ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,303 Commits 589 Branches 805 Tags
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0
Commit Graph

201 Commits

Author SHA1 Message Date
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Mark Andrews
aa0777cfb6 spin waiting for zone transfer to complete 2011-10-26 05:32:56 +00:00
Mark Andrews
ada40193c8 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:42:11 +00:00
Mark Andrews
020c4484fe 3173. [port] Correctly validate root DS responses. [RT #25726] 2011-10-15 05:00:15 +00:00
Evan Hunt
653a78de95 3165. [bug] dnssec-signzone could generate new signatures when 
resigning, even when valid signatures were already
			present. [RT #26025]
 2011-10-11 19:26:06 +00:00
Mark Andrews
d60fb3a58c use index rather than match as it is more portable 2011-10-10 00:34:57 +00:00
Mark Andrews
17dfbab847 handle getline errors/eof 2011-10-07 21:32:35 +00:00
Mark Andrews
dc2cbfdafe handle multi-line NSEC3 record better 2011-10-06 22:11:39 +00:00
Evan Hunt
9e4afc9b39 3151. [bug] Queries for type RRSIG or SIG could be handled 
incorrectly.  [RT #21050]
 2011-09-02 21:55:16 +00:00
Evan Hunt
b47c020d5c 3133. [bug] Change #3114 was incomplete. [RT #24577] 2011-07-08 01:43:26 +00:00
Evan Hunt
0245f7725c 3118. [bug] When rolling to a new DNSSEC key, a private-type 
record could be created and never marked complete.
			[RT #23253]
 2011-05-26 04:25:47 +00:00
Evan Hunt
bfe32d08c5 3116. [func] New 'dnssec-update-mode' option controls updates 
of DNSSEC records in signed dynamic zones.  Set to
			'no-resign' to disable automatic RRSIG regeneration
			while retaining the ability to sign new or changed
			data. [RT #24533]
 2011-05-23 20:10:03 +00:00
Scott Mann
a50ce0f80b Fix for RT #23136 task 1. 2011-05-19 00:31:57 +00:00
Mark Andrews
0a82492610 3089. [func] dnssec-dsfromkey now supports reading keys from 
standard input "dnssec-dsfromkey -f -". [RT# 20662]
 2011-03-24 02:10:23 +00:00
Mark Andrews
e706901292 add test numbers 2011-03-22 00:41:53 +00:00
Mark Andrews
c2265bd341 adjust rt23702 test to take less time 2011-03-21 20:31:22 +00:00
Evan Hunt
35f1a4fc93 3085. [func] New '-R' option in dnssec-signzone forces removal 
of signatures which have not yet expired but
			were generated by a key that no longer exists.
			[RT #22471]
 2011-03-21 07:26:47 +00:00
Mark Andrews
5f49da42fe wait longer for the nsec3chain generation to complete 2011-03-21 03:30:48 +00:00
Mark Andrews
5095e72ac3 3083. [bug] NOTIFY messages were not being sent when generating 
a NSEC3 chain incrementally. [RT #23702]
 2011-03-21 01:02:39 +00:00
Evan Hunt
9a859983d7 3062. [func] Made several changes to enhance human readability 
of DNSSEC data in dig output and in generated
			zone files:
			 - DNSKEY record comments are more verbose, no
			   longer used in multiline mode only
			 - multiline RRSIG records reformatted
			 - multiline output mode for NSEC3PARAM records
			 - "dig +norrcomments" suppresses DNSKEY comments
			 - "dig +split=X" breaks hex/base64 records into
			   fields of width X; "dig +nosplit" disables this.
			[RT #22820]
 2011-03-05 19:39:07 +00:00
Mark Andrews
eff7f78bc6 3061. [func] New option "dnssec-signzone -D", only write out 
generated DNSSEC records. [RT #22896]
 2011-03-05 06:35:41 +00:00
Scott Mann
d31740ce28 Fixed DNSKEY NODATA responses not cached (RT #22908). 2011-03-01 14:40:39 +00:00
Francis Dupont
664917beda Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:21:35 +00:00
Mark Andrews
2f09e7c3fc 3041. [bug] dnssec-signzone failed to generate new signatures on 
ttl changes. [RT #23330]
 2011-02-24 03:04:43 +00:00
Mark Andrews
4f07b2b00c 3040. [bug] Named failed to validate insecure zones where a node 
with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]
 2011-02-23 11:30:35 +00:00
Mark Andrews
b1b42b03b7 3020. [bug] auto-dnssec failed to correctly update the zone when changing the DNSKEY RRset. [RT #23232] 2011-02-15 22:02:36 +00:00
Mark Andrews
c5fa370695 3019. [func] Test: check apex NSEC3 records after adding DNSKEY 
record via UPDATE. [RT #23229]
 2011-02-14 23:53:44 +00:00
Mark Andrews
37b017f2ca Regression test for: 
3018.   [bug]           Named failed to check for the "none;" acl when deciding
                        if a zone may need to be re-signed. [RT #23120]
 2011-02-08 03:47:02 +00:00
Automatic Updater
1da9dbcf48 update copyright notice 2011-01-04 23:47:14 +00:00
Evan Hunt
79bf7c874b 3001. [func] Added a default trust anchor for the root zone, which 
can be switched on by setting "dnssec-validation auto;"
			in the named.conf options. [RT #21727]
 2011-01-03 23:45:08 +00:00
Mark Andrews
a27b3757fd 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 01:14:51 +00:00
Mark Andrews
240a7dc59d 2951. [bug] named failed to generate a correct signed response 
in a optout, delegation only zone with no secure
                        delegations. [RT #22007]
 2010-09-07 00:58:36 +00:00
Mark Andrews
c73d8c1b72 2938. [bug] When skipping NSEC3 records that don't match the 
current NSEC3PARAM record in use for zone named
                        could dereference a uninitialised pointer attempting
                        to obtain a lock. [RT# 21868]
 2010-08-13 06:46:25 +00:00
Evan Hunt
cb933b69ff 2932. [cleanup] Corrected a numbering error in the "dnssec" test. 
[RT #21597]
 2010-08-09 22:34:56 +00:00
Tatuya JINMEI 神明達哉
f1f39b7e07 2931. [bug] Temporarily and partially disable change 2864 
because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]
 2010-07-15 01:17:45 +00:00
Mark Andrews
a7d2b922ee match the dig.out.ns#.$n to the nameserver 2010-06-28 01:34:11 +00:00
Mark Andrews
8fa6ca58b6 check that we have non-cachable answers to test against 2010-06-28 01:31:49 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00
Mark Andrews
f35a87f58f remove leading zeros on keyid 
account for trusted keys not applying to _bind anymore
 2010-06-25 07:28:46 +00:00
Mark Andrews
bf13e709db 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:24:05 +00:00
Mark Andrews
5ee4d3f2ee iterations is -H 2010-06-04 00:04:39 +00:00
Mark Andrews
e74c3a0f59 specify NSEC3 iterations 2010-06-03 21:44:49 +00:00
Mark Andrews
675cc80975 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 03:13:32 +00:00
Automatic Updater
6bb1560124 update copyright notice 2010-01-18 23:48:40 +00:00
Evan Hunt
e11a0c114c 2841. [func] Added "smartsign" and improved "autosign" and 
"dnssec" regression tests. [RT #20865]
 2010-01-18 19:19:31 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00