]>
granicus.if.org Git - pdns/log
Pieter Lexis [Thu, 12 Jan 2017 13:15:07 +0000 (14:15 +0100)]
Merge pull request #4886 from rgacogne/rec40-spurious-rrs
Backport #4882: Don't parse spurious RRs in queries when we don't need them
Pieter Lexis [Thu, 12 Jan 2017 12:42:55 +0000 (13:42 +0100)]
Merge pull request #4881 from rgacogne/rec40-depth-limit
Backport #4880: rec: Add `max-recursion-depth` to limit the number of internal recursion
Pieter Lexis [Thu, 12 Jan 2017 12:42:37 +0000 (13:42 +0100)]
Merge pull request #4878 from pieterlexis/rec-4-mkpubsuffix
Backport #4874: Recursor: ship mkpubsuffixcc
Remi Gacogne [Fri, 16 Sep 2016 15:10:25 +0000 (17:10 +0200)]
Don't parse spurious RRs in queries when we don't need them
Remi Gacogne [Wed, 11 Jan 2017 14:52:19 +0000 (15:52 +0100)]
rec: Add `max-recursion-depth` to `upgrading.md`
(cherry picked from commit
8c25e5e927245c8ab5bcf21dc3c86973415ec52a )
Remi Gacogne [Tue, 10 Jan 2017 12:12:17 +0000 (13:12 +0100)]
rec: Add `max-recursion-depth` to limit the number of internal recursion
Default to 40, was unlimited.
(cherry picked from commit
7c3398aabe2e9dd8c5c3e8b3572455abfa3037be )
Pieter Lexis [Tue, 10 Jan 2017 17:01:54 +0000 (18:01 +0100)]
Recursor: ship mkpubsuffixcc
Closes #4842
(cherry picked from commit
265ff1c3cb1083e1f5b4ed0ddafd200c2f27acf4 )
Pieter Lexis [Wed, 11 Jan 2017 18:08:57 +0000 (19:08 +0100)]
Merge pull request #4870 from rgacogne/rec40-backport-4852
Backport 4852: DNSName: Check that both first two bits are set in compressed labels
Remi Gacogne [Wed, 4 Jan 2017 10:48:47 +0000 (11:48 +0100)]
DNSName: Check that both first two bits are set in compressed labels
We checked that at least one of the first two bits was set,
but the 10 and 01 are combinations do not indicate a compressed label
and are reserved for future use.
(cherry picked from commit
99bbbc7bdf675509caf61f41464a1ae62c09f342 )
Pieter Lexis [Tue, 27 Dec 2016 06:20:56 +0000 (07:20 +0100)]
Merge pull request #4805 from rgacogne/rec40-backport-4635
Backport #4635: rec: Don't crash on an empty query ring
Pieter Lexis [Tue, 27 Dec 2016 06:20:43 +0000 (07:20 +0100)]
Merge pull request #4806 from rgacogne/rec40-backport-4670
Backport #4670: Set `RemoteLogger::d_socket` to -1 after closing it
Pieter Lexis [Tue, 27 Dec 2016 06:20:33 +0000 (07:20 +0100)]
Merge pull request #4807 from rgacogne/rec40-backport-4789
Backport #4789: rec: Don't choke on escaped content in getZoneCuts()
Remi Gacogne [Mon, 19 Dec 2016 15:27:14 +0000 (16:27 +0100)]
rec: Don't choke on escaped content in getZoneCuts()
`getZoneCuts()` was constructing a `DNSName` by passing a raw label returned
from `DNSName::getRawLabels()` as a string. The constructor then tried to handle
escaped characters from the string, resulting in a different `DNSName` than the
expected one. This caused the `qname != begin` condition to be false even after
every label in `labelsToAdd` had been added, causing an UB by calling
`std::vector::back()` on an empty vector.
Using `DNSName::prependRawLabel()` instead prevents this issue since the string is
not escaped.
(cherry picked from commit
754914f0177cd990db16ff0cc29c8789e94b32bb )
Remi Gacogne [Mon, 12 Dec 2016 11:20:32 +0000 (12:20 +0100)]
Set `RemoteLogger::d_socket` to -1 after closing it
Otherwise, in the unlikely case `SSocket()` throws an exception
we might end up with a stale file descriptor in `RemoteLogger::reconnect()`.
(cherry picked from commit
754f300f6b7e64b8de70990950484c4de749d10a )
Remi Gacogne [Wed, 26 Oct 2016 08:00:39 +0000 (10:00 +0200)]
rec: Don't crash on an empty query ring
It obviously happens if stats-ringbuffer-entries is set to 0.
(cherry picked from commit
5af86fdcdee2843d80d40dd1c22c137e471f9484 )
Pieter Lexis [Fri, 16 Dec 2016 08:38:10 +0000 (09:38 +0100)]
Merge pull request #4770 from rgacogne/rec40-backport-4769
Backport #4769 rec: Set the result to NoError before calling `preresolve`
Remi Gacogne [Tue, 13 Dec 2016 15:21:17 +0000 (16:21 +0100)]
rec: Set the result to NoError before calling `preresolve`
Otherwise `rq.rcode` needs to be set explicitly when handling the
query from `preresolve`, which is not documented and wasn't the case
before.
(cherry picked from commit
ef3b6cd7719e968364f6ad7692ff4287829f37f1 )
Peter van Dijk [Tue, 13 Dec 2016 12:39:04 +0000 (13:39 +0100)]
Merge pull request #4757 from rgacogne/rec40-backport-4724
Backport #4724: rec: Add `getRecursorThreadId()` to Lua, identifying the current thread
Peter van Dijk [Tue, 13 Dec 2016 12:35:20 +0000 (13:35 +0100)]
Merge pull request #4756 from rgacogne/rec40-backport-4715
Backport #4715: Specify that dnsmessage.proto uses protobuf version 2
Remi Gacogne [Thu, 1 Dec 2016 14:58:01 +0000 (15:58 +0100)]
rec: Add `getRecursorThreadId()` to Lua, identifying the current thread
(cherry picked from commit
b401545341c7e4bd2d27940e95f9fe1af374479d )
Remi Gacogne [Tue, 29 Nov 2016 08:48:36 +0000 (09:48 +0100)]
Specify that dnsmessage.proto uses protobuf version 2
Recent proto-c versions are complaining loudly otherwise.
(cherry picked from commit
2e14d4bbf6549c70e3422b315287bc69bfe398dd )
Pieter Lexis [Fri, 9 Dec 2016 08:59:00 +0000 (09:59 +0100)]
Merge pull request #4647 from pieterlexis/backport-4629
Backport #4629: Handle CNAMEs at the apex of secure zones to other secure zones
Peter van Dijk [Tue, 6 Dec 2016 09:45:01 +0000 (10:45 +0100)]
Merge pull request #4739 from rgacogne/rec40-dnsname-4718
Backport 4722: Fix incorrect length check in `DNSName` when extracting qtype or qclass
Peter van Dijk [Mon, 5 Dec 2016 14:05:12 +0000 (15:05 +0100)]
Merge pull request #4695 from rgacogne/backport-4691
Backport #4691: rec: Wait until after daemonizing to start the RPZ and protobuf threads
Remi Gacogne [Thu, 1 Dec 2016 12:00:13 +0000 (13:00 +0100)]
Fix incorrect length check in `DNSName` when extracting qtype or qclass
In `DNSName::packetParser()`, the length check might have been incorrect
when the caller asked for the `qtype` and/or the `qclass` to be extracted.
The `pos + labellen + 2 > end` check was wrong because `pos` might have already
been incremented by `labellen`. There are 3 ways to exit the main loop:
* `labellen` is 0, the most common case, and in that case the check is valid
* `pos >= end`, meaning that `pos + labellen + 2 > end` will be true regardless
of the value of `labellen` since it cannot be negative
* if `uncompress` is set and a compressed label is found, the main loop is
broken out of, and `labellen` still holds a now irrelevant, possibly non-zero value
corresponding to the first byte of the compressed label length & ~0xc0.
In that last case, if the compressed label points to a position > 255 the check
is wrong and might have rejected a valid packet.
A quick look throught the code didn't show any place where we request decompression
and ask for `qtype` and/or `qclass` in a response, but I might have missed one.
Reported by Houssam El Hajoui (thanks!).
(cherry picked from commit
7b9c052c617d02e1870195d0f216732047d56e22 )
Peter van Dijk [Mon, 5 Dec 2016 10:18:26 +0000 (11:18 +0100)]
Merge pull request #4730 from Habbie/rec-4.0.x-travis-only-rec
do not build/test auth, dnsdist, docs
Peter van Dijk [Fri, 2 Dec 2016 19:41:31 +0000 (20:41 +0100)]
do not build/test auth, dnsdist, docs
Peter van Dijk [Mon, 5 Dec 2016 08:12:11 +0000 (09:12 +0100)]
Merge pull request #4729 from Habbie/rec-4.0.x-travis-update
stop auto-started pdns with 0.0.0.0 bind, to allow individual binds
Peter van Dijk [Fri, 2 Dec 2016 13:01:57 +0000 (14:01 +0100)]
stop auto-started pdns with 0.0.0.0 bind, to allow individual binds
Remi Gacogne [Thu, 1 Dec 2016 12:46:45 +0000 (13:46 +0100)]
Merge pull request #4717 from rgacogne/backport-4716
Backport #4716: rec: Remove leftover debug msg in `RecursorLua4::DNSQuestion::setRecords()`
Remi Gacogne [Tue, 29 Nov 2016 08:51:13 +0000 (09:51 +0100)]
rec: Remove leftover debug msg in `RecursorLua4::DNSQuestion::setRecords()`
(cherry picked from commit
3c82a3e58f689324b4c700c8bdad9dd9fb351065 )
Remi Gacogne [Wed, 16 Nov 2016 14:37:04 +0000 (15:37 +0100)]
rec: Wait until after daemonizing to start the RPZ and protobuf threads
Otherwise they are killed when we call `fork()`.
We still want to actually parse the configuration to check for syntax
errors before daemonizing to be able to report any error, so when
`daemon` is set to `yes`, we parse the Lua configuration early
without starting any threads, and then again, starting the threads
that time, after daemonizing.
(cherry picked from commit
a4241908a1c80c4293cfcd5056bb67138958f0e6 )
Pieter Lexis [Mon, 14 Nov 2016 16:55:26 +0000 (17:55 +0100)]
Merge pull request #4677 from pieterlexis/backport-4674
Backport #4674: Enable protobuf in CentOS 6 packages
Peter van Dijk [Fri, 11 Nov 2016 19:34:15 +0000 (20:34 +0100)]
Merge pull request #4636 from rgacogne/rec-backport-4577
Backport #4577: rec: Fix src/dest inversion in the protobuf message for TCP queries
Pieter Lexis [Fri, 11 Nov 2016 13:24:02 +0000 (14:24 +0100)]
Update boost requirement for DNSName
This version is known to work (CentOS 7)
(cherry picked from commit
46104a7e4ebc19419a3908141358289332709eea )
Pieter Lexis [Fri, 11 Nov 2016 12:41:28 +0000 (13:41 +0100)]
Add protobuf support to EL6 packages
(cherry picked from commit
7cfda92fa027ecfadc42a6c1063f852a52314c1c )
Pieter Lexis [Fri, 11 Nov 2016 16:45:30 +0000 (17:45 +0100)]
Merge pull request #4675 from pieterlexis/backport-4672
Backport #4672: On (re-)priming, fetch the root NS records
Pieter Lexis [Thu, 10 Nov 2016 12:56:58 +0000 (13:56 +0100)]
On (re-)priming, fetch the root NS records
Remi Gacogne [Wed, 9 Nov 2016 09:02:50 +0000 (10:02 +0100)]
Merge pull request #4652 from rgacogne/rec-40-backport-4573
Backport #4573: Fix building with ECDSA support disabled in libcrypto
Remi Gacogne [Mon, 17 Oct 2016 08:07:26 +0000 (10:07 +0200)]
Fix building with ECDSA support disabled in libcrypto
(cherry picked from commit
aa74d164ae29269168d048d2cc8d7e1f984774c4 )
Pieter Lexis [Tue, 25 Oct 2016 15:26:32 +0000 (17:26 +0200)]
Fix a DNSSEC trace log message
Pieter Lexis [Tue, 25 Oct 2016 15:25:19 +0000 (17:25 +0200)]
Handle CNAME at secure zone apex to secure zone
Closes #4466
Pieter Lexis [Tue, 25 Oct 2016 15:24:25 +0000 (17:24 +0200)]
Add test for #4466
Remi Gacogne [Mon, 17 Oct 2016 10:19:06 +0000 (12:19 +0200)]
rec: Fix src/dest inversion in the protobuf message for TCP queries
(cherry picked from commit
35a7fc41b202da6406f88e79d0bd7b3dccfcae5c )
Pieter Lexis [Mon, 24 Oct 2016 22:24:17 +0000 (00:24 +0200)]
Merge pull request #4599 from rgacogne/backport-4554
Backport #4554: Add requestorId and some comments to the protobuf definition file
Pieter Lexis [Mon, 24 Oct 2016 22:23:58 +0000 (00:23 +0200)]
Merge pull request #4610 from pieterlexis/backport-4602
Backport #4602: NSEC3 optout and Bogus insecure forward fixes
Pieter Lexis [Fri, 21 Oct 2016 10:48:24 +0000 (12:48 +0200)]
Fix comment indent
Pieter Lexis [Fri, 21 Oct 2016 10:48:10 +0000 (12:48 +0200)]
Add an RFC quote in the right place
Pieter Lexis [Fri, 21 Oct 2016 10:33:41 +0000 (12:33 +0200)]
NSEC3 optout and Bogus insecure forward fixes
After the change to zonecuts to find key material, the NSEC3 checking
returned an (incorrect) 'covering nxdomain' for a forwarded subzone with
no DS record in its parent. After fixing this, the NSEC3 optout test
failed as Bogus (instead of insecure). This was fixed by actually
checking the optout flag on a delegation NSEC3 record.
Pieter Lexis [Thu, 20 Oct 2016 13:13:21 +0000 (15:13 +0200)]
Merge pull request #4597 from pieterlexis/backport-4377-4489
Backport #4377 and #4489: Caching fixes
Pieter Lexis [Thu, 20 Oct 2016 13:13:11 +0000 (15:13 +0200)]
Merge pull request #4595 from pieterlexis/backport-4516
Backport #4516: On RPZ customPolicy, follow the resulting CNAME
Pieter Lexis [Thu, 20 Oct 2016 13:13:05 +0000 (15:13 +0200)]
Merge pull request #4594 from pieterlexis/backport-4431
Backport #4431: don't go bogus on zero configured DSs
Pieter Lexis [Thu, 20 Oct 2016 13:12:58 +0000 (15:12 +0200)]
Merge pull request #4593 from pieterlexis/backport-compiler-warn-fixes
Backport compiler warn fixes
Pieter Lexis [Thu, 20 Oct 2016 13:12:53 +0000 (15:12 +0200)]
Merge pull request #4591 from pieterlexis/4.0-dnssec-zone-cut
Backport #4389 Switch DNSSEC to using zone-cuts to find key material
Remi Gacogne [Mon, 10 Oct 2016 13:08:24 +0000 (15:08 +0200)]
Add requestorId and some comments to the protobuf definition file
(cherry picked from commit
0caa1aa850208caf18924b49e5be5ca7cdbf0515 )
Pieter Lexis [Mon, 29 Aug 2016 12:44:39 +0000 (14:44 +0200)]
Add tests for #4369
Pieter Lexis [Mon, 29 Aug 2016 12:30:04 +0000 (14:30 +0200)]
Move DNSSEC regression tests to 127.0.0.X
Pieter Lexis [Mon, 29 Aug 2016 12:13:37 +0000 (14:13 +0200)]
DNSSEC: Document interaction with forward-zones
Pieter Lexis [Mon, 29 Aug 2016 09:05:17 +0000 (11:05 +0200)]
Make the negcache forwarded zones aware
Because of DNSSEC (without NTAs configured), we 'leak' the forwarded
name to the cache when looking for the DNSKEY. This resulted in NXDOMAIN
answers for actual NXDOMAINs, but with the root SOA record. Leading to
inconsistent answers to the client.
Pieter Lexis [Fri, 30 Sep 2016 11:21:01 +0000 (13:21 +0200)]
Add tests for #4483
Pieter Lexis [Fri, 30 Sep 2016 11:20:15 +0000 (13:20 +0200)]
rec tests: create controlsocket dirs idempotently
Pieter Lexis [Fri, 30 Sep 2016 11:19:18 +0000 (13:19 +0200)]
Fix the fields in two debug lines
Pieter Lexis [Fri, 30 Sep 2016 11:18:43 +0000 (13:18 +0200)]
Cache records for zones that were delegated to from a forwarded zone
Fixes #4483
Pieter Lexis [Thu, 29 Sep 2016 16:22:39 +0000 (18:22 +0200)]
On RPZ customPolicy, follow the resulting CNAME
Closes #4188
Pieter Lexis [Tue, 6 Sep 2016 14:58:14 +0000 (16:58 +0200)]
Rec: don't go bogus on zero configured DSs
Fixes #4430
Pieter Lexis [Fri, 23 Sep 2016 15:09:11 +0000 (17:09 +0200)]
Silence a GCC 6.2 compiler warning
Kees Monshouwer [Fri, 30 Sep 2016 20:53:05 +0000 (22:53 +0200)]
add gcc 6.2 to boost.m4
Pieter Lexis [Wed, 31 Aug 2016 12:05:20 +0000 (14:05 +0200)]
DNSSEC: generalize getDenial() function
* Add qname denial check for NSEC
* Add qtype denial checks
* Hook up to getKeysFor()
Pieter Lexis [Wed, 31 Aug 2016 12:11:27 +0000 (14:11 +0200)]
DNSSEC: Implement keysearch based on zone-cuts
This prevents us sending out useless queries for DS records and doesn't
confuse us anymore when the delegation jumps over several labels.
Pieter Lexis [Wed, 31 Aug 2016 12:11:15 +0000 (14:11 +0200)]
Add getZoneCuts() function
Pieter Lexis [Wed, 28 Sep 2016 11:39:47 +0000 (13:39 +0200)]
Merge pull request #4512 from rgacogne/backport-4440
Backport #4440: Fix Lua-enabled compilation on OS X and FreeBSD
Remi Gacogne [Thu, 8 Sep 2016 08:34:45 +0000 (10:34 +0200)]
rec: Fix Lua-enabled compilation on OS X and FreeBSD
(cherry picked from commit
546d1fbf9efe8a4ba81c92d43bc43be457e60713 )
Peter van Dijk [Tue, 27 Sep 2016 11:52:58 +0000 (13:52 +0200)]
Merge pull request #4511 from rgacogne/backport-4499
Backport #4499: Add support for boost::context >= 1.61
Remi Gacogne [Fri, 23 Sep 2016 14:58:05 +0000 (16:58 +0200)]
rec: Always test if BOOST_VERSION is < 1.61, not >, for readability
(cherry picked from commit
64413f6afd9b3dfeb1bef158f48bb3be496a4e04 )
Remi Gacogne [Fri, 23 Sep 2016 14:08:15 +0000 (16:08 +0200)]
rec: Add support for boost::context >= 1.61
(cherry picked from commit
f53de853d71bd1c058b507549d35312f9fa4847f )
Pieter Lexis [Tue, 13 Sep 2016 10:49:17 +0000 (12:49 +0200)]
Merge pull request #4462 from pieterlexis/backport-4461
Backport #4461: Fall back to SystemV ucontexts on boost >= 1.61
Pieter Lexis [Mon, 12 Sep 2016 11:51:27 +0000 (13:51 +0200)]
Rec: Disable boost-fcontext on boost 1.61 and up
Fall back to the slower system v ucontext.
(cherry picked from commit
cb51346bbd4ea54bc86966e80aa68c990c03dbce )
Pieter Lexis [Mon, 12 Sep 2016 11:48:47 +0000 (13:48 +0200)]
Revert "Rec: support boost's fcontext in boost 1.61+"
This reverts commit
a30361f9f07cb3c4f9ad32dc83555bc593aa3311 .
(cherry picked from commit
f103e371bd83381feb11dba742843484bf8e95f2 )
Pieter Lexis [Tue, 6 Sep 2016 11:57:54 +0000 (13:57 +0200)]
Merge pull request #4426 from pieterlexis/backport-4425
Backport #4425: Fix a protobuf regression (requestor/responder mix-up) caused by
a94673e
Remi Gacogne [Mon, 5 Sep 2016 15:49:15 +0000 (17:49 +0200)]
Fix a protobuf regression (requestor/responder mix-up) caused by
a94673e
(cherry picked from commit
b3261c205742fcb0494735d20294d10a615cd10f )
Pieter Lexis [Mon, 5 Sep 2016 13:48:22 +0000 (15:48 +0200)]
Merge pull request #4422 from pieterlexis/rec-backport-4403
Backport #4403: (rec) Fix build with OpenSSL 1.1.0 final
Pieter Lexis [Mon, 5 Sep 2016 13:48:16 +0000 (15:48 +0200)]
Merge pull request #4420 from pieterlexis/backport-4396
Backport #4396: add boost context ldflags so freebsd builds can find the libs
Pieter Lexis [Mon, 5 Sep 2016 13:48:10 +0000 (15:48 +0200)]
Merge pull request #4419 from pieterlexis/backport-4381
Backport #4381: Parse query-local-address before lua-config-file
Pieter Lexis [Mon, 5 Sep 2016 13:48:05 +0000 (15:48 +0200)]
Merge pull request #4418 from pieterlexis/backport-4383
Backport #4383: Fix accessing an empty policyCustom, policyName from Lua
Pieter Lexis [Mon, 5 Sep 2016 13:47:59 +0000 (15:47 +0200)]
Merge pull request #4417 from pieterlexis/backport-4385
Backport #4385: Add Lua binding for DNSRecord::d_place
Pieter Lexis [Mon, 5 Sep 2016 13:47:52 +0000 (15:47 +0200)]
Merge pull request #4416 from pieterlexis/backport-4402
Backport #4402: Ignore NS records in a RPZ zone received over IXFR
Pieter Lexis [Mon, 5 Sep 2016 13:47:46 +0000 (15:47 +0200)]
Merge pull request #4415 from pieterlexis/backport-4404
Backport #4404: Don't validate when a Lua hook took the query
Pieter Lexis [Mon, 5 Sep 2016 13:47:39 +0000 (15:47 +0200)]
Merge pull request #4414 from pieterlexis/backport-4394
Backport #4394: Support Boost 1.61+ fcontext
Pieter Lexis [Mon, 5 Sep 2016 13:47:32 +0000 (15:47 +0200)]
Merge pull request #4413 from pieterlexis/backport-4391
Backport #4391: DNSSEC: Actually follow RFC 7646 §2.1
Pieter Lexis [Mon, 5 Sep 2016 13:47:23 +0000 (15:47 +0200)]
Merge pull request #4412 from pieterlexis/backport-4388
Backport #4388: Fix RPZ default policy not being applied over IXFR
Christian Hofstaedtler [Fri, 2 Sep 2016 19:55:52 +0000 (21:55 +0200)]
Bump version requirement for CRYPTO_ctr128_encrypt
While CRYPTO_ctr128_encrypt should be available in 1.0.1,
apparently in some library builds (Ubuntu) one can not link
against it.
(cherry picked from commit
3e4b01664660f1a8d9564508843a7e51b8f7549e )
Christian Hofstaedtler [Fri, 2 Sep 2016 12:06:35 +0000 (12:06 +0000)]
Fix build with OpenSSL 1.1.0 final
Where aes.h apparently no longer includes opensslv.h.
(cherry picked from commit
e6fc073faf3b1d9b4da301821da40dff33186057 )
Peter van Dijk [Thu, 1 Sep 2016 16:20:06 +0000 (18:20 +0200)]
add boost context ldflags so freebsd builds can find the libs
(cherry picked from commit
01f097e45a286355c93da0acf78756e59ad9c126 )
Pieter Lexis [Tue, 30 Aug 2016 09:09:38 +0000 (11:09 +0200)]
Parse query-local-address before lua-config-file
@42wim discovered that the query-local-address was not used for the
initial RPZ AXFR. However, it was used in subsequent IXFRs. It appears
that we executed the lua-config-file before checking the
query-local-address(6).
(cherry picked from commit
b7ef582884c603ea45e602c3e42f254cf869d2d7 )
Remi Gacogne [Tue, 30 Aug 2016 13:27:00 +0000 (15:27 +0200)]
rec: Fix accessing an empty policyCustom, policyName from Lua
Reported by @42wim (thanks!).
(cherry picked from commit
98c28a684f92c052bd7fb2e4a0eb0b831ac563de )
Remi Gacogne [Wed, 31 Aug 2016 07:54:08 +0000 (09:54 +0200)]
rec: Add Lua binding for DNSRecord::d_place
Also document the members and methods of the DNS Record object.
(cherry picked from commit
57d0c73b877406e63bbe629ce813cccc49b8cd01 )
Remi Gacogne [Wed, 31 Aug 2016 15:55:51 +0000 (17:55 +0200)]
rec: Fix RPZ default policy not being applied over IXFR
Reported by @42wim (thanks!).
(cherry picked from commit
9db6ece12afdc5703220539a8d3bde4499a2dbff )
Pieter Lexis [Thu, 1 Sep 2016 09:23:35 +0000 (11:23 +0200)]
Add test for NTA at level of TA
(cherry picked from commit
b91735683ae7d4c5f5fe3a4d84fd99db862be6f5 )
Pieter Lexis [Thu, 1 Sep 2016 09:04:05 +0000 (11:04 +0200)]
DNSSEC: Actually follow RFC 7646 §2.1
We were off by one when counting labels, so when an NTA was added for a
name where a TA was configured, we would still attempt validation.
Reported by @jpmens
(cherry picked from commit
f418a272a9b031ea1eddf031548a16e23a35bd82 )
Pieter Lexis [Thu, 1 Sep 2016 10:35:31 +0000 (12:35 +0200)]
Rec: show context lib in configure output
(cherry picked from commit
0079fda22e9f8b32e5f6727d023d0b421e5ac1e3 )