Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/mpl/bind/dist Import 9.16.42 (last was 9.16.37)
details: https://anonhg.NetBSD.org/src/rev/ca17e01b27f9
branches: trunk
changeset: 376636:ca17e01b27f9
user: christos <christos%NetBSD.org@localhost>
date: Mon Jun 26 21:45:59 2023 +0000
description:
Import 9.16.42 (last was 9.16.37)
--- 9.16.42 released ---
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
--- 9.16.41 released ---
6157. [bug] When removing delegations in an OPTOUT range
empty-non-terminal NSEC3 records generated by
those delegations were not removed. [GL #4027]
--- 9.16.40 released ---
6142. [bug] Reduce the number of dns_dnssec_verify calls made
determining if revoked keys needs to be removed from
the trust anchors. [GL #3981]
6138. [doc] Fix the DF-flag documentation on the outgoing
UDP packets. [GL #3710]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is
never read. [GL #3965]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
an NSEC3 incapable DNSSEC algorithm using KASP the zone
could sometimes be incompletely signed. [GL #3937]
5741. [bug] Log files with "timestamp" suffixes could be left in
place after rolling, even if the number of preserved
log files exceeded the configured "versions" limit.
[GL #828] [GL #3959]
--- 9.16.39 released ---
6119. [bug] Make sure to revert the reconfigured zones to the
previous version of the view, when the new view
reconfiguration fails during the configuration of
one of the configured zones. [GL #3911]
6116. [bug] Fix error path cleanup issue in the dns_catz_new_zones()
function. [GL #3900]
6115. [bug] Unregister db update notify callback before detaching
from the previous db inside the catz update notify
callback. [GL #3777]
6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in
configure_rpz() and configure_catz(), respectively,
just after attaching it to the new view. [GL #3880]
6098. [test] Don't test HMAC-MD5 when not supported by libcrypto.
[GL #3871]
6095. [test] Test various 'islands of trust' configurations when
using managed keys. [GL #3662]
6094. [bug] Building against (or running with) libuv versions
1.35.0 and 1.36.0 is now a fatal error. The rules for
mixing and matching compile-time and run-time libuv
versions have been tightened for libuv versions between
1.35.0 and 1.40.0. [GL #3840]
--- 9.16.38 released ---
6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently
broken by change 6042. [GL #3827]
6081. [bug] Handle primary server address lookup failures in
nsupdate more gracefully. [GL #3830]
6080. [bug] 'named -V' leaked memory. [GL #3829]
6079. [bug] Force set the DS state after a 'rdnc dnssec -checkds'
command. [GL #3822]
6075. [bug] Add missing node lock when setting node->wild in
add_wildcard_magic. [GL #3799]
6072. [bug] Avoid the OpenSSL lock contention when initializing
Message Digest Contexts by using explicit algorithm
fetching, initializing static contexts for every
supported algorithms, and initializing the new context
by copying the static copy. [GL #3795]
6069. [bug] Detach from the view in zone_shutdown() to
release the memory held by the dead view
early. [GL #3801]
diffstat:
external/mpl/bind/dist/CHANGES | 115 ++
external/mpl/bind/dist/CONTRIBUTING | 8 +-
external/mpl/bind/dist/CONTRIBUTING.md | 8 +-
external/mpl/bind/dist/bin/python/isc/coverage.py.in | 1 +
external/mpl/bind/dist/bin/python/isc/dnskey.py.in | 1 +
external/mpl/bind/dist/bin/python/isc/keymgr.py.in | 1 +
external/mpl/bind/dist/bin/python/isc/keyzone.py.in | 1 +
external/mpl/bind/dist/bin/rndc/rndc.rst | 8 +-
external/mpl/bind/dist/bin/tests/system/acl/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/autosign/clean.sh | 3 +-
external/mpl/bind/dist/bin/tests/system/autosign/ns2/keygen.sh | 8 +
external/mpl/bind/dist/bin/tests/system/autosign/ns2/named.conf.in | 9 +
external/mpl/bind/dist/bin/tests/system/autosign/ns2/optout-with-ent.db.in | 22 +
external/mpl/bind/dist/bin/tests/system/autosign/tests.sh | 45 +-
external/mpl/bind/dist/bin/tests/system/catz/clean.sh | 1 +
external/mpl/bind/dist/bin/tests/system/catz/ns2/named1.conf.in | 11 +-
external/mpl/bind/dist/bin/tests/system/catz/ns4/catalog.example.db.in | 14 +
external/mpl/bind/dist/bin/tests/system/catz/ns4/named.conf.in | 55 +
external/mpl/bind/dist/bin/tests/system/catz/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/catz/tests.sh | 53 +
external/mpl/bind/dist/bin/tests/system/chain/ans4/ans.py | 2 +-
external/mpl/bind/dist/bin/tests/system/checkconf/kasp-bad-keylen.conf | 2 +-
external/mpl/bind/dist/bin/tests/system/cookie/ans9/ans.py | 2 +
external/mpl/bind/dist/bin/tests/system/dnssec/ans10/ans.py | 1 +
external/mpl/bind/dist/bin/tests/system/dnstap/tests.sh | 1 +
external/mpl/bind/dist/bin/tests/system/dupsigs/tests.sh | 35 +-
external/mpl/bind/dist/bin/tests/system/forward/ans11/ans.py | 1 +
external/mpl/bind/dist/bin/tests/system/get_algorithms.py | 10 +-
external/mpl/bind/dist/bin/tests/system/inline/tests_signed_zone_files.py | 1 -
external/mpl/bind/dist/bin/tests/system/kasp/tests.sh | 16 +-
external/mpl/bind/dist/bin/tests/system/legacy/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/logfileconfig/clean.sh | 5 +-
external/mpl/bind/dist/bin/tests/system/logfileconfig/named1.args | 1 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/named2.args | 1 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.dirconf.in | 43 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.iso8601-utc.in | 43 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.iso8601.in | 43 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.pipeconf.in | 43 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.plain.in | 50 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.plainconf.in | 34 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.symconf.in | 43 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.tsconf.in | 52 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.unlimited.in | 52 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/ns1/named.versconf.in | 52 +
external/mpl/bind/dist/bin/tests/system/logfileconfig/setup.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/logfileconfig/tests.sh | 521 +++------
external/mpl/bind/dist/bin/tests/system/mkeys/clean.sh | 9 +-
external/mpl/bind/dist/bin/tests/system/mkeys/ns1/named1.conf.in | 10 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns1/named2.conf.in | 10 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns1/named3.conf.in | 10 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns1/root.db | 3 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns1/sign.sh | 18 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns1/sub.tld.db | 21 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns1/tld.db | 23 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns4/named.conf.in | 5 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns4/sign.sh | 25 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns4/sub.foo.db | 21 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns5/foo.db | 23 +
external/mpl/bind/dist/bin/tests/system/mkeys/ns5/named.conf.in | 8 +
external/mpl/bind/dist/bin/tests/system/mkeys/setup.sh | 1 +
external/mpl/bind/dist/bin/tests/system/mkeys/tests.sh | 132 +-
external/mpl/bind/dist/bin/tests/system/nsec3/tests.sh | 1 -
external/mpl/bind/dist/bin/tests/system/nsupdate/setup.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/nsupdate/tests.sh | 38 +-
external/mpl/bind/dist/bin/tests/system/pytest_custom_markers.py | 4 +-
external/mpl/bind/dist/bin/tests/system/rndc/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/rndc/tests.sh | 24 +-
external/mpl/bind/dist/bin/tests/system/rpz/ns3/named.conf.in | 10 +
external/mpl/bind/dist/bin/tests/system/rpz/tests.sh | 10 +
external/mpl/bind/dist/bin/tests/system/run.sh | 23 +-
external/mpl/bind/dist/bin/tests/system/runtime/tests.sh | 10 +-
external/mpl/bind/dist/bin/tests/system/serve-stale/ans2/ans.pl | 54 +
external/mpl/bind/dist/bin/tests/system/serve-stale/ns1/root.db | 2 +
external/mpl/bind/dist/bin/tests/system/serve-stale/ns3/named2.conf.in | 7 +-
external/mpl/bind/dist/bin/tests/system/serve-stale/tests.sh | 79 +-
external/mpl/bind/dist/bin/tests/system/shutdown/tests_shutdown.py | 78 +-
external/mpl/bind/dist/bin/tests/system/statschannel/generic.py | 4 -
external/mpl/bind/dist/bin/tests/system/statschannel/generic_dnspython.py | 3 -
external/mpl/bind/dist/bin/tests/system/statschannel/tests_json.py | 3 -
external/mpl/bind/dist/bin/tests/system/statschannel/tests_xml.py | 2 -
external/mpl/bind/dist/bin/tests/system/tcp/tests_tcp.py | 2 -
external/mpl/bind/dist/bin/tests/system/testcrypto.sh | 12 +-
external/mpl/bind/dist/bin/tests/system/tsig/ns1/named.conf.in | 10 +-
external/mpl/bind/dist/bin/tests/system/tsig/setup.sh | 16 +
external/mpl/bind/dist/bin/tests/system/tsig/tests.sh | 65 +-
external/mpl/bind/dist/bin/tests/system/ttl/clean.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/ttl/prereq.sh | 31 +
external/mpl/bind/dist/bin/tests/system/ttl/setup.sh | 1 -
external/mpl/bind/dist/bin/tests/system/ttl/tests_cache_ttl.py | 32 +
external/mpl/bind/dist/configure.ac | 26 +-
external/mpl/bind/dist/dangerfile.py | 33 +-
external/mpl/bind/dist/doc/Makefile.in | 2 +-
external/mpl/bind/dist/doc/arm/build.rst | 10 +-
external/mpl/bind/dist/doc/arm/notes.rst | 5 +
external/mpl/bind/dist/doc/arm/platforms.rst | 10 +-
external/mpl/bind/dist/doc/arm/reference.rst | 36 +-
external/mpl/bind/dist/doc/dnssec-guide/validation.rst | 2 -
external/mpl/bind/dist/doc/man/ddns-confgen.8in | 8 +-
external/mpl/bind/dist/doc/man/delv.1in | 26 +-
external/mpl/bind/dist/doc/man/dig.1in | 12 +-
external/mpl/bind/dist/doc/man/dnssec-dsfromkey.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-importkey.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-keygen.8in | 2 +-
external/mpl/bind/dist/doc/man/dnssec-keymgr.8in | 14 +-
external/mpl/bind/dist/doc/man/dnssec-signzone.8in | 10 +-
external/mpl/bind/dist/doc/man/filter-aaaa.8in | 4 +-
external/mpl/bind/dist/doc/man/host.1in | 6 +-
external/mpl/bind/dist/doc/man/mdig.1in | 20 +-
external/mpl/bind/dist/doc/man/named-checkconf.8in | 2 +-
external/mpl/bind/dist/doc/man/named-checkzone.8in | 4 +-
external/mpl/bind/dist/doc/man/named-compilezone.8in | 4 +-
external/mpl/bind/dist/doc/man/nsec3hash.8in | 2 +-
external/mpl/bind/dist/doc/man/rndc.8in | 26 +-
external/mpl/bind/dist/doc/man/rndc.conf.5in | 14 +-
external/mpl/bind/dist/doc/man/tsig-keygen.8in | 2 +-
external/mpl/bind/dist/doc/notes/notes-9.16.38.rst | 33 +
external/mpl/bind/dist/doc/notes/notes-9.16.39.rst | 60 +
external/mpl/bind/dist/doc/notes/notes-9.16.40.rst | 32 +
external/mpl/bind/dist/doc/notes/notes-9.16.41.rst | 27 +
external/mpl/bind/dist/doc/notes/notes-9.16.42.rst | 45 +
external/mpl/bind/dist/lib/dns/win32/libdns.def.in | 1 +
external/mpl/bind/dist/lib/isc/win32/libisc.def.in | 4 +-
external/mpl/bind/dist/sonar-project.properties | 2 +
external/mpl/bind/dist/srcid | 2 +-
external/mpl/bind/dist/version | 2 +-
125 files changed, 2062 insertions(+), 712 deletions(-)
diffs (truncated from 4614 to 300 lines):
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/CHANGES
--- a/external/mpl/bind/dist/CHANGES Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/CHANGES Mon Jun 26 21:45:59 2023 +0000
@@ -1,3 +1,111 @@
+ --- 9.16.42 released ---
+
+6192. [security] A query that prioritizes stale data over lookup
+ triggers a fetch to refresh the stale data in cache.
+ If the fetch is aborted for exceeding the recursion
+ quota, it was possible for 'named' to enter an infinite
+ callback loop and crash due to stack overflow. This has
+ been fixed. (CVE-2023-2911) [GL #4089]
+
+6190. [security] Improve the overmem cleaning process to prevent the
+ cache going over the configured limit. (CVE-2023-2828)
+ [GL #4055]
+
+6183. [bug] Fix a serve-stale bug where a delegation from cache
+ could be returned to the client. [GL #3950]
+
+6173. [bug] Properly process extra "nameserver" lines in
+ resolv.conf otherwise the next line is not properly
+ processed. [GL #4066]
+
+6169. [bug] named could crash when deleting inline-signing zones
+ with "rndc delzone". [GL #4054]
+
+ --- 9.16.41 released ---
+
+6157. [bug] When removing delegations in an OPTOUT range
+ empty-non-terminal NSEC3 records generated by
+ those delegations were not removed. [GL #4027]
+
+ --- 9.16.40 released ---
+
+6142. [bug] Reduce the number of dns_dnssec_verify calls made
+ determining if revoked keys needs to be removed from
+ the trust anchors. [GL #3981]
+
+6138. [doc] Fix the DF-flag documentation on the outgoing
+ UDP packets. [GL #3710]
+
+6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
+
+6129. [cleanup] Value stored to 'source' during its initialization is
+ never read. [GL #3965]
+
+6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
+ an NSEC3 incapable DNSSEC algorithm using KASP the zone
+ could sometimes be incompletely signed. [GL #3937]
+
+5741. [bug] Log files with "timestamp" suffixes could be left in
+ place after rolling, even if the number of preserved
+ log files exceeded the configured "versions" limit.
+ [GL #828] [GL #3959]
+
+ --- 9.16.39 released ---
+
+6119. [bug] Make sure to revert the reconfigured zones to the
+ previous version of the view, when the new view
+ reconfiguration fails during the configuration of
+ one of the configured zones. [GL #3911]
+
+6116. [bug] Fix error path cleanup issue in the dns_catz_new_zones()
+ function. [GL #3900]
+
+6115. [bug] Unregister db update notify callback before detaching
+ from the previous db inside the catz update notify
+ callback. [GL #3777]
+
+6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in
+ configure_rpz() and configure_catz(), respectively,
+ just after attaching it to the new view. [GL #3880]
+
+6098. [test] Don't test HMAC-MD5 when not supported by libcrypto.
+ [GL #3871]
+
+6095. [test] Test various 'islands of trust' configurations when
+ using managed keys. [GL #3662]
+
+6094. [bug] Building against (or running with) libuv versions
+ 1.35.0 and 1.36.0 is now a fatal error. The rules for
+ mixing and matching compile-time and run-time libuv
+ versions have been tightened for libuv versions between
+ 1.35.0 and 1.40.0. [GL #3840]
+
+ --- 9.16.38 released ---
+
+6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently
+ broken by change 6042. [GL #3827]
+
+6081. [bug] Handle primary server address lookup failures in
+ nsupdate more gracefully. [GL #3830]
+
+6080. [bug] 'named -V' leaked memory. [GL #3829]
+
+6079. [bug] Force set the DS state after a 'rdnc dnssec -checkds'
+ command. [GL #3822]
+
+6075. [bug] Add missing node lock when setting node->wild in
+ add_wildcard_magic. [GL #3799]
+
+6072. [bug] Avoid the OpenSSL lock contention when initializing
+ Message Digest Contexts by using explicit algorithm
+ fetching, initializing static contexts for every
+ supported algorithms, and initializing the new context
+ by copying the static copy. [GL #3795]
+
+6069. [bug] Detach from the view in zone_shutdown() to
+ release the memory held by the dead view
+ early. [GL #3801]
+
--- 9.16.37 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota
@@ -48,6 +156,13 @@ 6045. [cleanup] The list of supported DN
6044. [bug] There was an "RSASHA236" typo in a log message.
[GL !7206]
+5845. [bug] Refactor the timer to keep track of posted events
+ as to use isc_task_purgeevent() instead of using
+ isc_task_purgerange(). The isc_task_purgeevent()
+ has been refactored to purge a single event instead
+ of walking through the list of posted events.
+ [GL #3252]
+
--- 9.16.36 released ---
6043. [bug] The key file IO locks objects would never get
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/CONTRIBUTING
--- a/external/mpl/bind/dist/CONTRIBUTING Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/CONTRIBUTING Mon Jun 26 21:45:59 2023 +0000
@@ -57,14 +57,14 @@ To clone the repository, use:
$ git clone https://gitlab.isc.org/isc-projects/bind9.git
-Release branch names are of the form v9_X, where X represents the second
-number in the BIND 9 version number. So, to check out the BIND 9.12
+Release branch names are of the form bind-9.X, where X represents the
+second number in the BIND 9 version number. So, to check out the BIND 9.18
branch, use:
- $ git checkout v9_12
+ $ git checkout bind-9.18
Whenever a branch is ready for publication, a tag is placed of the form
-v9_X_Y. The 9.12.0 release, for instance, is tagged as v9_12_0.
+v9.X.Y. The 9.18.0 release, for instance, is tagged as v9.18.0.
The branch in which the next major release is being developed is called
main.
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/CONTRIBUTING.md
--- a/external/mpl/bind/dist/CONTRIBUTING.md Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/CONTRIBUTING.md Mon Jun 26 21:45:59 2023 +0000
@@ -71,14 +71,14 @@ To clone the repository, use:
> $ git clone https://gitlab.isc.org/isc-projects/bind9.git
-Release branch names are of the form `v9_X`, where X represents the second
-number in the BIND 9 version number. So, to check out the BIND 9.12
+Release branch names are of the form `bind-9.X`, where X represents the second
+number in the BIND 9 version number. So, to check out the BIND 9.18
branch, use:
-> $ git checkout v9_12
+> $ git checkout bind-9.18
Whenever a branch is ready for publication, a tag is placed of the
-form `v9_X_Y`. The 9.12.0 release, for instance, is tagged as `v9_12_0`.
+form `v9.X.Y`. The 9.18.0 release, for instance, is tagged as `v9.18.0`.
The branch in which the next major release is being developed is called
`main`.
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/python/isc/coverage.py.in
--- a/external/mpl/bind/dist/bin/python/isc/coverage.py.in Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/python/isc/coverage.py.in Mon Jun 26 21:45:59 2023 +0000
@@ -24,6 +24,7 @@ prog = "dnssec-coverage"
from isc import dnskey, eventlist, keydict, keyevent, keyzone, utils
+
############################################################################
# print a fatal error and exit
############################################################################
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/python/isc/dnskey.py.in
--- a/external/mpl/bind/dist/bin/python/isc/dnskey.py.in Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/python/isc/dnskey.py.in Mon Jun 26 21:45:59 2023 +0000
@@ -14,6 +14,7 @@ import time
import calendar
from subprocess import Popen, PIPE
+
########################################################################
# Class dnskey
########################################################################
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/python/isc/keymgr.py.in
--- a/external/mpl/bind/dist/bin/python/isc/keymgr.py.in Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/python/isc/keymgr.py.in Mon Jun 26 21:45:59 2023 +0000
@@ -17,6 +17,7 @@ prog = "dnssec-keymgr"
from isc import dnskey, keydict, keyseries, policy, parsetab, utils
+
############################################################################
# print a fatal error and exit
############################################################################
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/python/isc/keyzone.py.in
--- a/external/mpl/bind/dist/bin/python/isc/keyzone.py.in Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/python/isc/keyzone.py.in Mon Jun 26 21:45:59 2023 +0000
@@ -14,6 +14,7 @@ import sys
import re
from subprocess import Popen, PIPE
+
########################################################################
# Exceptions
########################################################################
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/rndc/rndc.rst
--- a/external/mpl/bind/dist/bin/rndc/rndc.rst Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/rndc/rndc.rst Mon Jun 26 21:45:59 2023 +0000
@@ -173,9 +173,13 @@ Currently supported commands are:
notation.
``dnstap`` ( **-reopen** | **-roll** [*number*] )
- This command closes and re-opens DNSTAP output files. ``rndc dnstap -reopen`` allows
+ This command closes and re-opens DNSTAP output files.
+
+ ``rndc dnstap -reopen`` allows
the output file to be renamed externally, so that ``named`` can
- truncate and re-open it. ``rndc dnstap -roll`` causes the output file
+ truncate and re-open it.
+
+ ``rndc dnstap -roll`` causes the output file
to be rolled automatically, similar to log files. The most recent
output file has ".0" appended to its name; the previous most recent
output file is moved to ".1", and so on. If ``number`` is specified, then
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/tests/system/acl/tests.sh
--- a/external/mpl/bind/dist/bin/tests/system/acl/tests.sh Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/tests/system/acl/tests.sh Mon Jun 26 21:45:59 2023 +0000
@@ -99,7 +99,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1
# and other values? right out
t=`expr $t + 1`
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 > dig.out.${t}
+ @10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:three:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/tests/system/autosign/clean.sh
--- a/external/mpl/bind/dist/bin/tests/system/autosign/clean.sh Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/tests/system/autosign/clean.sh Mon Jun 26 21:45:59 2023 +0000
@@ -23,14 +23,13 @@ rm -f active.key inact.key del.key delzs
rm -f delayksk.key delayzsk.key autoksk.key autozsk.key
rm -f dig.out.*
rm -f digcomp.out.test*
-rm -f digcomp.out.test*
rm -f noksk-ksk.key nozsk-ksk.key nozsk-zsk.key inaczsk-zsk.key inaczsk-ksk.key
rm -f nopriv.key vanishing.key del1.key del2.key
rm -f ns*/managed-keys.bind*
rm -f ns*/named.lock
-rm -f ns*/named.lock
rm -f ns1/root.db
rm -f ns2/example.db
+rm -f ns2/optout-with-ent.db
rm -f ns2/private.secure.example.db ns2/bar.db
rm -f ns3/*.nzd ns3/*.nzd-lock ns3/*.nzf
rm -f ns3/*.nzf
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/tests/system/autosign/ns2/keygen.sh
--- a/external/mpl/bind/dist/bin/tests/system/autosign/ns2/keygen.sh Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/tests/system/autosign/ns2/keygen.sh Mon Jun 26 21:45:59 2023 +0000
@@ -56,3 +56,11 @@ do
done
$KEYGEN -a ECDSAP256SHA256 -q $zone > /dev/null
$DSFROMKEY Kbar.+013+60101.key > dsset-bar$TP
+
+# a zone with empty non-terminals.
+zone=optout-with-ent
+zonefile=optout-with-ent.db
+infile=optout-with-ent.db.in
+cat $infile > $zonefile
+kskname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q -fk $zone)
+$KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q $zone > /dev/null
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/tests/system/autosign/ns2/named.conf.in
--- a/external/mpl/bind/dist/bin/tests/system/autosign/ns2/named.conf.in Mon Jun 26 20:23:40 2023 +0000
+++ b/external/mpl/bind/dist/bin/tests/system/autosign/ns2/named.conf.in Mon Jun 26 21:45:59 2023 +0000
@@ -96,4 +96,13 @@ zone "child.optout.example" {
auto-dnssec maintain;
};
+zone "optout-with-ent" {
+ type primary;
+ file "optout-with-ent.db";
+ allow-query { any; };
+ allow-transfer { any; };
+ allow-update { any; };
+ auto-dnssec maintain;
+};
+
include "trusted.conf";
diff -r e24af97cf7cd -r ca17e01b27f9 external/mpl/bind/dist/bin/tests/system/autosign/ns2/optout-with-ent.db.in
Home |
Main Index |
Thread Index |
Old Index