ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,369 Commits 589 Branches 805 Tags
d9b107aefa552ddbafa6e4e39d4ceb08e23fa607
Commit Graph

1847 Commits

Author SHA1 Message Date
Automatic Updater
8f7aff9340 update copyright notice 2010-01-07 23:46:07 +00:00
Evan Hunt
e4cb322618 2831. [security] Do not attempt to validate or cache 
out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]
 2010-01-07 17:49:50 +00:00
cvs2git
9300b13653 This commit was manufactured by cvs2git to create branch 'v9_4'. 2010-01-07 16:48:24 +00:00
Evan Hunt
597642c0ba 2831. [security] Do not attempt to validate or cache 
out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]
 2010-01-07 16:48:23 +00:00
Automatic Updater
51ae9cb9f8 update copyright notice 2009-12-30 23:46:04 +00:00
Tatuya JINMEI 神明達哉
59721b321d 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)

Additional notes specific to 9.4-ESV:
- I needed to explicitly enable dnssec-validation in "pending" system tests
  because it's disabled by default for 9.4.  This is not a problem of this
  patch - the test was broken for 9.4 when it was first introduced.  Another
  reason why we need more detailed tests.
- I modified the test case for 9.4 so that it allows pending-additional-to-answer
   promotion as 9.4 doesn't include this bug fix.
 2009-12-30 08:55:48 +00:00
cvs2git
5a435720cd This commit was manufactured by cvs2git to create branch 'v9_4'. 2009-12-30 08:02:24 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Evan Hunt
f766024a27 change all keys from rsasha1 to nsec3rsasha1 so that the nsec->nsec3 
transitions work correctly.  (they worked before, but weren't supposed
to; when that bug was fixed, the test broke.)
 2009-12-19 17:30:31 +00:00
Automatic Updater
8b82c01d74 update copyright notice 2009-12-06 23:48:29 +00:00
Evan Hunt
0d796b1aaa improve cleanup and add named.run to .cvsignore files 2009-12-06 03:04:39 +00:00
Evan Hunt
12178c8652 2805. [bug] Fixed namespace problems encountered when building 
external programs using non-exported BIND9 libraries
			(i.e., built without --enable-exportlib). [RT #20679]
 2009-12-05 23:31:41 +00:00
Automatic Updater
4b6dc226f7 update copyright notice 2009-12-04 22:06:37 +00:00
Mark Andrews
5d850024cb 2800. [func] Reject zones which have NS records which refer to 
CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]
 2009-12-04 03:33:15 +00:00
Mark Andrews
2fbc6a0f23 add copyright 2009-12-03 04:53:09 +00:00
Mark Andrews
ecbbb29519 add copyright 2009-12-03 04:51:41 +00:00
Evan Hunt
6a4d6e3379 adapted to the special needs of solaris's really old awk 2009-12-02 17:54:45 +00:00
Evan Hunt
095810f8cb fixed autosign/metadata brokenness on solaris [rt20685] 2009-12-02 05:42:15 +00:00
Automatic Updater
ffd297db79 update copyright notice 2009-11-30 23:48:02 +00:00
Evan Hunt
7511904837 add cvsignore files 2009-11-30 21:03:17 +00:00
Evan Hunt
75b8de8787 Create automatic tests "autosign" and "metadata". [rt19946] 2009-11-30 21:00:48 +00:00
Automatic Updater
521de9e5dd update copyright notice 2009-11-25 23:46:52 +00:00
Mark Andrews
29b3b31c0a adjust dnssec-keygen command line to that supported before 9.7 2009-11-25 20:56:08 +00:00
Mark Andrews
6e849b28b0 fix genrandom location 2009-11-25 13:38:53 +00:00
Mark Andrews
b4bd8d0662 772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-25 04:50:25 +00:00
cvs2git
0e3b4ffe86 This commit was manufactured by cvs2git to create branch 'v9_4'. 2009-11-18 23:48:08 +00:00
Automatic Updater
fe2b9bf570 update copyright notice 2009-11-18 23:48:07 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00
Mark Andrews
0a30185f80 2748. [func] Identify bad answers from GTLD servers and treat them 
as referrals. [RT #18884]
 2009-11-04 02:15:30 +00:00
Mark Andrews
c6d2578fd6 2741. [func] Allow the dnssec-keygen progress messages to be 
suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]
 2009-10-28 00:27:10 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Evan Hunt
72cfcb48a7 cleanup ddns.key after nsupdate test 2009-10-27 05:57:06 +00:00
Evan Hunt
0ce9fba8f0 cleanup DLV test 2009-10-27 05:49:50 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
30a60d2aff On some slower systems the startup is delayed and this causes an 
apparent transfer failure on the initial calls to dig.  Adding a test
here to make sure the zones are fully loaded before attempting to query
them.
 2009-09-04 17:14:58 +00:00
Automatic Updater
d7201de09b update copyright notice 2009-09-02 23:48:03 +00:00
Automatic Updater
823ca3c14f update copyright notice 2009-09-01 23:47:45 +00:00
Tatuya JINMEI 神明達哉
ee537376ad avoid using @< (which some make don't seem to understand) for portability 2009-09-01 22:30:28 +00:00
Evan Hunt
93ebf0fc08 - add .cvsignore files 
- silence tinderbox warnings about missing config.h in a few files.
 2009-09-01 20:13:44 +00:00
Tatuya JINMEI 神明達哉
a27fe4c990 2667. [func] Add support for logging stack backtrace on assertion 
failure (not available for all platforms). [RT #19780]
9.7.0
 2009-09-01 18:40:25 +00:00
Tatuya JINMEI 神明達哉
307d208450 2660. [func] Add a new set of DNS libraries for non-BIND9 
applications.  See README.libdns. [RT #19369]
 2009-09-01 00:22:28 +00:00
Evan Hunt
4103d428a9 use genrandom to produce random data for input to ddns-confgen 2009-07-30 15:11:41 +00:00
Automatic Updater
0282f038eb update copyright notice 2009-07-29 23:47:43 +00:00
Evan Hunt
9069215eac 2641. [bug] Fixed an error in parsing update-policy syntax, 
added a regression test to check it. [RT #20007]
 2009-07-29 17:52:00 +00:00
Automatic Updater
26d8ffe715 update copyright notice 2009-07-19 23:47:55 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
6815ef40df update copyright notice 2009-06-26 23:47:58 +00:00
Automatic Updater
df030025e9 update copyright notice 2009-06-26 23:45:57 +00:00
Mark Andrews
f2c74650cb 2617. [bug] ifconfig.sh failed to emit an error message when 
run from the wrong location. [RT #19375]
 2009-06-26 06:17:32 +00:00