ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,303 Commits 589 Branches 805 Tags
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0
Commit Graph

1979 Commits

Author SHA1 Message Date
Mark Andrews
ed83fa75f5 2963. [security] The allow-query acl was being applied instead of the 
allow-query-cache acl to cache lookups. [RT #22114]
 2010-09-24 05:09:03 +00:00
Mark Andrews
c6f4972c74 2943. [func] Add support to load new keys into managed zones 
without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]
 2010-08-16 22:21:07 +00:00
Automatic Updater
2b43d1d8c5 update copyright notice 2010-08-13 23:47:04 +00:00
Evan Hunt
cfd262045c 2936. [func] Improved configuration syntax and multiple-view 
support for addzone/delzone feature (see change
			#2930).  Removed "new-zone-file" option, replaced
			with "allow-new-zones (yes|no)".  The new-zone-file
			for each view is now created automatically, with
			a filename generated from a hash of the view name.
			It is no longer necessary to "include" the
			new-zone-file in named.conf; this happens
			automatically.  Zones that were not added via
			"rndc addzone" can no longer be removed with
			"rndc delzone". [RT #19447]
 2010-08-11 18:14:20 +00:00
Evan Hunt
86dcc40058 2930. [experimental] New "rndc addzone" and "rndc delzone" commads 
allow dynamic addition and deletion of zones.
			To enable this feature, specify a "new-zone-file"
			option at the view or options level in named.conf.
			Zone configuration information for the new zones
			will be written into that file.  To make the new
			zones persist after a restart, "include" the file
			into named.conf in the appropriate view.  (Note:
			This feature is not yet documented, and its syntax
			is expected to change.) [RT #19447]
 2010-07-11 00:12:57 +00:00
Automatic Updater
1b892cf691 update copyright notice 2010-07-09 23:46:51 +00:00
Evan Hunt
bf9b852c3e 2929. [bug] Improved handling of GSS security contexts: 
- added LRU expiration for generated TSIGs
			 - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
			 - limited lifetime of generated keys to 1 hour
			   or the lifetime of the context (whichever is
			   smaller)
			[RT #19737]
 2010-07-09 05:13:15 +00:00
Mark Andrews
bf13e709db 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:24:05 +00:00
Mark Andrews
48dfee7150 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively 
to IPv4 clients.  New acl 'filter-aaaa' (default any).
 2010-06-22 04:03:38 +00:00
Automatic Updater
3f2280d2fc update copyright notice 2010-06-04 23:51:14 +00:00
Mark Andrews
ec58c4ca54 remove trailing comma 2010-06-04 00:12:54 +00:00
Automatic Updater
4dd3ec797d update copyright notice 2010-05-18 02:38:10 +00:00
Mark Andrews
8d31dd9ab6 2897. [bug] NSEC3 chains could be left behind when transitioning 
to insecure. [RT #21040]
 2010-05-18 01:39:41 +00:00
Automatic Updater
515c7f3c43 update copyright notice 2010-05-14 23:50:40 +00:00
Mark Andrews
778a01b1aa 2893. [bug] Improve managed keys support. New named.conf option 
managed-keys-directory. [RT #20924]
 2010-05-14 04:48:28 +00:00
Mark Andrews
44f175a90a 2892. [bug] Handle REVOKED keys better. [RT #20961] 2010-05-14 04:38:52 +00:00
Mark Andrews
b335299322 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:13:43 +00:00
Automatic Updater
a955420bed update copyright notice 2010-05-10 23:50:55 +00:00
Mark Andrews
121f783b66 2881. [bug] Reduce the amount of time the rbtdb write lock 
is held when closing a version. [RT #21198]
 2010-05-10 01:39:03 +00:00
Automatic Updater
4d42b714be update copyright notice 2010-03-04 23:50:34 +00:00
Mark Andrews
2e20dea9fc 2854. [func] nsupdate will now preserve the entered case of domain 
names in update requests it sends. [RT #20928]
 2010-03-04 05:24:56 +00:00
Mark Andrews
13396661f4 2854. [func] dig: allow the final soa record in a axfr response to 
be suppressed, dig +onesoa. [RT #20929]
 2010-03-04 05:18:04 +00:00
Automatic Updater
bd2b08d5a3 update copyright notice 2010-02-25 05:08:01 +00:00
Mark Andrews
0cae66577c 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 04:39:13 +00:00
Automatic Updater
8576a40424 update copyright notice 2010-01-12 23:48:57 +00:00
Francis Dupont
d481cfdab5 fix spelling in comment 2010-01-12 23:23:21 +00:00
Automatic Updater
b871a3e0cd update copyright notice 2010-01-09 23:48:45 +00:00
Francis Dupont
a26d73a734 fix trivial typo in comment 2010-01-09 15:21:10 +00:00
Automatic Updater
400615c294 update copyright notice 2009-12-30 23:49:14 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Evan Hunt
9ead684875 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:46:58 +00:00
Mark Andrews
5b77627c09 2824. [bug] "rndc sign" was not being run by the correct task. 
[RT #20759]
 2009-12-29 22:20:33 +00:00
Evan Hunt
bd31f734ee 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define 
[RT #20771]
 2009-12-24 00:35:46 +00:00
Evan Hunt
4e55893d30 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:16:49 +00:00
Automatic Updater
4b6dc226f7 update copyright notice 2009-12-04 22:06:37 +00:00
Mark Andrews
3d17a3ba61 2801. [func] Detect and report records that are different according 
to DNSSEC but are sematically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};
 2009-12-04 21:09:34 +00:00
Mark Andrews
5d850024cb 2800. [func] Reject zones which have NS records which refer to 
CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]
 2009-12-04 03:33:15 +00:00
Evan Hunt
8e4f3f1cbc 2799. [cleanup] Changed the "secure-to-insecure" option to 
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
			to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
 2009-12-03 23:18:17 +00:00
Evan Hunt
22304041d1 typo caused a missing semicolon 2009-12-03 16:49:09 +00:00
Evan Hunt
e6dda86e8b 2798. [bug] Addressed bugs in managed-keys initialization 
and rollover. [RT #20683]
 2009-12-03 15:40:03 +00:00
Vernon Schryver
5d9922e86f Allow the optional filter-aaaa-on-v4 option in view statements to close #20635 2009-11-28 15:57:37 +00:00
Automatic Updater
2b2fc9b4df update copyright notice 2009-11-25 23:49:22 +00:00
Mark Andrews
d0ca4e90e2 2786. [bug] Additional could be promoted to answer. [RT #20663] 2009-11-25 02:22:05 +00:00
Evan Hunt
cef109efa7 2780. [bug] dnssec-keygen -A none didn't properly unset the 
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
 2009-11-23 02:55:41 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00
Automatic Updater
2d84cba8f4 update copyright notice 2009-11-04 23:48:18 +00:00
Mark Andrews
0181a0a92f 2747. [bug] Journal roll forwards failed to set the re-signing 
time of RRSIGs correctly. [RT #20541]
 2009-11-04 01:25:55 +00:00
Mark Andrews
a3285e811d 2746. [port] hpux: address signed/unsigned expansion mismatch of 
dns_rbtnode_t.nsec. [RT #20542]
 2009-11-04 01:18:19 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust 
anchors for a view. [RT #20211]
 2009-10-27 22:46:13 +00:00
Mark Andrews
63d5a6f680 2736. [func] Improve the performance of NSEC signed zones with 
more than a normal amount of glue below a delegation.
                        [RT #20191]
 2009-10-27 04:46:58 +00:00