ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
20,055 Commits 589 Branches 805 Tags
97efc552d30b28e2b86403aabc4e34d4735ca4e4
Commit Graph

390 Commits

Author SHA1 Message Date
Mark Andrews
9ad7445961 3461. [bug] Negative responses could incorrectly have AD=1 
set. [RT #32237]
 2013-01-10 22:17:59 +11:00
Tinderbox User
7d58f3ac85 update copyright notice 2013-01-04 23:45:25 +00:00
Evan Hunt
ba2599657b [v9_8] allow-query-on works now 
3448.	[bug]		The allow-query-on ACL was not processed correctly.
			[RT #29486]
(cherry picked from commit 222d38735f)
(cherry picked from commit 8d9207a17b)
 2013-01-03 15:15:51 -08:00
Mark Andrews
669a00bfde silence clang --analyze warning 2012-12-01 09:21:30 +11:00
Evan Hunt
89ef143e3f fix coverity issues 
3388.	[bug]		Fixed several Coverity warnings. [RT #30996]
 2012-10-02 23:50:20 -07:00
Evan Hunt
2d47f8187f fixed an exploitable hang bug 
3383.	[security]	A certain combinations of records in the RBT could
                        cause named to hang while populating the additional
                        section of a response. [RT #31090]
 2012-09-26 17:12:00 -07:00
Mark Andrews
40e7749444 3371. [bug] AD=1 should behave like DO=1 when deciding whether to 
add NS RRsets to the additional section or not.
                        [RT #30479]
 2012-08-31 11:26:36 +10:00
Evan Hunt
73ed414ae7 removed spurious variables added by merge, added config options to dnssec test 2012-07-25 22:13:42 -07:00
Tinderbox User
8b79e1aed5 update copyright notice 2012-07-25 23:45:36 +00:00
ckb
540b745122 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are 
approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]
 2012-07-25 17:25:13 -05:00
Tinderbox User
f3c44ec867 update copyright notice 2012-05-31 23:45:36 +00:00
Vernon Schryver
07d51fa5ba Squashed commit of the following: 
commit 4d29cea2ea05491a7afebc343e41d9b6ad58f068
commit 3211da9716e5ecc0bb758666db70a667ca5a944e
commit 884b6f5d5e9b1f50757c606adafabe382b90c80b
commit 53f82565f72f091a46caed754db160e4a7a2d161
Merge: 8f73664 9698f42
commit 8f73664e7bdc04f766ddcccfb5fc5f857a22326a

for rt26172

Add
  - optional "recursive-only yes|no" to the response-policy statement
  - optional max-policy-ttl to limit the lies that "recursive-only no"
      can introduce into resolvers' caches
  - test that queries with RD=0 are not rewritten by default
  - performance smoke test

Change encoding of PASSTHRU action to "rpz-passthru".
      (The old encoding is still accepted.)
Fix rt26180  assert botch in zone_findrdataset() in this branch
     as well.

Fix missing signatures on NOERROR results despite RPZ hits
    when there are signatures and the client asks for DNSSEC,
 2012-05-31 01:47:47 +00:00
Mark Andrews
183a1f9e79 3299. [bug] Make SDB handle errors from database drivers better. 
[RT #28534]
 2012-03-28 10:33:20 +11:00
Mark Andrews
930151fcab 3280. [bug] Potential double free of a rdataset on out of memory 
with DNS64. [RT #27762]
 2012-02-07 01:14:39 +00:00
Automatic Updater
33a62e8d0f update copyright notice 2012-01-31 23:46:41 +00:00
Evan Hunt
6522a6b265 3273. [bug] AAAA responses could be returned in the additional 
section even when filter-aaaa-on-v4 was in use.
                        [RT #27292]
 2012-01-31 17:54:12 +00:00
Evan Hunt
fb55b8f34d 3262. [bug] Signed responses were handled incorrectly by RPZ. 
[RT #27316]
 2012-01-07 00:19:29 +00:00
Automatic Updater
8ead053cb0 update copyright notice 2012-01-04 23:46:19 +00:00
Evan Hunt
c0990ffd88 3260. [bug] "rrset-order cyclic" could appear not to rotate 
for some query patterns.  [RT #27170/27185]
 2012-01-04 03:07:29 +00:00
Mark Andrews
b2adef3fb0 3218. [security] Cache lookup could return RRSIG data associated with 
nonexistent records, leading to an assertion
                        failure. [RT #26590]
 2011-11-16 09:56:56 +00:00
Mark Andrews
2136c92599 3186. [bug] Version/db mis-match in rpz code. [RT #26180] 2011-10-31 02:55:07 +00:00
Mark Andrews
f4105ef7b8 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:44:36 +00:00
Automatic Updater
498015c13a update copyright notice 2011-10-14 23:46:08 +00:00
Mark Andrews
89769cb5a5 3170. [func] RPZ update: 
- fix precedence among competing rules
                        - improve ARM text including documenting rule precedence
                        - try to rewrite CNAME chains until first hit
                        - new "rpz" logging channel
 2011-10-14 03:51:07 +00:00
Automatic Updater
a856c33738 update copyright notice 2011-09-02 23:45:51 +00:00
Evan Hunt
404329080f 3151. [bug] Queries for type RRSIG or SIG could be handled 
incorrectly.  [RT #21050]
 2011-09-02 21:54:52 +00:00
Mark Andrews
31dcd78366 3126. [security] Using DNAME record to generate replacements caused 
RPZ to exit with a assertion failure. [RT #23766]
 2011-06-09 03:14:04 +00:00
Mark Andrews
eff7004cdd 3125. [security] Using wildcard CNAME records as a replacement with 
RPZ caused named to exit with a assertion failure.
                        [RT #24715]
 2011-06-09 00:53:55 +00:00
Mark Andrews
7e773a23d9 3115. [bug] Named could fail to return requested data when 
following a CNAME that points into the same zone.
                        [RT #2445]
 2011-05-20 05:12:18 +00:00
Automatic Updater
1076a78dd9 update copyright notice 2011-04-27 23:47:01 +00:00
Evan Hunt
e3579205fe 3100. [security] Certain response policy zone configurations could 
trigger an INSIST when receiving a query of type
			RRSIG. [RT #24280]
 2011-04-27 17:43:07 +00:00
Evan Hunt
6ecc5850ef 3099. [test] "dlz" system test now runs but gives R:SKIPPED if 
not compiled with --with-dlz-filesystem.  [RT #24146]

3098.	[bug]		DLZ zones were answering without setting the AA bit.
			[RT #24146]
 2011-04-19 22:31:43 +00:00
Francis Dupont
8e8a1d612b fix too long with dname error 2011-03-18 21:25:18 +00:00
Mark Andrews
ac6edf67d5 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:47:09 +00:00
Evan Hunt
b2b2a5f7e5 3066. [func] The DLZ "dlopen" driver is now built by default, 
no longer requiring a configure option.  To
			disable it, use "configure --without-dlopen".
			(Note: driver not supported on win32.) [RT #23467]
 2011-03-10 04:29:18 +00:00
Scott Mann
ff6618557c Fix prz SERVFAILs after failed zone transfer (RT23246) 2011-02-18 15:27:58 +00:00
Mark Andrews
f82e44954d 3013. [bug] The DNS64 ttl was not always being set as expected. 
[RT #23034]
 2011-02-03 07:39:03 +00:00
Mark Andrews
cc5e0baaef arguements out of order 2011-01-13 23:16:06 +00:00
Automatic Updater
9cee5bb028 update copyright notice 2011-01-13 04:59:26 +00:00
Mark Andrews
87708bde16 3008. [func] Response policy zones (RPZ) support. [RT #21726] 2011-01-13 01:59:28 +00:00
Evan Hunt
d9ad0a55bb 3000. [bug] More TKEY/GSS fixes: 
- nsupdate can now get the default realm from
			   the user's Kerberos principal
			 - corrected gsstest compilation flags
			 - improved documentation
			 - fixed some NULL dereferences
			[RT #22795]
 2010-12-24 02:20:47 +00:00
Tatuya JINMEI 神明達哉
743bbdc18f 2947. [func] Add new zone type "static-stub". It's like a stub 
zone, but the nameserver names and/or their IP
			addresses are statically configured. [RT #21474]

(for 9.8.0)
 2010-12-16 09:51:30 +00:00
Automatic Updater
b8a9a7bef2 update copyright notice 2010-12-08 23:51:56 +00:00
Mark Andrews
e334405421 2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991] 2010-12-08 02:46:17 +00:00
Mark Andrews
ed83fa75f5 2963. [security] The allow-query acl was being applied instead of the 
allow-query-cache acl to cache lookups. [RT #22114]
 2010-09-24 05:09:03 +00:00
Mark Andrews
082f42dcf2 2960. [func] Check that named accepts non-authoritative answers. 
[RT #21594]
 2010-09-15 12:07:56 +00:00
Mark Andrews
8fb412590e 2953. [bug] Silence spurious "expected covering NSEC3, got an 
exact match" message when returning a wildcard
                        no data response. [RT #21744]
 2010-09-07 02:28:17 +00:00
Tatuya JINMEI 神明達哉
f1f39b7e07 2931. [bug] Temporarily and partially disable change 2864 
because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]
 2010-07-15 01:17:45 +00:00
Automatic Updater
1b67d9b719 update copyright notice 2010-06-26 23:46:49 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00