[Dnssec-trigger] dnssec-trigger 0.16 released
wouter at nlnetlabs.nl
Thu Jun 21 12:25:29 UTC 2018
dnssec-trigger 0.16 is available:
This release has a fix for the reports about .uk.uk. The patchset from
Martin Sehnoutka is integrated, it moves functionality from the linux
network change script into the dnssec-trigger process.
- Patch set from Martin Sehnoutka,
It migrates the functionality currently provided by the script
into the daemon. the "update" command from the script is available
in the daemon as "update_all", so that they can live side by side.
- Fix example.conf default printout text replacement.
- port of dnssec-trigger-script to libnm.
- Fix that NXDOMAIN for _probe.uk.uk is deemed allright.
- Modify the build system:
A new configure option 'with-forward-zones-support' was introduced, that
enables configuration of forward and local zones directly from the
daemon as opposed to the script. Without this option, there is almost no
The new functionality of the daemon can be triggered by the "update_all"
command, which is now used in NM dispatcher script and systemd service
file. Some configuration options were migrated from the script to the
daemon as well.
Finally a testing suite was introduced using the cmocka library.
- Introduce string_buffer and string_list types:
String buffer is a fat pointer and list is a single linked list of fat
- Import JSON parsing library (BSD-MIT license).
- Connection list module:
A connection is a struct encapsulating the concept of "connection" as
known from NetworkManager. It is used to extract information about
global resolvers, DNS search zones and in the future about reverse zones
corresponding to the network address.
- Function to parse JSON into connection list
- Lock module, used to serialize execution in the script
This was introduced as a compatibility feature with the script, but once
the script is gone, this can be safely removed.
- Store module - persistent storage used by the script
The script uses few files stored on disk in order to create a persistent
cache of configured global forwarders and forward zones. This was
introduced as a compatibility module with the script. Again it can be
removed once the compatibility is not needed any more.
- Testing suite for previously introduced modules
It can be executed using 'make test' and it can be also used in CI.
- New configuration options, that were in the script
- Hook unbound control
It uses 'unbound-control' binary instead of the socket, so this should
probably be rewritten if possible.
- Reimplement update command from script in riggerd
- add testing file for global forwarders cache
- Fixes and modifications to the patch set.
- removed -vvv option from dnssec-triggerd daemon start script.
- removed unaligned memcpy
- More review fixes, store.c, error log and fixup of getline return,
and not variable use before declaration. Spelling, strdup,
bool removal for portability. Removed unsigned comparison warning.
- string_list, sprint with null termination and correct buffer check.
- Fix that update_connection_zones does not use item after free.
- Fix declare before code warnings.
- Use pclose for popen fds.
- Use snprintf instead of sprintf to fixed buffer.
- Fix gcc buffer size for snprintf warning (in dnssec-trigger update
code, not the patch set from 14may).
- Add check on shell commandline arguments, to make sure domain names
and IP addresses passed to it do not contain escape characters.
Best regards, Wouter
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the dnssec-trigger