ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
17,032 Commits 589 Branches 805 Tags
92348098ebe7ef4c26bfe2204a7364fa18735afc
Commit Graph

3344 Commits

Author SHA1 Message Date
Mark Andrews
92348098eb 2956. [bug] named-checkconf did not fail on a bad trusted key. 
[RT #20705]
 2010-03-04 06:17:01 +00:00
Mark Andrews
d1a5fdc34a 2955. [bug] The size of a memory allocation was not always properly 
recorded. [RT #20927]
 2010-03-04 05:29:15 +00:00
Mark Andrews
2e20dea9fc 2854. [func] nsupdate will now preserve the entered case of domain 
names in update requests it sends. [RT #20928]
 2010-03-04 05:24:56 +00:00
Mark Andrews
13396661f4 2854. [func] dig: allow the final soa record in a axfr response to 
be suppressed, dig +onesoa. [RT #20929]
 2010-03-04 05:18:04 +00:00
Mark Andrews
64f8608ed6 2853. [bug] add_sigs() could run out of scratch space. [RT #21015] 2010-02-26 01:39:49 +00:00
Mark Andrews
0cae66577c 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 04:39:13 +00:00
Mark Andrews
d3cbd6b05c 2851. [doc] nslookup.1, removed <informalexample> from the docbook 
source as it produced bad nroff.  [RT #21007]
 2010-02-22 20:48:56 +00:00
Tatuya JINMEI 神明達哉
3a28f0dc73 (forgot to add RT#) 2010-02-04 23:23:46 +00:00
Tatuya JINMEI 神明達哉
139cedabf9 2850. [bug] If isc_heap_insert() failed due to memory shortage 
the heap would have corrupted entries.

9.8.0, 9.7.1(?), 9.6.2, 9.5.3
(what about 9.4-ESV?)
 2010-02-04 23:22:05 +00:00
Mark Andrews
8ac908b38a 2849. [bug] Don't treat errors from the xml2 library as fatal. 
[RT #20945]
 2010-02-04 00:57:25 +00:00
Evan Hunt
0b24b2d3c4 2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and 
README.rfc5011 into the ARM. [RT #20899]
 2010-02-03 01:31:49 +00:00
Evan Hunt
dcfca6f18d 2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921] 2010-02-03 01:02:37 +00:00
Mark Andrews
ebaf977ecf 2846. [bug] EOF on unix domain sockets was not being handled 
correctly. [RT #20731]
 2010-01-31 23:18:03 +00:00
Evan Hunt
140cf92b3b sync 2010-01-27 19:19:51 +00:00
Evan Hunt
68ea797082 clarified 2010-01-27 19:18:46 +00:00
Francis Dupont
19a62c240d RFC 5011 client can crash. [RT #20903] 2010-01-26 23:33:10 +00:00
Mark Andrews
fd3a378353 2844. [doc] notify-delay default in ARM was wrong. It should have 
been five (5) seconds.
 2010-01-23 00:33:21 +00:00
Francis Dupont
0185a9358c sync 2010-01-22 12:56:43 +00:00
Evan Hunt
8a198fa776 2842. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from 
creating key files if there is a chance that the new
			key ID will collide with an existing one after
			either of the keys has been revoked.  (To override
			this in the case of dnssec-keyfromlabel, use the -y
			option.  dnssec-keygen will simply create a
			different, noncolliding key, so an override is
			not necessary.) [RT #20838]
 2010-01-19 20:26:07 +00:00
Evan Hunt
e11a0c114c 2841. [func] Added "smartsign" and improved "autosign" and 
"dnssec" regression tests. [RT #20865]
 2010-01-18 19:19:31 +00:00
Evan Hunt
b47d410f84 2840. [bug] Change 2836 was not complete. [RT #20883] 2010-01-14 23:27:38 +00:00
Francis Dupont
6ff7cd9fa5 Temporary fixed pkcs11-destroy usage check. [RT #20760] 2010-01-13 21:19:52 +00:00
Francis Dupont
f77148e029 a KSK revoked by named could not be deleted. [RT #20881] 2010-01-13 08:35:24 +00:00
Francis Dupont
a91029a00e Prevent Linux spurious warnings about fwrite(). [RT #20812] 2010-01-11 10:49:14 +00:00
Evan Hunt
05b1ab91a6 2836. [bug] Keys that were scheduled to become active could 
be delayed. [RT #20874]
 2010-01-09 17:09:00 +00:00
Evan Hunt
03e5afa4c0 2835. [bug] Key inactivity dates were inadvertently stored in 
the private key file with the outdated tag
			"Unpublish" rather than "Inactive".  This has been
			fixed; however, any existing keys that had Inactive
			dates set will now need to have them reset, using
			'dnssec-settime -I'. [RT #20868]
 2010-01-08 17:15:36 +00:00
Evan Hunt
0f66aced26 2834. [bug] HMAC-SHA* keys that were longer than the algorithm 
digest length were used incorrectly, leading to
			interoperability problems with other DNS
			implementations.  This has been corrected.
			(Note: If an oversize key is in use, and
			compatibility is needed with an older release of
			BIND, the new tool "isc-hmac-fixup" can convert
			the key secret to a form that will work with all
			versions.) [RT #20751]
 2010-01-07 21:52:12 +00:00
Evan Hunt
8ebf67b7f0 2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime. 
[RT #20851]
 2010-01-07 19:13:59 +00:00
Shawn Routhier
7c25b5f311 Modify "struct stat" in lib/export/samples/nsprobe.c to avoid redefinition in 
some OSes - rt20831
 2010-01-07 18:31:34 +00:00
Evan Hunt
597642c0ba 2831. [security] Do not attempt to validate or cache 
out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]
 2010-01-07 16:48:23 +00:00
Evan Hunt
d3a6cd7c7e 2830. [bug] Changing the OPTOUT setting could take multiple 
passes. [RT #20813]
 2010-01-04 22:47:58 +00:00
Evan Hunt
845bb3195a 2829. [bug] Fixed potential node inconsistency in rbtdb.c. 
[RT #20808]
 2010-01-04 22:30:14 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Evan Hunt
9ead684875 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:46:58 +00:00
Evan Hunt
687b6322fb 2826. [bug] NSEC3->NSEC transitions could fail due to a lock not 
being released.  [RT #20740]
 2009-12-30 03:38:57 +00:00
Mark Andrews
57fb4f7bbe 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that 
was in the process of being created was not properly
                        recorded in the zone. [RT #20786]
 2009-12-30 02:43:09 +00:00
Mark Andrews
5b77627c09 2824. [bug] "rndc sign" was not being run by the correct task. 
[RT #20759]
 2009-12-29 22:20:33 +00:00
Mark Andrews
288486df9d 2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781] 2009-12-29 22:04:16 +00:00
Mark Andrews
5773d3c007 2822. [bug] rbtdb.c:loadnode() could return the wrong result. 
[RT #20802]
 2009-12-29 08:53:33 +00:00
Evan Hunt
85c5ed3577 2821. [doc] Add note that named-checkconf doesn't automatically 
read rndc.key and bind.keys [RT #20758]
 2009-12-28 23:21:16 +00:00
Francis Dupont
0faf1492c7 non-readable openssl.cnf [20668] 2009-12-24 17:49:39 +00:00
Evan Hunt
bd31f734ee 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define 
[RT #20771]
 2009-12-24 00:35:46 +00:00
Evan Hunt
1361014b02 2818. [cleanup] rndc could return an incorrect error code 
when a zone was not found. [RT #20767]
 2009-12-24 00:14:20 +00:00
Evan Hunt
40ad4ed01b 2817. [cleanup] Removed unnecessary isc_tasc_endexclusive() calls. 
[RT #20768]
 2009-12-23 23:59:42 +00:00
Evan Hunt
b09559fd36 2816. [bug] previous_closest_nsec() could fail to return 
data for NSEC3 nodes [RT #29730]
 2009-12-23 23:43:01 +00:00
Evan Hunt
aa3415ba49 2815. [bug] Exclusively lock the task when freezing a zone. 
[RT #19838]
 2009-12-23 23:33:09 +00:00
Mark Andrews
c9630524c7 2814. [func] Provide a definitive error message when a master 
zone is not loaded. [RT #20757]
 2009-12-21 04:29:10 +00:00
Evan Hunt
4e55893d30 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:16:49 +00:00
Evan Hunt
0da859c5a7 2811. [cleanup] Add "rndc sign" to list of commands in rndc usage 
output. [RT #20733]
 2009-12-18 07:59:43 +00:00
Evan Hunt
19a6c40c37 2810. [doc] Clarified the process of transitioning an NSEC3 zone 
to insecure. [RT #20746]
 2009-12-18 07:56:29 +00:00