ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
26,645 Commits 589 Branches 805 Tags
dd5dff30961b85e30461da170c4b8d8529ac317e
Commit Graph

355 Commits

Author SHA1 Message Date
Mark Andrews
b1b42b03b7 3020. [bug] auto-dnssec failed to correctly update the zone when changing the DNSKEY RRset. [RT #23232] 2011-02-15 22:02:36 +00:00
Mark Andrews
c5fa370695 3019. [func] Test: check apex NSEC3 records after adding DNSKEY 
record via UPDATE. [RT #23229]
 2011-02-14 23:53:44 +00:00
Automatic Updater
56748bc3d1 update copyright notice 2011-02-08 23:10:07 +00:00
Mark Andrews
37b017f2ca Regression test for: 
3018.   [bug]           Named failed to check for the "none;" acl when deciding
                        if a zone may need to be re-signed. [RT #23120]
 2011-02-08 03:47:02 +00:00
Automatic Updater
1da9dbcf48 update copyright notice 2011-01-04 23:47:14 +00:00
Evan Hunt
79bf7c874b 3001. [func] Added a default trust anchor for the root zone, which 
can be switched on by setting "dnssec-validation auto;"
			in the named.conf options. [RT #21727]
 2011-01-03 23:45:08 +00:00
Evan Hunt
af903e5008 Added files to clean.sh scripts that have been left around after tests run. 
Skipping the ticket/review steps because the change is trivial.
 2010-12-18 02:12:44 +00:00
Automatic Updater
33cc94f04c update copyright notice 2010-11-17 23:47:09 +00:00
Mark Andrews
a27b3757fd 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 01:14:51 +00:00
Mark Andrews
240a7dc59d 2951. [bug] named failed to generate a correct signed response 
in a optout, delegation only zone with no secure
                        delegations. [RT #22007]
 2010-09-07 00:58:36 +00:00
Automatic Updater
2b43d1d8c5 update copyright notice 2010-08-13 23:47:04 +00:00
Mark Andrews
c73d8c1b72 2938. [bug] When skipping NSEC3 records that don't match the 
current NSEC3PARAM record in use for zone named
                        could dereference a uninitialised pointer attempting
                        to obtain a lock. [RT# 21868]
 2010-08-13 06:46:25 +00:00
Evan Hunt
cb933b69ff 2932. [cleanup] Corrected a numbering error in the "dnssec" test. 
[RT #21597]
 2010-08-09 22:34:56 +00:00
Tatuya JINMEI 神明達哉
f1f39b7e07 2931. [bug] Temporarily and partially disable change 2864 
because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]
 2010-07-15 01:17:45 +00:00
Evan Hunt
5312c2ffbe dnssec and dlv tests included master zones whose master files were missing. 
this was a bug that hadn't been noticed before, but 19447 added a test for
that condition and it caused test failures.
 2010-07-11 01:18:24 +00:00
Mark Andrews
a7d2b922ee match the dig.out.ns#.$n to the nameserver 2010-06-28 01:34:11 +00:00
Mark Andrews
8fa6ca58b6 check that we have non-cachable answers to test against 2010-06-28 01:31:49 +00:00
Automatic Updater
1b67d9b719 update copyright notice 2010-06-26 23:46:49 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00
Automatic Updater
cf309ffeee update copyright notice 2010-06-25 23:46:51 +00:00
Mark Andrews
f35a87f58f remove leading zeros on keyid 
account for trusted keys not applying to _bind anymore
 2010-06-25 07:28:46 +00:00
Mark Andrews
bf13e709db 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:24:05 +00:00
Mark Andrews
5ee4d3f2ee iterations is -H 2010-06-04 00:04:39 +00:00
Automatic Updater
6e13ffa218 update copyright notice 2010-06-03 23:51:05 +00:00
Mark Andrews
e74c3a0f59 specify NSEC3 iterations 2010-06-03 21:44:49 +00:00
Mark Andrews
10acc63770 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 06:29:03 +00:00
Mark Andrews
675cc80975 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 03:13:32 +00:00
Automatic Updater
6bb1560124 update copyright notice 2010-01-18 23:48:40 +00:00
Evan Hunt
e11a0c114c 2841. [func] Added "smartsign" and improved "autosign" and 
"dnssec" regression tests. [RT #20865]
 2010-01-18 19:19:31 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Evan Hunt
0d796b1aaa improve cleanup and add named.run to .cvsignore files 2009-12-06 03:04:39 +00:00
Mark Andrews
c6d2578fd6 2741. [func] Allow the dnssec-keygen progress messages to be 
suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]
 2009-10-28 00:27:10 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Automatic Updater
4f91bcae43 update copyright notice 2009-03-02 23:47:43 +00:00
Evan Hunt
ca42dcc068 2569. [func] Move journalprint, nsec3hash, and genrandom 
commands from bin/tests into bin/tools;
                        "make install" will put them in $sbindir. [RT #19301]
 2009-03-02 03:54:10 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
8b6418238d remove ns2/dlv.db when cleaning 2007-10-30 23:56:09 +00:00
Mark Andrews
a1e2170ad5 2250. [func] New flag 'memstatistics' to state whether the 
memory statistics file should be written or not.
                        Additionally named's -m option will cause the
                        statistics file to be written. [RT #17113]
 2007-09-26 03:22:45 +00:00
Automatic Updater
70e5a7403f update copyright notice 2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Automatic Updater
db100c22d6 update copyright notice 2007-04-26 23:46:52 +00:00
Mark Andrews
429e23d2f5 2170. [func] Add acache processing to test suite. [RT #16711] 2007-04-26 04:06:50 +00:00
Mark Andrews
d6b5e0b0e8 update copyright notice 2006-03-10 00:23:21 +00:00
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00