ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
18,793 Commits 589 Branches 805 Tags
480adc66edc4ec28d5250737a74b355518ef4738
Commit Graph

168 Commits

Author SHA1 Message Date
Evan Hunt
17968c1451 3118. [bug] When rolling to a new DNSSEC key, a private-type 
record could be created and never marked complete.
			[RT #23253]
 2011-05-26 04:25:09 +00:00
Evan Hunt
b62b7fbe9e 3114. [bug] Retain expired RRSIGs in dynamic zones if key is 
inactive and there is no replacement key. [RT #23136]
 2011-05-19 04:42:51 +00:00
Mark Andrews
4304925ee2 grep was not precise enough leading to test failure 2011-05-03 16:09:23 +00:00
Evan Hunt
613b6fc9c7 Corrected a bug in the dnssec test introduced in change #3046. 2011-03-31 15:56:44 +00:00
Automatic Updater
df5b2dc59d update copyright notice 2011-03-21 23:46:59 +00:00
Mark Andrews
72c69a0276 adjust rt23702 test to take less time 2011-03-21 20:32:15 +00:00
Mark Andrews
767f311173 wait longer for the nsec3chain generation to complete 2011-03-21 03:32:13 +00:00
Mark Andrews
38a1f591f1 3083. [bug] NOTIFY messages were not being sent when generating 
a NSEC3 chain incrementally. [RT #23702]
 2011-03-21 01:06:50 +00:00
Scott Mann
47e68a14fb Fixed DNSKEY NODATA responses not cached (RT #22908). 2011-03-01 14:42:16 +00:00
Automatic Updater
10f412c490 update copyright notice 2011-02-28 23:47:04 +00:00
Francis Dupont
e83c5eb545 Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:25:17 +00:00
Automatic Updater
09bde3103b update copyright notice 2011-02-28 01:20:05 +00:00
Mark Andrews
b603f19738 3041. [bug] dnssec-signzone failed to generate new signatures on 
ttl changes. [RT #23330]
 2011-02-24 03:11:48 +00:00
Mark Andrews
8d59a69b90 3040. [bug] Named failed to validate insecure zones where a node 
with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]
 2011-02-23 11:36:03 +00:00
Mark Andrews
32f0239b5d 3020. [bug] auto-dnssec failed to correctly update the zone when 
changing the DNSKEY RRset. [RT #23232]
 2011-02-15 22:06:27 +00:00
Mark Andrews
3524f3dfa0 3019. [func] Test: check apex NSEC3 records after adding DNSKEY 
record via UPDATE. [RT #23229]
 2011-02-14 23:59:33 +00:00
Mark Andrews
8dacc63d9f Regression test for: 
3018.   [bug]           Named failed to check for the "none;" acl when deciding
                        if a zone may need to be re-signed. [RT #23120]
 2011-02-08 03:48:22 +00:00
Automatic Updater
1da9dbcf48 update copyright notice 2011-01-04 23:47:14 +00:00
Evan Hunt
79bf7c874b 3001. [func] Added a default trust anchor for the root zone, which 
can be switched on by setting "dnssec-validation auto;"
			in the named.conf options. [RT #21727]
 2011-01-03 23:45:08 +00:00
Evan Hunt
af903e5008 Added files to clean.sh scripts that have been left around after tests run. 
Skipping the ticket/review steps because the change is trivial.
 2010-12-18 02:12:44 +00:00
Automatic Updater
33cc94f04c update copyright notice 2010-11-17 23:47:09 +00:00
Mark Andrews
a27b3757fd 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 01:14:51 +00:00
Mark Andrews
240a7dc59d 2951. [bug] named failed to generate a correct signed response 
in a optout, delegation only zone with no secure
                        delegations. [RT #22007]
 2010-09-07 00:58:36 +00:00
Automatic Updater
2b43d1d8c5 update copyright notice 2010-08-13 23:47:04 +00:00
Mark Andrews
c73d8c1b72 2938. [bug] When skipping NSEC3 records that don't match the 
current NSEC3PARAM record in use for zone named
                        could dereference a uninitialised pointer attempting
                        to obtain a lock. [RT# 21868]
 2010-08-13 06:46:25 +00:00
Evan Hunt
cb933b69ff 2932. [cleanup] Corrected a numbering error in the "dnssec" test. 
[RT #21597]
 2010-08-09 22:34:56 +00:00
Tatuya JINMEI 神明達哉
f1f39b7e07 2931. [bug] Temporarily and partially disable change 2864 
because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]
 2010-07-15 01:17:45 +00:00
Evan Hunt
5312c2ffbe dnssec and dlv tests included master zones whose master files were missing. 
this was a bug that hadn't been noticed before, but 19447 added a test for
that condition and it caused test failures.
 2010-07-11 01:18:24 +00:00
Mark Andrews
a7d2b922ee match the dig.out.ns#.$n to the nameserver 2010-06-28 01:34:11 +00:00
Mark Andrews
8fa6ca58b6 check that we have non-cachable answers to test against 2010-06-28 01:31:49 +00:00
Automatic Updater
1b67d9b719 update copyright notice 2010-06-26 23:46:49 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00
Automatic Updater
cf309ffeee update copyright notice 2010-06-25 23:46:51 +00:00
Mark Andrews
f35a87f58f remove leading zeros on keyid 
account for trusted keys not applying to _bind anymore
 2010-06-25 07:28:46 +00:00
Mark Andrews
bf13e709db 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:24:05 +00:00
Mark Andrews
5ee4d3f2ee iterations is -H 2010-06-04 00:04:39 +00:00
Automatic Updater
6e13ffa218 update copyright notice 2010-06-03 23:51:05 +00:00
Mark Andrews
e74c3a0f59 specify NSEC3 iterations 2010-06-03 21:44:49 +00:00
Mark Andrews
10acc63770 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 06:29:03 +00:00
Mark Andrews
675cc80975 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 03:13:32 +00:00
Automatic Updater
6bb1560124 update copyright notice 2010-01-18 23:48:40 +00:00
Evan Hunt
e11a0c114c 2841. [func] Added "smartsign" and improved "autosign" and 
"dnssec" regression tests. [RT #20865]
 2010-01-18 19:19:31 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Evan Hunt
0d796b1aaa improve cleanup and add named.run to .cvsignore files 2009-12-06 03:04:39 +00:00
Mark Andrews
c6d2578fd6 2741. [func] Allow the dnssec-keygen progress messages to be 
suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]
 2009-10-28 00:27:10 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00