ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
20,007 Commits 589 Branches 805 Tags
f7d9efd98ba97bbe9933db17db1980cd25b2cf48
Commit Graph

212 Commits

Author SHA1 Message Date
Tinderbox User
ce69235dce update copyright notice 2013-01-10 23:45:15 +00:00
Mark Andrews
e252b8b8da 3461. [bug] Negative responses could incorrectly have AD=1 
set. [RT #32237]
 2013-01-10 21:55:05 +11:00
Tinderbox User
e60b4aa460 update copyright notice 2012-12-18 23:45:11 +00:00
Mark Andrews
c973a1dee7 3443. [bug] The NOQNAME proof was not being returned from cached 
insecure responses. [RT #21409]

Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/include/dns/nsec3.h
	lib/dns/validator.c
 2012-12-19 10:31:27 +11:00
Mark Andrews
6b696ad957 3419. [bug] Memory leak on validation cancel. [RT #31869] 
Squashed commit of the following:

commit 452b07ec7cb31784d90d9c2e45ca708df306302e
Author: Mark Andrews <marka@isc.org>
Date:   Wed Nov 14 23:36:36 2012 +1100

    destroy fetch when canceling validator
 2012-11-15 11:21:14 +11:00
Mark Andrews
caa58096b2 Redo 
3415.   [bug]           named could die with a REQUIRE failure if a valdation
                        was canceled. [RT #31804]
 2012-11-14 07:44:30 +11:00
Mark Andrews
25c877f032 3415. [bug] named could die with a REQUIRE failure id a valdation 
was canceled. [RT #31804]

Squashed commit of the following:

commit d414d3cb4244daeca4159ac1f8a82322e4a20e5a
Author: Mark Andrews <marka@isc.org>
Date:   Wed Nov 7 14:19:28 2012 +1100

    check that val->fetch != NULL before calling dns_resolver_destroyfetch
 2012-11-09 09:15:11 +11:00
Evan Hunt
a86ff30111 [v9_6] silence coverity warnings 
3401.	[bug]		Addressed Coverity warnings. [RT #31484]
(cherry picked from commit 47c5b8af92)
(cherry picked from commit 2589af5868)
(cherry picked from commit a53a622417)
 2012-10-23 22:34:16 -07:00
Mark Andrews
6e8dc44545 3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262] 2012-10-06 15:06:58 +10:00
Evan Hunt
09b49ec9b4 fix coverity issues 
3388.	[bug]		Fixed several Coverity warnings. [RT #30996]
 2012-10-03 00:01:28 -07:00
Evan Hunt
2f16faf485 revert rt26429 due to incompatibilities with 9.6 2012-07-25 22:22:16 -07:00
ckb
8d74549a5c 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are 
approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]
 2012-07-25 17:38:47 -05:00
Tinderbox User
d5c5ac0dbb regen v9_6 2012-03-07 01:45:20 +00:00
Automatic Updater
80422940a5 update copyright notice 2012-02-15 21:14:15 +00:00
Mark Andrews
efa9453630 3285. [bug] val-frdataset was incorrectly disassociated in 
proveunsecure after calling startfinddlvsep.
                        [RT #27928]
 2012-02-15 21:05:25 +00:00
Evan Hunt
c78a1d96de 3203. [bug] Increase log level to 'info' for validation failures 
from expired or not-yet-valid RRSIGs. [RT #21796]
 2011-11-04 05:33:27 +00:00
Automatic Updater
8830c847aa update copyright notice 2011-10-20 23:45:14 +00:00
Mark Andrews
48e7804399 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:47:47 +00:00
Mark Andrews
af524126b2 3173. [port] Correctly validate root DS responses. [RT #25726] 2011-10-15 05:13:39 +00:00
Evan Hunt
d7eaf06b5a 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-09 00:16:37 +00:00
Mark Andrews
c0229f8125 3120. [bug] Named could fail to validate zones list in a DLV 
that validated insecure without using DLV and had
                        DS records in the parent zone. [RT #24631]
 2011-05-27 00:50:10 +00:00
Mark Andrews
5b4cdf0f41 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 10:50:00 +00:00
Francis Dupont
1b6423ff8c Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:44:00 +00:00
Automatic Updater
b82a8a428c update copyright notice 2011-02-28 01:18:47 +00:00
Mark Andrews
21deff3df5 3040. [bug] Named failed to validate insecure zones where a node 
with a CNAME existed between the trust anchor and the
                        top of the zone. [RT #23338]
 2011-02-23 12:48:21 +00:00
Mark Andrews
c1e4f06f90 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 02:23:44 +00:00
Mark Andrews
bc3343cc10 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:57:04 +00:00
Mark Andrews
8cbf30d0c0 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-05-26 06:58:17 +00:00
Automatic Updater
01565f50ca update copyright notice 2010-05-14 23:47:50 +00:00
Mark Andrews
69ed70d223 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:33:23 +00:00
Mark Andrews
1309b5cb7c 2877. [bug] The validator failed to skip obviously mismatching 
RRSIGs. [RT #21138]
 2010-04-21 05:48:13 +00:00
Mark Andrews
b656e4693a 2876. [bug] Named could return SERVFAIL for negative responses 
from unsigned zones. [RT #21131]
 2010-04-21 04:21:19 +00:00
Mark Andrews
928f535b8a 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. 
[RT #20877]
 2010-03-26 17:19:39 +00:00
Automatic Updater
875245e3c4 update copyright notice 2010-03-04 23:47:53 +00:00
Mark Andrews
39131fff99 2958. [bug] When canceling validation it was possible to leak 
memory. [RT #20800]
 2010-03-04 22:31:32 +00:00
Automatic Updater
b67c0e9a49 update copyright notice 2010-02-25 10:56:41 +00:00
Mark Andrews
b8c2fd6c72 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 05:35:11 +00:00
Evan Hunt
c7c6605eb0 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:44:45 +00:00
Mark Andrews
e7f4d4e09d 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-18 00:15:38 +00:00
Automatic Updater
846e500945 update copyright notice 2009-05-07 23:47:12 +00:00
Mark Andrews
568a4d27a5 2597. [bug] Handle a validation failure with a insecure delegation 
from a NSEC3 signed master/slave zone.  [RT #19464]
 2009-05-07 02:39:42 +00:00
Automatic Updater
bf02e7fc0e update copyright notice 2009-03-17 23:47:29 +00:00
Mark Andrews
906e5d9a44 2579. [bug] DNSSEC lookaside validation failed to handle unknown 
algorithms. [RT #19479]
 2009-03-17 01:37:07 +00:00
Mark Andrews
d68222d82d 2554. [bug] Validation of uppercase queries from NSEC3 zones could 
fail. [RT #19297]
 2009-02-15 23:47:49 +00:00
Mark Andrews
76da0b0d88 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] 2009-02-15 23:38:31 +00:00
Mark Andrews
d7900926bf spelling 2009-01-18 23:25:18 +00:00
Automatic Updater
1ff98661fd update copyright notice 2009-01-05 23:47:23 +00:00
Tatuya JINMEI 神明達哉
3dd871586f trivial comment cleanups (RT#19118) 2009-01-05 23:20:58 +00:00
Automatic Updater
49960a74b5 update copyright notice 2008-11-14 23:47:33 +00:00
Mark Andrews
50df1ec60a 2495. [bug] Tighten RRSIG checks. [RT #18795] 2008-11-14 22:53:46 +00:00