ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,967 Commits 589 Branches 805 Tags
d0cc47cef94de7931a492e32ec3b25145560d16b
Commit Graph

2777 Commits

Author SHA1 Message Date
Mark Andrews
c2119e0353 DNAME not DS 2011-03-08 00:38:31 +00:00
Mark Andrews
aff9352637 3064. [bug] powerpc: add sync instructions to the end of atomic 
operations. [RT #23469]
 2011-03-07 00:34:20 +00:00
Scott Mann
c335ad72b8 Ensure that log files are plain files. (RT #22771) 2011-03-04 17:12:20 +00:00
Mark Andrews
b1be6b9273 3051. [bug] NS records obsure DS records at the bottom of the 
zone if both are present. [RT #23035]
 2011-03-02 04:41:36 +00:00
Mark Andrews
901427ae62 3041. [bug] dnssec-signzone failed to generate new signatures on 
ttl changes. [RT #23330]
 2011-02-24 04:06:39 +00:00
Mark Andrews
920650f048 3040. [bug] Named failed to validate insecure zones where a node 
with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]
 2011-02-23 13:15:39 +00:00
Mark Andrews
071f362c6a 2037. [doc] Update COPYRIGHT to contain all the individual 
copyright notices that cover various parts.
 2011-02-22 06:45:08 +00:00
Mark Andrews
a8fdb85512 3014. [bug] Fix the zonechecks system test to match expected 
behaviour for 9.4 and to fail on error. [RT #22905]
 2011-02-03 07:56:33 +00:00
Mark Andrews
2531ef9979 3009. [bug] clients-per-query code didn't work as expected with 
particular query patterns. [RT #22972]
 2011-01-27 02:32:52 +00:00
Mark Andrews
171188fc06 spelling 2011-01-13 02:39:57 +00:00
Mark Andrews
ba185c8215 3007. [bug] Named failed to preserve the case of domain names in 
rdata which is no compressable when writing master
                        files.  [RT #22863]
 2011-01-13 02:18:29 +00:00
Mark Andrews
ada39963fd 2996. [security] Temporarily disable SO_ACCEPTFILTER support. 
[RT #22589]
 2010-12-22 03:35:21 +00:00
Mark Andrews
7d9635f938 remove CVSS scores add vectors 2010-11-29 00:40:13 +00:00
Mark Andrews
bbac4157e5 CVE-2010-3613 Reduce complexity from M to L raising score from 7.1 to 7.8. 
Just have the base CVSS vectors.
 2010-11-25 04:55:50 +00:00
Mark Andrews
845baabb7c add CVE, VU and CVSS 2010-11-18 02:56:53 +00:00
Mark Andrews
4ff8895925 9.4-ESV-R4 2010-11-18 01:34:51 +00:00
Mark Andrews
3a66e0f68c 2786. [bug] Additional could be promoted to answer. [RT #20663] 2010-11-17 10:21:02 +00:00
Mark Andrews
b78658f143 2970. [security] Adding a NO DATA negative cache entry failed to clear 
any matching RRSIG records.  A subsequent lookup of
                        of NO DATA cache entry could trigger a INSIST when the
                        unexpected RRSIG was also returned with the NO DATA
                        cache entry.  [RT #22288]
 2010-11-16 08:01:09 +00:00
Mark Andrews
a407ead333 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]

Had to adjust the test to use RSAMD5 -> RSASH1 as we need to use algorithms
supported by 9.4.
 2010-11-16 04:17:44 +00:00
Mark Andrews
d56cb6aead 2962. [port] win32: add more dependancies to BINDBuild.dsw. 
[RT #22062]
 2010-10-18 04:46:26 +00:00
Mark Andrews
b35d42c270 2966. [bug] isc_print_vsnprintf() failed to check if there was 
space available in the buffer when adding a left
                        justified character with a non zero width,
                        (e.g. "%-1c"). [RT #22270]
 2010-10-18 04:08:02 +00:00
Mark Andrews
e96e6e8077 9.4-ESV-R3 2010-09-02 07:27:40 +00:00
Mark Andrews
43a1ec8d9f 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. 
[RT #20877]
 2010-09-02 07:21:53 +00:00
Mark Andrews
cad9e1ff1f 2678. [func] Treat DS queries as if "minimal-response yes;" 
was set. [RT #20258]

2427.   [func]          Treat DNSKEY queries as if "minimal-response yes;"
                        was set. [RT #18528]
 2010-07-03 09:03:01 +00:00
Mark Andrews
7b67408765 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-26 00:11:50 +00:00
Mark Andrews
5c7be0bf56 s/to soon/too soon/ 2010-06-23 03:32:30 +00:00
Mark Andrews
8310668e43 2921. [bug] The resolver could attempt to destroy a fetch context 
to soon.  [RT #19878]
 2010-06-23 01:48:55 +00:00
Mark Andrews
1a677bc3f7 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-06-03 00:36:02 +00:00
Mark Andrews
eb12f97615 2900. [bug] The placeholder negative caching element was not 
properly constructed triggering a INSIST in
                        dns_ncache_towire(). [RT #21346]
 2010-06-03 00:21:52 +00:00
Mark Andrews
0cd3b8cc3e 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-06-03 00:07:59 +00:00
Mark Andrews
078580a74d 9.4-ESV-R2 2010-05-10 01:56:40 +00:00
Mark Andrews
af9bcac6c5 2876. [bug] Named could return SERVFAIL for negative responses 
from unsigned zones. [RT #21131]
 2010-04-21 04:23:47 +00:00
Mark Andrews
4692e05150 9.4-ESV-R1 2010-03-04 00:25:25 +00:00
Mark Andrews
b6a3b10da7 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-26 01:03:56 +00:00
Mark Andrews
d88ec94a81 9.4-ESV 2010-01-21 01:10:54 +00:00
Mark Andrews
f4405a6c1a missing from original commit: 
2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]
 2010-01-21 00:59:17 +00:00
Tatuya JINMEI 神明達哉
59721b321d 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)

Additional notes specific to 9.4-ESV:
- I needed to explicitly enable dnssec-validation in "pending" system tests
  because it's disabled by default for 9.4.  This is not a problem of this
  patch - the test was broken for 9.4 when it was first introduced.  Another
  reason why we need more detailed tests.
- I modified the test case for 9.4 so that it allows pending-additional-to-answer
   promotion as 9.4 doesn't include this bug fix.
 2009-12-30 08:55:48 +00:00
Evan Hunt
d7985983b0 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:44:05 +00:00
Mark Andrews
e312c286f8 9.4-ESVrc1 2009-12-11 00:39:13 +00:00
Mark Andrews
6a0c80c7c4 2797. [bug] Don't decrement the dispatch manager's maxbuffers. 
[RT #20613]
 2009-12-02 23:37:04 +00:00
Mark Andrews
d975e0ed8e rt# 2009-11-26 21:34:06 +00:00
Mark Andrews
54d83f4a68 2790. [bug] Handle DS queries to stub zones. 2009-11-26 03:45:43 +00:00
Mark Andrews
b4bd8d0662 772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-25 04:50:25 +00:00
Mark Andrews
12d58e5804 9.4-ESVb1 2009-11-05 06:14:04 +00:00
Mark Andrews
bf3057c014 9.4-ESV 2009-10-13 00:07:58 +00:00
Evan Hunt
121672f23c 2698. [cleanup] configure --enable-libbind is deprecated. [RT #20090] 2009-10-03 16:23:15 +00:00
Mark Andrews
45f4234351 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and 
S_IFREG are defined after including <isc/stat.h>.
                        [RT #20309]
 2009-10-01 05:25:44 +00:00
Mark Andrews
c6473dc038 2690. [bug] win32: fix isc_thread_key_getspecific() prototype. 
[RT #20315]
 2009-09-25 05:52:20 +00:00
Mark Andrews
ca202d441e 2689. [bug] Correctly handle snprintf result. [RT #20306] 2009-09-24 22:25:30 +00:00
Tatuya JINMEI 神明達哉
aaa2233e76 2525. [experimental] New logging category "query-errors" to provide detailed 
internal information about query failures, especially
			about server failures.  (backported as a special
			exception to the general policy) [RT #19027]
 2009-09-24 21:38:52 +00:00