...
 
Commits (337)

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

BasedOnStyle: LLVM
IndentWidth: 8
UseTab: Always
BreakBeforeBraces: Linux
BreakBeforeBraces: Custom
BraceWrapping:
AfterClass: false
AfterEnum: false
AfterStruct: false
AfterUnion: false
AfterControlStatement: MultiLine
AfterFunction: false # should also be MultiLine, but not yet supported
AfterExternBlock: false
BeforeElse: false
IndentBraces: false
SplitEmptyFunction: true
AllowShortIfStatementsOnASingleLine: false
IndentCaseLabels: false
AlwaysBreakAfterReturnType: All
Cpp11BracedListStyle: false
ColumnLimit: 80
AlignAfterOpenBracket: Align
AlignConsecutiveDeclarations: true
AlignConsecutiveDeclarations: false
AlignConsecutiveMacros: true
AlignTrailingComments: true
AllowAllArgumentsOnNextLine: true
AlwaysBreakBeforeMultilineStrings: false
BreakBeforeBinaryOperators: None
BreakBeforeTernaryOperators: true
AlignEscapedNewlines: Left
DerivePointerAlignment: false
PointerAlignment: Right
PointerBindsToType: false
IncludeBlocks: Regroup
IncludeCategories:
- Regex: '^<isc/'
Priority: 2
Priority: 5
- Regex: '^<(pk11|pkcs11)/'
Priority: 10
- Regex: '^<dns/'
Priority: 3
- Regex: '^<iscccc/'
Priority: 4
Priority: 15
- Regex: '^<dst/'
Priority: 20
- Regex: '^<isccc/'
Priority: 25
- Regex: '^<isccfg/'
Priority: 5
Priority: 30
- Regex: '^<ns/'
Priority: 6
- Regex: '^<bind9/)'
Priority: 7
- Regex: '^(<[^/]*)/)'
Priority: 8
- Regex: '<[[:alnum:].]+>'
Priority: 35
- Regex: '^<irs/'
Priority: 40
- Regex: '^<bind9/'
Priority: 45
- Regex: '^<(dig|named|rndc|confgen|dlz)/'
Priority: 50
- Regex: '^<dlz_'
Priority: 55
- Regex: '^".*"'
Priority: 99
- Regex: '<openssl/'
Priority: 1
- Regex: '<(mysql|protobuf-c)/'
Priority: 1
- Regex: '".*"'
Priority: 9
- Regex: '.*'
Priority: 0
KeepEmptyLinesAtTheStartOfBlocks: false
# Taken from git's rules
PenaltyBreakAssignment: 10
# PenaltyBreakBeforeFirstCallParameter: 30
MaxEmptyLinesToKeep: 1
PenaltyBreakAssignment: 30
PenaltyBreakComment: 10
PenaltyBreakFirstLessLess: 0
PenaltyBreakString: 10
PenaltyBreakString: 80
PenaltyExcessCharacter: 100
Standard: Cpp11
ContinuationIndentWidth: 8
BasedOnStyle: LLVM
IndentWidth: 8
UseTab: Always
BreakBeforeBraces: Custom
BraceWrapping:
AfterClass: false
AfterEnum: false
AfterStruct: false
AfterUnion: false
AfterControlStatement: MultiLine
AfterFunction: false # should also be MultiLine, but not yet supported
AfterExternBlock: false
BeforeElse: false
IndentBraces: false
SplitEmptyFunction: true
AllowShortIfStatementsOnASingleLine: false
IndentCaseLabels: false
AlwaysBreakAfterReturnType: All
Cpp11BracedListStyle: false
ColumnLimit: 80
AlignAfterOpenBracket: Align
AlignConsecutiveDeclarations: true
AlignConsecutiveMacros: true
AlignTrailingComments: true
AllowAllArgumentsOnNextLine: true
AlwaysBreakBeforeMultilineStrings: false
BreakBeforeBinaryOperators: None
BreakBeforeTernaryOperators: true
AlignEscapedNewlines: Left
DerivePointerAlignment: false
PointerAlignment: Right
PointerBindsToType: false
IncludeBlocks: Regroup
IncludeCategories:
- Regex: '^<isc/'
Priority: 2
- Regex: '^<dns/'
Priority: 3
- Regex: '^<iscccc/'
Priority: 4
- Regex: '^<isccfg/'
Priority: 5
- Regex: '^<ns/'
Priority: 6
- Regex: '^<bind9/)'
Priority: 7
- Regex: '^(<[^/]*)/)'
Priority: 8
- Regex: '<[[:alnum:].]+>'
Priority: 1
- Regex: '".*"'
Priority: 9
KeepEmptyLinesAtTheStartOfBlocks: false
MaxEmptyLinesToKeep: 1
PenaltyBreakAssignment: 30
PenaltyBreakComment: 10
PenaltyBreakFirstLessLess: 0
PenaltyBreakString: 80
PenaltyExcessCharacter: 100
Standard: Cpp11
ContinuationIndentWidth: 8
......@@ -7,4 +7,5 @@
/doc/dev export-ignore
/util/** export-ignore
/util/bindkeys.pl -export-ignore
/util/check-make-install.in -export-ignore
/util/mksymtbl.pl -export-ignore
......@@ -61,3 +61,4 @@ timestamp
/cppcheck_html/
/cppcheck.results
/tsan
/util/check-make-install
This diff is collapsed.
......@@ -59,6 +59,7 @@
- [ ] ***(QA)*** Ensure all new tags are annotated and signed.
- [ ] ***(SwEng)*** Push tags for the published releases to the public repository.
- [ ] ***(SwEng)*** Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`).
- [ ] ***(QA)*** For each maintained branch, update the `BIND_BASELINE_VERSION` variable for the `abi-check:sid:amd64` job in `.gitlab-ci.yml` to the latest published BIND version tag for a given branch.
[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
......
......@@ -24,7 +24,7 @@ string_escape_char2 = 0 # number
# Improvements to template detection may make this option obsolete.
tok_split_gte = false # false/true
# Control what to do with the UTF-8 BOM (recommed 'remove')
# Control what to do with the UTF-8 BOM (recommend 'remove')
utf8_bom = ignore # ignore/add/remove/force
# If the file only contains chars between 128 and 255 and is not UTF-8, then output as UTF-8
......@@ -1352,7 +1352,7 @@ cmt_insert_func_header = "" # string
# Will substitute $(class) with the class name.
cmt_insert_class_header = "" # string
# The filename that contains text to insert before a Obj-C message specification if the method isn't preceeded with a C/C++ comment.
# The filename that contains text to insert before a Obj-C message specification if the method isn't preceded with a C/C++ comment.
# Will substitute $(message) with the function name and $(javaparam) with the javadoc @param and @return stuff.
cmt_insert_oc_msg_header = "" # string
......
5369. [func] Add the ability to specify whether or not to wait
for nameserver domain names to be looked up, with
a new RPZ modifying directive 'nsdname-wait-recurse'.
[GL #1138]
5368. [bug] Named failed to restart if 'rndc addzone' names
contained special characters (e.g. '/'). [GL #1655]
5367. [placeholder]
--- 9.17.0 released ---
5366. [bug] Fix a race condition with the keymgr when the same
zone plus dnssec-policy is configured in multiple
views. [GL #1653]
5365. [bug] Algorithm rollover was stuck on submitting DS
because keymgr thought it would move to an invalid
state. Fixed by checking the current key against
the desired state, not the existing state. [GL #1626]
5364. [bug] Algorithm rollover waited too long before introducing
zone signatures. It waited to make sure all signatures
were regenerated, but when introducing a new algorithm,
all signatures are regenerated immediately. Only
add the sign delay if there is a predecessor key.
[GL #1625]
5363. [bug] When changing a dnssec-policy, existing keys with
properties that no longer match were not being retired.
[GL #1624]
5362. [func] Limit the size of IXFR responses so that AXFR will
be used instead if it would be smaller. This is
controlled by the "max-ixfr-ratio" option, which
is a percentage representing the ratio of IXFR size
to the size of the entire zone. This value cannot
exceed 100%, which is the default. [GL #1515]
5361. [bug] named might not accept new connections after
hitting tcp-clients quota. [GL #1643]
5360. [bug] delv could fail to load trust anchors in DNSKEY
format. [GL #1647]
5359. [func] "rndc nta -d" and "rndc secroots" now include
"validate-except" entries when listing negative
trust anchors. These are indicated by the keyword
"permanent" in place of an expiry date. [GL #1532]
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. This was a side effect of 5315.
[GL !3137]
5356. [func] Update dnssec-policy configuration statements:
- Rename "zone-max-ttl" dnssec-policy option to
"max-zone-ttl" for consistency with the existing
......@@ -124,7 +183,7 @@
close all open sockets during shutdown. [GL #1312]
5324. [bug] Change the category of some log messages from general
to the more appopriate catergory of xfer-in. [GL #1394]
to the more appropriate catergory of xfer-in. [GL #1394]
5323. [bug] Fix a bug in DNSSEC trust anchor verification.
[GL !2609]
......@@ -172,7 +231,7 @@
See the ARM for configuration details. [GL #1134]
5315. [bug] Apply the inital RRSIG expiration spread fixed
5315. [bug] Apply the initial RRSIG expiration spread fixed
to all dynamically created records in the zone
including NSEC3. Also fix the signature clusters
when the server has been offline for prolonged
......@@ -1385,7 +1444,7 @@
4965. [func] Add support for marking options as deprecated.
[GL #322]
4964. [bug] Reduce the probabilty of double signature when deleting
4964. [bug] Reduce the probability of double signature when deleting
a DNSKEY by checking if the node is otherwise signed
by the algorithm of the key to be deleted. [GL #240]
......@@ -1469,7 +1528,7 @@
for unsigned zones since change 4596. [GL #209]
4945. [func] BIND can no longer be built without DNSSEC support.
A cryptography provder (i.e., OpenSSL or a hardware
A cryptography provider (i.e., OpenSSL or a hardware
service module with PKCS#11 support) must be
available. [GL #244]
......@@ -1528,7 +1587,7 @@
dig (+[no]raflag, +[no]tcflag). [GL #213]
4928. [func] The "dnskey-sig-validity" option allows
"sig-validity-interval" to be overriden for signatures
"sig-validity-interval" to be overridden for signatures
covering DNSKEY RRsets. [GL #145]
4927. [placeholder]
......@@ -1867,7 +1926,7 @@
[RT #46725]
4831. [bug] Convert the RRSIG expirytime to 64 bits for
comparisions in diff.c:resign. [RT #46710]
comparisons in diff.c:resign. [RT #46710]
4830. [bug] Failure to configure ATF when requested did not cause
an error in top-level configure script. [RT #46655]
......@@ -2093,7 +2152,7 @@
used to append a formatted string to the used region of
a buffer. [RT #46201]
4766. [cleanup] Addresss Coverity warnings. [RT #46150]
4766. [cleanup] Address Coverity warnings. [RT #46150]
4765. [bug] Address potential INSIST in dnssec-cds. [RT #46150]
......@@ -2287,7 +2346,7 @@
4719. [bug] Address PVS static analyzer warnings. [RT #45946]
4718. [func] Avoid seaching for a owner name compression pointer
4718. [func] Avoid searching for a owner name compression pointer
more than once when writing out a RRset. [RT #45802]
4717. [bug] Treat replies with QCOUNT=0 as truncated if TC=1,
......@@ -6432,7 +6491,7 @@
3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
so that all dns_rrl_rtype_t enum values fit regardless
of whether it is teated as signed or unsigned by
of whether it is treated as signed or unsigned by
the compiler. [RT #32792]
3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
......@@ -7507,7 +7566,7 @@
--- 9.9.0b1 released ---
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
3186. [bug] Version/db mismatch in rpz code. [RT #26180]
3185. [func] New 'rndc signing' option for auto-dnssec zones:
- 'rndc signing -list' displays the current
......@@ -8172,7 +8231,7 @@
2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
to the task api. [RT #22776]
2997. [func] named -V now reports the OpenSSL and libxml2 verions
2997. [func] named -V now reports the OpenSSL and libxml2 versions
it was compiled against. [RT #22687]
2996. [security] Temporarily disable SO_ACCEPTFILTER support.
......@@ -11155,7 +11214,7 @@
2096. [bug] libbind: handle applications that fail to detect
res_init() failures better.
2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
2095. [port] libbind: always prototype inet_cidr_ntop_ipv6() and
net_cidr_ntop_ipv6(). [RT #16388]
2094. [contrib] Update named-bootconf. [RT #16404]
......@@ -11211,7 +11270,7 @@
2076. [bug] Several files were missing #include <config.h>
causing build failures on OSF. [RT #16341]
2075. [bug] The spillat timer event hander could leak memory.
2075. [bug] The spillat timer event handler could leak memory.
[RT #16357]
2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
......@@ -11973,7 +12032,7 @@
1831. [doc] Update named-checkzone documentation. [RT #13604]
1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
1830. [bug] adb lame cache has sense of test reversed. [RT #13600]
1829. [bug] win32: "pid-file none;" broken. [RT #13563]
......@@ -12084,7 +12143,7 @@
1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
1795. [bug] "rndc dumpdb" was not fully documented. Minor
formating issues with "rndc dumpdb -all". [RT #13396]
formatting issues with "rndc dumpdb -all". [RT #13396]
1794. [func] Named and named-checkzone can now both check for
non-terminal wildcard records.
......@@ -13261,7 +13320,7 @@
acl.
1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
is not available in the kernel to prevent accidently
is not available in the kernel to prevent accidentally
listening on IPv4 interfaces.
1392. [bug] named-checkzone: update usage.
......@@ -14989,7 +15048,7 @@
839. [func] Dump packets for which there was no view or that the
class could not be determined to category "unmatched".
838. [port] UnixWare 7.x.x is now suported by
838. [port] UnixWare 7.x.x is now supported by
bin/tests/system/ifconfig.sh.
837. [cleanup] Multi-threading is now enabled by default only on
......
......@@ -99,7 +99,7 @@ e-mail is not a secure choice for communications concerning undisclosed
security issues so please encrypt your communications to us if possible,
using the ISC Security Officer public key.
Do not discuss undisclosed security vulnerabilites on any public mailing
Do not discuss undisclosed security vulnerabilities on any public mailing
list. ISC has a long history of handling reported vulnerabilities promptly
and effectively and we respect and acknowledge responsible reporters.
......
......@@ -107,7 +107,7 @@ e-mail is not a secure choice for communications concerning undisclosed
security issues so please encrypt your communications to us if possible,
using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
Do not discuss undisclosed security vulnerabilites on any public mailing list.
Do not discuss undisclosed security vulnerabilities on any public mailing list.
ISC has a long history of handling reported vulnerabilities promptly and
effectively and we respect and acknowledge responsible reporters.
......
......@@ -2,6 +2,21 @@ HISTORY
Functional enhancements from prior major releases of BIND 9
BIND 9.16
BIND 9.16 (a stable branch based on the 9.15 development branch) includes
a number of changes from BIND 9.14 and earlier releases. New features
include:
* New dnssec-policy statement to configure a key and signing policy for
zones, enabling automatic key regeneration and rollover.
* New network manager based on libuv.
* Added support for the new GeoIP2 geolocation API, libmaxminddb.
* Improved DNSSEC trust anchor configuration using the trust-anchors
statement, permitting configuration of trust anchors in DS as well as
DNSKEY format.
* YAML output for dig, mdig, and delv.
BIND 9.14
BIND 9.14 (a stable branch based on the 9.13 development branch) includes
......@@ -143,7 +158,7 @@ releases. New features include:
* "rndc modzone" reconfigures a single zone, without requiring the
entire server to be reconfigured.
* "rndc showzone" displays the current configuration of a zone.
* "rndc managed-keys" can be used to check the status of RFC 5001
* "rndc managed-keys" can be used to check the status of RFC 5011
managed trust anchors, or to force trust anchors to be refreshed.
* "max-cache-size" can now be set to a percentage of available memory.
The default is 90%.
......@@ -515,8 +530,8 @@ BIND 9.4.0
* dig: report the number of extra bytes still left in the packet after
processing all the records.
* Support for IPSECKEY rdata type.
* Raise the UDP recieve buffer size to 32k if it is less than 32k.
* x86 and x86_64 now have seperate atomic locking implementations.
* Raise the UDP receive buffer size to 32k if it is less than 32k.
* x86 and x86_64 now have separate atomic locking implementations.
* named-checkconf now validates update-policy entries.
* Attempt to make the amount of work performed in a iteration self
tuning. The covers nodes clean from the cache per iteration, nodes
......@@ -533,8 +548,8 @@ BIND 9.4.0
* dig now warns if 'RA' is not set in the answer when 'RD' was set in
the query. host/nslookup skip servers that fail to set 'RA' when 'RD'
is set unless a server is explicitly set.
* Integrate contibuted DLZ code into named.
* Integrate contibuted IDN code from JPNIC.
* Integrate contributed DLZ code into named.
* Integrate contributed IDN code from JPNIC.
* libbind: corresponds to that from BIND 8.4.7.
BIND 9.3.0
......
......@@ -10,6 +10,21 @@
-->
### Functional enhancements from prior major releases of BIND 9
#### BIND 9.16
BIND 9.16 (a stable branch based on the 9.15 development branch)
includes a number of changes from BIND 9.14 and earlier releases.
New features include:
* New `dnssec-policy` statement to configure a key and signing policy
for zones, enabling automatic key regeneration and rollover.
* New network manager based on `libuv`.
* Added support for the new GeoIP2 geolocation API, `libmaxminddb`.
* Improved DNSSEC trust anchor configuration using the `trust-anchors`
statement, permitting configuration of trust anchors in DS as well as
DNSKEY format.
* YAML output for `dig`, `mdig`, and `delv`.
#### BIND 9.14
BIND 9.14 (a stable branch based on the 9.13 development branch)
......@@ -533,8 +548,8 @@ BIND 9.4.0
- dig: report the number of extra bytes still left in the packet after
processing all the records.
- Support for IPSECKEY rdata type.
- Raise the UDP recieve buffer size to 32k if it is less than 32k.
- x86 and x86_64 now have seperate atomic locking implementations.
- Raise the UDP receive buffer size to 32k if it is less than 32k.
- x86 and x86_64 now have separate atomic locking implementations.
- named-checkconf now validates update-policy entries.
- Attempt to make the amount of work performed in a iteration self tuning.
The covers nodes clean from the cache per iteration, nodes written to
......@@ -551,8 +566,8 @@ BIND 9.4.0
- dig now warns if 'RA' is not set in the answer when 'RD' was set in the
query. host/nslookup skip servers that fail to set 'RA' when 'RD' is set
unless a server is explicitly set.
- Integrate contibuted DLZ code into named.
- Integrate contibuted IDN code from JPNIC.
- Integrate contributed DLZ code into named.
- Integrate contributed IDN code from JPNIC.
- libbind: corresponds to that from BIND 8.4.7.
#### BIND 9.3.0
......
......@@ -17,7 +17,7 @@ The following C11 features are used in BIND 9:
the form of C11 _Thread_local/thread_local, the __thread GCC
extension, or the __declspec(thread) MSVC extension on Windows.
BIND 9.15 requires a fairly recent version of libuv (at least 1.x). For
BIND 9.17 requires a fairly recent version of libuv (at least 1.x). For
some of the older systems listed below, you will have to install an
updated libuv package from sources such as EPEL, PPA, or other native
sources for updated packages. The other option is to build and install
......@@ -34,14 +34,14 @@ offer support on a "best effort" basis for some.
Regularly tested platforms
As of Feb 2020, BIND 9.15 is fully supported and regularly tested on the
As of Mar 2020, BIND 9.17 is fully supported and regularly tested on the
following systems: