bin/python/Makefile.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 add_--install-layout=deb_to_setup.py_call

bin/python/dnssec-checkds.py.in | 2 1 + 1 - 0 !
bin/python/dnssec-coverage.py.in | 2 1 + 1 - 0 !
bin/python/dnssec-keymgr.py.in | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 python fix for dist-packages

doc/arm/build.rst | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 remove the reference to options.md - it breaks build on debian
 stretch

doc/arm/Makefile.in | 1 0 + 1 - 0 !
doc/man/Makefile.in | 2 0 + 2 - 0 !
2 files changed, 3 deletions(-)

 disable treat-warnings-as-errors in sphinx-build

configure | 2 1 + 1 - 0 !
configure.ac | 2 1 + 1 - 0 !
lib/dns/rdataslab.c | 12 12 + 0 - 0 !
3 files changed, 14 insertions(+), 2 deletions(-)

 add a limit to the number of rrs in rrsets

Previously, the number of RRs in the RRSets were internally unlimited.
As the data structure that holds the RRs is just a linked list, and
there are places where we just walk through all of the RRs, adding an
RRSet with huge number of RRs inside would slow down processing of said
RRSets.

The fix for end-of-life branches make the limit compile-time only for
simplicity and the limit can be changed at the compile time by adding
following define to CFLAGS:

    -DDNS_RDATASET_MAX_RECORDS=<limit>

(cherry picked from commit c5c4d00c38530390c9e1ae4c98b65fbbadfe9e5e)

configure | 2 1 + 1 - 0 !
configure.ac | 2 1 + 1 - 0 !
lib/dns/rbtdb.c | 17 17 + 0 - 0 !
3 files changed, 19 insertions(+), 2 deletions(-)

 add a limit to the number of rr types for single name

Previously, the number of RR types for a single owner name was limited
only by the maximum number of the types (64k).  As the data structure
that holds the RR types for the database node is just a linked list, and
there are places where we just walk through the whole list (again and
again), adding a large number of RR types for a single owner named with
would slow down processing of such name (database node).

Add a hard-coded limit (100) to cap the number of the RR types for a single
owner.  The limit can be changed at the compile time by adding following
define to CFLAGS:

    -DDNS_RBTDB_MAX_RTYPES=<limit>

lib/dns/rbtdb.c | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 expand the list of the priority types

Add HTTPS, SVCB, SRV, PTR, NAPTR, DNSKEY and TXT records to the list of
the priority types that are put at the beginning of the slabheader list
for faster access and to avoid eviction when there are more types than
the max-types-per-name limit.

(cherry picked from commit b27c6bcce894786a8e082eafd59eccbf6f2731cb)

bin/tests/system/resolver/tests.sh | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 make the resolver qtype any test order agnostic

Instead of relying on a specific order of the RR types in the databases
pick the first RR type as returned from the cache.

(cherry picked from commit 58f660cf2b800963fa649bc9823a626009db3a7e)

lib/dns/rbtdb.c | 68 57 + 11 - 0 !
1 file changed, 57 insertions(+), 11 deletions(-)

 be smarter about refusing to add many rr types to the database

Instead of outright refusing to add new RR types to the cache, be a bit
smarter:

1. If the new header type is in our priority list, we always add either
   positive or negative entry at the beginning of the list.

2. If the new header type is negative entry, and we are over the limit,
   we mark it as ancient immediately, so it gets evicted from the cache
   as soon as possible.

3. Otherwise add the new header after the priority headers (or at the
   head of the list).

4. If we are over the limit, evict the last entry on the normal header
   list.

(cherry picked from commit 57cd34441a1b4ecc9874a4a106c2c95b8d7a3120)

lib/dns/message.c | 99 6 + 93 - 0 !
lib/ns/client.c | 7 7 + 0 - 0 !
2 files changed, 13 insertions(+), 93 deletions(-)

 remove support for sig(0) message verification

(cherry picked from commit 857fd5c346e3309ee8e280c29174b46579af5a13)

doc/arm/advanced.rst | 18 3 + 15 - 0 !
doc/arm/general.rst | 6 2 + 4 - 0 !
doc/arm/reference.rst | 4 2 + 2 - 0 !
doc/arm/security.rst | 4 2 + 2 - 0 !
4 files changed, 9 insertions(+), 23 deletions(-)

 document sig(0) verification removal

(cherry picked from commit 654ba34d80b8b6ed805461d7ada2466f8c19a6f1)

bin/tests/system/tsiggss/authsock.pl | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 enable stdout autoflush in authsock.pl

With enabled buffering the output gets lost when the process
receives a TERM signal. Disable the buffering.

(cherry picked from commit a0311dfb6e2a51f89dfa8b200b96a0f4675fb654)

bin/tests/system/tsiggss/authsock.pl | 1 1 + 0 - 0 !
bin/tests/system/tsiggss/clean.sh | 2 1 + 1 - 0 !
bin/tests/system/tsiggss/tests.sh | 12 7 + 5 - 0 !
3 files changed, 9 insertions(+), 6 deletions(-)

 adapt the tsiggss test to the sig(0) removal

Test that SIG(0) signer is NOT sent to the external socket for
authorization. It MUST NOT be considered a valid signature by
any chance.

Also check that the signer's name does not appear in authsock.pl
output.

(cherry picked from commit cf8838085905171fbc00747eb210e8b8284ca0e1)

bin/tests/system/upforwd/tests.sh | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 adapt the upforwd test to the sig(0) removal

Change the check so that update with SIG(0) is expected to fail.

(cherry picked from commit 5f7558f6dbb0527c08caf281299245ab8de268cd)

lib/ns/query.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 clear qctx->zversion

Clear qctx->zversion when clearing qctx->zrdataset et al in
lib/ns/query.c:qctx_freedata.  The uncleared pointer could lead to
an assertion failure if zone data needed to be re-saved which could
happen with stale data support enabled.

(cherry picked from commit 179fb3532ab8d4898ab070b2db54c0ce872ef709)

lib/dns/resolver.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

 clear dns_fetchopt_trystale_ontimeout

When calling dns_resolver_createfetch in resolver.c with a callback
of resume_dslookup, clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT from
options as DNS_EVENT_TRYSTALE is not an expected event type and
triggers a REQUIRE.

(cherry picked from commit 6faea6da3d646557d234d63ddd5d524d222e8082)

bin/named/config.c | 1 1 + 0 - 0 !
bin/named/server.c | 9 9 + 0 - 0 !
bin/named/zoneconf.c | 8 8 + 0 - 0 !
bin/tests/system/dyndb/driver/db.c | 3 2 + 1 - 0 !
doc/arm/reference.rst | 12 12 + 0 - 0 !
doc/misc/master.zoneopt | 2 2 + 0 - 0 !
doc/misc/mirror.zoneopt | 2 2 + 0 - 0 !
doc/misc/options | 44 28 + 16 - 0 !
doc/misc/options.active | 44 28 + 16 - 0 !
doc/misc/redirect.zoneopt | 2 2 + 0 - 0 !
doc/misc/slave.zoneopt | 2 2 + 0 - 0 !
doc/misc/static-stub.zoneopt | 2 2 + 0 - 0 !
doc/misc/stub.zoneopt | 2 2 + 0 - 0 !
lib/dns/cache.c | 13 13 + 0 - 0 !
lib/dns/db.c | 9 9 + 0 - 0 !
lib/dns/dnsrps.c | 3 2 + 1 - 0 !
lib/dns/ecdb.c | 8 6 + 2 - 0 !
lib/dns/include/dns/cache.h | 6 6 + 0 - 0 !
lib/dns/include/dns/db.h | 8 8 + 0 - 0 !
lib/dns/include/dns/rdataslab.h | 6 4 + 2 - 0 !
lib/dns/include/dns/view.h | 7 7 + 0 - 0 !
lib/dns/include/dns/zone.h | 26 26 + 0 - 0 !
lib/dns/rbtdb.c | 45 31 + 14 - 0 !
lib/dns/rdataslab.c | 10 6 + 4 - 0 !
lib/dns/sdb.c | 3 2 + 1 - 0 !
lib/dns/sdlz.c | 3 2 + 1 - 0 !
lib/dns/view.c | 11 11 + 0 - 0 !
lib/dns/xfrin.c | 24 5 + 19 - 0 !
lib/dns/zone.c | 74 55 + 19 - 0 !
lib/isccfg/namedconf.c | 3 3 + 0 - 0 !
30 files changed, 296 insertions(+), 96 deletions(-)

 add a limit to the number of rrs in rrsets

Previously, the number of RRs in the RRSets were internally unlimited.
As the data structure that holds the RRs is just a linked list, and
there are places where we just walk through all of the RRs, adding an
RRSet with huge number of RRs inside would slow down processing of said
RRSets.

Add a configurable limit to cap the number of the RRs in a single RRSet.
This is enforced at the database (rbtdb, qpzone, qpcache) level and
configured with new max-records-per-type configuration option that can
be configured globally, per-view and per-zone.

(cherry picked from commit 3fbd21f69a1bcbd26c4c00920e7b0a419e8762fc)

bin/tests/system/limits/ns1/named.conf.in | 1 1 + 0 - 0 !
bin/tests/system/masterformat/clean.sh | 2 2 + 0 - 0 !
bin/tests/system/masterformat/ns1/compile.sh | 2 2 + 0 - 0 !
bin/tests/system/masterformat/ns1/huge.db.in | 22 22 + 0 - 0 !
bin/tests/system/masterformat/ns1/named.conf.in | 15 15 + 0 - 0 !
bin/tests/system/masterformat/ns1/uber.db.in | 22 22 + 0 - 0 !
bin/tests/system/masterformat/ns2/named.conf.in | 8 8 + 0 - 0 !
bin/tests/system/masterformat/setup.sh | 19 17 + 2 - 0 !
bin/tests/system/masterformat/tests.sh | 60 58 + 2 - 0 !
9 files changed, 147 insertions(+), 4 deletions(-)

 add test for not-loading and not-transfering huge rrsets

Add two new masterformat tests - the 'huge' zone fits within the ns1
limit and loads on the primary ns1 server, but must not transfer to the
ns2 secondary, and the 'uber' zone should not even load on the primary
ns1 server.

(cherry picked from commit cee9ad81db6e5a1167b311e5c2f42cf65ba457cd)

bin/tests/system/reclimit/ns1/big.db | 2515 2515 + 0 - 0 !
bin/tests/system/reclimit/ns1/named.conf.in | 6 6 + 0 - 0 !
bin/tests/system/reclimit/ns1/root.db | 3 3 + 0 - 0 !
bin/tests/system/reclimit/ns3/named5.conf.in | 42 42 + 0 - 0 !
bin/tests/system/reclimit/tests.sh | 12 11 + 1 - 0 !
5 files changed, 2577 insertions(+), 1 deletion(-)

 add a test for not caching large rrset

Send a recursive query for a large (2500 record) RRset, which should
fail when using the default max-records-per-type setting of 100, but
succeed when the cap is disabled.

(cherry picked from commit 8e3efb4e06ba68cc3f9bc5be2bacb2596bd74cb3)

.gitlab-ci.yml | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 disable windows checks in the misc job

We don't care about the Windows symbols not the Windows configure
anymore.

bin/named/config.c | 1 1 + 0 - 0 !
bin/named/server.c | 9 9 + 0 - 0 !
bin/named/zoneconf.c | 8 8 + 0 - 0 !
bin/tests/system/dyndb/driver/db.c | 3 2 + 1 - 0 !
doc/arm/reference.rst | 12 12 + 0 - 0 !
lib/dns/cache.c | 12 12 + 0 - 0 !
lib/dns/db.c | 9 9 + 0 - 0 !
lib/dns/dnsrps.c | 3 2 + 1 - 0 !
lib/dns/ecdb.c | 3 2 + 1 - 0 !
lib/dns/include/dns/cache.h | 6 6 + 0 - 0 !
lib/dns/include/dns/db.h | 11 11 + 0 - 0 !
lib/dns/include/dns/view.h | 7 7 + 0 - 0 !
lib/dns/include/dns/zone.h | 13 13 + 0 - 0 !
lib/dns/rbtdb.c | 35 24 + 11 - 0 !
lib/dns/sdb.c | 3 2 + 1 - 0 !
lib/dns/sdlz.c | 3 2 + 1 - 0 !
lib/dns/view.c | 10 10 + 0 - 0 !
lib/dns/zone.c | 15 15 + 0 - 0 !
lib/isccfg/namedconf.c | 3 3 + 0 - 0 !
19 files changed, 150 insertions(+), 16 deletions(-)

 add a limit to the number of rr types for single name

Previously, the number of RR types for a single owner name was limited
only by the maximum number of the types (64k).  As the data structure
that holds the RR types for the database node is just a linked list, and
there are places where we just walk through the whole list (again and
again), adding a large number of RR types for a single owner named with
would slow down processing of such name (database node).

Add a configurable limit to cap the number of the RR types for a single
owner.  This is enforced at the database (rbtdb, qpzone, qpcache) level
and configured with new max-types-per-name configuration option that
can be configured globally, per-view and per-zone.

(cherry picked from commit 00d16211d6368b99f070c1182d8c76b3798ca1db)

lib/dns/zone.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fix a memory leak that could occur when signing

when signatures were not added because of too many types already

lib/dns/rbtdb.c | 27 10 + 17 - 0 !
1 file changed, 10 insertions(+), 17 deletions(-)

 be smarter about refusing to add many rr types to the database

Instead of outright refusing to add new RR types to the cache, be a bit
smarter:

1. If the new header type is in our priority list, we always add either
   positive or negative entry at the beginning of the list.

2. If the new header type is negative entry, and we are over the limit,
   we mark it as ancient immediately, so it gets evicted from the cache
   as soon as possible.

3. Otherwise add the new header after the priority headers (or at the
   head of the list).

4. If we are over the limit, evict the last entry on the normal header
   list.

(cherry picked from commit 57cd34441a1b4ecc9874a4a106c2c95b8d7a3120)

bin/tests/system/reclimit/ns1/big.db | 256 256 + 0 - 0 !
bin/tests/system/reclimit/ns1/named.conf.in | 1 1 + 0 - 0 !
bin/tests/system/reclimit/ns3/named5.conf.in | 1 1 + 0 - 0 !
bin/tests/system/reclimit/ns3/named6.conf.in | 43 43 + 0 - 0 !
bin/tests/system/reclimit/tests.sh | 34 34 + 0 - 0 !
5 files changed, 335 insertions(+)

 add a test for not caching large number of rrsets

Send a recursive query for a large number of RRsets, which should
fail when using the default max-types-per-name setting of 100, but
succeed when the cap is disabled.

(cherry picked from commit 7e4530f847c8dc541c5e5bf9f790deed520aaa16)

bin/tests/system/masterformat/ns1/compile.sh | 1 1 + 0 - 0 !
bin/tests/system/masterformat/ns1/many.db.in | 22 22 + 0 - 0 !
bin/tests/system/masterformat/ns1/named.conf.in | 9 9 + 0 - 0 !
bin/tests/system/masterformat/ns2/named.conf.in | 8 8 + 0 - 0 !
bin/tests/system/masterformat/setup.sh | 5 5 + 0 - 0 !
bin/tests/system/masterformat/tests.sh | 23 23 + 0 - 0 !
6 files changed, 68 insertions(+)

 add test for not-loading many rrsets per name on a secondary

This tests makes sure the zone with many RRsets per name is not loaded
via XFR on the secondary server.

(cherry picked from commit 4cfeed912a5e7440f04cb088a461ff47305da2e7)

bin/tests/system/masterformat/tests.sh | 30 15 + 15 - 0 !
1 file changed, 15 insertions(+), 15 deletions(-)

 test variable rename a->rrcount

(cherry picked from commit 338b45ae713cded921fd3e5494ca38bd59ff9ee8)

bin/tests/system/masterformat/tests.sh | 20 10 + 10 - 0 !
1 file changed, 10 insertions(+), 10 deletions(-)

 test variable rename i->_attempt

(cherry picked from commit 13417eb277cc8a30ee4ddbb6fc02442b0d8e6d3c)

bin/tests/system/masterformat/setup.sh | 24 12 + 12 - 0 !
bin/tests/system/masterformat/tests.sh | 10 5 + 5 - 0 !
2 files changed, 17 insertions(+), 17 deletions(-)

 test owner name rename: a b c d e -> <number>-txt

(cherry picked from commit 6ce03f75d1935c2e1991e9c0a01c49b0099a58cb)

bin/tests/system/masterformat/ns1/255types.db.in | 22 22 + 0 - 0 !
bin/tests/system/masterformat/ns1/compile.sh | 8 4 + 4 - 0 !
bin/tests/system/masterformat/ns1/huge.db.in | 22 0 + 22 - 0 !
bin/tests/system/masterformat/ns1/large.db.in | 22 0 + 22 - 0 !
bin/tests/system/masterformat/ns1/many.db.in | 22 0 + 22 - 0 !
bin/tests/system/masterformat/ns1/named.conf.in | 16 8 + 8 - 0 !
bin/tests/system/masterformat/ns1/on-limit.db.in | 22 22 + 0 - 0 !
bin/tests/system/masterformat/ns1/over-limit.db.in | 22 22 + 0 - 0 !
bin/tests/system/masterformat/ns1/uber.db.in | 22 0 + 22 - 0 !
bin/tests/system/masterformat/ns1/under-limit.db.in | 22 22 + 0 - 0 !
bin/tests/system/masterformat/ns2/named.conf.in | 12 6 + 6 - 0 !
bin/tests/system/masterformat/setup.sh | 22 13 + 9 - 0 !
bin/tests/system/masterformat/tests.sh | 28 14 + 14 - 0 !
13 files changed, 133 insertions(+), 129 deletions(-)

 masterformat: rename zone names to reflect intended meaning

(cherry picked from commit d34bfb1eeaa2f8faab80b1620b992b5495e6f88c)

bin/tests/system/masterformat/ns1/255types.db.in | 22 0 + 22 - 0 !
bin/tests/system/masterformat/ns1/empty.db.in | 22 22 + 0 - 0 !
bin/tests/system/masterformat/ns1/on-limit.db.in | 22 0 + 22 - 0 !
bin/tests/system/masterformat/ns1/over-limit.db.in | 22 0 + 22 - 0 !
bin/tests/system/masterformat/ns1/under-limit.db.in | 22 0 + 22 - 0 !
bin/tests/system/masterformat/setup.sh | 8 4 + 4 - 0 !
6 files changed, 26 insertions(+), 92 deletions(-)

 remove duplicated empty zone files

(cherry picked from commit 1456b4fc7778b851256107dbc79fb67d45f752f5)

lib/ns/update.c | 15 12 + 3 - 0 !
1 file changed, 12 insertions(+), 3 deletions(-)

 log error when update fails

The new "too many records" error can make an update fail without the
error being logged. This commit fixes that.

(cherry picked from commit 558923e5405894cf976d102f0d246a28bdbb400c)

bin/tests/system/reclimit/clean.sh | 2 2 + 0 - 0 !
bin/tests/system/reclimit/ns1/big.db | 5009 2506 + 2503 - 0 !
bin/tests/system/reclimit/ns1/named.conf.in | 5 5 + 0 - 0 !
bin/tests/system/reclimit/ns1/root.db | 5 4 + 1 - 0 !
bin/tests/system/reclimit/setup.sh | 5 5 + 0 - 0 !
bin/tests/system/reclimit/tests.sh | 319 266 + 53 - 0 !
6 files changed, 2788 insertions(+), 2557 deletions(-)

 add more tests for adding many rr types to the database

More reclimit tests that test various scenarios adding combinations of
priority and non-priority RR types into the database.