ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
17,706 Commits 589 Branches 805 Tags
f40558cd8a79375befb73139d64cba4fb738b825
Commit Graph

117 Commits

Author SHA1 Message Date
Mark Andrews
3170cfa99a 1936. [bug] The validator could leak memory. [RT #15544] 2005-11-02 02:07:47 +00:00
Mark Andrews
5a5d7187e5 1930. [port] HPUX: ia64 support. [RT #15473] 
1929.   [port]          FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
 2005-10-14 01:38:51 +00:00
Mark Andrews
7fce88dfa8 1919. [bug] dig's +sigchase code overhauled. [RT #14933] 
1918.   [bug]           The DLV code has been re-worked to make no longer
                        query order sensitive. [RT #14933]
 2005-08-25 01:54:34 +00:00
Mark Andrews
6c68e33b58 1867. [bug] It was possible to trigger a INSIST in 
dlv_validatezonekey(). [RT #14846]
 2005-06-07 00:39:35 +00:00
Mark Andrews
061ecc7f3a 1853. [bug] Rework how DLV interacts with proveunsecure(). 
[RT #13605]
 2005-05-06 01:58:48 +00:00
Mark Andrews
1c9da279ce 1819. [bug] The validator needed to check both the algorithm and 
digest types of the DS to determine if it could be
                        used to introduce a secure zone. [RT #13593]
 2005-03-16 03:17:39 +00:00
Mark Andrews
d4e3d6e95d update copyright notice 2005-02-09 05:13:03 +00:00
Mark Andrews
bd59b0b193 1806. [bug] The resolver returned the wrong result when a CNAME / 
DNAME was encountered when fetching glue from a
                        secure namespace. [RT #13501]

1805.   [bug]           Pending status was not being cleared when DLV was
                        active. [RT #13501]
 2005-02-08 23:59:45 +00:00
Mark Andrews
6e8cf5d8db 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC 
rdataset. [RT #12907]
 2004-11-17 23:53:10 +00:00
Mark Andrews
d6c44967f2 1659. [cleanup] Cleanup some messages that were referring to KEY vs 
DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.   [func]          Update dnssec-keygen to default to KEY for HMAC-MD5
                        and DH.  Tighten which options apply to KEY and
                        DNSKEY records.
 2004-06-11 01:17:36 +00:00
Mark Andrews
c95fa7d1d8 1606. [bug] DVL insecurity proof was failing. 
1605.   [func]          New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
 2004-05-14 05:06:42 +00:00
Mark Andrews
69b34284dc 1600. [bug] Duplicate zone pre-load checks were not case 
insensitive.

1599.   [bug]           Fix memory leak on error path when checking named.conf.

1598.   [func]          Specify that certain parts of the namespace must
                        be secure (dnssec-must-be-secure).
 2004-04-15 23:56:34 +00:00
Mark Andrews
46278b601d hide ((isc_event_t **) (void *)) cast using a macro, ISC_EVENT_PTR. 2004-04-15 02:10:41 +00:00
Mark Andrews
6790f1d962 1589. [func] DNSSEC lookaside validation. 
enable-dnssec -> dnssec-enable
 2004-03-10 02:55:59 +00:00
Mark Andrews
511621255e 1528. [cleanup] Simplify some dns_name_ functions based on the 
deprecation of bitstring labels.

1527.  [cleanup]       Reduce the number of gettimeofday() calls without
                       losing necessary timer granularity.
 2004-03-08 21:06:29 +00:00
Mark Andrews
a821d5fa3d DNSSEC bis merge from HEAD: 
1581.  [func]          Disable DNSSEC support by default.  To enable
                       DNSSEC specify "enable-dnssec yes;" in named.conf.

1565.  [bug]           CD flag should be copied to outgoing queries unless
                       the query is under a secure entry point in which case
                       CD should be set.

1558.  [func]          New DNSSEC 'disable-algorithms'.  Support entry into
                       child zones for which we don't have a supported
                       algorithm.  Such child zones are treated as unsigned.

1557.  [func]          Implement missing DNSSEC tests for
                       * NOQNAME proof with wildcard answers.
                       * NOWILDARD proof with NXDOMAIN.
                       Cache and return NOQNAME with wildcard answers.

1541.  [func]          NSEC now uses new bitmap format.

1519.  [bug]           dnssec-signzone:nsec_setbit() computed the wrong
                       length of the new bitmap.

1516.  [func]          Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
 2004-03-08 02:08:05 +00:00
Mark Andrews
cbdd3a318b update lib copyrights 2004-03-06 08:15:48 +00:00
Mark Andrews
b1b705a049 pullup: 
uninitalised variable (minimize difference with HEAD).
 2003-08-15 03:01:30 +00:00
Mark Andrews
ae643dbc34 pullup: misc cleanups 2003-08-13 05:06:53 +00:00
Mark Andrews
60c8cebb10 pullup: misc cleanups 2003-08-13 04:55:28 +00:00
Mark Andrews
9052beb238 pullup 
Check return values or cast them to (void), as required by the coding
standards; add exceptions to the coding standards for cases where this is
not desirable
 2003-08-11 05:28:23 +00:00
Mark Andrews
891c424e56 update_copyrights 2002-08-05 06:57:16 +00:00
Mark Andrews
b0fbeb1884 1335. [bug] When performing a nonexistence proof, the validator 
should discard parent NXTs from higher in the DNS.
 2002-08-02 05:39:56 +00:00
Mark Andrews
0b2aba2cd2 reviewed: marka/bwelling 
1247.   [bug]           The validator would incorrectly mark data as insecure
                        when seeing a bogus signature before a correct
                        signature.
 2002-07-15 03:02:56 +00:00
Mark Andrews
b6cb507ae8 reviewed: marka 
1275.   [bug]           When verifying that an NXT proves nonexistence, check
                        the rcode of the message and only do the matching NXT
                        check.  That is, for NXDOMAIN responses, check that
                        the name is in the range between the NXT owner and
                        next name, and for NOERROR NODATA responses, check
                        that the type is not present in the NXT bitmap.
 2002-07-02 04:02:23 +00:00
Brian Wellington
a25169ea43 pullup: 
1006.   [bug]           If a KEY RR was found missing during DNSSEC validation,
			an assertion failure could subsequently be triggered
			in the resolver. [RT #1763]
 2001-09-19 21:51:42 +00:00
Andreas Gustafsson
76c8294c81 format string bugs and improved format string checking [RT #1578] 2001-08-08 22:54:55 +00:00
David Lawrence
92ef1a9b9d use ISC_MAGIC for all magic numbers, for our friends in EBCDIC land 2001-06-04 19:33:39 +00:00
Brian Wellington
26e5029fd5 Added a cast. [RT #899] 2001-02-21 19:57:38 +00:00
Brian Wellington
499b34cea0 copyright update 2001-01-09 22:01:04 +00:00
Brian Wellington
78838d3e0c 8 space -> tab conversion 2000-12-11 19:24:30 +00:00
Brian Wellington
c70908209e replace some INSISTs that theoretically could occur with normal failures 2000-12-05 18:53:43 +00:00
Brian Wellington
f439363eeb minor code simplification 2000-11-08 00:51:24 +00:00
Mark Andrews
368b37b616 dns_rdata_invalidate -> dns_rdata_reset 2000-10-31 03:22:05 +00:00
Mark Andrews
c03bb27f06 532. [func] Implement DNS UPDATE pseudo records using 
DNS_RDATA_UPDATE flag.

 531.   [func]          Rdata really should be initalized before being
                        assigned to (dns_rdata_fromwire(), dns_rdata_fromtext(),
                        dns_rdata_clone(), dns_rdata_fromregion()),
                        check that it is.
 2000-10-25 04:26:57 +00:00
Brian Wellington
d1cbf71409 clean up suspicious looking and incorrect uses of dns_name_fromregion 2000-10-07 00:09:28 +00:00
Brian Wellington
a9ba7e6564 Allow a keyset to be self-signed if the signing key is a trusted-key. 2000-09-12 12:01:50 +00:00
Brian Wellington
d6be55c63f comment the infinite loop fix 2000-09-12 10:21:45 +00:00
Brian Wellington
5c29047792 minor dst api change 2000-09-12 09:59:28 +00:00
Brian Wellington
c38cf70db1 Fix an assertion failure and a case where an rdataset's trust wasn't set. 2000-09-08 14:18:17 +00:00
Brian Wellington
32b2cdf212 427. [bug] Avoid going into an infinite loop when the validator 
gets a negative response to a key query where the
                        records are signed by the missing key.
 2000-09-07 19:46:52 +00:00
Brian Wellington
5e387b9ce6 and more calls to DESTROYLOCK 2000-08-26 01:37:00 +00:00
Brian Wellington
6f071989da cancellation fixes 2000-08-15 01:22:33 +00:00
Brian Wellington
2a123ac026 remove unused variable 2000-08-15 00:52:49 +00:00
Brian Wellington
9cd6710f91 validators can now be cancelled. 2000-08-15 00:21:05 +00:00
Andreas Gustafsson
ef97e09e20 make the validator attach to the view only weakly, so that 
the view can start shutting down even though a validation is in progress.
 2000-08-14 22:17:40 +00:00
David Lawrence
40f53fa8d9 Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your 
own CVS tree will help minimize CVS conflicts.  Maybe not.
Blame Graff for getting me to trim all trailing whitespace.
 2000-08-01 01:33:37 +00:00
Brian Wellington
f15af68028 negative responses to cd queries should work now. 2000-07-27 18:42:08 +00:00
David Lawrence
15a4474541 word wrap copyright notice at column 70 2000-07-27 09:55:03 +00:00
Brian Wellington
98d010a24a If a negative insecurity proof succeeds, set all of the rdatasets in the 
authority section of the message to non-pending, so that the response
has the ad bit set.
 2000-07-27 01:26:15 +00:00