Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind/dist Import bind 9.8.0-P2
details: https://anonhg.NetBSD.org/src/rev/8c249f53ee06
branches: trunk
changeset: 765483:8c249f53ee06
user: spz <spz%NetBSD.org@localhost>
date: Sat May 28 06:52:27 2011 +0000
description:
Import bind 9.8.0-P2
diffstat:
external/bsd/bind/dist/CHANGES | 50 +++-
external/bsd/bind/dist/README | 16 +-
external/bsd/bind/dist/bin/tests/system/dlv/clean.sh | 17 +-
external/bsd/bind/dist/bin/tests/system/dlv/ns1/named.conf | 6 +-
external/bsd/bind/dist/bin/tests/system/dlv/ns1/root.db.in | 26 +
external/bsd/bind/dist/bin/tests/system/dlv/ns1/sign.sh | 52 +++
external/bsd/bind/dist/bin/tests/system/dlv/ns2/druz.db.in | 54 +++
external/bsd/bind/dist/bin/tests/system/dlv/ns2/named.conf | 5 +-
external/bsd/bind/dist/bin/tests/system/dlv/ns2/sign.sh | 44 +++
external/bsd/bind/dist/bin/tests/system/dlv/ns3/named.conf | 10 +-
external/bsd/bind/dist/bin/tests/system/dlv/ns3/sign.sh | 143 +++++++++-
external/bsd/bind/dist/bin/tests/system/dlv/ns5/named.conf | 3 +-
external/bsd/bind/dist/bin/tests/system/dlv/ns6/named.conf | 10 +-
external/bsd/bind/dist/bin/tests/system/dlv/ns6/sign.sh | 121 ++++++++-
external/bsd/bind/dist/bin/tests/system/dlv/setup.sh | 4 +-
external/bsd/bind/dist/bin/tests/system/dlv/tests.sh | 18 +-
external/bsd/bind/dist/bin/tests/system/dnssec/clean.sh | 3 +-
external/bsd/bind/dist/bin/tests/system/dnssec/ns2/example.db.in | 11 +-
external/bsd/bind/dist/bin/tests/system/dnssec/ns2/sign.sh | 5 +-
external/bsd/bind/dist/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in | 45 +++
external/bsd/bind/dist/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in | 45 +++
external/bsd/bind/dist/bin/tests/system/dnssec/ns3/named.conf | 22 +-
external/bsd/bind/dist/bin/tests/system/dnssec/ns3/sign.sh | 44 +++-
external/bsd/bind/dist/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in | 45 +++
external/bsd/bind/dist/bin/tests/system/dnssec/setup.sh | 4 +-
external/bsd/bind/dist/bin/tests/system/dnssec/tests.sh | 44 ++-
external/bsd/bind/dist/bin/tests/system/rpz/ns3/base.db | 6 +-
external/bsd/bind/dist/bin/tests/system/rpz/tests.sh | 34 ++-
external/bsd/bind/dist/bin/tests/system/start.pl | 29 +-
external/bsd/bind/dist/bin/tests/system/xfer/tests.sh | 2 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/win32/libdns.def | 1 +
external/bsd/bind/dist/lib/isc/api | 2 +-
external/bsd/bind/dist/lib/isccc/Makefile.in | 4 +-
external/bsd/bind/dist/lib/isccfg/Makefile.in | 4 +-
external/bsd/bind/dist/version | 6 +-
37 files changed, 876 insertions(+), 61 deletions(-)
diffs (truncated from 1504 to 300 lines):
diff -r 368a165d52cf -r 8c249f53ee06 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Sat May 28 06:25:43 2011 +0000
+++ b/external/bsd/bind/dist/CHANGES Sat May 28 06:52:27 2011 +0000
@@ -1,3 +1,43 @@
+ --- 9.8.0-P2 released ---
+
+3121. [security] An authoritative name server sending a negative
+ response containing a very large RRset could
+ trigger an off-by-one error in the ncache code
+ and crash named. [RT #24650]
+
+3120. [bug] Named could fail to validate zones listed in a DLV
+ that validated insecure without using DLV and had
+ DS records in the parent zone. [RT #24631]
+
+ --- 9.8.0-P1 released ---
+
+3100. [security] Certain response policy zone configurations could
+ trigger an INSIST when receiving a query of type
+ RRSIG. [RT #24280]
+
+ --- 9.8.0 released ---
+
+3025. [bug] Fixed a possible deadlock due to zone resigning.
+ [RT #22964]
+
+3024. [func] RTT Banding removed due to minor security increase
+ but major impact on resolver latency. [RT #23310]
+
+3023. [bug] Named could be left in an inconsistent state when
+ receiving multiple AXFR response messages that were
+ not all TSIG-signed. [RT #23254]
+
+3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
+ [RT #23246]
+
+3021. [bug] Change #3010 was incomplete. [RT #22296]
+
+3020. [bug] auto-dnssec failed to correctly update the zone when
+ changing the DNSKEY RRset. [RT #23232]
+
+3019. [test] Test: check apex NSEC3 records after adding DNSKEY
+ record via UPDATE. [RT #23229]
+
--- 9.8.0rc1 released ---
3018. [bug] Named failed to check for the "none;" acl when deciding
@@ -158,7 +198,7 @@
2976. [bug] named could die on exit after negotiating a GSS-TSIG
key. [RT #22573]
-2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
+2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
wrong lock which could lead to server deadlock.
[RT #22614]
@@ -1117,7 +1157,7 @@
2695. [func] DHCP/DDNS - update fdwatch code for use by
DHCP. Modify the api to isc_sockfdwatch_t (the
- callback funciton for isc_socket_fdwatchcreate)
+ callback functon for isc_socket_fdwatchcreate)
to include information about the direction (read
or write) and add isc_socket_fdwatchpoke.
[RT #20253]
@@ -1182,7 +1222,7 @@
sets the time when a key is no longer used for
signing but is still published.
- The "unpublished" date (-U) is deprecated in
- favor of "deleted" (-D).
+ favour of "deleted" (-D).
[RT #20247]
2676. [bug] --with-export-installdir should have been
@@ -1372,11 +1412,11 @@
2624. [func] 'named-checkconf -p' will print out the parsed
configuration. [RT #18871]
-2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
+2623. [bug] Named started searches for DS non-optimally. [RT #19915]
2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
-2621. [doc] Made copyright boilterplate consistent. [RT #19833]
+2621. [doc] Made copyright boilerplate consistent. [RT #19833]
2620. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
diff -r 368a165d52cf -r 8c249f53ee06 external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Sat May 28 06:25:43 2011 +0000
+++ b/external/bsd/bind/dist/README Sat May 28 06:52:27 2011 +0000
@@ -50,7 +50,21 @@
BIND 9.8.0
- DNS64 support (AAAA synthesis only initially).
+ BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
+ releases. New features include:
+
+ - Built-in trust anchor for the root zone, which can be
+ switched on via "dnssec-validation auto;"
+ - Support for DNS64.
+ - Support for response policy zones (RPZ).
+ - Support for writable DLZ zones.
+ - Improved ease of configuration of GSS/TSIG for
+ interoperability with Active Directory
+ - Support for GOST signing algorithm for DNSSEC.
+ - Removed RTT Banding from server selection algorithm.
+ - New "static-stub" zone type.
+ - Allow configuration of resolver timeouts via
+ "resolver-query-timeout" option.
BIND 9.7.0
diff -r 368a165d52cf -r 8c249f53ee06 external/bsd/bind/dist/bin/tests/system/dlv/clean.sh
--- a/external/bsd/bind/dist/bin/tests/system/dlv/clean.sh Sat May 28 06:25:43 2011 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dlv/clean.sh Sat May 28 06:52:27 2011 +0000
@@ -14,17 +14,30 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# Id: clean.sh,v 1.7 2010-05-27 23:51:08 tbox Exp
+# Id: clean.sh,v 1.7.242.1 2011-05-27 00:57:30 each Exp
rm -f random.data
rm -f ns*/named.run
+rm -f ns1/K*
+rm -f ns1/dsset-*
+rm -f ns1/*.signed
+rm -f ns1/signer.err
+rm -f ns1/root.db
+rm -f ns2/K*
+rm -f ns2/dlvset-*
+rm -f ns2/dsset-*
+rm -f ns2/*.signed
+rm -f ns2/*.pre
+rm -f ns2/signer.err
+rm -f ns2/druz.db
rm -f ns3/K*
rm -f ns3/*.db
rm -f ns3/*.signed
rm -f ns3/dlvset-*
rm -f ns3/dsset-*
rm -f ns3/keyset-*
-rm -f ns3/trusted.conf ns5/trusted.conf
+rm -f ns1/trusted.conf ns5/trusted.conf
+rm -f ns3/trusted-dlv.conf ns5/trusted-dlv.conf
rm -f ns3/signer.err
rm -f ns6/K*
rm -f ns6/*.db
diff -r 368a165d52cf -r 8c249f53ee06 external/bsd/bind/dist/bin/tests/system/dlv/ns1/named.conf
--- a/external/bsd/bind/dist/bin/tests/system/dlv/ns1/named.conf Sat May 28 06:25:43 2011 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dlv/ns1/named.conf Sat May 28 06:52:27 2011 +0000
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: named.conf,v 1.4 2007-06-19 23:47:02 tbox Exp */
+/* Id: named.conf,v 1.4.950.1 2011-05-27 00:57:30 each Exp */
controls { /* empty */ };
@@ -28,8 +28,8 @@
listen-on-v6 { none; };
recursion no;
notify yes;
- dnssec-enable no;
+ dnssec-enable yes;
};
-zone "." { type master; file "root.db"; };
+zone "." { type master; file "root.signed"; };
zone "rootservers.utld" { type master; file "rootservers.utld.db"; };
diff -r 368a165d52cf -r 8c249f53ee06 external/bsd/bind/dist/bin/tests/system/dlv/ns1/root.db.in
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dlv/ns1/root.db.in Sat May 28 06:52:27 2011 +0000
@@ -0,0 +1,26 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; Id: root.db.in,v 1.3.8.2 2011-05-27 00:57:30 each Exp
+
+$TTL 120
+@ SOA ns.rootservers.utld hostmaster.ns.rootservers.utld (
+ 1 3600 1200 604800 60 )
+@ NS ns.rootservers.utld
+ns A 10.53.0.1
+;
+utld NS ns.utld
+ns.utld A 10.53.0.2
+druz NS ns.druz
+ns.druz A 10.53.0.2
diff -r 368a165d52cf -r 8c249f53ee06 external/bsd/bind/dist/bin/tests/system/dlv/ns1/sign.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dlv/ns1/sign.sh Sat May 28 06:52:27 2011 +0000
@@ -0,0 +1,52 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# Id: sign.sh,v 1.3.8.2 2011-05-27 00:57:30 each Exp
+
+(cd ../ns2 && sh -e ./sign.sh || exit 1)
+
+echo "I:dlv/ns1/sign.sh"
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data
+
+zone=.
+infile=root.db.in
+zonefile=root.db
+outfile=root.signed
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+
+echo "I: signed $zone"
+
+grep -v '^;' $keyname2.key | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print <<EOF
+trusted-keys {
+ "$dn" $flags $proto $alg "$key";
+};
+EOF
+' > trusted.conf
+cp trusted.conf ../ns5
+
diff -r 368a165d52cf -r 8c249f53ee06 external/bsd/bind/dist/bin/tests/system/dlv/ns2/druz.db.in
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/dlv/ns2/druz.db.in Sat May 28 06:52:27 2011 +0000
@@ -0,0 +1,54 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; Id: druz.db.in,v 1.4.8.2 2011-05-27 00:57:30 each Exp
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.2
+;
+rootservers NS ns.rootservers
+ns.rootservers A 10.53.0.1
+;
+;
+child1 NS ns.child1
+ns.child1 A 10.53.0.3
+;
+child2 NS ns.child2
+ns.child2 A 10.53.0.4
+;
+child3 NS ns.child3
+ns.child3 A 10.53.0.3
+;
+child4 NS ns.child4
+ns.child4 A 10.53.0.3
+;
Home |
Main Index |
Thread Index |
Old Index