsset' when validating a zone
      a DS style trust anchor can be updated as a result of RFC 5011
      processing to contain DST keys instead; this results in the DS list
      being freed.  the reverse is not possible; attempting to add a DS-style
      trust anchor if a key-style trust anchor is already in place results
      in an error.
      later, this should be refactored to use rdatalists for both DS-style
      and key-style trust anchors, but we're keeping the existing code for
      old-style trust anchors for now.
    • Evan Hunt's avatar
      read DS trust anchors in named.conf · feba4805
      Evan Hunt authored
      (but they aren't used for anything yet)
    • Evan Hunt's avatar
  2. 10 Nov, 2019 1 commit
    • Samuel Thibault's avatar
      hurd: Fix build · d10fbdec
      Samuel Thibault authored
      Move PATH_MAX, NAME_MAX, IOV_MAX default definitions to the common
  3. 07 Nov, 2019 1 commit
    • Evan Hunt's avatar
      convert ns_client and related objects to use netmgr · 53f0b6c3
      Evan Hunt authored
      - ns__client_request() is now called by netmgr with an isc_nmhandle_t
        parameter. The handle can then be permanently associated with an
        ns_client object.
      - The task manager is paused so that isc_task events that may be
        triggred during client processing will not fire until after the netmgr is
        finished with it. Before any asynchronous event, the client MUST
        call isc_nmhandle_ref(client->handle), to prevent the client from
        being reset and reused while waiting for an event to process. When
        the asynchronous event is complete, isc_nmhandle_unref(client->handle)
        must be called to ensure the handle can be reused later.
      - reference counting of client objects is now handled in the nmhandle
        object.  when the handle references drop to zero, the client's "reset"
        callback is used to free temporary resources and reiniialize it,
        whereupon the handle (and associated client) is placed in the
        "inactive handles" queue.  when the sysstem is shutdown and the
        handles are cleaned up, the client's "put" callback is called to free
        all remaining resources.
      - because client allocation is no longer handled in the same way,
        the '-T clienttest' option has now been removed and is no longer
        used by any system tests.
      - the unit tests require wrapping the isc_nmhandle_unref() function;
        when LD_WRAP is supported, that is used. otherwise we link a
        libwrap.so interposer library and use that.
  4. 06 Nov, 2019 5 commits
    • Matthijs Mekking's avatar
      dnssec-policy inheritance from options/view · 5f464d15
      Matthijs Mekking authored
      'dnssec-policy' can now also be set on the options and view level and
      a zone that does not set 'dnssec-policy' explicitly will inherit it
      from the view or options level.
      This requires a new keyword to be introduced: 'none'.  If set to
      'none' the zone will not be DNSSEC maintained, in other words it will
      stay unsigned.  You can use this to break the inheritance.  Of course
      you can also break the inheritance by referring to a different
      The keywords 'default' and 'none' are not allowed when configuring
      your own dnssec-policy statement.
      Add appropriate tests for checking the configuration (checkconf)
      and add tests to the kasp system test to verify the inheritance
      Edit the kasp system test such that it can deal with unsigned zones
      and views (so setting a TSIG on the query).
    • Matthijs Mekking's avatar
      Adjust signing code to use kasp · c125b721
      Matthijs Mekking authored
      Update the signing code in lib/dns/zone.c and lib/dns/update.c to
      use kasp logic if a dnssec-policy is enabled.
      This means zones with dnssec-policy should no longer follow
      'update-check-ksk' and 'dnssec-dnskey-kskonly' logic, instead the
      KASP keys configured dictate which RRset gets signed with what key.
      Also use the next rekey event from the key manager rather than
      setting it to one hour.
      Mark the zone dynamic, as otherwise a zone with dnssec-policy is
      not eligble for automatic DNSSEC maintenance.
    • Matthijs Mekking's avatar
      Parse dnssec-policy config into kasp · 2924b19a
      Matthijs Mekking authored
      Add code that actually stores the configuration into the kasp
      structure and attach it to the appropriate zone.
    • Matthijs Mekking's avatar
      Extend ttlval to accept ISO 8601 durations · b7c5bfb2
      Matthijs Mekking authored
      The ttlval configuration types are replaced by duration configuration
      types. The duration is an ISO 8601 duration that is going to be used
      for DNSSEC key timings such as key lifetimes, signature resign
      intervals and refresh periods, etc. But it is also still allowed to
      use the BIND ttlval ways of configuring intervals (number plus
      optional unit).
      A duration is stored as an array of 7 different time parts.
      A duration can either be expressed in weeks, or in a combination of
      the other datetime indicators.
      Add several unit tests to ensure the correct value is parsed given
      different string values.
    • Diego Fronza's avatar
      Added TCP high-water statistics variable · 66fe8627
      Diego Fronza authored
      This variable will report the maximum number of simultaneous tcp clients
      that BIND has served while running.
      It can be verified by running rndc status, then inspect "tcp high-water:
      count", or by generating statistics file, rndc stats, then inspect the
      line with "TCP connection high-water" text.
      The tcp-highwater variable is atomically updated based on an existing
      tcp-quota system handled in ns/client.c.
  5. 04 Nov, 2019 2 commits
  6. 31 Oct, 2019 2 commits
    • Tony Finch's avatar
      Do not flush the cache for `rndc validation status` · b612e38a
      Tony Finch authored
      And add a note to the man page that `rndc validation` flushes the
      cache when the validation state is changed. (It is necessary to flush
      the cache when turning on validation, to avoid continuing to use
      cryptographically invalid data. It is probably wise to flush the cache
      when turning off validation to recover from lameness problems.)
    • Tony Finch's avatar
      Include all views in output of `rndc validation status` · bebeadc8
      Tony Finch authored
      The implementation of `rndc validation status` iterates over all the
      views to print their validation status. It takes care to print newlines
      in between, but it also used put a nul byte at the end of the first view
      which truncated the output.
      After this change, the nul byte is added at the end so that it prints
      the validation status in all views. The `_bind` view is skipped
      because its validation status is irrelevant.
  7. 03 Oct, 2019 2 commits
  8. 12 Sep, 2019 2 commits
  9. 30 Aug, 2019 1 commit
    • Ondřej Surý's avatar
      isc_event_allocate() cannot fail, remove the fail handling blocks · 50e109d6
      Ondřej Surý authored
      isc_event_allocate() calls isc_mem_get() to allocate the event structure.  As
      isc_mem_get() cannot fail softly (e.g. it never returns NULL), the
      isc_event_allocate() cannot return NULL, hence we remove the (ret == NULL)
      handling blocks using the semantic patch from the previous commit.
  10. 29 Aug, 2019 1 commit
  11. 09 Aug, 2019 1 commit
  12. 23 Jul, 2019 3 commits
  13. 21 Jul, 2019 2 commits
  14. 04 Jul, 2019 2 commits
  15. 03 Jul, 2019 1 commit
    • Evan Hunt's avatar
      fix broken windows build · 81fcde59
      Evan Hunt authored
      The MSVS C compiler requires every struct to have at least one member.
      The dns_geoip_databases_t structure had one set of members for
      HAVE_GEOIP and a different set for HAVE_GEOIP2, and none when neither
      API is in use.
      This commit silences the compiler error by moving the declaration of
      dns_geoip_databases_t to types.h as an opaque reference, and commenting
      out the contents of geoip.h when neither version of GeoIP is enabled.
  16. 27 Jun, 2019 2 commits
    • Evan Hunt's avatar
      implement searching of geoip2 database · 6e0b93e5
      Evan Hunt authored
      - revise mapping of search terms to database types to match the
        GeoIP2 schemas.
      - open GeoIP2 databases when starting up; close when shutting down.
      - clarify the logged error message when an unknown database type
        is configured.
      - add new geoip ACL subtypes to support searching for continent in
        country databases.
      - map geoip ACL subtypes to specific MMDB database queries.
      - perform MMDB lookups based on subtype, saving state between
        queries so repeated lookups for the same address aren't necessary.
    • Evan Hunt's avatar
  17. 25 Jun, 2019 1 commit
    • Ondřej Surý's avatar
      Make the usage of libxml2 opaque to the caller · 0771dd3b
      Ondřej Surý authored
      The libxml2 have previously leaked into the global namespace leading
      to forced -I<include_path> for every compilation unit using isc/xml.h
      header.  This MR fixes the usage making the caller object opaque.
  18. 24 Jun, 2019 1 commit
    • Tony Finch's avatar
      When a server reload fails, print a note in `rndc status`. · 8e05e2e9
      Tony Finch authored
      After a failed reload I noticed two problems:
      * There was a missing newline in the output of `rndc status` so it
        finished "reload/reconfig in progressserver is up and running"
      * The "reconfig in progress" note should have said "reconfig failed"
  19. 05 Jun, 2019 3 commits
    • Evan Hunt's avatar
      "dnssec-keys" is now a synonym for "managed-keys" · 821f041d
      Evan Hunt authored
      - managed-keys is now deprecated as well as trusted-keys, though
        it continues to work as a synonym for dnssec-keys
      - references to managed-keys have been updated throughout the code.
      - tests have been updated to use dnssec-keys format
      - also the trusted-keys entries have been removed from the generated
        bind.keys.h file and are no longer generated by bindkeys.pl.
    • Evan Hunt's avatar
      deprecate "trusted-keys" · 5ab25218
      Evan Hunt authored
      - trusted-keys is now flagged as deprecated, but still works
      - managed-keys can be used to configure permanent trust anchors by
        using the "static-key" keyword in place of "initial-key"
      - parser now uses an enum for static-key and initial-key keywords
    • Tony Finch's avatar
      Remove `cleaning-interval` remnants. · a9dca583
      Tony Finch authored
      Since 2008, the cleaning-interval timer has been documented as
      "effectively obsolete" and disabled in the default configuration with
      a comment saying "now meaningless".
      This change deletes all the code that implements the cleaning-interval
      timer, except for the config parser in whcih it is now explicitly
      marked as obsolete.
      I have verified (using the deletelru and deletettl cache stats) that
      named still cleans the cache after this change.
  20. 22 Mar, 2019 1 commit
  21. 19 Mar, 2019 1 commit
    • Michał Kępień's avatar
      Move code handling key loading errors into a common function · b85007e0
      Michał Kępień authored
      Some values returned by dstkey_fromconfig() indicate that key loading
      should be interrupted, others do not.  There are also certain subsequent
      checks to be made after parsing a key from configuration and the results
      of these checks also affect the key loading process.  All of this
      complicates the key loading logic.
      In order to make the relevant parts of the code easier to follow, reduce
      the body of the inner for loop in load_view_keys() to a single call to a
      new function, process_key().  Move dstkey_fromconfig() error handling to
      process_key() as well and add comments to clearly describe the effects
      of various key loading errors.