Simon Kelley
b059c96dc6
Check IPv4-mapped IPv6 addresses with --stop-rebind.
2015-05-08 20:25:51 +01:00
Simon Kelley
a77cec8d58
Handle UDP packet loss when fragmentation of large packets is broken.
2015-05-08 16:25:38 +01:00
Nicolas Cavallari
64bcff1c7c
Constify some DHCP lease management functions.
2015-04-28 21:55:18 +01:00
Simon Kelley
2ed162ac20
Don't remove RRSIG RR from answers to ANY queries when the do bit is not set.
2015-04-28 21:26:35 +01:00
Simon Kelley
e66b4dff3c
Fix argument-order botch which broke DNSSEC for TCP queries.
2015-04-28 20:45:57 +01:00
Simon Kelley
a5ae1f8587
Logs in DHCPv6 not suppressed by dhcp6-quiet.
2015-04-25 21:46:10 +01:00
Simon Kelley
b8f16556d3
Tweaks to previous, DNS label charset commit.
2015-04-22 21:14:31 +01:00
Simon Kelley
cbe379ad6b
Handle domain names with '.' or /000 within labels.
...
Only in DNSSEC mode, where we might need to validate or store
such names. In none-DNSSEC mode, simply don't cache these, as before.
2015-04-21 22:57:06 +01:00
Simon Kelley
338b340be9
Revert 61b838dd57 and just quieten log instead.
2015-04-20 21:34:05 +01:00
Simon Kelley
554b580e97
Log domain when reporting DNSSEC validation failure.
2015-04-17 22:50:20 +01:00
Stefan Tomanek
b4c0f092d8
Fix (srk induced) crash in new tftp_no_fail code.
2015-04-16 15:20:59 +01:00
Simon Kelley
78c6184752
Auth: correct replies to NS and SOA in .arpa zones.
2015-04-16 15:05:30 +01:00
Simon Kelley
38440b204d
Fix crash in auth code with odd configuration.
2015-04-12 21:52:47 +01:00
Simon Kelley
ad4a8ff7d9
Fix crash on receipt of certain malformed DNS requests.
2015-04-09 21:48:00 +01:00
Simon Kelley
04b0ac0537
Fix crash caused by looking up servers.bind when many servers defined.
2015-04-06 17:19:13 +01:00
Simon Kelley
982faf4024
Fix compiler warning when not including DNSSEC.
2015-04-03 21:42:30 +01:00
Simon Kelley
fe3992f9fa
Return INSECURE, rather than BOGUS when DS proved not to exist.
...
Return INSECURE when validating DNS replies which have RRSIGs, but
when a needed DS record in the trust chain is proved not to exist.
It's allowed for a zone to set up DNSKEY and RRSIG records first, then
add a DS later, completing the chain of trust.
Also, since we don't have the infrastructure to track that these
non-validated replies have RRSIGS, don't cache them, so we don't
provide answers with missing RRSIGS from the cache.
2015-04-03 21:25:05 +01:00
Stefan Tomanek
7aa970e2c7
Whitespace fixes.
2015-04-01 17:55:07 +01:00
Stefan Tomanek
30d0879ed5
add --tftp-no-fail to ignore missing tftp root
2015-03-31 22:32:11 +01:00
Simon Kelley
794fccca7f
Fix crash in last commit.
2015-03-29 22:35:44 +01:00
Simon Kelley
394ff492da
Allow control characters in names in the cache, handle when logging.
2015-03-29 22:17:14 +01:00
Simon Kelley
1e153945de
DNSSEC fix for non-ascii characters in labels.
2015-03-28 21:34:07 +00:00
Simon Kelley
0b8a5a30a7
Protect against broken DNSSEC upstreams.
2015-03-27 11:44:55 +00:00
Simon Kelley
150162bc37
Return SERVFAIL when validation abandoned.
2015-03-27 09:58:26 +00:00
Simon Kelley
8805283088
Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone.
2015-03-26 21:15:43 +00:00
Lung-Pin Chang
65c7212000
dhcp: set outbound interface via cmsg in unicast reply
...
If multiple routes to the same network exist, Linux blindly picks
the first interface (route) based on destination address, which might not be
the one we're actually offering leases. Rather than relying on this,
always set the interface for outgoing unicast DHCP packets.
2015-03-19 23:22:21 +00:00
Simon Kelley
979fe86bc8
Make --address=/example.com/ equivalent to --server=/example.com/
2015-03-19 22:50:22 +00:00
Simon Kelley
ff841ebf5a
Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc.
...
The nasty code with static variable in retry_send() which
avoids looping forever needs to be called on success of the syscall,
to reset the static variable.
2015-03-11 21:36:30 +00:00
Simon Kelley
360f2513ab
Tweak DNSSEC timestamp code to create file later, removing need to chown it.
2015-03-07 18:28:06 +00:00
Simon Kelley
9003b50b13
Fix last commit to not crash if uid changing not configured.
2015-03-02 22:47:23 +00:00
Simon Kelley
f6e62e2af9
Add --dnssec-timestamp option and facility.
2015-03-01 18:17:54 +00:00
Tomas Hozza
0705a7e2d5
Fix uninitialized value used in get_client_mac()
2015-02-23 21:26:26 +00:00
Chen Wei
28b879ac47
Fix trivial memory leaks to quieten valgrind.
2015-02-17 22:07:35 +00:00
Simon Kelley
caeea190f1
Make dynamic hosts files work when --no-hosts set.
2015-02-14 20:08:56 +00:00
Simon Kelley
8ff70de618
Typos.
2015-02-14 20:02:37 +00:00
Simon Kelley
f9c863708c
Extra logging for inotify code.
2015-02-03 21:52:48 +00:00
Simon Kelley
2941d3ac89
Fixup dhcp-configs after reading extra hostfiles with inotify.
2015-02-02 22:36:42 +00:00
Simon Kelley
8d8a54ec79
Fix build failure on openBSD.
2015-02-01 21:48:46 +00:00
Simon Kelley
6ef15b34ca
Fix broken ECDSA DNSSEC signatures.
2015-01-31 22:44:26 +00:00
Simon Kelley
aff3396280
Update copyrights for dawn of 2015.
2015-01-31 20:13:40 +00:00
Simon Kelley
70d1873dd9
Expand inotify code to dhcp-hostsdir, dhcp-optsdir and hostsdir.
2015-01-31 19:59:29 +00:00
Simon Kelley
0491805d2f
Allow inotify to be disabled at compile time on Linux.
2015-01-26 11:23:43 +00:00
Win King Wan
61b838dd57
Don't reply to DHCPv6 SOLICIT messages when not configured for statefull DHCPv6.
2015-01-21 20:41:48 +00:00
Simon Kelley
5f4dc5c6ca
Add --dhcp-hostsdir config option.
2015-01-20 20:51:02 +00:00
Simon Kelley
2ae195f5a7
Don't treat SERVFAIL as a recoverable error.....
2015-01-18 22:20:48 +00:00
Simon Kelley
393415597c
Cope with multiple interfaces with the same LL address.
2015-01-18 22:11:10 +00:00
Simon Kelley
ae4624bf46
Logs for DS records consistent.
2015-01-12 23:22:08 +00:00
Simon Kelley
5e321739db
Don't answer from cache RRsets from wildcards, as we don't have NSECs.
2015-01-12 23:16:56 +00:00
Simon Kelley
9f79ee4ae3
Log port of requestor when doing extra logging.
2015-01-12 20:18:18 +00:00
RinSatsuki
28de38768e
Add --min-cache-ttl option.
2015-01-10 15:22:21 +00:00
