ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,355 Commits 589 Branches 805 Tags
3fe33590315cd5ab2af1f1b49e5ac36c9c195991
Commit Graph

75 Commits

Author SHA1 Message Date
Evan Hunt
cd249675a1 [v9_9] fixed revoked key regression 
4436.	[bug]		Fixed a regression introduced in change #4337 which
			caused signed domains with revoked KSKs to fail
			validation. [RT #42147]
 2016-04-14 18:54:09 -07:00
Mark Andrews
af59b16e3d 4331. [func] When loading managed signed zones detect if the 
RRSIG's inception time is in the future and regenerate
                        the RRSIG immediately. [RT #41808]

(cherry picked from commit 7c52595464)
 2016-03-11 12:26:16 +11:00
Tinderbox User
00f6aff939 update copyright notice / whitespace 2016-01-28 23:46:23 +00:00
Mark Andrews
3eda1730b7 4305. [bug] dnssec-signzone was not removing unnecessary rrsigs 
from the zone's apex. [RT #41483]

(cherry picked from commit 832ab79d1f)
 2016-01-28 15:43:00 +11:00
Mark Andrews
71eafb2cb8 perform a more complete cleanup after running system tests [rt41255] 
(cherry picked from commit ecfedec0e0)

Conflicts:
	bin/tests/system/acl/clean.sh
	bin/tests/system/addzone/clean.sh
	bin/tests/system/allow_query/clean.sh
	bin/tests/system/autosign/clean.sh
	bin/tests/system/case/clean.sh
	bin/tests/system/checknames/clean.sh
	bin/tests/system/dlzexternal/clean.sh
	bin/tests/system/dscp/clean.sh
	bin/tests/system/ednscompliance/clean.sh
	bin/tests/system/emptyzones/clean.sh
	bin/tests/system/formerr/clean.sh
	bin/tests/system/forward/clean.sh
	bin/tests/system/glue/clean.sh
	bin/tests/system/limits/clean.sh
	bin/tests/system/lwresd/clean.sh
	bin/tests/system/masterfile/clean.sh
	bin/tests/system/names/clean.sh
	bin/tests/system/nslookup/clean.sh
	bin/tests/system/nsupdate/clean.sh
	bin/tests/system/sfcache/clean.sh
	bin/tests/system/sit/clean.sh
	bin/tests/system/sortlist/clean.sh
	bin/tests/system/stub/clean.sh
	bin/tests/system/xferquota/clean.sh

(cherry picked from commit f9c9fce5c7)

Conflicts:
	bin/tests/system/digdelv/tests.sh
	bin/tests/system/dlzexternal/clean.sh
	bin/tests/system/formerr/clean.sh
	bin/tests/system/resolver/clean.sh
	bin/tests/system/rndc/clean.sh
	bin/tests/system/rrl/prereq.sh
	bin/tests/system/sit/clean.sh
	bin/tests/system/tkey/clean.sh
	bin/tests/system/zonechecks/clean.sh
	lib/export/isc/nothreads/include/Makefile.in
 2015-12-16 17:04:30 +11:00
Mark Andrews
f381cb86da 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]

(cherry picked from commit 598b502695)
 2015-05-27 15:45:46 +10:00
Tinderbox User
ae051b2f18 update copyright notice / whitespace 2015-02-10 23:46:11 +00:00
Evan Hunt
efe260cc94 [v9_9] 5011 fixes 
4056.	[bug]		Fixed several small bugs in automatic trust anchor
			management, including a memory leak and a possible
			loss of key state information. [RT #38458]
 2015-02-10 13:12:55 -08:00
Mark Andrews
bfef33cbe3 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]

(cherry picked from commit a5c7cfbac4)
 2014-10-30 11:22:17 +11:00
Mark Andrews
57acbfc9c7 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] 
(cherry picked from commit c83b91fb63)
 2014-10-01 07:18:49 +10:00
Mark Andrews
0ae15932ae 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]

(cherry picked from commit 80169c379d)
 2014-09-29 10:27:24 +10:00
Mark Andrews
007ef6f18e 3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917 
(cherry picked from commit 840d6a4614)
 2014-08-22 16:33:11 +10:00
Mark Andrews
025efe0cd5 3890. [bug] RRSIG sets that were not loaded in a single transaction 
at start up where not being correctly added to
                        re-signing heaps.  [RT #36302]

(cherry picked from commit 63e1ac1e09)
 2014-07-07 12:18:29 +10:00
Evan Hunt
a9eb392c55 [v9_9] testcrypto.sh in system tests 
3714.  [test]          System tests that need to test for cryptography
                       support before running can now use a common
                       "testcrypto.sh" script to do so. [RT #35213]
 2014-02-06 16:10:03 -08:00
Mark Andrews
e5c276b36b 3641. [bug] Handle changes to sig-validity-interval settings 
better. [RT #34625]

(cherry picked from commit b5f4cc132e)
 2013-09-17 12:59:11 +10:00
Mark Andrews
cbc2132d2a 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]

(cherry picked from commit 7ace327795)
 2013-08-15 11:20:18 +10:00
Mark Andrews
c51fe7894a 3541. [bug] The parts if libdns was not being properly initialized 
in when built in libexport mode. [RT #33028]
 2013-04-03 17:28:22 +11:00
Tinderbox User
a1b3872a71 update copyright notice 2013-01-10 23:45:46 +00:00
Mark Andrews
4d112a210e 3461. [bug] Negative responses could incorrectly have AD=1 
set. [RT #32237]
 2013-01-10 22:38:10 +11:00
Mark Andrews
3882eec38e 3424. [func] dnssec-dsfromkey now emits the hash without spaces. 
[RT #31951]

Squashed commit of the following:

commit 7369da0369e1de1fe6c5b5f84df8848b9a0984eb
Author: Mark Andrews <marka@isc.org>
Date:   Fri Nov 23 17:24:04 2012 +1100

    dupped/created reversed in log message

commit 0cef5faaf3ac22b00ed0f95b6bb7a146cf4cac15
Author: Mark Andrews <marka@isc.org>
Date:   Fri Nov 23 13:40:14 2012 +1100

    remove space from DS hash
 2012-11-27 14:23:03 +11:00
Evan Hunt
d8861c4350 [v9_9] remove spurious signatures from glue 
3404.	[bug]		dnssec-signzone: When re-signing a zone, remove
			RRSIG and NSEC records from nodes that used to be
			in-zone but are now below a zone cut. [RT #31556]
(cherry picked from commit 4b3d727d96)
 2012-10-24 15:47:51 -07:00
Mark Andrews
07dbb507d2 3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262] 2012-10-06 14:56:52 +10:00
Evan Hunt
efc3ebed17 support '-' salt in rndc signing -nsec3param 
3361.	[bug]		"rndc signing -nsec3param" didn't work correctly
			when salt was set to '-' (no salt). [RT #30099]
 2012-08-13 22:25:16 -07:00
Evan Hunt
e39b4d8054 Handle RRSIG signer case consistently 
3329.	[bug]	Handle RRSIG signer-name case consistently: We
		generate RRSIG records with the signer-name in
		lower case.  We accept them with any case, but if
		they fail to validate, we try again in lower case.
		[RT #27451]
 2012-05-17 10:59:07 -07:00
Tinderbox User
c201888c2a regen v9_9 2012-03-07 01:59:30 +00:00
Evan Hunt
f94af76649 Revert "added gitignore, removed cvsignore" 
This reverts commit e8ae173655.
 2012-03-05 08:24:17 -08:00
Evan Hunt
e8ae173655 added gitignore, removed cvsignore 2012-03-03 23:24:11 -08:00
Automatic Updater
a4529ff93d update copyright notice 2012-02-22 23:47:08 +00:00
Evan Hunt
95d2619007 3286. [bug] Managed key maintenance timer could fail to start 
after 'rndc reconfig'. [RT #26786]
 2012-02-22 00:35:53 +00:00
Evan Hunt
b4d8192d21 3241. [func] Extended the header of raw-format master files to 
include the serial number of the zone from which
			they were generated, if different (as in the case
			of inline-signing zones).  This is to be used in
			inline-signing zones, to track changes between the
			unsigned and signed versions of the zone, which may
			have different serial numbers.

			(Note: raw zonefiles generated by this version of
			BIND are no longer compatble with prior versions.
			To generate a backward-compatible raw zonefile
			using dnssec-signzone or named-compilezone, specify
			output format "raw=0" instead of simply "raw".)
			[RT #26587]
 2011-12-08 16:07:22 +00:00
Evan Hunt
74c46f605f file missing from clean.sh 2011-10-30 23:11:24 +00:00
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Evan Hunt
653a78de95 3165. [bug] dnssec-signzone could generate new signatures when 
resigning, even when valid signatures were already
			present. [RT #26025]
 2011-10-11 19:26:06 +00:00
Evan Hunt
bfe32d08c5 3116. [func] New 'dnssec-update-mode' option controls updates 
of DNSSEC records in signed dynamic zones.  Set to
			'no-resign' to disable automatic RRSIG regeneration
			while retaining the ability to sign new or changed
			data. [RT #24533]
 2011-05-23 20:10:03 +00:00
Mark Andrews
198be130e2 remove exit 2011-03-07 14:03:49 +00:00
Evan Hunt
9a859983d7 3062. [func] Made several changes to enhance human readability 
of DNSSEC data in dig output and in generated
			zone files:
			 - DNSKEY record comments are more verbose, no
			   longer used in multiline mode only
			 - multiline RRSIG records reformatted
			 - multiline output mode for NSEC3PARAM records
			 - "dig +norrcomments" suppresses DNSKEY comments
			 - "dig +split=X" breaks hex/base64 records into
			   fields of width X; "dig +nosplit" disables this.
			[RT #22820]
 2011-03-05 19:39:07 +00:00
Mark Andrews
eff7f78bc6 3061. [func] New option "dnssec-signzone -D", only write out 
generated DNSSEC records. [RT #22896]
 2011-03-05 06:35:41 +00:00
Scott Mann
32babe43eb Ensure that log files are plain files. (RT #22771) 2011-03-04 14:07:03 +00:00
Francis Dupont
664917beda Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:21:35 +00:00
Mark Andrews
2f09e7c3fc 3041. [bug] dnssec-signzone failed to generate new signatures on 
ttl changes. [RT #23330]
 2011-02-24 03:04:43 +00:00
Mark Andrews
4f07b2b00c 3040. [bug] Named failed to validate insecure zones where a node 
with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]
 2011-02-23 11:30:35 +00:00
Mark Andrews
c5fa370695 3019. [func] Test: check apex NSEC3 records after adding DNSKEY 
record via UPDATE. [RT #23229]
 2011-02-14 23:53:44 +00:00
Automatic Updater
1da9dbcf48 update copyright notice 2011-01-04 23:47:14 +00:00
Evan Hunt
79bf7c874b 3001. [func] Added a default trust anchor for the root zone, which 
can be switched on by setting "dnssec-validation auto;"
			in the named.conf options. [RT #21727]
 2011-01-03 23:45:08 +00:00
Evan Hunt
af903e5008 Added files to clean.sh scripts that have been left around after tests run. 
Skipping the ticket/review steps because the change is trivial.
 2010-12-18 02:12:44 +00:00
Mark Andrews
240a7dc59d 2951. [bug] named failed to generate a correct signed response 
in a optout, delegation only zone with no secure
                        delegations. [RT #22007]
 2010-09-07 00:58:36 +00:00
Mark Andrews
c73d8c1b72 2938. [bug] When skipping NSEC3 records that don't match the 
current NSEC3PARAM record in use for zone named
                        could dereference a uninitialised pointer attempting
                        to obtain a lock. [RT# 21868]
 2010-08-13 06:46:25 +00:00
Mark Andrews
bf13e709db 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:24:05 +00:00
Automatic Updater
6e13ffa218 update copyright notice 2010-06-03 23:51:05 +00:00
Mark Andrews
675cc80975 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 03:13:32 +00:00