Evan Hunt
711e833921
[v9_9] add max-recursion-queries
...
also fixes and documentation for max-recursion-depth
(cherry picked from commit c4f54e5bd1b3aa528d7e
2014-11-18 22:14:55 -08:00
Evan Hunt
603a0e2637
[v9_9] limit recursion depth and iterative queries
...
4006. [security] A flaw in delegation handling could be exploited
to put named into an infinite loop. This has
been addressed by placing limits on the number
of levels of recursion named will allow (default 7),
and the number of iterative queries that it will
send (default 50) before terminating a recursive
query (CVE-2014-8500).
The recursion depth limit is configured via the
"max-recursion-depth" option. [RT #35780 ]
2014-11-17 23:49:07 -08:00
Evan Hunt
f6e2e95a7d
[v9_9] reference leak with AAAA glue but not A
...
4004. [bug] When delegations had AAAA glue but not A, a
reference could be leaked causing an assertion
failure on shutdown. [RT #37796 ]
(cherry picked from commit c4abb1971696b6923a25
2014-11-14 09:04:52 -08:00
Tinderbox User
ea276ca5fa
update copyright notice
2014-11-04 23:46:04 +00:00
Mark Andrews
7e43c092d4
add missing opening bracket
...
(cherry picked from commit a31d0513c3
2014-11-04 17:14:08 +11:00
Mark Andrews
c75e6e9756
DNS_STYLEFLAG_NOCRYPTO not supported in 9.9.x
2014-11-04 14:02:42 +11:00
Mark Andrews
bb4ef32432
3997. [protocol] Add OPENGPGKEY record. [RT# 37671]
2014-11-04 12:25:38 +11:00
Tinderbox User
2c0599bc2b
update copyright notice
2014-10-31 23:46:07 +00:00
Mark Andrews
14a1fe655c
3996. [bug] Address use after free on out of memory error in
...
keyring_add. [RT #37639 ]
(cherry picked from commit c2f8108123
2014-10-31 11:45:01 +11:00
Mark Andrews
241cf99bf5
3995. [bug] receive_secure_serial holds the zone lock for too
...
long. [RT #37626 ]
(cherry picked from commit 4e59131f181083f358ae
2014-10-31 11:40:05 +11:00
Mark Andrews
b73923f773
3989. [cleanup] Remove redundent dns_db_resigned calls. [RT #35748 ]
...
(cherry picked from commit eb5243365c
2014-10-30 10:55:10 +11:00
Francis Dupont
88f53e412b
Handle VS14 incompatible changes [RT #37380 ]
2014-10-21 09:36:43 +02:00
Mark Andrews
f2b44f6586
3981. [bug] Cache DS/NXDOMAIN independently of other query types.
...
[RT #37467 ]
(cherry picked from commit 72775a79fe
2014-10-18 13:10:16 +11:00
Evan Hunt
7b4063bd24
[v9_9] add diffie-hellman key unit test
...
3978. [test] Added a unit test for Diffie-Hellman key
computation, completing change #3974 . [RT #37477 ]
(cherry picked from commit 188690149bbc59dcd76e
2014-10-17 15:58:29 -07:00
Evan Hunt
d1d6b9c1b3
[v9_9] correctly validate 5011 trust anchors
...
3976. [bug] When refreshing managed-key trust anchors, clear
any cached trust so that they will always be
revalidated with the current set of secure
roots. [RT #37506 ]
(cherry picked from commit eb6d61d5e05c409ba290
2014-10-17 15:42:02 -07:00
Tinderbox User
bff9e4ff82
update copyright notice
2014-10-16 23:46:04 +00:00
Mark Andrews
a83faea899
initialize rdataset->private7
...
(cherry picked from commit ca77632f65
2014-10-16 11:25:11 +11:00
Tinderbox User
9c4c75ddbf
update copyright notice
2014-10-13 23:46:06 +00:00
Mark Andrews
8b85186a3f
3974. [bug] handle DH_compute_key() failure correctly in
...
openssldh_link.c. [RT #37477 ]
(cherry picked from commit 58a1051e92
2014-10-13 23:42:43 +11:00
Mark Andrews
db7f16f51c
silence compiler warning
...
(cherry picked from commit bbec761a67
2014-10-08 17:47:59 +11:00
Tinderbox User
027014d649
update copyright notice
2014-10-04 23:46:05 +00:00
Mark Andrews
53373a6929
3971. [bug] Reduce the cascasding failures due to a bad $TTL line
...
in named-checkconf / named-checkzone. [RT #37138 ]
(cherry picked from commit c81d56c03e
2014-10-05 08:30:37 +11:00
Mark Andrews
aaf8ae4297
3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
...
[RT #35746 ]
(cherry picked from commit 9c0589bc8b
2014-10-03 07:52:17 +10:00
Tinderbox User
aaa24cf075
update copyright notice
2014-09-30 23:47:13 +00:00
Mark Andrews
650404030c
3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
...
BADSIG. [RT #37216 ]
(cherry picked from commit a6869655d6
2014-10-01 07:43:17 +10:00
Mark Andrews
a962ff7d5e
3959. [bug] Updates could be lost if they arrived immediately
...
after a rndc thaw. [RT #37233 ]
(cherry picked from commit fa827173df
2014-10-01 07:00:02 +10:00
Mark Andrews
0ae15932ae
3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
...
and ECDSAP384SHA384. [RT #37183 ]
(cherry picked from commit 80169c379d
2014-09-29 10:27:24 +10:00
Tinderbox User
911e552d6c
update copyright notice
2014-09-28 23:46:05 +00:00
Mark Andrews
c41a438d4d
3955. [bug] Notify messages due to changes are no longer queued
...
behind startup notify messages. [RT #24454 ]
(cherry picked from commit 319659fc23
2014-09-29 09:35:15 +10:00
Tinderbox User
9dca2871b7
update copyright notice
2014-09-27 23:46:06 +00:00
Mark Andrews
bb2451e0e1
3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159 ]
...
(cherry picked from commit 9a36fb86f5
2014-09-27 12:14:57 +10:00
Mark Andrews
6c34e1c183
3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
...
two name pointers were the same. [RT #37176 ]
(cherry picked from commit a266ab205b
2014-09-27 11:47:17 +10:00
Evan Hunt
9ce5221877
[v9_9] prep 9.9.6
2014-09-16 09:35:23 -07:00
Evan Hunt
17c9e5f31d
[v9_9] spelling
2014-09-15 18:19:39 -07:00
Mark Andrews
c0416dd92b
update named-checkzone manpage for SPF changes
2014-09-13 07:56:19 +10:00
Tinderbox User
e438b6de1e
update copyright notice
2014-09-05 23:46:22 +00:00
Evan Hunt
40d8a124e5
[v9_9] prep 9.9.6rc2
2014-09-05 10:36:29 -07:00
Evan Hunt
38398c590a
[v9_9] [rt36786] use INSTALL_PROGRAM for shared libs
...
3947. [cleanup] Set the executable bit on libraries when using
libtool. [RT #36786 ]
(cherry picked from commit f687e639f0
2014-09-05 10:28:57 -07:00
Mark Andrews
0ef83e5b5d
3945. [bug] Invalid wildcard expansions could be incorrectly
...
accepted by the validator. [RT #37093 ]
(cherry picked from commit 2fa1fc5332
2014-09-05 12:12:08 +10:00
Mark Andrews
d2ac59302c
3942. [bug] Wildcard responses from a optout range should be
...
marked as insecure. [RT #37072 ]
2014-09-04 13:59:50 +10:00
Evan Hunt
ff21403ec5
[v9_9] prep 9.9.6rc1
2014-08-29 18:36:49 -07:00
Evan Hunt
d5669ee77c
[v9_9] fixes to checkconf test, HIP casecompare
...
3933. [bug] Corrected the implementation of dns_rdata_casecompare()
for the HIP rdata type. [RT #36911 ]
3932. [test] Improved named-checkconf tests. [RT #36911 ]
(cherry picked from commit 0c2313eb36
2014-08-27 21:37:40 -07:00
Mark Andrews
f5f0ec4b1f
silence unused variable warning
...
(cherry picked from commit 179f515691
2014-08-25 07:27:31 +10:00
Evan Hunt
9ff9b9f71b
[v9_9] complete change #3925
...
- don't use fwdname in dns_view_findzonecut()
(cherry picked from commit 27d6642e8b
2014-08-22 14:58:28 -07:00
Mark Andrews
007ef6f18e
3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917
...
(cherry picked from commit 840d6a4614
2014-08-22 16:33:11 +10:00
Evan Hunt
09c788d707
[v9_9] [36737] allow zero-length URI and CAA fields
...
3914. [bug] Allow the URI target and CAA value fields to
be zero length. [RT #36737 ]
(cherry picked from commit cfe32752a6a766d4c1d2
2014-08-06 17:41:33 -07:00
Mark Andrews
a369b29fa3
3913. [bug] Address race issue in dispatch. [RT #36731 ]
...
(cherry picked from commit 493f3eb297
2014-08-06 18:51:16 +10:00
Evan Hunt
c0f5302894
[v9_9] prep 9.9.6b2
2014-08-05 22:07:37 -07:00
Mukund Sivaraman
37cfebcaee
[36720] Free event early (fixes race to free)
...
Patch contributed by yhu2 <yadi.hu@windriver.com >.
(cherry picked from commit a338c2d947
2014-08-05 17:09:58 +05:30
Mark Andrews
e3876830c6
3910. [bug] When computing the number of elements required for a
...
acl count_acl_elements could have a short count leading
to a assertion failure. Also zero out new acl elements
in dns_acl_merge. [RT #36675 ]
(cherry picked from commit 3e90f6c373
2014-08-03 10:07:40 +10:00
