ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,369 Commits 589 Branches 805 Tags
d9b107aefa552ddbafa6e4e39d4ceb08e23fa607
Commit Graph

112 Commits

Author SHA1 Message Date
Automatic Updater
51ae9cb9f8 update copyright notice 2009-12-30 23:46:04 +00:00
Tatuya JINMEI 神明達哉
59721b321d 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)

Additional notes specific to 9.4-ESV:
- I needed to explicitly enable dnssec-validation in "pending" system tests
  because it's disabled by default for 9.4.  This is not a problem of this
  patch - the test was broken for 9.4 when it was first introduced.  Another
  reason why we need more detailed tests.
- I modified the test case for 9.4 so that it allows pending-additional-to-answer
   promotion as 9.4 doesn't include this bug fix.
 2009-12-30 08:55:48 +00:00
Automatic Updater
beb9fabda3 update copyright notice 2007-08-28 07:20:06 +00:00
Automatic Updater
b2a7f737d8 update copyright notice 2007-04-26 23:46:20 +00:00
Mark Andrews
d1e6389849 2170. [func] Add acache processing to test suite. [RT #16711] 2007-04-26 04:10:55 +00:00
Mark Andrews
a9c698bf3a update copyright notice 2006-03-10 00:23:20 +00:00
Mark Andrews
f560a1877b 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:38:21 +00:00
Mark Andrews
cb6bc372d8 2001. [func] Check the KSK flag when updating a dynamic zone. 
New zone option "update-check-ksk yes;".  [RT #15817]
 2006-03-06 01:38:01 +00:00
Mark Andrews
ee8c147111 update copyright notice 2006-02-26 23:49:49 +00:00
Mark Andrews
7af42116ba fix minor typos 2006-02-26 23:01:58 +00:00
Mark Andrews
062b135630 update copyright notice 2006-01-04 00:37:23 +00:00
Mark Andrews
431e2ab380 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended. 
To generate a RSAMD5 key you must explictly request
                        RSAMD5. [RT #13780]
 2006-01-03 07:19:32 +00:00
Mark Andrews
847f1d06ab update copyright notice 2005-09-06 03:47:21 +00:00
Mark Andrews
55ae24844a 1919. [bug] dig's +sigchase code overhauled. [RT #14933] 
1918.   [bug]           The DLV code has been re-worked to make no longer
                        query order sensitive. [RT #14933]
 2005-08-25 01:54:01 +00:00
Mark Andrews
110b2aee49 update copyright notice 2005-06-24 00:08:13 +00:00
Mark Andrews
02ff44e8ef sync w/ head 2005-06-22 22:05:50 +00:00
Mark Andrews
c72ce119cf 1789. [bug] Prerequisite test for tkey and dnssec could fail 
with "configure --with-libtool".
 2004-12-08 06:14:06 +00:00
Mark Andrews
0536f2b2f0 copyright 2004-08-19 04:42:54 +00:00
Mark Andrews
9b058373f8 1648. [func] Update dnssec-lookaside named.conf syntax to support 
multiple dnssec-lookaside namespaces (not yet
                        implemented).
 2004-06-04 02:31:56 +00:00
Mark Andrews
2ec5372082 1625. [bug] named failed to load/transfer RFC2535 signed zones 
which contained CNAMES. [RT# 11237]
 2004-05-05 01:32:37 +00:00
Mark Andrews
c1425cc1d5 1600. [bug] Duplicate zone pre-load checks were not case 
insensitive.

1599.   [bug]           Fix memory leak on error path when checking named.conf.

1598.   [func]          Specify that certain parts of the namespace must
                        be secure (dnssec-must-be-secure).
 2004-04-16 00:01:45 +00:00
Mark Andrews
28b863e609 pullup fixed from 9.3 2004-03-16 05:52:24 +00:00
Mark Andrews
50105afc55 1589. [func] DNSSEC lookaside validation. 
enable-dnssec -> dnssec-enable
 2004-03-10 02:19:58 +00:00
Mark Andrews
fa7ee558e0 1584. [bug] "make test" failed with a readonly source tree. 
[RT #10461]
 2004-03-10 01:06:06 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
821644d49b 1574. [bug] Don't attempt to open the controls socket(s) when 
running tests. [RT #9091]
 2004-03-02 02:01:41 +00:00
Mark Andrews
89783da064 1581. [func] Disable DNSSEC support by default. To enable 
DNSSEC specify "enable-dnssec yes;" in named.conf.
 2004-02-17 03:40:23 +00:00
Mark Andrews
841ed46de5 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.
 2004-01-15 04:09:17 +00:00
Mark Andrews
35541328a8 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.
 2004-01-14 02:06:51 +00:00
Mark Andrews
b7e6fb4e84 whitespace 2003-10-26 21:33:47 +00:00
Mark Andrews
93d6dfaf66 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. 2003-09-30 06:00:40 +00:00
Mark Andrews
0f042c7c44 - improves tests of negative insecurity proofs, including tests for the 
SOA TTL 0 hack.
- adds +noauth to a few invocations of dig where the authority section is
  not important.
- removes the bogus first half of the dynamic zone test, which didn't
  do anything other than make the test suite fail if run twice.
- fixed the fact that the keyless.example zone wasn't being securely
  delegated.
bwelling
 2002-07-19 06:20:24 +00:00
Mark Andrews
0b09763c35 1328. [func] DS (delegation signer) support. 2002-06-17 04:01:37 +00:00
Mark Andrews
a04a323f9a 1273. [bug] The dnssec system test failed to remove the correct 
files.
 2002-04-24 00:46:25 +00:00
Mark Andrews
a7038d1a05 copyrights 2002-02-20 03:35:59 +00:00
Brian Wellington
4014b6a8ae although a privately secure zone was signed, it was never tested. 2002-02-13 01:32:12 +00:00
Brian Wellington
64ea670052 the dynamic zone test wasn't working as expected since the child zone wasn't 
securely delegated.
 2002-02-06 03:28:59 +00:00
Brian Wellington
4ca54c8f3b ns5 is the incorrectly configured server, not ns4. 2002-02-01 01:56:00 +00:00
Andreas Gustafsson
473ca0bf8c Added RT #2399 regression test 2002-01-22 22:27:29 +00:00
Brian Wellington
78baa4ccb8 some files weren't being removed. 2001-11-06 19:32:54 +00:00
Andreas Gustafsson
e4b5f088ca Added RT #1763 regression test 2001-09-19 21:19:52 +00:00
Andreas Gustafsson
1301637cc5 check that negative validation fails with a misconfigured trusted key 2001-09-19 20:47:02 +00:00
Brian Wellington
81b172466c *** empty log message *** 2001-09-17 17:47:20 +00:00
Brian Wellington
206bced36f order the parameters to dnssec-keygen consistently. 2001-09-17 17:42:04 +00:00
Andreas Gustafsson
25525110c1 fixed and simplified 2001-07-13 18:29:00 +00:00
Brian Wellington
f4d26dbdb6 fix redirection 2001-07-11 19:02:16 +00:00
Brian Wellington
1a8002871e require a build with openssl to run dnssec & tkey tests 2001-07-10 21:41:14 +00:00
Brian Wellington
7a224ba59b test that validation of an ANY query returning a DNAME works 2001-02-23 06:22:11 +00:00
Brian Wellington
529d1b9ada test that validation of a query returning a DNAME works 2001-02-23 06:14:44 +00:00
Brian Wellington
4f91c46a42 Test that both normal and ANY queries that match a CNAME are properly 
validated.
 2001-02-21 06:47:45 +00:00