ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,558 Commits 589 Branches 805 Tags
f4dd256ddebc5e615e004b94de3f036eda07ed67
Commit Graph

79 Commits

Author SHA1 Message Date
Tinderbox User
a3bf29d6c8 update copyright notice 2012-03-10 23:45:08 +00:00
Evan Hunt
66fb5237d3 set $Id$ 2012-03-07 08:19:59 -08:00
Evan Hunt
c78a1d96de 3203. [bug] Increase log level to 'info' for validation failures 
from expired or not-yet-valid RRSIGs. [RT #21796]
 2011-11-04 05:33:27 +00:00
Mark Andrews
964917093b spin waiting for zone transfer to complete 2011-10-26 05:35:19 +00:00
Mark Andrews
48e7804399 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:47:47 +00:00
Mark Andrews
af524126b2 3173. [port] Correctly validate root DS responses. [RT #25726] 2011-10-15 05:13:39 +00:00
Evan Hunt
62da6b0e7e 3151. [bug] Queries for type RRSIG or SIG could be handled 
incorrectly.  [RT #21050]
 2011-09-02 21:53:54 +00:00
Mark Andrews
635f8fa82e 3041. [bug] dnssec-signzone failed to generate new signatures on 
ttl changes. [RT #23330]
 2011-02-24 03:35:39 +00:00
Mark Andrews
21deff3df5 3040. [bug] Named failed to validate insecure zones where a node 
with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]
 2011-02-23 12:48:21 +00:00
Mark Andrews
3a09adda9e 3019. [func] Test: check apex NSEC3 records after adding DNSKEY 
record via UPDATE. [RT #23229]
 2011-02-15 00:16:39 +00:00
Automatic Updater
58ba1ed262 update copyright notice 2011-02-08 23:08:41 +00:00
Mark Andrews
96ad5aff12 Regression test for: 
3018.   [bug]           Named failed to check for the "none;" acl when deciding
                        if a zone may need to be re-signed. [RT #23120]
 2011-02-08 05:23:53 +00:00
Mark Andrews
c1e4f06f90 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 02:23:44 +00:00
Mark Andrews
5122ec7d9e 2951. [bug] named failed to generate a correct signed response 
in a optout, delegation only zone with no secure
                        delegations. [RT #22007]
 2010-09-07 01:12:24 +00:00
Mark Andrews
3a3a245419 2940. [func] Check that named successfully skips NSEC3 records 
that fail to match the NSEC3PARAM record currently
                        in use. [RT# 21868]
 2010-08-13 07:21:39 +00:00
Evan Hunt
54b4dd1a76 2932. [cleanup] Corrected a numbering error in the "dnssec" test. 
[RT #21597]
 2010-08-09 22:35:18 +00:00
Tatuya JINMEI 神明達哉
e9f69b0324 2931. [bug] Temporarily and partially disable change 2864 
because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]
 2010-07-15 01:30:33 +00:00
Mark Andrews
040a2526e7 check that we have non-cachable answers to test against 
match the dig.out.ns#.$n to the nameserver
 2010-06-28 01:38:44 +00:00
Mark Andrews
bc3343cc10 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:57:04 +00:00
Mark Andrews
cc8df25ebb iterations is -H 2010-06-04 00:03:12 +00:00
Mark Andrews
81d22a38f0 specify NSEC3 iterations 2010-06-03 21:45:31 +00:00
Mark Andrews
463e599d1e 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 03:38:53 +00:00
Automatic Updater
9feb8eda57 update copyright notice 2010-01-15 23:47:34 +00:00
Evan Hunt
3f39cbcc76 2838. [func] Backport support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512, from BIND 9.7.  (This
			incorporates changes 2726 and 2738 from that
			release branch.) [RT #20871]
 2010-01-15 19:38:54 +00:00
Automatic Updater
ef413fafe5 update copyright notice 2009-12-30 23:47:31 +00:00
Tatuya JINMEI 神明達哉
450c3bb498 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:34:30 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
70e5a7403f update copyright notice 2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
8131d4ed6d update copyright notice 2006-02-26 23:49:50 +00:00
Mark Andrews
95b484c958 fix minor typos 2006-02-26 22:57:18 +00:00
Mark Andrews
675d696977 update copyright notice 2005-09-06 03:51:37 +00:00
Mark Andrews
5be3685b0e 1919. [bug] dig's +sigchase code overhauled. [RT #14933] 
1918.   [bug]           The DLV code has been re-worked to make no longer
                        query order sensitive. [RT #14933]
 2005-08-25 00:56:08 +00:00
Mark Andrews
38e8022ace 1625. [bug] named failed to load/transfer RFC2535 signed zones 
which contained CNAMES. [RT# 11237]
 2004-05-05 01:32:58 +00:00
Mark Andrews
50105afc55 1589. [func] DNSSEC lookaside validation. 
enable-dnssec -> dnssec-enable
 2004-03-10 02:19:58 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
35541328a8 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.
 2004-01-14 02:06:51 +00:00
Mark Andrews
0f042c7c44 - improves tests of negative insecurity proofs, including tests for the 
SOA TTL 0 hack.
- adds +noauth to a few invocations of dig where the authority section is
  not important.
- removes the bogus first half of the dynamic zone test, which didn't
  do anything other than make the test suite fail if run twice.
- fixed the fact that the keyless.example zone wasn't being securely
  delegated.
bwelling
 2002-07-19 06:20:24 +00:00
Mark Andrews
0b09763c35 1328. [func] DS (delegation signer) support. 2002-06-17 04:01:37 +00:00
Mark Andrews
a7038d1a05 copyrights 2002-02-20 03:35:59 +00:00
Brian Wellington
4014b6a8ae although a privately secure zone was signed, it was never tested. 2002-02-13 01:32:12 +00:00
Brian Wellington
64ea670052 the dynamic zone test wasn't working as expected since the child zone wasn't 
securely delegated.
 2002-02-06 03:28:59 +00:00
Andreas Gustafsson
473ca0bf8c Added RT #2399 regression test 2002-01-22 22:27:29 +00:00
Andreas Gustafsson
e4b5f088ca Added RT #1763 regression test 2001-09-19 21:19:52 +00:00
Andreas Gustafsson
1301637cc5 check that negative validation fails with a misconfigured trusted key 2001-09-19 20:47:02 +00:00
Brian Wellington
7a224ba59b test that validation of an ANY query returning a DNAME works 2001-02-23 06:22:11 +00:00
Brian Wellington
529d1b9ada test that validation of a query returning a DNAME works 2001-02-23 06:14:44 +00:00
Brian Wellington
4f91c46a42 Test that both normal and ANY queries that match a CNAME are properly 
validated.
 2001-02-21 06:47:45 +00:00
Brian Wellington
a41ab607a4 Test that validation of ANY queries works. Also add data to be used for 
CNAME/DNAME tests, but not the tests yet since they fail.
 2001-02-20 18:33:50 +00:00