Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/external/bsd/unbound/dist/testdata/auth_axfr.tdir/auth_axfr.testns

28 lines
667 B
Plaintext
Raw Permalink Normal View History

Import unbound-1.7.3 19 June 2018: Wouter - Fix for unbound-control on Windows and set TCP socket parameters more closely. - Fix windows unbound-control no cert bad file descriptor error. 18 June 2018: Wouter - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. - Fix unbound-checkconf for control-use-cert. 15 June 2018: Wouter - tag for 1.7.3rc1. 14 June 2018: Wouter - #4103: Fix that auth-zone does not insist on SOA record first in file for url downloads. - Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS. - Fix nettle compile. 12 June 2018: Ralph - Don't count CNAME response types received during qname minimisation as query restart. 12 June 2018: Wouter - #4102 for NSD, but for Unbound. Named unix pipes do not use certificate and key files, access can be restricted with file and directory permissions. The option control-use-cert is no longer used, and ignored if found in unbound.conf. - Rename tls-additional-ports to tls-additional-port, because every line adds one port. - Fix buffer size warning in unit test. - remade dependencies in the Makefile. 6 June 2018: Wouter - Patch to fix openwrt for mac os build darwin detection in configure. 5 June 2018: Wouter - Fix crash if ratelimit taken into use with unbound-control instead of with unbound.conf. 4 June 2018: Wouter - Fix deadlock caused by incoming notify for auth-zone. - tag for 1.7.2rc1, became 1.7.2 release on 11 June 2018, trunk is 1.7.3 in development from this point. - #4100: Fix stub reprime when it becomes useless. 1 June 2018: Wouter - Rename additional-tls-port to tls-additional-ports. The older name is accepted for backwards compatibility. 30 May 2018: Wouter - Patch from Syzdek: Add ability to ignore RD bit and treat all requests as if the RD bit is set. 29 May 2018: Wouter - in compat/arc4random call getentropy_urandom when getentropy fails with ENOSYS. - Fix that fallback for windows port. 28 May 2018: Wouter - Fix windows tcp and tls spin on events. - Add routine from getdns to add windows cert store to the SSL_CTX. - tls-win-cert option that adds the system certificate store for authenticating DNS-over-TLS connections. It can be used instead of the tls-cert-bundle option, or with it to add certificates. 25 May 2018: Wouter - For TCP and TLS connections that don't establish, perform address update in infra cache, so future selections can exclude them. - Fix that tcp sticky events are removed for closed fd on windows. - Fix close events for tcp only. 24 May 2018: Wouter - Fix that libunbound can do DNS-over-TLS, when configured. - Fix that windows unbound service can use DNS-over-TLS. - unbound-host initializes ssl (for potential DNS-over-TLS usage inside libunbound), when ssl upstream or a cert-bundle is configured. 23 May 2018: Wouter - Use accept4 to speed up incoming TCP (and TLS) connections, available on Linux, FreeBSD and OpenBSD. 17 May 2018: Ralph - Qname minimisation default changed to yes. 15 May 2018: Wouter - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand. 11 May 2018: Wouter - Fix contrib/libunbound.pc for libssl libcrypto references, from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226914 7 May 2018: Wouter - Fix windows to not have sticky TLS events for TCP. - Fix read of DNS over TLS length and data in one read call. - Fix mesh state assertion failure due to callback removal. 3 May 2018: Wouter - Fix that configure --with-libhiredis also turns on cachedb. - Fix gcc 8 buffer warning in testcode. - Fix function type cast warning in libunbound context callback type. 2 May 2018: Wouter - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 1 May 2018: Wouter - Fix that unbound-control reload frees the rrset keys and returns the memory pages to the system. 30 April 2018: Wouter - Fix spelling error in man page and note defaults as no instead of off. 26 April 2018: Wouter - Fix for crash in daemon_cleanup with dnstap during reload, from Saksham Manchanda. - Also that for dnscrypt. - tag for 1.7.1rc1 release. Became 1.7.1 release on 3 May, trunk is from here 1.7.2 in development. 25 April 2018: Ralph - Fix memory leak when caching wildcard records for aggressive NSEC use 24 April 2018: Wouter - Fix contrib/fastrpz.patch for this release. - Fix auth https for libev. 24 April 2018: Ralph - Added root-key-sentinel support 23 April 2018: Wouter - makedist uses bz2 for expat code, instead of tar.gz. - Fix #4092: libunbound: use-caps-for-id lacks colon in config_set_option. - auth zone http download stores exact copy of downloaded file, including comments in the file. - Fix sldns parse failure for CDS alternate delete syntax empty hex. - Attempt for auth zone fix; add of callback in mesh gets from callback does not skip callback of result. - Fix cname classification with qname minimisation enabled. - list_auth_zones unbound-control command. 20 April 2018: Wouter - man page documentation for dns-over-tls forward-addr '#' notation. - removed free from failed parse case. - Fix #4091: Fix that reload of auth-zone does not merge the zonefile with the previous contents. - Delete auth zone when removed from config. 19 April 2018: Wouter - Can set tls authentication with forward-addr: IP#tls.auth.name And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem". such as forward-addr: 9.9.9.9@853#dns.quad9.net or 1.1.1.1@853#cloudflare-dns.com - Fix #658: unbound using TLS in a forwarding configuration does not verify the server's certificate (RFC 8310 support). - For addr with #authname and no @port notation, the default is 853. 18 April 2018: Wouter - Fix auth-zone retry timer to be on schedule with retry timeout, with backoff. Also time a refresh at the zone expiry. 17 April 2018: Wouter - auth zone notify work. - allow-notify: config statement for auth-zones. - unit test for allow-notify 16 April 2018: Wouter - Fix auth zone target lookup iterator. - auth zone notify with prefix - auth zone notify work. 13 April 2018: Wouter - Fix for max include depth for authzones. - Fix memory free on fail for $INCLUDE in authzone. - Fix that an internal error to look up the wrong rr type for auth zone gets stopped, before trying to send there. - auth zone notify work. 10 April 2018: Ralph - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics counters. 10 April 2018: Wouter - documentation for low-rtt and low-rtt-pct. - auth zone notify work. 9 April 2018: Wouter - Fix that flush_zone sets prefetch ttl expired, so that with serve-expired enabled it'll start prefetching those entries. - num.query.authzone.up and num.query.authzone.down statistics counters. - Fix downstream auth zone, only fallback when auth zone fails to answer and fallback is enabled. - Accept both option names with and without colon for get_option and set_option. - low-rtt and low-rtt-pct in unbound.conf enable the server selection of fast servers for some percentage of the time. 5 April 2018: Wouter - Combine write of tcp length and tcp query for dns over tls. - nitpick fixes in example.conf. - Fix above stub queries for type NS and useless delegation point. - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 tls_choose_sigalg routine does not allow the ciphers for the pipe, so use TLSv1.2. - ED448 support. 3 April 2018: Wouter - Fix #4043: make test fails due to v6 presentation issue in macOS. - Fix unable to resolve after new WLAN connection, due to auth-zone failing with a forwarder set. Now, auth-zone is only used for answers (not referrals) when a forwarder is set. 29 March 2018: Ralph - Check "result" in dup_all(), by Florian Obser. 23 March 2018: Ralph - Fix unbound-control get_option aggressive-nsec 21 March 2018: Ralph - Do not use cached NSEC records to generate negative answers for domains under DNSSEC Negative Trust Anchors. 19 March 2018: Wouter - iana port update. 16 March 2018: Wouter - corrected a minor typo in the changelog. - move htobe64/be64toh portability code to cachedb.c. 15 March 2018: Wouter - Add --with-libhiredis, unbound support for a new cachedb backend that uses a Redis server as the storage. This implementation depends on the hiredis client library (https://redislabs.com/lp/hiredis/). And unbound should be built with both --enable-cachedb and --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h should exist). Patch from Jinmei Tatuya (Infoblox). - Fix #3817: core dump happens in libunbound delete, when queued servfail hits deleted message queue. - Create additional tls service interfaces by opening them on other portnumbers and listing the portnumbers as additional-tls-port: nr. 13 March 2018: Wouter - Fix typo in documentation. - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually flushed with serve-expired on. 12 March 2018: Wouter - Added documentation for aggressive-nsec: yes. - tag 1.7.0rc3. That became the 1.7.0 release on 15 Mar, trunk now has 1.7.1 in development. - Fix #3727: Protocol name is TLS, options have been renamed but documentation is not consistent. - Check IXFR start serial. 9 March 2018: Wouter - Fix #3598: Fix swig build issue on rhel6 based system. configure --disable-swig-version-check stops the swig version check. 8 March 2018: Wouter - tag 1.7.0rc2. 7 March 2018: Wouter - Fixed contrib/fastrpz.patch, even though this already applied cleanly for me, now also for others. - patch to log creates keytag queries, from A. Schulze. - patch suggested by Debian lintian: allow to -> allow one to, from A. Schulze. - Attempt to remove warning about trailing whitespace. 6 March 2018: Wouter - Reverted fix for #3512, this may not be the best way forward; although it could be changed at a later time, to stay similar to other implementations. - svn trunk contains 1.7.0, this is the number for the next release. - Fix for windows compile. - tag 1.7.0rc1. 5 March 2018: Wouter - Fix to check define of DSA for when openssl is without deprecated. - iana port update. - Fix #3582: Squelch address already in use log when reuseaddr option causes same port to be used twice for tcp connections. 27 February 2018: Wouter - Fixup contrib/fastrpz.patch so that it applies. - Fix compile without threads, and remove unused variable. - Fix compile with staticexe and python module. - Fix nettle compile. 22 February 2018: Ralph - Save wildcard RRset from answer with original owner for use in aggressive NSEC. 21 February 2018: Wouter - Fix #3512: unbound incorrectly reports SERVFAIL for CAA query when there is a CNAME loop. - Fix validation for CNAME loops. When it detects a cname loop, by finding the cname, cname in the existing list, it returns the partial result with the validation result up to then. - more robust cachedump rrset routine. 19 February 2018: Wouter - Fix #3505: Documentation for default local zones references wrong RFC. - Fix #3494: local-zone noview can be used to break out of the view to the global local zone contents, for queries for that zone. - Fix for more maintainable code in localzone. 16 February 2018: Wouter - Fixes for clang static analyzer, the missing ; in edns-subnet/addrtree.c after the assert made clang analyzer produce a failure to analyze it. 13 February 2018: Ralph - Aggressive NSEC tests 13 February 2018: Wouter - tls-cert-bundle option in unbound.conf enables TLS authentication. - iana port update. 12 February 2018: Wouter - Unit test for auth zone https url download. 12 February 2018: Ralph - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test) - Processed aggressive NSEC code review remarks Wouter 8 February 2018: Ralph - Aggressive use of NSEC implementation. Use cached NSEC records to generate NXDOMAIN, NODATA and positive wildcard answers. 8 February 2018: Wouter - iana port update. - auth zone url config. 5 February 2018: Wouter - Fix #3451: dnstap not building when you have a separate build dir. And removed protoc warning, set dnstap.proto syntax to proto2. - auth-zone provides a way to configure RFC7706 from unbound.conf, eg. with auth-zone: name: "." for-downstream: no for-upstream: yes fallback-enabled: yes and masters or a zonefile with data. 2 February 2018: Wouter - Fix unfreed locks in log and arc4random at exit of unbound. - unit test with valgrind - Fix lock race condition in dns cache dname synthesis. - lock subnet new item before insertion to please checklocks, no modification of critical regions outside of lock region. 1 February 2018: Wouter - fix unaligned structure making a false positive in checklock unitialised memory. 29 January 2018: Ralph - Use NSEC with longest ce to prove wildcard absence. - Only use *.ce to prove wildcard absence, no longer names. 25 January 2018: Wouter - ltrace.conf file for libunbound in contrib. 23 January 2018: Wouter - Fix that unbound-checkconf -f flag works with auto-trust-anchor-file for startup scripts to get the full pathname(s) of anchor file(s). - Print fatal errors about remote control setup before log init, so that it is printed to console. 22 January 2018: Wouter - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is also recognized and means the same. Also for tls-port, tls-service-key, tls-service-pem, stub-tls-upstream and forward-tls-upstream. - Fix #3397: Fix that cachedb could return a partial CNAME chain. - Fix #3397: Fix that when the cache contains an unsigned DNAME in the middle of a cname chain, a result without the DNAME could be returned.
2018-09-03 17:08:55 +03:00
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN SOA
SECTION ANSWER
example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN AXFR
SECTION ANSWER
example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
example.com. IN NS ns.example.net.
EXTRA_PACKET
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN AXFR
SECTION ANSWER
www.example.com. IN A 1.2.3.4
example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
ENTRY_END