ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
17,037 Commits 589 Branches 805 Tags
451cd3395aa7684ec8a140f209538bd07c21abb9
Commit Graph

5145 Commits

Author SHA1 Message Date
Automatic Updater
451cd3395a regen 2010-01-20 02:08:51 +00:00
Automatic Updater
3c7ee580d8 update copyright notice 2010-01-19 23:48:13 +00:00
Evan Hunt
5cd5eceba0 2842. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from 
creating key files if there is a chance that the new
			key ID will collide with an existing one after
			either of the keys has been revoked.  (To override
			this in the case of dnssec-keyfromlabel, use the -y
			option.  dnssec-keygen will simply create a
			different, noncolliding key, so an override is
			not necessary.) [RT #20838]
 2010-01-19 20:25:49 +00:00
Evan Hunt
76c48ffb86 smartsign fails on slow machines. delay the timing-sensitive 
dnssec-settime call as long as possible.
 2010-01-19 15:55:44 +00:00
Automatic Updater
d1a69b8e99 update copyright notice 2010-01-18 23:48:01 +00:00
Evan Hunt
7c6fa1d589 2841. [func] Added "smartsign" and improved "autosign" and 
"dnssec" regression tests. [RT #20865]
 2010-01-18 19:18:35 +00:00
Automatic Updater
74f601e769 update copyright notice 2010-01-13 23:48:20 +00:00
Francis Dupont
29ea3caf10 Temporary fixed pkcs11-destroy usage check. [RT #20760] 2010-01-13 21:21:33 +00:00
Evan Hunt
96c51eadc9 Commit to v9_7 some changes that had been left out: 
2838.	[bug]		A KSK revoked by named could not be deleted.
			[RT #20881]

2837.	[port]		Prevent Linux spurious warnings about fwrite().
			[RT #20812]
 2010-01-13 19:31:53 +00:00
Automatic Updater
1773c53c87 regen 2010-01-08 02:08:26 +00:00
Automatic Updater
ed0fd28aff update copyright notice 2010-01-07 23:48:16 +00:00
Evan Hunt
592adf7dc2 2834. [bug] HMAC-SHA* keys that were longer than the algorithm 
digest length were used incorrectly, leading to
			interoperability problems with other DNS
			implementations.  This has been corrected.
			(Note: If an oversize key is in use, and
			compatibility is needed with an older release of
			BIND, the new tool "isc-hmac-fixup" can convert
			the key secret to a form that will work with all
			versions.) [RT #20751]
 2010-01-07 21:53:05 +00:00
cvs2git
946191fb80 This commit was manufactured by cvs2git to create branch 'v9_7'. 2010-01-07 21:52:15 +00:00
Evan Hunt
0f66aced26 2834. [bug] HMAC-SHA* keys that were longer than the algorithm 
digest length were used incorrectly, leading to
			interoperability problems with other DNS
			implementations.  This has been corrected.
			(Note: If an oversize key is in use, and
			compatibility is needed with an older release of
			BIND, the new tool "isc-hmac-fixup" can convert
			the key secret to a form that will work with all
			versions.) [RT #20751]
 2010-01-07 21:52:12 +00:00
Evan Hunt
b916fd3d7f 2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime. 
[RT #20851]
 2010-01-07 19:16:30 +00:00
Evan Hunt
8ebf67b7f0 2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime. 
[RT #20851]
 2010-01-07 19:13:59 +00:00
Evan Hunt
cf00dcb23a 2831. [security] Do not attempt to validate or cache 
out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]
 2010-01-07 16:49:12 +00:00
cvs2git
51833b980c This commit was manufactured by cvs2git to create branch 'v9_7'. 2010-01-07 16:48:30 +00:00
Evan Hunt
597642c0ba 2831. [security] Do not attempt to validate or cache 
out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]
 2010-01-07 16:48:23 +00:00
Automatic Updater
247f299fb0 update copyright notice 2010-01-06 23:48:47 +00:00
Automatic Updater
f9d193397a update copyright notice 2010-01-06 23:48:07 +00:00
Evan Hunt
5337c00cbb fix spacing 2010-01-06 00:53:56 +00:00
Evan Hunt
b1fbf2a4db fix spacing 2010-01-06 00:53:45 +00:00
Automatic Updater
3ee1371212 update copyright notice 2010-01-05 23:48:37 +00:00
Automatic Updater
0d12fdeb7c update copyright notice 2010-01-05 23:47:58 +00:00
Evan Hunt
bd41f944d4 missing newline in dnssec-signzone usage 2010-01-05 15:32:15 +00:00
Evan Hunt
564d687132 missing newline in dnssec-signzone usage 2010-01-05 15:31:58 +00:00
Tatuya JINMEI 神明達哉
6ca6cc975f 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:33:41 +00:00
cvs2git
dc978e394a This commit was manufactured by cvs2git to create branch 'v9_7'. 2009-12-30 08:02:40 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Mark Andrews
831bfda9d2 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that 
was in the process of being created was not properly
                        recorded in the zone. [RT #20786]
 2009-12-30 03:55:03 +00:00
Mark Andrews
57fb4f7bbe 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that 
was in the process of being created was not properly
                        recorded in the zone. [RT #20786]
 2009-12-30 02:43:09 +00:00
Mark Andrews
2b662f27f6 2824. [bug] "rndc sign" was not being run by the correct task. 
[RT #20759]
 2009-12-29 22:23:01 +00:00
Mark Andrews
5b77627c09 2824. [bug] "rndc sign" was not being run by the correct task. 
[RT #20759]
 2009-12-29 22:20:33 +00:00
Automatic Updater
8bcd348638 regen 2009-12-29 02:09:40 +00:00
Automatic Updater
d856585f5f regen 2009-12-29 01:14:03 +00:00
Evan Hunt
3bccb39bb9 2821. [doc] Add note that named-checkconf doesn't automatically 
read rndc.key and bind.keys [RT #20758]
 2009-12-28 23:21:44 +00:00
Evan Hunt
85c5ed3577 2821. [doc] Add note that named-checkconf doesn't automatically 
read rndc.key and bind.keys [RT #20758]
 2009-12-28 23:21:16 +00:00
Francis Dupont
0faf1492c7 non-readable openssl.cnf [20668] 2009-12-24 17:49:39 +00:00
Evan Hunt
b4df2f48c7 2818. [cleanup] rndc could return an incorrect error code 
when a zone was not found. [RT #20767]
 2009-12-24 00:16:08 +00:00
Evan Hunt
1361014b02 2818. [cleanup] rndc could return an incorrect error code 
when a zone was not found. [RT #20767]
 2009-12-24 00:14:20 +00:00
Evan Hunt
84c9c592f8 2817. [cleanup] Removed unnecessary isc_tasc_endexclusive() calls. 
[RT #20768]
 2009-12-24 00:00:13 +00:00
Evan Hunt
40ad4ed01b 2817. [cleanup] Removed unnecessary isc_tasc_endexclusive() calls. 
[RT #20768]
 2009-12-23 23:59:42 +00:00
Evan Hunt
5a33ab5d65 2815. [bug] Exclusively lock the task when freezing a zone. 
[RT #19838]
 2009-12-23 23:33:53 +00:00
Evan Hunt
aa3415ba49 2815. [bug] Exclusively lock the task when freezing a zone. 
[RT #19838]
 2009-12-23 23:33:09 +00:00
Evan Hunt
f766024a27 change all keys from rsasha1 to nsec3rsasha1 so that the nsec->nsec3 
transitions work correctly.  (they worked before, but weren't supposed
to; when that bug was fixed, the test broke.)
 2009-12-19 17:30:31 +00:00
Evan Hunt
929667cf18 change all keys from rsasha1 to nsec3rsasha1 so that the nsec->nsec3 
transitions work correctly.  (they worked before, but weren't supposed
to; when that bug was fixed, the test broke.)
 2009-12-19 17:30:07 +00:00
Automatic Updater
928e12ccdc update copyright notice 2009-12-18 23:49:03 +00:00
Automatic Updater
5470afd66b update copyright notice 2009-12-18 23:48:18 +00:00
Evan Hunt
4e55893d30 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:16:49 +00:00