ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
15,921 Commits 589 Branches 805 Tags
ae7e54b14c946e0984c191554db9abb4893f9349
Commit Graph

7713 Commits

Author SHA1 Message Date
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Mark Andrews
f05a6b110f 2607. [bug] named could incorrectly delete NSEC3 records for 
empty nodes when processing a update request.
                        [RT #19749]
 2009-06-04 01:43:41 +00:00
Mark Andrews
0bc3af9834 2606. [bug] "delegation-only" was not being accepted in 
delegation-only type zones. [RT #19717]
 2009-06-03 00:04:38 +00:00
Automatic Updater
dc0c165ce3 update copyright notice 2009-06-02 23:47:50 +00:00
Mark Andrews
5422cf284f 2605. [bug] Accept DS responses from delegation only zones. 
[RT # 19296]
 2009-06-02 05:51:44 +00:00
Automatic Updater
e6ada020f5 update copyright notice 2009-05-29 23:47:49 +00:00
Tatuya JINMEI 神明達哉
40d0f115a6 2604. [func] Add support for DNS rebinding attack prevention through 
new options, deny-answer-addresses and
			deny-answer-aliases.  Based on contributed code from
			JD Nurmi, Google. [RT #18192]
 2009-05-29 22:22:37 +00:00
Mark Andrews
7be6336565 2602. [port] win32: fix debugging command line build of libisccfg. 
[RT #19767]
 2009-05-29 01:16:31 +00:00
Automatic Updater
cc5f9fe224 update copyright notice 2009-05-11 02:38:35 +00:00
Mark Andrews
8a805c9f41 spelling 2009-05-11 02:30:07 +00:00
Mark Andrews
4c2ed3d141 2599. [bug] Address rapid memory growth when validation fails. 
[RT #19654]
 2009-05-11 02:22:03 +00:00
Automatic Updater
54cdd2b307 update copyright notice 2009-05-07 23:47:44 +00:00
Francis Dupont
ff380b05fe comment fixes (rt19624) 2009-05-07 09:41:23 +00:00
Mark Andrews
e7eede965d 2597. [bug] Handle a validation failure with a insecure delegation 
from a NSEC3 signed master/slave zone.  [RT #19464]
 2009-05-07 02:34:19 +00:00
Automatic Updater
7a272c6b0d update copyright notice 2009-05-06 23:47:50 +00:00
Tatuya JINMEI 神明達哉
5d7849ad7f 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay 
long, leading to inefficient memory usage or rejecting
			newer cache entries in the worst case. [RT #19563]
 2009-05-06 22:53:54 +00:00
Mark Andrews
d2c115f913 2590. [func] Report zone/class of "diff with no effect". [RT #19542] 2009-04-30 06:53:10 +00:00
Automatic Updater
542b74bec7 update copyright notice 2009-04-29 23:48:02 +00:00
Mark Andrews
f030c71500 2589. [bug] dns_db_unregister() failed to clear '*dbimp'. 
[RT #19626]
 2009-04-29 22:11:34 +00:00
Automatic Updater
d76bbb6c40 update copyright notice 2009-04-28 23:48:01 +00:00
Tatuya JINMEI 神明達哉
089f456eb3 2588. [bug] SO_REUSEADDR could be set unconditionally after failure 
of bind(2) call.  This should be rare and mostly
			harmless, but may cause interference with other
			processes that happen to use the same port. [RT #19642]
 2009-04-28 21:39:00 +00:00
Jeremy Reed
f20f19de19 2587. [func] Improve logging by reporting serial numbers for 
when zone serial has gone backwards or unchanged.
			[RT #19506]
 2009-04-28 12:48:35 +00:00
Automatic Updater
ab381c1e22 update copyright notice 2009-04-21 23:48:04 +00:00
Tatuya JINMEI 神明達哉
b1b0dca146 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB 
or SDB. [RT #19577]
 2009-04-21 00:41:02 +00:00
Tatuya JINMEI 神明達哉
cda7c783c3 2585. [bug] Uninitialized socket name could be referenced via a 
statistics channel, triggering an assertion failure in
			XML rendering. [RT #19427]
 2009-04-18 01:28:17 +00:00
Automatic Updater
cc0f37ba17 update copyright notice 2009-04-08 06:48:23 +00:00
Tatuya JINMEI 神明達哉
af2e2f5ed7 2584. [bug] alpha: gcc optimization could break atomic operations. 
[RT #19227]
 2009-04-08 05:46:22 +00:00
Tatuya JINMEI 神明達哉
3dc1cb7e96 wording fix for cpp error message (rt #19569) 2009-04-07 02:49:37 +00:00
Mark Andrews
64e161a7f7 2582. [bug] Don't emit warning log message when we attempt to 
remove non-existant journal. [RT #19516]
 2009-03-26 22:51:54 +00:00
Evan Hunt
6b9728dde7 ARM and log message changes to clarify "insecure response". [rt19400] 2009-03-23 22:30:57 +00:00
Automatic Updater
8e3d340655 update copyright notice 2009-03-17 23:48:02 +00:00
Mark Andrews
72dbc7216a 2579. [bug] DNSSEC lookaside validation failed to handle unknown 
algorithms. [RT #19479]
 2009-03-17 01:34:28 +00:00
Mark Andrews
56708c6fb4 2576. [bug] NSEC record were not being correctly signed when 
a zone transitions from insecure to secure.
                        Handle such incorrectly signed zones. [RET #19114]
 2009-03-13 01:35:18 +00:00
Automatic Updater
74f4bfde4a update copyright notice 2009-03-11 23:47:35 +00:00
Evan Hunt
3f8be559f0 2575. [func] New functions dns_name_fromstring() and 
dns_name_tostring(), to simplify conversion
			of a string to a dns_name structure and vice
			versa. [RT #19451]
 2009-03-11 07:02:34 +00:00
Automatic Updater
2464bd58eb update copyright notice 2009-03-05 23:47:36 +00:00
Mark Andrews
e422b84c73 2573. [bug] Replacing a non-CNAME record with a CNAME record in a 
single transaction in a signed zone failed. [RT #19397]
 2009-03-05 04:54:33 +00:00
Mark Andrews
f605647060 Undocumented firewall test hook. [RT #19398] 2009-03-05 03:13:55 +00:00
Automatic Updater
e61db954bf update copyright notice 2009-03-04 23:48:02 +00:00
Evan Hunt
3a30493983 2572. [func] Simplify DLV configuration, with a new option 
"dnssec-lookaside auto;"  This is the equivalent
			of "dnssec-lookaside . trust-anchor dlv.isc.org;"
			plus setting a trusted-key for dlv.isc.org.

			Note: The trusted key is hard-coded into named,
			but is also stored in (and can be overridden
			by) $sysconfdir/bind.keys.  As the ISC DLV key
			rolls over it can be kept up to date by replacing
			the bind.keys file with a key downloaded from
			https://www.isc.org/solutions/dlv. [RT #18685]
 2009-03-04 02:42:31 +00:00
Automatic Updater
4f91bcae43 update copyright notice 2009-03-02 23:47:43 +00:00
Mark Andrews
98b2be76fc 2567. [bug] dst__privstruct_writefile() could miss write errors. 
write_public_key() could miss write errors.
                        dnssec-dsfromkey could miss write errors.
                        [RT #19360]
 2009-03-02 03:01:04 +00:00
Mark Andrews
05c162292f 2567. [bug] dst__privstruct_writefile() could miss write errors. 
[RT #19360]
 2009-03-02 02:03:59 +00:00
Mark Andrews
d55bdffe2f report when chdir fails. [RT #19360] 2009-03-02 01:57:10 +00:00
Automatic Updater
3e63c43386 update copyright notice 2009-03-01 23:47:25 +00:00
Evan Hunt
bfe0517fdc Clarify logged message when an insecure DNSSEC response arrives from a zone 
thought to be secure: "insecurity proof failed" instead of "not insecure".
[RT #19400]
 2009-03-01 02:45:38 +00:00
Mark Andrews
549e34bbf4 2564. [bug] Only take EDNS fallback steps when processing timeouts. 
[RT #19405]
 2009-02-27 23:01:48 +00:00
Automatic Updater
92e4603c55 update copyright notice 2009-02-26 11:18:56 +00:00
Mark Andrews
e4c6491bbf 2565. [func] Add support for HIP record. Includes new functions 
dns_rdata_hip_first(), dns_rdata_hip_next()
                        and dns_rdata_hip_current().  [RT #19384]
 2009-02-26 06:09:19 +00:00
Mark Andrews
499fa72075 2564. [bug] 'named' was treating a TCP retry as a timeout when 
deciding whether to perform a EDNS fallback step.
                        [RT #19393]
 2009-02-25 22:46:05 +00:00