ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,381 Commits 589 Branches 805 Tags
de7ba81cb4e777282827deb06fe7113a852635b5
Commit Graph

286 Commits

Author SHA1 Message Date
Tinderbox User
b3623d80ab update copyright notice / whitespace 2015-05-28 23:45:50 +00:00
Mark Andrews
d8161b8756 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]

(cherry picked from commit 598b502695)
 2015-05-27 15:36:55 +10:00
Tinderbox User
54fce5ab13 update copyright notice / whitespace 2015-05-05 23:45:51 +00:00
Evan Hunt
61de7bcf87 [v9_10] Allow some tests to run partially if Net::DNS is unavailable 2015-05-05 08:33:38 -07:00
Tinderbox User
d5bad8c9b9 update copyright notice / whitespace 2015-02-10 23:45:50 +00:00
Evan Hunt
81048281c2 [v9_10] cleanup 2015-02-10 13:50:01 -08:00
Evan Hunt
83b613cbfb [v9_10] fix "initialize with revoked key" test 2015-02-10 13:40:39 -08:00
Evan Hunt
f87d4ca084 [v9_10] 5011 fixes 
4056.	[bug]		Fixed several small bugs in automatic trust anchor
			management, including a memory leak and a possible
			loss of key state information. [RT #38458]
 2015-02-10 12:59:38 -08:00
Mark Andrews
a1675b15dc 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]

(cherry picked from commit a5c7cfbac4)
 2014-10-30 11:21:38 +11:00
Mark Andrews
27231c6877 allow for the set of ttls to be empty 
(cherry picked from commit 44ef2206d7)
 2014-10-16 14:47:02 +11:00
Mark Andrews
bd5d920bd5 make test more robust in the face of server failures 2014-10-16 12:34:29 +11:00
Tinderbox User
d5a5ca7225 update copyright notice 2014-09-30 23:46:53 +00:00
Mark Andrews
7e2d191c0a 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] 
(cherry picked from commit c83b91fb63)
 2014-10-01 07:17:42 +10:00
Mark Andrews
d8aa4db790 use RANDFILE rather than /dev/urandom 
(cherry picked from commit 4bc581ca31)
 2014-09-29 23:39:22 +10:00
Mark Andrews
c85116cb56 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]

(cherry picked from commit 80169c379d)
 2014-09-29 10:19:52 +10:00
Mark Andrews
99a3873ba5 3942. [bug] Wildcard responses from a optout range should be 
marked as insecure. [RT #37072]
 2014-09-04 13:58:15 +10:00
Tinderbox User
d58d0e8801 update copyright notice 2014-08-22 23:45:56 +00:00
Mark Andrews
fb5ab2d4ae 3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917 
(cherry picked from commit 840d6a4614)
 2014-08-22 16:33:06 +10:00
Mark Andrews
6b51798ec4 update copyrights 2014-07-08 12:41:25 +10:00
Mark Andrews
4b8ee3ad60 rename dnssec/ns7/split-rrsig.in 2014-07-08 11:13:01 +10:00
Mark Andrews
f2d672a7e0 3890. [bug] RRSIG sets that were not loaded in a single transaction 
at start up where not being correctly added to
                        re-signing heaps.  [RT #36302]

(cherry picked from commit 63e1ac1e09)
 2014-07-07 12:07:44 +10:00
Mark Andrews
0e41705fa7 use $PERL 
(cherry picked from commit 1c95f67232)
 2014-06-24 13:50:41 +10:00
Mark Andrews
fcd8ec0012 3880. [test] Update ans.pl to work with new TSIG support in 
Net::DNS; add additional Net::DNS version prerequisite
                        checks. [RT #36327]

(cherry picked from commit a0d411c05f)
 2014-06-17 10:36:11 +10:00
Evan Hunt
812cf443bb [v9_10] use posix-compatible shell in system tests 
3839.	[test]		Use only posix-compatible shell in system tests.
			[RT #35625]

(cherry picked from commit 60988462e5)
 2014-05-06 22:06:28 -07:00
Evan Hunt
8103fbabd5 [v9_10] globally rename "delve" to "delv" 
3817.	[func]		The "delve" command is now spelled "delv" to avoid
			a namespace collision with the Xapian project.
			[RT #35801]

(cherry picked from commit 2ae159b376)
 2014-04-23 11:15:36 -07:00
Evan Hunt
92fe6db3e4 [master] use test -r in system tests 
3806.	[test]		Improved system test portability. [RT #35625]
 2014-04-09 20:29:52 -07:00
Mark Andrews
5b60bde47b use perl 2014-04-07 21:53:47 +10:00
Mark Andrews
a4941d6b5e update check the correct resigning time is reported in zonestatus test to be more portable 2014-04-07 11:50:50 +10:00
Mark Andrews
0dfd942409 3798. [bug] 'rndc zonestatus' was reporting the wrong re-signing 
time. [RT #35659]
 2014-04-04 11:33:49 +11:00
Mark Andrews
bab2bf7dfd expr length arg is not portable 2014-03-12 13:59:41 +11:00
Evan Hunt
62258ada48 [master] auto-generate salt 
3781.	[func]		Specifying "auto" as the salt when using
			"rndc signing -nsec3param" causes named to
			generate a 64-bit salt at random. [RT #35322]
 2014-03-11 08:46:58 -07:00
Evan Hunt
741dfd3ccd [master] tests directory cleanup 2014-03-06 11:11:27 -08:00
Mark Andrews
7e2e41df67 3748. [func] Use delve to test dns_client interfaces. [RT #35383] 2014-02-19 19:33:21 +11:00
Evan Hunt
35f6a21f5f [master] max-zone-ttl 
3746.	[func]		New "max-zone-ttl" option enforces maximum
			TTLs for zones. If loading a zone containing a
			higher TTL, the load fails. DDNS updates with
			higher TTLs are accepted but the TTL is truncated.
			(Note: Currently supported for master zones only;
			inline-signing slaves will be added.) [RT #38405]
 2014-02-18 23:26:50 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Evan Hunt
7ba88e2a95 [master] fix dnssec test errors 2014-02-16 14:14:56 -08:00
Evan Hunt
72fd845d5a [master] remove accidentally committed changes 2014-02-16 13:59:19 -08:00
Evan Hunt
792915beb0 [master] fix accidental dig breakage 2014-02-16 13:42:42 -08:00
Tinderbox User
aa7b16ec2a update copyright notice 2014-01-21 23:46:16 +00:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests 
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
 2014-01-20 16:08:09 -08:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Tinderbox User
bf0266f286 update copyright notice 2014-01-14 23:46:22 +00:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Mark Andrews
07fb9b8330 3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185] 2014-01-14 16:12:30 +11:00
Tinderbox User
eade480b33 update copyright notice 2013-12-13 23:46:17 +00:00
Evan Hunt
9b895f30f1 [master] fix insecure delegation across static-stub zones 
3689.	[bug]		Fixed a bug causing an insecure delegation from one
			static-stub zone to another to fail with a broken
			trust chain. [RT #35081]
 2013-12-12 22:19:33 -08:00
Evan Hunt
4e1d84a33c typo 2013-12-11 14:00:07 -08:00
Evan Hunt
0bbe3273a2 [master] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]
 2013-12-11 13:25:21 -08:00
Mark Andrews
7667dd1a03 call zone_settimer; sub test failure was not being detected 
(cherry picked from commit ebd7900670)
 2013-09-18 12:57:46 +10:00
Mark Andrews
2c089bf6d2 whitspace 2013-09-16 10:14:07 +10:00