ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
22,724 Commits 589 Branches 805 Tags
76a17033db30d41c52f05abde418ef05bdfd8424
Commit Graph

1503 Commits

Author SHA1 Message Date
Evan Hunt
7983f6f77a [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2014-02-06 19:41:48 -08:00
Evan Hunt
166341d554 [master] add no-case-compress 
3731.	[func]		Added a "no-case-compress" ACL, which causes
			named to use case-insensitive compression
			(disabling change #3645) for specified
			clients. (This is useful when dealing
			with broken client implementations that
			use case-sensitive name comparisons,
			rejecting responses that fail to match the
			capitalization of the query that was sent.)
			[RT #35300]
 2014-02-06 19:37:26 -08:00
Mark Andrews
a928b54fa9 silence unused parameter 2014-02-07 11:47:32 +11:00
Evan Hunt
a165a17a81 [master] dnssec-keygen fixes 
3730.	[cleanup]	Added "never" as a synonym for "none" when
			configuring key event dates in the dnssec tools.
			[RT #35277]

3729.	[bug]		dnssec-kegeyn could set the publication date
			incorrectly when only the activation date was
			specified on the command line. [RT #35278]
 2014-02-06 15:59:14 -08:00
Tinderbox User
7fa75f8e0e update copyright notice 2014-02-06 23:46:25 +00:00
Tinderbox User
0666e6db54 update copyright notice 2014-01-31 23:46:22 +00:00
Evan Hunt
d0803df331 [master] fixed geoip in blackhole ACLs 
3722.	[bug]		Using geoip ACLs in a blackhole statement
			could cause a segfault. [RT #35272]
 2014-01-30 17:03:32 -08:00
Tinderbox User
04b5785fde update copyright notice 2014-01-29 23:46:19 +00:00
Mark Andrews
75d747e1c5 3719. [bug] Address memory leak in in peer.c. [RT #35255] 2014-01-30 07:54:52 +11:00
Mark Andrews
61932ed917 copyright cleanups 2014-01-29 14:05:46 +11:00
Tinderbox User
aa7b16ec2a update copyright notice 2014-01-21 23:46:16 +00:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests 
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
 2014-01-20 16:08:09 -08:00
Evan Hunt
e45d0508c3 [master] skip unnecesary also-notify data 
3713.	[bug]		Save memory by not storing "also-notify" addresses
			in zone objects that are configured not to send
			notify requests. [RT #35195]
 2014-01-20 15:53:51 -08:00
Tinderbox User
dfd5f3b388 update copyright notice 2014-01-18 23:46:13 +00:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Tinderbox User
c0682c2367 update copyright notice 2014-01-17 23:46:32 +00:00
Francis Dupont
e02659b241 applied emacs filled-paragraph (ESC-q) to reindent SUBDIRS 2014-01-17 14:14:30 +01:00
Tinderbox User
1633aead67 update copyright notice 2014-01-16 23:46:28 +00:00
Mark Andrews
db8938c993 3710. [bug] Address double dns_zone_detach when switching to 
using automatic empty zones from regular zones.
                        [RT #35177]
 2014-01-17 10:04:16 +11:00
Evan Hunt
5760095601 [master] skip xfer test with Net::DNS 0.73 2014-01-16 09:50:23 -08:00
Francis Dupont
6080262ffe add iscpk11 dep in lwresd system test 2014-01-16 16:06:04 +01:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Tinderbox User
bf0266f286 update copyright notice 2014-01-14 23:46:22 +00:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Mark Andrews
07fb9b8330 3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185] 2014-01-14 16:12:30 +11:00
Tinderbox User
2cf1d5b098 update copyright notice 2014-01-12 23:46:23 +00:00
Mark Andrews
fb756ba304 3703. [func] Prefetch about to expire records if they are queried 
for, see prefetch option for details. [RT #35041]
 2014-01-12 21:29:15 +11:00
Tinderbox User
f70a10508f update copyright notice 2014-01-11 23:46:17 +00:00
Evan Hunt
7d2b185f16 [master] new dnssec-coverage options 
3702.	[func]		'dnssec-coverage -l' option specifies a length
			of time to check for coverage; events further into
			the future are ignored.  'dnssec-coverage -z'
			checks only ZSK events, and 'dnssec-coverage -k'
			checks only KSK events.  (Thanks to Peter Palfrader.)
			[RT #35168]
 2014-01-10 17:53:21 -08:00
Mark Andrews
a7c412f37c update copyrights 2014-01-11 07:07:56 +11:00
Mark Andrews
ff6de396a9 3701. [func] named-checkconf can now suppress the printing of 
shared secrets by specifying '-x'. [RT #34465]
 2014-01-10 16:56:36 +11:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Mark Andrews
d4eb30fa2d stop spamming system logs 2014-01-09 16:23:40 +11:00
Tinderbox User
e8914b47a2 update copyright notice 2014-01-05 23:46:12 +00:00
Mark Andrews
e9649ece3b 3696. [bug] dig failed to handle AXFR style IXFR responses which 
span multiple messages. [RT #35137]
 2014-01-06 06:22:30 +11:00
Tinderbox User
9c61ab2c99 update copyright notice 2013-12-21 23:46:16 +00:00
Evan Hunt
c14ba71070 [master] warn if key-directory doesn't exist 
3694.	[bug]		Warn when a key-directory is configured for a zone,
			but does not exist or is not a directory. [RT #35109]
 2013-12-20 14:57:03 -08:00
Tinderbox User
7c329be7c0 update copyright notice 2013-12-15 23:46:14 +00:00
Tinderbox User
eade480b33 update copyright notice 2013-12-13 23:46:17 +00:00
Evan Hunt
0606c47750 [master] correct dispatch address/port check 
3690.	[bug]		Iterative responses could be missed when the source
			port for an upstream query was the same as the
			listener port (53). [RT #34925]
 2013-12-12 22:39:12 -08:00
Evan Hunt
9b895f30f1 [master] fix insecure delegation across static-stub zones 
3689.	[bug]		Fixed a bug causing an insecure delegation from one
			static-stub zone to another to fail with a broken
			trust chain. [RT #35081]
 2013-12-12 22:19:33 -08:00
Tinderbox User
de77dcc2c1 update copyright notice 2013-12-11 23:47:38 +00:00
Evan Hunt
4e1d84a33c typo 2013-12-11 14:00:07 -08:00
Evan Hunt
0bbe3273a2 [master] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]
 2013-12-11 13:25:21 -08:00
Tinderbox User
79812068ff update copyright notice 2013-12-06 23:47:28 +00:00
Mark Andrews
7d65cbaca0 3684. [bug] The list of included files would grow on reload. 
[RT 35090]
 2013-12-07 09:44:45 +11:00
Curtis Blackburn
8009525601 3682. [bug] Correct the behavior of rndc retransfer to allow 
inline-signing slave zones to retain NSEC3 parameters instead of
			reverting to NSEC [RT #34745]
 2013-12-04 12:26:20 -06:00
Evan Hunt
d999ca28d4 [master] check hint files in named-checkconf -z 
3676.	[bug]		"named-checkconf -z" now checks zones of type
			hint and redirect as well as master. [RT #35046]
 2013-11-25 12:26:53 -08:00
Mark Andrews
225146b2c8 3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026] 2013-11-18 11:22:59 +11:00
Mark Andrews
ced4f794cf check expected responses 2013-11-15 13:22:48 +11:00