ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
20,287 Commits 589 Branches 805 Tags
cfeaa948b3c19f9e4cf43e4182fb59fa599d6ef9
Commit Graph

5858 Commits

Author SHA1 Message Date
Evan Hunt
b2088c8595 properly range-check fields that do not allow 0 
3362.	[bug]		Setting some option values to 0 in named.conf
			could trigger an assertion failure on startup.
			[RT #27730]
 2012-08-13 22:40:35 -07:00
Evan Hunt
efc3ebed17 support '-' salt in rndc signing -nsec3param 
3361.	[bug]		"rndc signing -nsec3param" didn't work correctly
			when salt was set to '-' (no salt). [RT #30099]
 2012-08-13 22:25:16 -07:00
Evan Hunt
8757846fbe address memory leak with bad tsig secret 
3359.	[bug]		An improperly-formed TSIG secret could cause a
                        memory leak. [RT #30607]
 2012-08-10 20:16:59 -07:00
Tinderbox User
bc0ad9c673 update copyright notice 2012-07-25 23:45:49 +00:00
ckb
66e472cd74 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are 
approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]
 2012-07-25 17:12:57 -05:00
Mark Andrews
515cb51b88 3355. [port] Use more portable awk in verify system test. 2012-07-25 13:00:59 +10:00
Tinderbox User
1439e7b8ff update copyright notice 2012-07-23 23:45:53 +00:00
Mark Andrews
62eeb6c836 3354. [func] Improve OpenSSL error logging. [RT #29932] 2012-07-23 15:09:42 +10:00
Mark Andrews
73dbdbaee7 3353. [bug] Use a single task for task exclusive operations. 
[RT #29872]
 2012-07-19 23:03:07 +10:00
Mark Andrews
9f053d3b38 add verify system test 2012-07-19 13:09:58 +10:00
Evan Hunt
1824a70e12 fix copyrights in checkds test 2012-07-06 14:24:41 -07:00
ckb
f881a7beb5 added cleanup of test files 2012-07-06 10:03:36 -05:00
Evan Hunt
b5bfcabdc0 warn when changing mode on .private files 
3347.	[bug]		dnssec-settime: Issue a warning when writing a new
			private key file would cause a change in the
			permissions of the existing file. [RT #27724]
 2012-07-05 18:03:57 -07:00
Tinderbox User
03565e899d update copyright notice 2012-06-29 23:45:45 +00:00
Mark Andrews
de915d9e03 create implict rule for python executable and use it to create dnssec-checkds 2012-06-29 16:55:46 +10:00
Tinderbox User
8d0a65e45f update copyright notice 2012-06-29 01:49:36 +00:00
Mark Andrews
cb421b69c3 reverse bad copyright update 2012-06-29 11:41:43 +10:00
Tinderbox User
cd24b114bf update copyright notice 2012-06-29 01:22:07 +00:00
Mark Andrews
c6d42090f9 make the checkds system test dependent on the result of python discovery 2012-06-28 23:10:20 +10:00
Mark Andrews
17e5cbee49 3344. [func] New "dnssec-checkds" command checks a zone to 
determine which DS records should be published
                        in the parent zone, or which DLV records should be
                        published in a DLV zone, and queries the DNS to
                        ensure that it exists. (Note: This tool depends
                        on python; it will not be built or installed on
                        systems that do not have a python interpreter.)
                        [RT #28099]
 2012-06-28 18:26:04 +10:00
Tinderbox User
9418237f65 update copyright notice 2012-06-26 23:45:42 +00:00
Mark Andrews
68565715ec 3342. [bug] Change #3314 broke saving of stub zones to disk 
resulting in excessive cpu usage in some cases.
                        [RT #29952]
 2012-06-27 09:23:01 +10:00
Mark Andrews
7c25aaf620 3341. [func] New "dnssec-verify" command checks a signed zone 
to ensure correctness of signatures and of NSEC/NSEC3
                        chains. [RT #23673]
 2012-06-25 14:57:32 +10:00
Tinderbox User
0cf0e2b17f update copyright notice 2012-06-21 23:45:41 +00:00
Evan Hunt
55479af81f fix secondkey test, properly 2012-06-20 22:44:49 -07:00
Tinderbox User
bf8c2431d5 update copyright notice 2012-06-20 23:46:27 +00:00
Evan Hunt
44b9433d75 fixed second-key test to use correct rndc.conf 2012-06-20 15:08:42 -07:00
Mark Andrews
acebc2457c 3339. [func] Allow the maximum supported rsa exponent size to be 
specified: "max-rsa-exponent-size <value>;" [RT #29228]
 2012-06-20 21:34:24 +10:00
Tinderbox User
ba10d28268 update copyright notice 2012-06-14 23:45:44 +00:00
Mark Andrews
c7818fb0be 3337. [bug] Change #3294 broke support for the multiple keys 
in controls. [RT #29694]
 2012-06-13 16:30:46 +10:00
Tinderbox User
bec35dad94 update copyright notice 2012-06-08 23:45:44 +00:00
Evan Hunt
78e4ced5b7 nslookup exit with error if unsuccessful 
3335.	[func]		nslookup: return a nonzero exit code when unable
			to get an answer. [RT #29492]
 2012-06-07 22:07:22 -07:00
Mark Andrews
4db66665f5 3333. [bug] Setting resolver-query-timeout too low can cause 
named to not recover if it looses connectivity.
                        [RT #29623]
 2012-06-08 12:38:48 +10:00
Mark Andrews
640db2ed50 Don't restart ns5 after killing it 2012-06-07 14:42:18 +10:00
Mark Andrews
8bd9a9b2ad kill and restart the nameserver after running: perf 'without rpz' norpz 2012-06-04 16:36:30 +10:00
Tinderbox User
de16ff6d04 update copyright notice 2012-06-01 23:45:51 +00:00
Evan Hunt
63e1f1ecc6 fix solaris portability problem 2012-06-01 11:41:24 -07:00
Evan Hunt
73319305bf security fix 
3331.	[security]	dns_rdataslab_fromrdataset could produce bad
			rdataslabs. [RT #29644]
 2012-06-01 09:47:28 -07:00
Vernon Schryver
f05089ea5c For rt26172: 
Add
      - optional "recursive-only yes|no" to the response-policy statement
      - optional max-policy-ttl to limit the lies that "recursive-only no"
          can introduce into resolvers' caches
      - test that queries with RD=0 are not rewritten by default
      - performance smoke test

    Change encoding of PASSTHRU action to "rpz-passthru".
          (The old encoding is still accepted.)
    Fix rt26180  assert botch in zone_findrdataset() in this branch
         as well.

    Fix missing signatures on NOERROR results despite RPZ hits
        when there are signatures and the client asks for DNSSEC,
 2012-06-01 01:03:43 +00:00
Tinderbox User
36556c1406 regen v9_9 2012-05-31 01:17:36 +00:00
Tinderbox User
ca51110567 update copyright notice 2012-05-21 23:45:36 +00:00
Mark Andrews
c400da38cf redirect stderr to /dev/null 2012-05-21 16:05:18 +10:00
Mark Andrews
e77611f94c awk and toupper is not portable, use sed instead 2012-05-21 10:16:22 +10:00
Tinderbox User
a2093c07a5 update copyright notice 2012-05-17 23:45:48 +00:00
Evan Hunt
dff9ea972b add ecdsa to system tests 2012-05-17 16:10:26 -07:00
Evan Hunt
8b1b819ae4 add ECDSA support 
3317.	[protocol]	Add ECDSA support (RFC 6605). [RT #21918]
 2012-05-17 15:52:07 -07:00
Evan Hunt
e39b4d8054 Handle RRSIG signer case consistently 
3329.	[bug]	Handle RRSIG signer-name case consistently: We
		generate RRSIG records with the signer-name in
		lower case.  We accept them with any case, but if
		they fail to validate, we try again in lower case.
		[RT #27451]
 2012-05-17 10:59:07 -07:00
Tinderbox User
6860df599d update copyright notice 2012-04-27 04:03:10 +00:00
Mark Andrews
9a9f67d54b 3273. [bug] AAAA responses could be returned in the additional 
section even when filter-aaaa-on-v4 was in use.
                        [RT #27292]
 2012-04-27 13:02:03 +10:00
Tinderbox User
36b371b81f update copyright notice 2012-04-26 23:45:39 +00:00