ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
18,287 Commits 589 Branches 805 Tags
84b070d40ba013c1962eeedeb289cd788875fbf3
Commit Graph

186 Commits

Author SHA1 Message Date
Mark Andrews
bc3343cc10 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:57:04 +00:00
Mark Andrews
8cbf30d0c0 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-05-26 06:58:17 +00:00
Automatic Updater
01565f50ca update copyright notice 2010-05-14 23:47:50 +00:00
Mark Andrews
69ed70d223 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:33:23 +00:00
Mark Andrews
1309b5cb7c 2877. [bug] The validator failed to skip obviously mismatching 
RRSIGs. [RT #21138]
 2010-04-21 05:48:13 +00:00
Mark Andrews
b656e4693a 2876. [bug] Named could return SERVFAIL for negative responses 
from unsigned zones. [RT #21131]
 2010-04-21 04:21:19 +00:00
Mark Andrews
928f535b8a 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. 
[RT #20877]
 2010-03-26 17:19:39 +00:00
Automatic Updater
875245e3c4 update copyright notice 2010-03-04 23:47:53 +00:00
Mark Andrews
39131fff99 2958. [bug] When canceling validation it was possible to leak 
memory. [RT #20800]
 2010-03-04 22:31:32 +00:00
Automatic Updater
b67c0e9a49 update copyright notice 2010-02-25 10:56:41 +00:00
Mark Andrews
b8c2fd6c72 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 05:35:11 +00:00
Evan Hunt
c7c6605eb0 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:44:45 +00:00
Mark Andrews
e7f4d4e09d 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-18 00:15:38 +00:00
Automatic Updater
846e500945 update copyright notice 2009-05-07 23:47:12 +00:00
Mark Andrews
568a4d27a5 2597. [bug] Handle a validation failure with a insecure delegation 
from a NSEC3 signed master/slave zone.  [RT #19464]
 2009-05-07 02:39:42 +00:00
Automatic Updater
bf02e7fc0e update copyright notice 2009-03-17 23:47:29 +00:00
Mark Andrews
906e5d9a44 2579. [bug] DNSSEC lookaside validation failed to handle unknown 
algorithms. [RT #19479]
 2009-03-17 01:37:07 +00:00
Mark Andrews
d68222d82d 2554. [bug] Validation of uppercase queries from NSEC3 zones could 
fail. [RT #19297]
 2009-02-15 23:47:49 +00:00
Mark Andrews
76da0b0d88 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] 2009-02-15 23:38:31 +00:00
Mark Andrews
d7900926bf spelling 2009-01-18 23:25:18 +00:00
Automatic Updater
1ff98661fd update copyright notice 2009-01-05 23:47:23 +00:00
Tatuya JINMEI 神明達哉
3dd871586f trivial comment cleanups (RT#19118) 2009-01-05 23:20:58 +00:00
Automatic Updater
49960a74b5 update copyright notice 2008-11-14 23:47:33 +00:00
Mark Andrews
50df1ec60a 2495. [bug] Tighten RRSIG checks. [RT #18795] 2008-11-14 22:53:46 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
1bfe8851c0 2421. [bug] Handle the special return value of a empty node as 
if it was a NXRRSET in the validator. [RT #18447]
 2008-08-21 04:43:49 +00:00
Evan Hunt
e4d304b70b Fix build error: parameter type was changed in the prototype but not in 
the function header.
 2008-02-19 17:07:55 +00:00
Mark Andrews
664e11f0b1 2238. [bug] check_ds() could be called with a non DS rdataset. 
[RT #17598]
 2008-02-18 23:06:54 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Automatic Updater
9d5ed744c4 update copyright notice 2008-01-14 23:46:56 +00:00
Mark Andrews
f1263d2aa4 2304. [bug] Check returns from all dns_rdata_tostruct() calls. 
[RT #17460]
 2008-01-14 23:24:24 +00:00
Mark Andrews
8bedd9647f 2245. [bug] Validating lack of DS records at trust anchors wasn't 
working. [RT #17151]
 2007-09-19 03:38:56 +00:00
Mark Andrews
e2c3f8059e 2238. [bug] It was possible to trigger a REQUIRE when a 
validation was cancelled. [RT #17106]
 2007-09-14 05:43:05 +00:00
Mark Andrews
3eab85ca54 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create(). 
[RT #16976]
 2007-08-27 04:36:54 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
a05f23d07e 2171. [bug] Handle breaks in DNSSEC trust chains where the parent 
servers are not DS aware (DS queries to the parent
                        return a referral to the child).
 2007-04-27 06:13:29 +00:00
Mark Andrews
394f4aec21 2145. [bug] Check DS/DLV digest lengths for known digests. 
[RT #16622]
 2007-02-26 01:20:44 +00:00
Mark Andrews
f36c85c3ce update copyright notice 2007-01-08 02:45:04 +00:00
Mark Andrews
3052274767 2126. [bug] Serialise validation of type ANY responses. [RT #16555] 2007-01-08 01:13:38 +00:00
Mark Andrews
29747dfe5e 2123. [func] Use Doxygen to generate internal documention. 
[RT #11398]
 2006-12-22 01:46:19 +00:00
Mark Andrews
1ea2595e1b 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records 
which could lead to validation failures.  named didn't
                        handle negative DS responses that were in the process
                        of being validated.  Check CNAME bit before accepting
                        NODATA proof. To be able to ignore a child NSEC there
                        must be SOA (and NS) set in the bitmap. [RT #16399]
 2006-12-07 06:47:36 +00:00
Mark Andrews
cc7d91bd5c 2061. [bug] Accept expired wildcard message reversed. [RT #16296] 2006-07-24 22:41:59 +00:00
Mark Andrews
d2ef84e07b 2008. [func] It is now posssible to enable/disable DNSSEC 
validation from rndc.  This is useful for the
                        mobile hosts where the current connection point
                        breaks DNSSEC (firewall/proxy).  [RT #15592]

                                rndc validation newstate [view]
 2006-03-09 23:39:00 +00:00
Mark Andrews
95b484c958 fix minor typos 2006-02-26 22:57:18 +00:00
Mark Andrews
fcbc5d2353 post merge problem 2006-02-22 01:55:10 +00:00
Mark Andrews
c5387e6942 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608] 2006-02-21 23:49:51 +00:00
Mark Andrews
acb4f52369 update copyright notice 2006-01-04 23:50:24 +00:00
Mark Andrews
fabf2ee6b0 1947. [func] It is now possible to configure named to accept 
expired RRSIGs.  Default "dnssec-accept-expired no;".
                        Setting "dnssec-accept-expired yes;" leaves named
                        vulnerable to replay attacks.  [RT #14685]
 2006-01-04 02:35:49 +00:00
Mark Andrews
cf224bbf7b 1942. [bug] If the name of a DNSKEY match that of one in 
trusted-keys do not attempt to validate the DNSKEY
                        using the parents DS RRset. [RT #15649]
 2005-12-04 23:54:01 +00:00
Mark Andrews
470c726bc8 silence dereferencing type-punned pointer will break strict-aliasing rules warning 2005-11-30 05:01:34 +00:00