ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
17,057 Commits 589 Branches 805 Tags
3d7ca1bba26670a5cedc49df1c089355d11510de
Commit Graph

1714 Commits

Author SHA1 Message Date
Automatic Updater
8b39e41b24 update copyright notice 2009-11-18 23:47:24 +00:00
Mark Andrews
e7f4d4e09d 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-18 00:15:38 +00:00
cvs2git
38637a6e1d This commit was manufactured by cvs2git to create branch 'v9_6'. 2009-11-17 23:55:20 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00
Mark Andrews
0a30185f80 2748. [func] Identify bad answers from GTLD servers and treat them 
as referrals. [RT #18884]
 2009-11-04 02:15:30 +00:00
cvs2git
8371f50c6e This commit was manufactured by cvs2git to create branch 'v9_6'. 2009-10-28 00:56:22 +00:00
Mark Andrews
c6d2578fd6 2741. [func] Allow the dnssec-keygen progress messages to be 
suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]
 2009-10-28 00:27:10 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Evan Hunt
72cfcb48a7 cleanup ddns.key after nsupdate test 2009-10-27 05:57:06 +00:00
Evan Hunt
0ce9fba8f0 cleanup DLV test 2009-10-27 05:49:50 +00:00
Automatic Updater
587355bb62 update copyright notice 2009-10-06 23:47:22 +00:00
Evan Hunt
a9775fe88d 2706. [bug] Loading a zone with a very large NSEC3 salt could 
trigger an assert. [RT #20368]
 2009-10-06 21:20:18 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
30a60d2aff On some slower systems the startup is delayed and this causes an 
apparent transfer failure on the initial calls to dig.  Adding a test
here to make sure the zones are fully loaded before attempting to query
them.
 2009-09-04 17:14:58 +00:00
Automatic Updater
d7201de09b update copyright notice 2009-09-02 23:48:03 +00:00
Automatic Updater
823ca3c14f update copyright notice 2009-09-01 23:47:45 +00:00
Tatuya JINMEI 神明達哉
ee537376ad avoid using @< (which some make don't seem to understand) for portability 2009-09-01 22:30:28 +00:00
Evan Hunt
93ebf0fc08 - add .cvsignore files 
- silence tinderbox warnings about missing config.h in a few files.
 2009-09-01 20:13:44 +00:00
Tatuya JINMEI 神明達哉
a27fe4c990 2667. [func] Add support for logging stack backtrace on assertion 
failure (not available for all platforms). [RT #19780]
9.7.0
 2009-09-01 18:40:25 +00:00
Tatuya JINMEI 神明達哉
307d208450 2660. [func] Add a new set of DNS libraries for non-BIND9 
applications.  See README.libdns. [RT #19369]
 2009-09-01 00:22:28 +00:00
Evan Hunt
4103d428a9 use genrandom to produce random data for input to ddns-confgen 2009-07-30 15:11:41 +00:00
Automatic Updater
0282f038eb update copyright notice 2009-07-29 23:47:43 +00:00
Evan Hunt
9069215eac 2641. [bug] Fixed an error in parsing update-policy syntax, 
added a regression test to check it. [RT #20007]
 2009-07-29 17:52:00 +00:00
Automatic Updater
26d8ffe715 update copyright notice 2009-07-19 23:47:55 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
6815ef40df update copyright notice 2009-06-26 23:47:58 +00:00
Automatic Updater
bf06c5e25a update copyright notice 2009-06-26 23:47:12 +00:00
Mark Andrews
99525899e8 2617. [bug] ifconfig.sh failed to emit an error message when 
run from the wrong location. [RT #19375]
 2009-06-26 06:16:31 +00:00
Mark Andrews
870332fb6d 2617. [bug] ifconfig.sh failed to emit an error message when 
run from the wrong location. [RT #19375]
 2009-06-26 06:08:40 +00:00
Mark Andrews
f4dd23b4f4 remove 2009-06-23 00:12:50 +00:00
Automatic Updater
6e67205ba7 update copyright notice 2009-06-22 23:47:18 +00:00
Mark Andrews
e6be77a26c 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-22 05:05:01 +00:00
Automatic Updater
4b24acd9f1 update copyright notice 2009-06-08 23:47:00 +00:00
Evan Hunt
4d6469ffd8 Back out dnssec-signzone fix for 9.6.1 2009-06-08 22:23:07 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00
Automatic Updater
c441671e8f update copyright notice 2009-06-04 02:56:14 +00:00
Mark Andrews
5fa0c17a78 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:41:54 +00:00
cvs2git
a75a29c672 This commit was manufactured by cvs2git to create branch 'v9_6'. 2009-06-04 02:13:38 +00:00
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Automatic Updater
e6ada020f5 update copyright notice 2009-05-29 23:47:49 +00:00
Tatuya JINMEI 神明達哉
40d0f115a6 2604. [func] Add support for DNS rebinding attack prevention through 
new options, deny-answer-addresses and
			deny-answer-aliases.  Based on contributed code from
			JD Nurmi, Google. [RT #18192]
 2009-05-29 22:22:37 +00:00
Automatic Updater
4f91bcae43 update copyright notice 2009-03-02 23:47:43 +00:00
Automatic Updater
d76a60502e update copyright notice 2009-03-02 23:47:11 +00:00
Evan Hunt
ca42dcc068 2569. [func] Move journalprint, nsec3hash, and genrandom 
commands from bin/tests into bin/tools;
                        "make install" will put them in $sbindir. [RT #19301]
 2009-03-02 03:54:10 +00:00
Mark Andrews
1cac6c196f report and abort on getcwd() failures 2009-03-02 02:48:02 +00:00
Mark Andrews
fa49fa674f report and abort on getcwd() failures 2009-03-02 02:46:26 +00:00
Mark Andrews
56fe846d21 report write error. [RT #19360] 2009-03-02 02:42:50 +00:00
Mark Andrews
f9bb7d0c54 report write error. [RT #19360] 2009-03-02 02:37:30 +00:00
Mark Andrews
e4c6491bbf 2565. [func] Add support for HIP record. Includes new functions 
dns_rdata_hip_first(), dns_rdata_hip_next()
                        and dns_rdata_hip_current().  [RT #19384]
 2009-02-26 06:09:19 +00:00