[Dnssec-trigger] dnssec-trigger 0.16 released

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu Jun 21 12:25:29 UTC 2018


dnssec-trigger 0.16 is available:
sha256 e80aab8fd52074638f782a608bf433cbaa507cad087bcc5fb433353db9d057cb


This release has a fix for the reports about .uk.uk.  The patchset from
Martin Sehnoutka is integrated, it moves functionality from the linux
network change script into the dnssec-trigger process.

- Patch set from Martin Sehnoutka,
  It migrates the functionality currently provided by the script
  into the daemon. the "update" command from the script is available
  in the daemon as "update_all", so that they can live side by side.

Bug Fixes
- Fix example.conf default printout text replacement.
- port of dnssec-trigger-script to libnm.
- Fix that NXDOMAIN for _probe.uk.uk is deemed allright.
- Modify the build system:
A new configure option 'with-forward-zones-support' was introduced, that
enables configuration of forward and local zones directly from the
daemon as opposed to the script. Without this option, there is almost no

The new functionality of the daemon can be triggered by the "update_all"
command, which is now used in NM dispatcher script and systemd service
file. Some configuration options were migrated from the script to the
daemon as well.

Finally a testing suite was introduced using the cmocka library.
- Introduce string_buffer and string_list types:
  String buffer is a fat pointer and list is a single linked list of fat
char pointers.
- Import JSON parsing library (BSD-MIT license).
- Connection list module:
A connection is a struct encapsulating the concept of "connection" as
known from NetworkManager. It is used to extract information about
global resolvers, DNS search zones and in the future about reverse zones
corresponding to the network address.
- Function to parse JSON into connection list
- Lock module, used to serialize execution in the script
This was introduced as a compatibility feature with the script, but once
the script is gone, this can be safely removed.
- Store module - persistent storage used by the script
The script uses few files stored on disk in order to create a persistent
cache of configured global forwarders and forward zones. This was
introduced as a compatibility module with the script. Again it can be
removed once the compatibility is not needed any more.
- Testing suite for previously introduced modules
It can be executed using 'make test' and it can be also used in CI.
- New configuration options, that were in the script
- Hook unbound control
It uses 'unbound-control' binary instead of the socket, so this should
probably be rewritten if possible.
- Reimplement update command from script in riggerd
- add testing file for global forwarders cache
- Fixes and modifications to the patch set.
- removed -vvv option from dnssec-triggerd daemon start script.
- removed unaligned memcpy
- More review fixes, store.c, error log and fixup of getline return,
  and not variable use before declaration.  Spelling, strdup,
  bool removal for portability.  Removed unsigned comparison warning.
- string_list, sprint with null termination and correct buffer check.
- Fix that update_connection_zones does not use item after free.
- Fix declare before code warnings.
- Use pclose for popen fds.
- Use snprintf instead of sprintf to fixed buffer.
- Fix gcc buffer size for snprintf warning (in dnssec-trigger update
  code, not the patch set from 14may).
- Add check on shell commandline arguments, to make sure domain names
  and IP addresses passed to it do not contain escape characters.

Best regards, Wouter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/dnssec-trigger/attachments/20180621/7ff6c3e7/attachment.bin>

More information about the dnssec-trigger mailing list