1. 20 Mar, 2021 1 commit
  2. 19 Mar, 2021 1 commit
  3. 18 Mar, 2021 3 commits
  4. 17 Mar, 2021 1 commit
    • Matthijs Mekking's avatar
      Fix "unable to thaw dynamic kasp zone" · b518ed9f
      Matthijs Mekking authored
      Dynamic zones with dnssec-policy could not be thawed because KASP
      zones were considered always dynamic. But a dynamic KASP zone should
      also check whether updates are disabled.
      b518ed9f
  5. 16 Mar, 2021 2 commits
    • Matthijs Mekking's avatar
      Add change entry for [#2514] · c69fafdd
      Matthijs Mekking authored
      c69fafdd
    • Matthijs Mekking's avatar
      Fix a XoT crash · ee0835d9
      Matthijs Mekking authored
      The transport should also be detached when we skip a master, otherwise
      named will crash when sending a SOA query to the next master over TLS,
      because the transport must be NULL when we enter
      'dns_view_gettransport'.
      ee0835d9
  6. 15 Mar, 2021 1 commit
  7. 11 Mar, 2021 1 commit
    • Matthijs Mekking's avatar
      Fix servestale fetchlimits crash · 87591de6
      Matthijs Mekking authored
      When we query the resolver for a domain name that is in the same zone
      for which is already one or more fetches outstanding, we could
      potentially hit the fetch limits. If so, recursion fails immediately
      for the incoming query and if serve-stale is enabled, we may try to
      return a stale answer.
      
      If the resolver is also is authoritative for the parent zone (for
      example the root zone), first a delegation is found, but we first
      check the cache for a better response.
      
      Nothing is found in the cache, so we try to recurse to find the
      answer to the query.
      
      Because of fetch-limits 'dns_resolver_createfetch()' returns an error,
      which 'ns_query_recurse()' propagates to the caller,
      'query_delegation_recurse()'.
      
      Because serve-stale is enabled, 'query_usestale()' is called,
      setting 'qctx->db' to the cache db, but leaving 'qctx->version'
      untouched. Now 'query_lookup()' is called to search for stale data
      in the cache database with a non-NULL 'qctx->version'
      (which is set to a zone db versio...
      87591de6
  8. 05 Mar, 2021 1 commit
  9. 04 Mar, 2021 3 commits
  10. 25 Feb, 2021 3 commits
  11. 23 Feb, 2021 2 commits
  12. 19 Feb, 2021 1 commit
  13. 18 Feb, 2021 2 commits
  14. 17 Feb, 2021 4 commits
  15. 16 Feb, 2021 1 commit
  16. 15 Feb, 2021 2 commits
  17. 09 Feb, 2021 1 commit
  18. 03 Feb, 2021 5 commits
    • Mark Andrews's avatar
      Add CHANGES · 2b5091ac
      Mark Andrews authored
      2b5091ac
    • Matthijs Mekking's avatar
      Add change and release note for [#2375] · 7947f7f9
      Matthijs Mekking authored
      News worthy.
      7947f7f9
    • Evan Hunt's avatar
      CHANGES, release notes · 91718fe4
      Evan Hunt authored
      91718fe4
    • Artem Boldariev's avatar
      Initial support for DNS-over-HTTP(S) · 08da09bc
      Artem Boldariev authored
      This commit completes the support for DNS-over-HTTP(S) built on top of
      nghttp2 and plugs it into the BIND. Support for both GET and POST
      requests is present, as required by RFC8484.
      
      Both encrypted (via TLS) and unencrypted HTTP/2 connections are
      supported. The latter are mostly there for debugging/troubleshooting
      purposes and for the means of encryption offloading to third-party
      software (as might be desirable in some environments to simplify TLS
      certificates management).
      08da09bc
    • Matthijs Mekking's avatar
      Correctly initialize old key with state file · 76cf72e6
      Matthijs Mekking authored
      The 'key_init()' function is used to initialize a state file for keys
      that don't have one yet. This can happen if you are migrating from a
      'auto-dnssec' or 'inline-signing' to a 'dnssec-policy' configuration.
      
      It did not look at the "Inactive" and "Delete" timing metadata and so
      old keys left behind in the key directory would also be considered as
      a possible active key. This commit fixes this and now explicitly sets
      the key goal to OMNIPRESENT for keys that have their "Active/Publish"
      timing metadata in the past, but their "Inactive/Delete" timing
      metadata in the future. If the "Inactive/Delete" timing metadata is
      also in the past, the key goal is set to HIDDEN.
      
      If the "Inactive/Delete" timing metadata is in the past, also the
      key states are adjusted to either UNRETENTIVE or HIDDEN, depending on
      how far in the past the metadata is set.
      76cf72e6
  19. 29 Jan, 2021 1 commit
  20. 28 Jan, 2021 4 commits