ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,877 Commits 589 Branches 805 Tags
5d51096644792b00c31e239742ca879ca048b8a6
Commit Graph

1878 Commits

Author SHA1 Message Date
Mark Andrews
5d51096644 initalise n 2010-11-17 10:10:55 +00:00
Mark Andrews
f067658513 genrandom is not in tools in 9.4 2010-11-17 09:12:52 +00:00
Automatic Updater
09065d8286 update copyright notice 2010-11-16 23:45:24 +00:00
Mark Andrews
b78658f143 2970. [security] Adding a NO DATA negative cache entry failed to clear 
any matching RRSIG records.  A subsequent lookup of
                        of NO DATA cache entry could trigger a INSIST when the
                        unexpected RRSIG was also returned with the NO DATA
                        cache entry.  [RT #22288]
 2010-11-16 08:01:09 +00:00
Mark Andrews
a407ead333 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]

Had to adjust the test to use RSAMD5 -> RSASH1 as we need to use algorithms
supported by 9.4.
 2010-11-16 04:17:44 +00:00
Automatic Updater
17a382ffd1 update copyright notice 2010-08-17 23:45:18 +00:00
Mark Andrews
776eb07d6c update default id range to match that used (1..6) 2010-08-17 04:12:05 +00:00
Automatic Updater
6c82c34716 update copyright notice 2010-06-04 23:46:02 +00:00
Automatic Updater
bda132bcaf update copyright notice 2010-06-03 23:46:10 +00:00
Mark Andrews
1a677bc3f7 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-06-03 00:36:02 +00:00
Mark Andrews
eb12f97615 2900. [bug] The placeholder negative caching element was not 
properly constructed triggering a INSIST in
                        dns_ncache_towire(). [RT #21346]
 2010-06-03 00:21:52 +00:00
cvs2git
7d36018674 This commit was manufactured by cvs2git to create branch 'v9_4'. 2010-05-27 23:51:09 +00:00
Automatic Updater
248b9ab0b0 update copyright notice 2010-05-27 23:51:08 +00:00
Automatic Updater
051dec6fb7 update copyright notice 2010-05-26 23:50:47 +00:00
Mark Andrews
b4c6ce22d0 call sign.sh robustly 2010-05-26 07:00:37 +00:00
Mark Andrews
e27d55e3ee 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-05-26 06:28:00 +00:00
Automatic Updater
15c961a1dd update copyright notice 2010-05-19 09:33:50 +00:00
Mark Andrews
5ae2eac4c1 2902. [func] Add regression test for change 2897. [RT #21040] 2010-05-19 07:45:38 +00:00
Mark Andrews
b667946fa5 2900. [bug] The placeholder negative caching element was not 
properly constructed triggering a INSIST in
                        dns_ncache_towire(). [RT #21346]
 2010-05-19 06:39:50 +00:00
Mark Andrews
44f175a90a 2892. [bug] Handle REVOKED keys better. [RT #20961] 2010-05-14 04:38:52 +00:00
Mark Andrews
f2ae969065 handle revoke changes 2010-05-06 11:28:20 +00:00
Automatic Updater
4d42b714be update copyright notice 2010-03-04 23:50:34 +00:00
Mark Andrews
56c2c3835f 10.53.0.1 through 10.53.0.5 -> 10.53.0.1 through 10.53.0.7 2010-03-04 20:34:16 +00:00
Evan Hunt
ecde9a1cd5 smartsign fails on slow machines. delay the timing-sensitive 
dnssec-settime call as long as possible.
 2010-01-19 15:54:45 +00:00
Automatic Updater
6bb1560124 update copyright notice 2010-01-18 23:48:40 +00:00
Evan Hunt
e11a0c114c 2841. [func] Added "smartsign" and improved "autosign" and 
"dnssec" regression tests. [RT #20865]
 2010-01-18 19:19:31 +00:00
Automatic Updater
5bdf8cd3c2 update copyright notice 2010-01-13 23:48:59 +00:00
Evan Hunt
20624f43c3 removed lines inadvertently committed 2010-01-13 19:29:38 +00:00
Automatic Updater
65d1486535 update copyright notice 2010-01-11 23:48:37 +00:00
Francis Dupont
a91029a00e Prevent Linux spurious warnings about fwrite(). [RT #20812] 2010-01-11 10:49:14 +00:00
Automatic Updater
a30c7003af update copyright notice 2010-01-07 23:48:54 +00:00
Automatic Updater
8f7aff9340 update copyright notice 2010-01-07 23:46:07 +00:00
Evan Hunt
e4cb322618 2831. [security] Do not attempt to validate or cache 
out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]
 2010-01-07 17:49:50 +00:00
cvs2git
9300b13653 This commit was manufactured by cvs2git to create branch 'v9_4'. 2010-01-07 16:48:24 +00:00
Evan Hunt
597642c0ba 2831. [security] Do not attempt to validate or cache 
out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]
 2010-01-07 16:48:23 +00:00
Automatic Updater
51ae9cb9f8 update copyright notice 2009-12-30 23:46:04 +00:00
Tatuya JINMEI 神明達哉
59721b321d 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)

Additional notes specific to 9.4-ESV:
- I needed to explicitly enable dnssec-validation in "pending" system tests
  because it's disabled by default for 9.4.  This is not a problem of this
  patch - the test was broken for 9.4 when it was first introduced.  Another
  reason why we need more detailed tests.
- I modified the test case for 9.4 so that it allows pending-additional-to-answer
   promotion as 9.4 doesn't include this bug fix.
 2009-12-30 08:55:48 +00:00
cvs2git
5a435720cd This commit was manufactured by cvs2git to create branch 'v9_4'. 2009-12-30 08:02:24 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Evan Hunt
f766024a27 change all keys from rsasha1 to nsec3rsasha1 so that the nsec->nsec3 
transitions work correctly.  (they worked before, but weren't supposed
to; when that bug was fixed, the test broke.)
 2009-12-19 17:30:31 +00:00
Automatic Updater
8b82c01d74 update copyright notice 2009-12-06 23:48:29 +00:00
Evan Hunt
0d796b1aaa improve cleanup and add named.run to .cvsignore files 2009-12-06 03:04:39 +00:00
Evan Hunt
12178c8652 2805. [bug] Fixed namespace problems encountered when building 
external programs using non-exported BIND9 libraries
			(i.e., built without --enable-exportlib). [RT #20679]
 2009-12-05 23:31:41 +00:00
Automatic Updater
4b6dc226f7 update copyright notice 2009-12-04 22:06:37 +00:00
Mark Andrews
5d850024cb 2800. [func] Reject zones which have NS records which refer to 
CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]
 2009-12-04 03:33:15 +00:00
Mark Andrews
2fbc6a0f23 add copyright 2009-12-03 04:53:09 +00:00
Mark Andrews
ecbbb29519 add copyright 2009-12-03 04:51:41 +00:00
Evan Hunt
6a4d6e3379 adapted to the special needs of solaris's really old awk 2009-12-02 17:54:45 +00:00
Evan Hunt
095810f8cb fixed autosign/metadata brokenness on solaris [rt20685] 2009-12-02 05:42:15 +00:00
Automatic Updater
ffd297db79 update copyright notice 2009-11-30 23:48:02 +00:00