ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,355 Commits 589 Branches 805 Tags
3fe33590315cd5ab2af1f1b49e5ac36c9c195991
Commit Graph

105 Commits

Author SHA1 Message Date
Evan Hunt
36adfbee06 [v9_9] copyrights 2016-04-14 19:12:35 -07:00
Evan Hunt
cd249675a1 [v9_9] fixed revoked key regression 
4436.	[bug]		Fixed a regression introduced in change #4337 which
			caused signed domains with revoked KSKs to fail
			validation. [RT #42147]
 2016-04-14 18:54:09 -07:00
Tinderbox User
0208e57e6b update copyright notice / whitespace 2016-03-11 23:46:03 +00:00
Mark Andrews
af59b16e3d 4331. [func] When loading managed signed zones detect if the 
RRSIG's inception time is in the future and regenerate
                        the RRSIG immediately. [RT #41808]

(cherry picked from commit 7c52595464)
 2016-03-11 12:26:16 +11:00
Tinderbox User
ae051b2f18 update copyright notice / whitespace 2015-02-10 23:46:11 +00:00
Evan Hunt
efe260cc94 [v9_9] 5011 fixes 
4056.	[bug]		Fixed several small bugs in automatic trust anchor
			management, including a memory leak and a possible
			loss of key state information. [RT #38458]
 2015-02-10 13:12:55 -08:00
Mark Andrews
bfef33cbe3 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]

(cherry picked from commit a5c7cfbac4)
 2014-10-30 11:22:17 +11:00
Tinderbox User
aaa24cf075 update copyright notice 2014-09-30 23:47:13 +00:00
Mark Andrews
57acbfc9c7 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] 
(cherry picked from commit c83b91fb63)
 2014-10-01 07:18:49 +10:00
Mark Andrews
da5e13af84 use $PERL 
(cherry picked from commit 1c95f67232)
 2014-06-24 13:51:46 +10:00
Evan Hunt
a9eb392c55 [v9_9] testcrypto.sh in system tests 
3714.  [test]          System tests that need to test for cryptography
                       support before running can now use a common
                       "testcrypto.sh" script to do so. [RT #35213]
 2014-02-06 16:10:03 -08:00
Tinderbox User
02dc6a8b00 update copyright notice 2013-12-13 23:45:38 +00:00
Evan Hunt
0c0ce5f9a4 [v9_9] fix insecure delegation across static-stub zones 
3689.	[bug]		Fixed a bug causing an insecure delegation from one
			static-stub zone to another to fail with a broken
			trust chain. [RT #35081]

(cherry picked from commit 9b895f30f1)
 2013-12-12 22:20:21 -08:00
Tinderbox User
e7953a5eff update copyright notice 2013-09-17 23:45:47 +00:00
Mark Andrews
e5c276b36b 3641. [bug] Handle changes to sig-validity-interval settings 
better. [RT #34625]

(cherry picked from commit b5f4cc132e)
 2013-09-17 12:59:11 +10:00
Tinderbox User
229809a446 update copyright notice 2013-09-16 23:45:41 +00:00
Tinderbox User
d1fb83012b update copyright notice 2013-08-15 23:45:44 +00:00
Mark Andrews
cbc2132d2a 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]

(cherry picked from commit 7ace327795)
 2013-08-15 11:20:18 +10:00
Tinderbox User
eb1ff61734 update copyright notice 2012-10-06 23:45:56 +00:00
Mark Andrews
07dbb507d2 3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262] 2012-10-06 14:56:52 +10:00
Tinderbox User
6b6394a1c7 update copyright notice 2012-08-14 23:45:48 +00:00
Evan Hunt
efc3ebed17 support '-' salt in rndc signing -nsec3param 
3361.	[bug]		"rndc signing -nsec3param" didn't work correctly
			when salt was set to '-' (no salt). [RT #30099]
 2012-08-13 22:25:16 -07:00
Tinderbox User
bc0ad9c673 update copyright notice 2012-07-25 23:45:49 +00:00
ckb
66e472cd74 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are 
approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]
 2012-07-25 17:12:57 -05:00
Mark Andrews
e77611f94c awk and toupper is not portable, use sed instead 2012-05-21 10:16:22 +10:00
Tinderbox User
a2093c07a5 update copyright notice 2012-05-17 23:45:48 +00:00
Evan Hunt
e39b4d8054 Handle RRSIG signer case consistently 
3329.	[bug]	Handle RRSIG signer-name case consistently: We
		generate RRSIG records with the signer-name in
		lower case.  We accept them with any case, but if
		they fail to validate, we try again in lower case.
		[RT #27451]
 2012-05-17 10:59:07 -07:00
Evan Hunt
8047e7c06f re-remove cvsignore files 2012-03-05 08:29:31 -08:00
Evan Hunt
f94af76649 Revert "added gitignore, removed cvsignore" 
This reverts commit e8ae173655.
 2012-03-05 08:24:17 -08:00
Evan Hunt
e8ae173655 added gitignore, removed cvsignore 2012-03-03 23:24:11 -08:00
Evan Hunt
25845da41a 3203. [bug] Increase log level to 'info' for validation failures 
from expired or not-yet-valid RRSIGs. [RT #21796]
 2011-11-04 05:36:28 +00:00
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Evan Hunt
bfe32d08c5 3116. [func] New 'dnssec-update-mode' option controls updates 
of DNSSEC records in signed dynamic zones.  Set to
			'no-resign' to disable automatic RRSIG regeneration
			while retaining the ability to sign new or changed
			data. [RT #24533]
 2011-05-23 20:10:03 +00:00
Evan Hunt
fc6364bf24 expiring.example.db.in was left out when committing rt23136 to HEAD 2011-05-21 15:07:10 +00:00
Scott Mann
a50ce0f80b Fix for RT #23136 task 1. 2011-05-19 00:31:57 +00:00
Evan Hunt
4e5fc672bc Corrected a bug in the dnssec test introduced in change #3046. 2011-03-31 15:58:51 +00:00
Mark Andrews
5095e72ac3 3083. [bug] NOTIFY messages were not being sent when generating 
a NSEC3 chain incrementally. [RT #23702]
 2011-03-21 01:02:39 +00:00
Automatic Updater
0e27506ce3 update copyright notice 2011-03-05 23:52:31 +00:00
Mark Andrews
eff7f78bc6 3061. [func] New option "dnssec-signzone -D", only write out 
generated DNSSEC records. [RT #22896]
 2011-03-05 06:35:41 +00:00
Automatic Updater
c8175ece69 update copyright notice 2011-03-01 23:48:07 +00:00
Automatic Updater
bc171df6ca update copyright notice 2011-02-28 23:47:39 +00:00
Francis Dupont
664917beda Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:21:35 +00:00
Mark Andrews
4f07b2b00c 3040. [bug] Named failed to validate insecure zones where a node 
with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]
 2011-02-23 11:30:35 +00:00
Mark Andrews
b1b42b03b7 3020. [bug] auto-dnssec failed to correctly update the zone when changing the DNSKEY RRset. [RT #23232] 2011-02-15 22:02:36 +00:00
Mark Andrews
c5fa370695 3019. [func] Test: check apex NSEC3 records after adding DNSKEY 
record via UPDATE. [RT #23229]
 2011-02-14 23:53:44 +00:00
Automatic Updater
56748bc3d1 update copyright notice 2011-02-08 23:10:07 +00:00
Mark Andrews
37b017f2ca Regression test for: 
3018.   [bug]           Named failed to check for the "none;" acl when deciding
                        if a zone may need to be re-signed. [RT #23120]
 2011-02-08 03:47:02 +00:00
Tatuya JINMEI 神明達哉
f1f39b7e07 2931. [bug] Temporarily and partially disable change 2864 
because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]
 2010-07-15 01:17:45 +00:00
Evan Hunt
5312c2ffbe dnssec and dlv tests included master zones whose master files were missing. 
this was a bug that hadn't been noticed before, but 19447 added a test for
that condition and it caused test failures.
 2010-07-11 01:18:24 +00:00
Automatic Updater
1b67d9b719 update copyright notice 2010-06-26 23:46:49 +00:00