ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,558 Commits 589 Branches 805 Tags
f4dd256ddebc5e615e004b94de3f036eda07ed67
Commit Graph

200 Commits

Author SHA1 Message Date
Tinderbox User
d5c5ac0dbb regen v9_6 2012-03-07 01:45:20 +00:00
Automatic Updater
80422940a5 update copyright notice 2012-02-15 21:14:15 +00:00
Mark Andrews
efa9453630 3285. [bug] val-frdataset was incorrectly disassociated in 
proveunsecure after calling startfinddlvsep.
                        [RT #27928]
 2012-02-15 21:05:25 +00:00
Evan Hunt
c78a1d96de 3203. [bug] Increase log level to 'info' for validation failures 
from expired or not-yet-valid RRSIGs. [RT #21796]
 2011-11-04 05:33:27 +00:00
Automatic Updater
8830c847aa update copyright notice 2011-10-20 23:45:14 +00:00
Mark Andrews
48e7804399 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:47:47 +00:00
Mark Andrews
af524126b2 3173. [port] Correctly validate root DS responses. [RT #25726] 2011-10-15 05:13:39 +00:00
Evan Hunt
d7eaf06b5a 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-09 00:16:37 +00:00
Mark Andrews
c0229f8125 3120. [bug] Named could fail to validate zones list in a DLV 
that validated insecure without using DLV and had
                        DS records in the parent zone. [RT #24631]
 2011-05-27 00:50:10 +00:00
Mark Andrews
5b4cdf0f41 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 10:50:00 +00:00
Francis Dupont
1b6423ff8c Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:44:00 +00:00
Automatic Updater
b82a8a428c update copyright notice 2011-02-28 01:18:47 +00:00
Mark Andrews
21deff3df5 3040. [bug] Named failed to validate insecure zones where a node 
with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]
 2011-02-23 12:48:21 +00:00
Mark Andrews
c1e4f06f90 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 02:23:44 +00:00
Mark Andrews
bc3343cc10 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:57:04 +00:00
Mark Andrews
8cbf30d0c0 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-05-26 06:58:17 +00:00
Automatic Updater
01565f50ca update copyright notice 2010-05-14 23:47:50 +00:00
Mark Andrews
69ed70d223 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:33:23 +00:00
Mark Andrews
1309b5cb7c 2877. [bug] The validator failed to skip obviously mismatching 
RRSIGs. [RT #21138]
 2010-04-21 05:48:13 +00:00
Mark Andrews
b656e4693a 2876. [bug] Named could return SERVFAIL for negative responses 
from unsigned zones. [RT #21131]
 2010-04-21 04:21:19 +00:00
Mark Andrews
928f535b8a 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. 
[RT #20877]
 2010-03-26 17:19:39 +00:00
Automatic Updater
875245e3c4 update copyright notice 2010-03-04 23:47:53 +00:00
Mark Andrews
39131fff99 2958. [bug] When canceling validation it was possible to leak 
memory. [RT #20800]
 2010-03-04 22:31:32 +00:00
Automatic Updater
b67c0e9a49 update copyright notice 2010-02-25 10:56:41 +00:00
Mark Andrews
b8c2fd6c72 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 05:35:11 +00:00
Evan Hunt
c7c6605eb0 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:44:45 +00:00
Mark Andrews
e7f4d4e09d 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-18 00:15:38 +00:00
Automatic Updater
846e500945 update copyright notice 2009-05-07 23:47:12 +00:00
Mark Andrews
568a4d27a5 2597. [bug] Handle a validation failure with a insecure delegation 
from a NSEC3 signed master/slave zone.  [RT #19464]
 2009-05-07 02:39:42 +00:00
Automatic Updater
bf02e7fc0e update copyright notice 2009-03-17 23:47:29 +00:00
Mark Andrews
906e5d9a44 2579. [bug] DNSSEC lookaside validation failed to handle unknown 
algorithms. [RT #19479]
 2009-03-17 01:37:07 +00:00
Mark Andrews
d68222d82d 2554. [bug] Validation of uppercase queries from NSEC3 zones could 
fail. [RT #19297]
 2009-02-15 23:47:49 +00:00
Mark Andrews
76da0b0d88 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] 2009-02-15 23:38:31 +00:00
Mark Andrews
d7900926bf spelling 2009-01-18 23:25:18 +00:00
Automatic Updater
1ff98661fd update copyright notice 2009-01-05 23:47:23 +00:00
Tatuya JINMEI 神明達哉
3dd871586f trivial comment cleanups (RT#19118) 2009-01-05 23:20:58 +00:00
Automatic Updater
49960a74b5 update copyright notice 2008-11-14 23:47:33 +00:00
Mark Andrews
50df1ec60a 2495. [bug] Tighten RRSIG checks. [RT #18795] 2008-11-14 22:53:46 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
1bfe8851c0 2421. [bug] Handle the special return value of a empty node as 
if it was a NXRRSET in the validator. [RT #18447]
 2008-08-21 04:43:49 +00:00
Evan Hunt
e4d304b70b Fix build error: parameter type was changed in the prototype but not in 
the function header.
 2008-02-19 17:07:55 +00:00
Mark Andrews
664e11f0b1 2238. [bug] check_ds() could be called with a non DS rdataset. 
[RT #17598]
 2008-02-18 23:06:54 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Automatic Updater
9d5ed744c4 update copyright notice 2008-01-14 23:46:56 +00:00
Mark Andrews
f1263d2aa4 2304. [bug] Check returns from all dns_rdata_tostruct() calls. 
[RT #17460]
 2008-01-14 23:24:24 +00:00
Mark Andrews
8bedd9647f 2245. [bug] Validating lack of DS records at trust anchors wasn't 
working. [RT #17151]
 2007-09-19 03:38:56 +00:00
Mark Andrews
e2c3f8059e 2238. [bug] It was possible to trigger a REQUIRE when a 
validation was cancelled. [RT #17106]
 2007-09-14 05:43:05 +00:00
Mark Andrews
3eab85ca54 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create(). 
[RT #16976]
 2007-08-27 04:36:54 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
a05f23d07e 2171. [bug] Handle breaks in DNSSEC trust chains where the parent 
servers are not DS aware (DS queries to the parent
                        return a referral to the child).
 2007-04-27 06:13:29 +00:00