svn commit: r216169 - in vendor/bind9/dist: . bin/check bin/dig
bin/named bin/named/include/named lib/dns lib/dns/include/dns
lib/isc
Doug Barton
dougb at FreeBSD.org
Sat Dec 4 00:42:21 UTC 2010
Author: dougb
Date: Sat Dec 4 00:42:21 2010
New Revision: 216169
URL: http://svn.freebsd.org/changeset/base/216169
Log:
Vendor import of BIND 9.6-ESV-R3
Added:
vendor/bind9/dist/RELEASE-NOTES-BIND-9.6-ESV.html (contents, props changed)
vendor/bind9/dist/RELEASE-NOTES-BIND-9.6-ESV.pdf (contents, props changed)
vendor/bind9/dist/RELEASE-NOTES-BIND-9.6-ESV.txt (contents, props changed)
vendor/bind9/dist/release-notes.css (contents, props changed)
Modified:
vendor/bind9/dist/CHANGES
vendor/bind9/dist/bin/check/check-tool.c
vendor/bind9/dist/bin/check/check-tool.h
vendor/bind9/dist/bin/check/named-checkconf.c
vendor/bind9/dist/bin/check/named-checkzone.c
vendor/bind9/dist/bin/dig/host.c
vendor/bind9/dist/bin/named/client.c
vendor/bind9/dist/bin/named/include/named/query.h
vendor/bind9/dist/bin/named/query.c
vendor/bind9/dist/bin/named/server.c
vendor/bind9/dist/lib/dns/api
vendor/bind9/dist/lib/dns/include/dns/view.h
vendor/bind9/dist/lib/dns/journal.c
vendor/bind9/dist/lib/dns/rbtdb.c
vendor/bind9/dist/lib/dns/validator.c
vendor/bind9/dist/lib/dns/view.c
vendor/bind9/dist/lib/isc/api
vendor/bind9/dist/lib/isc/print.c
vendor/bind9/dist/version
Modified: vendor/bind9/dist/CHANGES
==============================================================================
--- vendor/bind9/dist/CHANGES Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/CHANGES Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,3 +1,55 @@
+
+ --- 9.6-ESV-R3 released ---
+
+2972. [bug] win32: address windows socket errors. [RT #21906]
+
+2971. [bug] Fixed a bug that caused journal files not to be
+ compacted on Windows systems as a result of
+ non-POSIX-compliant rename() semantics. [RT #22434]
+
+2970. [security] Adding a NO DATA negative cache entry failed to clear
+ any matching RRSIG records. A subsequent lookup of
+ of NO DATA cache entry could trigger a INSIST when the
+ unexpected RRSIG was also returned with the NO DATA
+ cache entry.
+
+ CVE-2010-3613, VU#706148. [RT #22288]
+
+2969. [security] Fix acl type processing so that allow-query works
+ in options and view statements. Also add a new
+ set of tests to verify proper functioning.
+
+ CVE-2010-3615, VU#510208. [RT #22418]
+
+2968. [security] Named could fail to prove a data set was insecure
+ before marking it as insecure. One set of conditions
+ that can trigger this occurs naturally when rolling
+ DNSKEY algorithms.
+
+ CVE-2010-3614, VU#837744. [RT #22309]
+
+2967. [bug] 'host -D' now turns on debugging messages earlier.
+ [RT #22361]
+
+2966. [bug] isc_print_vsnprintf() failed to check if there was
+ space available in the buffer when adding a left
+ justified character with a non zero width,
+ (e.g. "%-1c"). [RT #22270]
+
+2964. [bug] view->queryacl was being overloaded. Seperate the
+ usage into view->queryacl, view->cacheacl and
+ view->queryonacl. [RT #22114]
+
+2962. [port] win32: add more dependencies to BINDBuild.dsw.
+ [RT #22062]
+
+2952. [port] win32: named-checkzone and named-checkconf failed
+ to initialise winsock. [RT #21932]
+
+2951. [bug] named failed to generate a correct signed response
+ in a optout, delegation only zone with no secure
+ delegations. [RT #22007]
+
--- 9.6-ESV-R2 released ---
2939. [func] Check that named successfully skips NSEC3 records
Added: vendor/bind9/dist/RELEASE-NOTES-BIND-9.6-ESV.html
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor/bind9/dist/RELEASE-NOTES-BIND-9.6-ESV.html Sat Dec 4 00:42:21 2010 (r216169)
@@ -0,0 +1,225 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+ - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: RELEASE-NOTES-BIND-9.6-ESV.html,v 1.1.2.2 2010/11/29 01:16:39 tbox Exp $ -->
+
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" type="text/css" href="release-notes.css" /><meta name="generator" content="DocBook XSL Stylesheets V1.76.1" /></head><body><div class="article"><div class="titlepage"><hr /></div>
+
+ <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36111950"></a>Introduction</h2></div></div></div>
+
+ <p>
+ BIND 9.6-ESV-R3 is a maintenance release for BIND 9.6-ESV.
+ </p>
+ <p>
+ This document summarizes changes from BIND 9.6-ESV-R1 to BIND 9.6-ESV-R3.
+ Please see the CHANGES file in the source code release for a
+ complete list of all changes.
+ </p>
+ </div>
+
+ <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112014"></a>Download</h2></div></div></div>
+
+ <p>
+ The latest release of BIND 9 software can always be found
+ on our web site at
+ <a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
+ There you will find additional information about each release,
+ source code, and some pre-compiled versions for certain operating
+ systems.
+ </p>
+ </div>
+
+ <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112037"></a>Support</h2></div></div></div>
+
+ <p>Product support information is available on
+ <a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
+ for paid support options. Free support is provided by our user
+ community via a mailing list. Information on all public email
+ lists is available at
+ <a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
+ </p>
+ </div>
+
+ <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36111986"></a>New Features</h2></div></div></div>
+
+ <div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112025"></a>9.6-ESV-R2</h3></div></div></div>
+
+ <p>None.</p>
+ </div>
+ <div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112098"></a>9.6-ESV-R3</h3></div></div></div>
+
+ <p>None.</p>
+ </div>
+ </div>
+
+ <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112120"></a>Feature Changes</h2></div></div></div>
+
+ <div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112125"></a>9.6-ESV-R2</h3></div></div></div>
+
+ <p>None.</p>
+ </div>
+ <div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112135"></a>9.6-ESV-R3</h3></div></div></div>
+
+ <p>None.</p>
+ </div>
+ </div>
+
+ <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112146"></a>Security Fixes</h2></div></div></div>
+
+ <div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112151"></a>9.6-ESV-R2</h3></div></div></div>
+
+ <p>None.</p>
+ </div>
+ <div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112160"></a>9.6-ESV-R3</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+ Adding a NO DATA signed negative response to cache failed to clear
+ any matching RRSIG records already in cache. A subsequent lookup
+ of the cached NO DATA entry could crash named (INSIST) when the
+ unexpected RRSIG was also returned with the NO DATA cache entry.
+ [RT #22288] [CVE-2010-3613] [VU#706148]
+ </li><li class="listitem">
+ BIND, acting as a DNSSEC validator, was determining if the NS RRset
+ is insecure based on a value that could mean either that the RRset
+ is actually insecure or that there wasn't a matching key for the RRSIG
+ in the DNSKEY RRset when resuming from validating the DNSKEY RRset.
+ This can happen when in the middle of a DNSKEY algorithm rollover,
+ when two different algorithms were used to sign a zone but only the
+ new set of keys are in the zone DNSKEY RRset.
+ [RT #22309] [CVE-2010-3614] [VU#837744]
+ </li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112186"></a>Bug Fixes</h2></div></div></div>
+
+ <div class="section" title="9.6-ESV-R2"><div class="titlepage"><div><div><h3 class="title"><a id="id36112191"></a>9.6-ESV-R2</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+ Check that named successfully skips NSEC3 records
+ that fail to match the NSEC3PARAM record currently
+ in use.
+ [RT #21868]
+ </li><li class="listitem">
+ Worked around a race condition in the cache database memory
+ handling. Without this fix a DNS cache DB or ADB could
+ incorrectly stay in an over memory state, effectively refusing
+ further caching, which subsequently made a BIND 9 caching
+ server unworkable.
+ [RT #21818]
+ </li><li class="listitem">
+ BIND did not properly handle non-cacheable negative responses
+ from insecure zones. This caused several non-protocol-compliant
+ zones to become unresolvable. BIND is now more accepting of
+ responses it receives from less strict servers.
+ [RT #21555]
+ </li><li class="listitem">
+ The resolver could attempt to destroy a fetch context too
+ soon, resulting in a crash.
+ [RT #19878]
+ </li><li class="listitem">
+ The placeholder negative caching element was not
+ properly constructed triggering a crash (INSIST) in
+ dns_ncache_towire().
+ [RT #21346]
+ </li><li class="listitem">
+ Handle the introduction of new trusted-keys and
+ DS, DLV RRsets better.
+ [RT #21097]
+ </li><li class="listitem">
+ Fix arguments to dns_keytable_findnextkeynode() call.
+ [RT #20877]
+ </li></ul></div>
+ </div>
+ <div class="section" title="9.6-ESV-R3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112232"></a>9.6-ESV-R3</h3></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+ Microsoft changed the behavior of sockets between NT/XP based
+ stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
+ behavior, 2008r2 has the new behavior. With the change, different
+ error results are possible, so ISC adapted BIND to handle the new
+ error results.
+ This resolves an issue where sockets would shut down on
+ Windows servers causing named to stop responding to queries.
+ [RT #21906]
+ </li><li class="listitem">
+ Windows has non-POSIX compliant behavior in its rename() and unlink()
+ calls. This caused journal compaction to fail on Windows BIND servers
+ with the log error: "dns_journal_compact failed: failure".
+ [RT #22434]
+ </li><li class="listitem">
+ 'host -D' now turns on debugging messages earlier.
+ [RT #22361]
+ </li><li class="listitem">
+ isc_print_vsnprintf() failed to check if there was
+ space available in the buffer when adding a left
+ justified character with a non zero width,
+ (e.g. "%-1c").
+ [RT #22270]
+ </li><li class="listitem">
+ view->queryacl was being overloaded. Seperate the
+ usage into view->queryacl, view->cacheacl and
+ view->queryonacl.
+ [RT #22114]
+ </li><li class="listitem">
+ win32: add more dependencies to BINDBuild.dsw.
+ [RT #22062]
+ </li><li class="listitem">
+ win32: named-checkzone and named-checkconf failed
+ to initialise winsock.
+ [RT #21932]
+ </li><li class="listitem">
+ named failed to generate a correct signed response
+ in a optout, delegation only zone with no secure
+ delegations.
+ [RT #22007]
+ </li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" title="Known issues in this release"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112280"></a>Known issues in this release</h2></div></div></div>
+
+ <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+ <p>
+ "make test" will fail on OSX and possibly other operating systems.
+ The failure occurs in a new test to check for allow-query ACLs.
+ The failure is caused because the source address is not specified on
+ the dig commands issued in the test.
+ </p>
+ <p>
+ If running "make test" is part of your usual acceptance process,
+ please edit the file <code class="code">bin/tests/system/allow_query/test.sh</code>
+ and add
+ </p><p>
+ <code class="code">-b 10.53.0.2</code>
+ </p><p>
+ to the <code class="code">DIGOPTS</code> line.
+ </p>
+ </li></ul></div>
+ </div>
+
+ <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112315"></a>Thank You</h2></div></div></div>
+
+ <p>
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to make
+ quality open source software, please visit our donations page at
+ <a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
+ </p>
+ </div>
+</div></body></html>
Added: vendor/bind9/dist/RELEASE-NOTES-BIND-9.6-ESV.pdf
==============================================================================
Binary file. No diff available.
Added: vendor/bind9/dist/RELEASE-NOTES-BIND-9.6-ESV.txt
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor/bind9/dist/RELEASE-NOTES-BIND-9.6-ESV.txt Sat Dec 4 00:42:21 2010 (r216169)
@@ -0,0 +1,133 @@
+ __________________________________________________________________
+
+Introduction
+
+ BIND 9.6-ESV-R3 is a maintenance release for BIND 9.6-ESV.
+
+ This document summarizes changes from BIND 9.6-ESV-R1 to BIND
+ 9.6-ESV-R3. Please see the CHANGES file in the source code release for
+ a complete list of all changes.
+
+Download
+
+ The latest release of BIND 9 software can always be found on our web
+ site at http://www.isc.org/software/bind. There you will find
+ additional information about each release, source code, and some
+ pre-compiled versions for certain operating systems.
+
+Support
+
+ Product support information is available on
+ http://www.isc.org/services/support for paid support options. Free
+ support is provided by our user community via a mailing list.
+ Information on all public email lists is available at
+ https://lists.isc.org/mailman/listinfo.
+
+New Features
+
+9.6-ESV-R2
+
+ None.
+
+9.6-ESV-R3
+
+ None.
+
+Feature Changes
+
+9.6-ESV-R2
+
+ None.
+
+9.6-ESV-R3
+
+ None.
+
+Security Fixes
+
+9.6-ESV-R2
+
+ None.
+
+9.6-ESV-R3
+
+ * Adding a NO DATA signed negative response to cache failed to clear
+ any matching RRSIG records already in cache. A subsequent lookup of
+ the cached NO DATA entry could crash named (INSIST) when the
+ unexpected RRSIG was also returned with the NO DATA cache entry.
+ [RT #22288] [CVE-2010-3613] [VU#706148]
+ * BIND, acting as a DNSSEC validator, was determining if the NS RRset
+ is insecure based on a value that could mean either that the RRset
+ is actually insecure or that there wasn't a matching key for the
+ RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY
+ RRset. This can happen when in the middle of a DNSKEY algorithm
+ rollover, when two different algorithms were used to sign a zone
+ but only the new set of keys are in the zone DNSKEY RRset. [RT
+ #22309] [CVE-2010-3614] [VU#837744]
+
+Bug Fixes
+
+9.6-ESV-R2
+
+ * Check that named successfully skips NSEC3 records that fail to
+ match the NSEC3PARAM record currently in use. [RT #21868]
+ * Worked around a race condition in the cache database memory
+ handling. Without this fix a DNS cache DB or ADB could incorrectly
+ stay in an over memory state, effectively refusing further caching,
+ which subsequently made a BIND 9 caching server unworkable. [RT
+ #21818]
+ * BIND did not properly handle non-cacheable negative responses from
+ insecure zones. This caused several non-protocol-compliant zones to
+ become unresolvable. BIND is now more accepting of responses it
+ receives from less strict servers. [RT #21555]
+ * The resolver could attempt to destroy a fetch context too soon,
+ resulting in a crash. [RT #19878]
+ * The placeholder negative caching element was not properly
+ constructed triggering a crash (INSIST) in dns_ncache_towire(). [RT
+ #21346]
+ * Handle the introduction of new trusted-keys and DS, DLV RRsets
+ better. [RT #21097]
+ * Fix arguments to dns_keytable_findnextkeynode() call. [RT #20877]
+
+9.6-ESV-R3
+
+ * Microsoft changed the behavior of sockets between NT/XP based
+ stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
+ behavior, 2008r2 has the new behavior. With the change, different
+ error results are possible, so ISC adapted BIND to handle the new
+ error results. This resolves an issue where sockets would shut down
+ on Windows servers causing named to stop responding to queries. [RT
+ #21906]
+ * Windows has non-POSIX compliant behavior in its rename() and
+ unlink() calls. This caused journal compaction to fail on Windows
+ BIND servers with the log error: "dns_journal_compact failed:
+ failure". [RT #22434]
+ * 'host -D' now turns on debugging messages earlier. [RT #22361]
+ * isc_print_vsnprintf() failed to check if there was space available
+ in the buffer when adding a left justified character with a non
+ zero width, (e.g. "%-1c"). [RT #22270]
+ * view->queryacl was being overloaded. Seperate the usage into
+ view->queryacl, view->cacheacl and view->queryonacl. [RT #22114]
+ * win32: add more dependencies to BINDBuild.dsw. [RT #22062]
+ * win32: named-checkzone and named-checkconf failed to initialise
+ winsock. [RT #21932]
+ * named failed to generate a correct signed response in a optout,
+ delegation only zone with no secure delegations. [RT #22007]
+
+Known issues in this release
+
+ * "make test" will fail on OSX and possibly other operating systems.
+ The failure occurs in a new test to check for allow-query ACLs. The
+ failure is caused because the source address is not specified on
+ the dig commands issued in the test.
+ If running "make test" is part of your usual acceptance process,
+ please edit the file bin/tests/system/allow_query/test.sh and add
+ -b 10.53.0.2
+ to the DIGOPTS line.
+
+Thank You
+
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to
+ make quality open source software, please visit our donations page at
+ http://www.isc.org/supportisc.
Modified: vendor/bind9/dist/bin/check/check-tool.c
==============================================================================
--- vendor/bind9/dist/bin/check/check-tool.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/check/check-tool.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check-tool.c,v 1.35.36.3 2009/01/20 02:03:18 marka Exp $ */
+/* $Id: check-tool.c,v 1.35.36.3.24.2 2010/09/07 23:46:25 tbox Exp $ */
/*! \file */
@@ -23,6 +23,10 @@
#include <stdio.h>
+#ifdef _WIN32
+#include <Winsock2.h>
+#endif
+
#include "check-tool.h"
#include <isc/buffer.h>
#include <isc/log.h>
@@ -662,3 +666,26 @@ dump_zone(const char *zonename, dns_zone
return (result);
}
+
+#ifdef _WIN32
+void
+InitSockets(void) {
+ WORD wVersionRequested;
+ WSADATA wsaData;
+ int err;
+
+ wVersionRequested = MAKEWORD(2, 0);
+
+ err = WSAStartup( wVersionRequested, &wsaData );
+ if (err != 0) {
+ fprintf(stderr, "WSAStartup() failed: %d\n", err);
+ exit(1);
+ }
+}
+
+void
+DestroySockets(void) {
+ WSACleanup();
+}
+#endif
+
Modified: vendor/bind9/dist/bin/check/check-tool.h
==============================================================================
--- vendor/bind9/dist/bin/check/check-tool.h Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/check/check-tool.h Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check-tool.h,v 1.14 2007/06/18 23:47:17 tbox Exp $ */
+/* $Id: check-tool.h,v 1.14.628.2 2010/09/07 23:46:26 tbox Exp $ */
#ifndef CHECK_TOOL_H
#define CHECK_TOOL_H
@@ -43,6 +43,11 @@ isc_result_t
dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
dns_masterformat_t fileformat, const dns_master_style_t *style);
+#ifdef _WIN32
+void InitSockets(void);
+void DestroySockets(void);
+#endif
+
extern int debug;
extern isc_boolean_t nomerge;
extern isc_boolean_t docheckmx;
Modified: vendor/bind9/dist/bin/check/named-checkconf.c
==============================================================================
--- vendor/bind9/dist/bin/check/named-checkconf.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/check/named-checkconf.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkconf.c,v 1.46.222.2 2009/02/16 23:47:15 tbox Exp $ */
+/* $Id: named-checkconf.c,v 1.46.222.2.24.2 2010/09/07 23:46:26 tbox Exp $ */
/*! \file */
@@ -453,6 +453,10 @@ main(int argc, char **argv) {
if (conffile == NULL || conffile[0] == '\0')
conffile = NAMED_CONFFILE;
+#ifdef _WIN32
+ InitSockets();
+#endif
+
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
@@ -494,5 +498,9 @@ main(int argc, char **argv) {
isc_mem_destroy(&mctx);
+#ifdef _WIN32
+ DestroySockets();
+#endif
+
return (exit_status);
}
Modified: vendor/bind9/dist/bin/check/named-checkzone.c
==============================================================================
--- vendor/bind9/dist/bin/check/named-checkzone.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/check/named-checkzone.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkzone.c,v 1.51.34.4 2009/11/10 20:01:41 each Exp $ */
+/* $Id: named-checkzone.c,v 1.51.34.4.10.2 2010/09/07 23:46:26 tbox Exp $ */
/*! \file */
@@ -419,6 +419,10 @@ main(int argc, char **argv) {
if (isc_commandline_index + 2 != argc)
usage();
+#ifdef _WIN32
+ InitSockets();
+#endif
+
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
if (!quiet)
RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
@@ -453,5 +457,8 @@ main(int argc, char **argv) {
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
+#ifdef _WIN32
+ DestroySockets();
+#endif
return ((result == ISC_R_SUCCESS) ? 0 : 1);
}
Modified: vendor/bind9/dist/bin/dig/host.c
==============================================================================
--- vendor/bind9/dist/bin/dig/host.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/dig/host.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: host.c,v 1.116.216.3 2009/09/08 23:28:20 marka Exp $ */
+/* $Id: host.c,v 1.116.216.3.10.2 2010/10/19 23:46:25 tbox Exp $ */
/*! \file */
@@ -625,7 +625,9 @@ pre_parse_args(int argc, char **argv) {
case 'v': break;
case 'w': break;
case 'C': break;
- case 'D': break;
+ case 'D':
+ debugging = ISC_TRUE;
+ break;
case 'N': break;
case 'R': break;
case 'T': break;
@@ -792,7 +794,7 @@ parse_args(isc_boolean_t is_batchfile, i
ndots = atoi(isc_commandline_argument);
break;
case 'D':
- debugging = ISC_TRUE;
+ /* Handled by pre_parse_args(). */
break;
case '4':
if (have_ipv4) {
Modified: vendor/bind9/dist/bin/named/client.c
==============================================================================
--- vendor/bind9/dist/bin/named/client.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/named/client.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.259.12.3 2009/01/29 22:40:33 jinmei Exp $ */
+/* $Id: client.c,v 1.259.12.3.24.2 2010/09/29 23:46:31 tbox Exp $ */
#include <config.h>
@@ -1859,13 +1859,13 @@ client_request(isc_task_t *task, isc_eve
client->view->recursionacl,
ISC_TRUE) == ISC_R_SUCCESS &&
ns_client_checkaclsilent(client, NULL,
- client->view->queryacl,
+ client->view->cacheacl,
ISC_TRUE) == ISC_R_SUCCESS &&
ns_client_checkaclsilent(client, &client->interface->addr,
client->view->recursiononacl,
ISC_TRUE) == ISC_R_SUCCESS &&
ns_client_checkaclsilent(client, &client->interface->addr,
- client->view->queryonacl,
+ client->view->cacheonacl,
ISC_TRUE) == ISC_R_SUCCESS)
ra = ISC_TRUE;
Modified: vendor/bind9/dist/bin/named/include/named/query.h
==============================================================================
--- vendor/bind9/dist/bin/named/include/named/query.h Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/named/include/named/query.h Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.h,v 1.40 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: query.h,v 1.40.626.2 2010/09/29 23:46:31 tbox Exp $ */
#ifndef NAMED_QUERY_H
#define NAMED_QUERY_H 1
@@ -71,6 +71,8 @@ struct ns_query {
#define NS_QUERYATTR_SECURE 0x0200
#define NS_QUERYATTR_NOAUTHORITY 0x0400
#define NS_QUERYATTR_NOADDITIONAL 0x0800
+#define NS_QUERYATTR_CACHEACLOKVALID 0x1000
+#define NS_QUERYATTR_CACHEACLOK 0x2000
isc_result_t
ns_query_init(ns_client_t *client);
Modified: vendor/bind9/dist/bin/named/query.c
==============================================================================
--- vendor/bind9/dist/bin/named/query.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/named/query.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.313.20.16.10.2 2010/06/26 23:46:14 tbox Exp $ */
+/* $Id: query.c,v 1.313.20.16.10.3 2010/09/29 00:03:32 marka Exp $ */
/*! \file */
@@ -820,17 +820,15 @@ query_getcachedb(ns_client_t *client, dn
return (DNS_R_REFUSED);
dns_db_attach(client->view->cachedb, &db);
- if ((client->query.attributes &
- NS_QUERYATTR_QUERYOKVALID) != 0) {
+ if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) != 0) {
/*
- * We've evaluated the view's queryacl already. If
- * NS_QUERYATTR_QUERYOK is set, then the client is
+ * We've evaluated the view's cacheacl already. If
+ * NS_QUERYATTR_CACHEACLOK is set, then the client is
* allowed to make queries, otherwise the query should
* be refused.
*/
check_acl = ISC_FALSE;
- if ((client->query.attributes &
- NS_QUERYATTR_QUERYOK) == 0)
+ if ((client->query.attributes & NS_QUERYATTR_CACHEACLOK) == 0)
goto refuse;
} else {
/*
@@ -844,16 +842,15 @@ query_getcachedb(ns_client_t *client, dn
char msg[NS_CLIENT_ACLMSGSIZE("query (cache)")];
result = ns_client_checkaclsilent(client, NULL,
- client->view->queryacl,
+ client->view->cacheacl,
ISC_TRUE);
if (result == ISC_R_SUCCESS) {
/*
- * We were allowed by the default
- * "allow-query" ACL. Remember this so we
- * don't have to check again.
+ * We were allowed by the "allow-query-cache" ACL.
+ * Remember this so we don't have to check again.
*/
client->query.attributes |=
- NS_QUERYATTR_QUERYOK;
+ NS_QUERYATTR_CACHEACLOK;
if (log && isc_log_wouldlog(ns_g_lctx,
ISC_LOG_DEBUG(3)))
{
@@ -876,9 +873,9 @@ query_getcachedb(ns_client_t *client, dn
}
/*
* We've now evaluated the view's query ACL, and
- * the NS_QUERYATTR_QUERYOK attribute is now valid.
+ * the NS_QUERYATTR_CACHEACLOKVALID attribute is now valid.
*/
- client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
+ client->query.attributes |= NS_QUERYATTR_CACHEACLOKVALID;
if (result != ISC_R_SUCCESS)
goto refuse;
Modified: vendor/bind9/dist/bin/named/server.c
==============================================================================
--- vendor/bind9/dist/bin/named/server.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/bin/named/server.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.520.12.11.10.1 2010/03/03 22:06:36 marka Exp $ */
+/* $Id: server.c,v 1.520.12.11.10.4 2010/11/16 22:42:03 marka Exp $ */
/*! \file */
@@ -1132,6 +1132,14 @@ configure_view(dns_view_t *view, const c
dns_acache_setcachesize(view->acache, max_acache_size);
}
+ CHECK(configure_view_acl(vconfig, config, "allow-query", actx,
+ ns_g_mctx, &view->queryacl));
+
+ if (view->queryacl == NULL) {
+ CHECK(configure_view_acl(NULL, ns_g_config, "allow-query", actx,
+ ns_g_mctx, &view->queryacl));
+ }
+
/*
* Configure the zones.
*/
@@ -1606,13 +1614,13 @@ configure_view(dns_view_t *view, const c
* configured in named.conf.
*/
CHECK(configure_view_acl(vconfig, config, "allow-query-cache",
- actx, ns_g_mctx, &view->queryacl));
+ actx, ns_g_mctx, &view->cacheacl));
CHECK(configure_view_acl(vconfig, config, "allow-query-cache-on",
- actx, ns_g_mctx, &view->queryonacl));
- if (view->queryonacl == NULL)
+ actx, ns_g_mctx, &view->cacheonacl));
+ if (view->cacheonacl == NULL)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-query-cache-on", actx,
- ns_g_mctx, &view->queryonacl));
+ ns_g_mctx, &view->cacheonacl));
if (strcmp(view->name, "_bind") != 0) {
CHECK(configure_view_acl(vconfig, config, "allow-recursion",
actx, ns_g_mctx,
@@ -1628,14 +1636,14 @@ configure_view(dns_view_t *view, const c
* "allow-recursion" inherits from "allow-query-cache" if set,
* otherwise from "allow-query" if set.
*/
- if (view->queryacl == NULL && view->recursionacl != NULL)
- dns_acl_attach(view->recursionacl, &view->queryacl);
- if (view->queryacl == NULL && view->recursion)
+ if (view->cacheacl == NULL && view->recursionacl != NULL)
+ dns_acl_attach(view->recursionacl, &view->cacheacl);
+ if (view->cacheacl == NULL && view->recursion)
CHECK(configure_view_acl(vconfig, config, "allow-query",
- actx, ns_g_mctx, &view->queryacl));
+ actx, ns_g_mctx, &view->cacheacl));
if (view->recursion &&
- view->recursionacl == NULL && view->queryacl != NULL)
- dns_acl_attach(view->queryacl, &view->recursionacl);
+ view->recursionacl == NULL && view->cacheacl != NULL)
+ dns_acl_attach(view->cacheacl, &view->recursionacl);
/*
* Set default "allow-recursion", "allow-recursion-on" and
@@ -1651,16 +1659,13 @@ configure_view(dns_view_t *view, const c
"allow-recursion-on",
actx, ns_g_mctx,
&view->recursiononacl));
- if (view->queryacl == NULL) {
+ if (view->cacheacl == NULL) {
if (view->recursion)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-query-cache", actx,
- ns_g_mctx, &view->queryacl));
- else {
- if (view->queryacl != NULL)
- dns_acl_detach(&view->queryacl);
- CHECK(dns_acl_none(ns_g_mctx, &view->queryacl));
- }
+ ns_g_mctx, &view->cacheacl));
+ else
+ CHECK(dns_acl_none(ns_g_mctx, &view->cacheacl));
}
/*
Modified: vendor/bind9/dist/lib/dns/api
==============================================================================
--- vendor/bind9/dist/lib/dns/api Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/lib/dns/api Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,3 +1,3 @@
-LIBINTERFACE = 57
+LIBINTERFACE = 58
LIBREVISION = 0
-LIBAGE = 2
+LIBAGE = 0
Modified: vendor/bind9/dist/lib/dns/include/dns/view.h
==============================================================================
--- vendor/bind9/dist/lib/dns/include/dns/view.h Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/lib/dns/include/dns/view.h Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: view.h,v 1.111.88.4 2009/01/29 22:40:35 jinmei Exp $ */
+/* $Id: view.h,v 1.111.88.4.24.2 2010/09/29 23:46:31 tbox Exp $ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1
@@ -118,6 +118,8 @@ struct dns_view {
isc_boolean_t enablevalidation;
isc_boolean_t acceptexpired;
dns_transfer_format_t transfer_format;
+ dns_acl_t * cacheacl;
+ dns_acl_t * cacheonacl;
dns_acl_t * queryacl;
dns_acl_t * queryonacl;
dns_acl_t * recursionacl;
Modified: vendor/bind9/dist/lib/dns/journal.c
==============================================================================
--- vendor/bind9/dist/lib/dns/journal.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/lib/dns/journal.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: journal.c,v 1.103.48.6 2009/11/04 23:47:25 tbox Exp $ */
+/* $Id: journal.c,v 1.103.48.6.10.2 2010/11/17 23:46:16 tbox Exp $ */
#include <config.h>
@@ -2173,6 +2173,12 @@ dns_journal_compact(isc_mem_t *mctx, cha
indexend = new->header.end.offset;
}
+
+ /*
+ * Close both journals before trying to rename files (this is
+ * necessary on WIN32).
+ */
+ dns_journal_destroy(&j);
dns_journal_destroy(&new);
/*
@@ -2180,12 +2186,14 @@ dns_journal_compact(isc_mem_t *mctx, cha
* Any IXFR outs will just continue and the old journal will be
* removed on final close.
*
- * With MSDOS / NTFS we need to do a two stage rename triggered
- * bu EEXISTS. Hopefully all IXFR's that were active at the last
- * rename are now complete.
+ * With MSDOS / NTFS we need to do a two stage rename, triggered
+ * by EEXIST. (If any IXFR's are running in other threads, however,
+ * this will fail, and the journal will not be compacted. But
+ * if so, hopefully they'll be finished by the next time we
+ * compact.)
*/
if (rename(newname, filename) == -1) {
- if (errno == EACCES && !is_backup) {
+ if (errno == EEXIST && !is_backup) {
result = isc_file_remove(backup);
if (result != ISC_R_SUCCESS &&
result != ISC_R_FILENOTFOUND)
@@ -2202,7 +2210,6 @@ dns_journal_compact(isc_mem_t *mctx, cha
}
}
- dns_journal_destroy(&j);
result = ISC_R_SUCCESS;
failure:
Modified: vendor/bind9/dist/lib/dns/rbtdb.c
==============================================================================
--- vendor/bind9/dist/lib/dns/rbtdb.c Fri Dec 3 23:24:27 2010 (r216168)
+++ vendor/bind9/dist/lib/dns/rbtdb.c Sat Dec 4 00:42:21 2010 (r216169)
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.270.12.16.10.3 2010/08/13 07:25:21 marka Exp $ */
+/* $Id: rbtdb.c,v 1.270.12.16.10.6 2010/11/16 07:46:23 marka Exp $ */
/*! \file */
@@ -5421,14 +5421,14 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *r
dns_rdataset_t *addedrdataset, isc_stdtime_t now)
{
rbtdb_changed_t *changed = NULL;
- rdatasetheader_t *topheader, *topheader_prev, *header;
+ rdatasetheader_t *topheader, *topheader_prev, *header, *sigheader;
unsigned char *merged;
isc_result_t result;
isc_boolean_t header_nx;
isc_boolean_t newheader_nx;
isc_boolean_t merge;
dns_rdatatype_t rdtype, covers;
- rbtdb_rdatatype_t negtype;
+ rbtdb_rdatatype_t negtype, sigtype;
dns_trust_t trust;
int idx;
@@ -5466,7 +5466,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *r
newheader_nx = NONEXISTENT(newheader) ? ISC_TRUE : ISC_FALSE;
topheader_prev = NULL;
-
+ sigheader = NULL;
negtype = 0;
if (rbtversion == NULL && !newheader_nx) {
rdtype = RBTDB_RDATATYPE_BASE(newheader->type);
@@ -5475,26 +5475,34 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *r
* We're adding a negative cache entry.
*/
covers = RBTDB_RDATATYPE_EXT(newheader->type);
- if (covers == dns_rdatatype_any) {
+ sigtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig,
+ covers);
+ for (topheader = rbtnode->data;
+ topheader != NULL;
+ topheader = topheader->next) {
/*
- * We're adding an negative cache entry
+ * If we're adding an negative cache entry
* which covers all types (NXDOMAIN,
* NODATA(QTYPE=ANY)).
*
* We make all other data stale so that the
* only rdataset that can be found at this
* node is the negative cache entry.
+ *
+ * Otherwise look for any RRSIGs of the
+ * given type so they can be marked stale
+ * later.
*/
- for (topheader = rbtnode->data;
- topheader != NULL;
- topheader = topheader->next) {
+ if (covers == dns_rdatatype_any) {
set_ttl(rbtdb, topheader, 0);
topheader->attributes |=
RDATASET_ATTR_STALE;
- }
- rbtnode->dirty = 1;
- goto find_header;
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list