ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
18,679 Commits 589 Branches 805 Tags
fbe2cff19f5cddc67b967764ad95038dfcafc85a
Commit Graph

8343 Commits

Author SHA1 Message Date
Evan Hunt
fbe2cff19f 3121. [security] An authoritative name server sending a negative 
response containing a very large RRset could
                        trigger an off-by-one error in the ncache code
                        and crash named. [RT #24650]
 2011-05-26 23:11:15 +00:00
Mark Andrews
4100ae5109 move dns_trust_totext from masterdump.c to rdataset.c so that exportlib will build 2011-05-26 07:56:39 +00:00
Mark Andrews
ea82782532 3120. [bug] Named could fail to validate zones list in a DLV 
that validated insecure without using DLV and had
                        DS records in the parent zone. [RT #24631]
 2011-05-26 04:35:02 +00:00
Evan Hunt
0245f7725c 3118. [bug] When rolling to a new DNSSEC key, a private-type 
record could be created and never marked complete.
			[RT #23253]
 2011-05-26 04:25:47 +00:00
Evan Hunt
bfe32d08c5 3116. [func] New 'dnssec-update-mode' option controls updates 
of DNSSEC records in signed dynamic zones.  Set to
			'no-resign' to disable automatic RRSIG regeneration
			while retaining the ability to sign new or changed
			data. [RT #24533]
 2011-05-23 20:10:03 +00:00
Automatic Updater
b1b37b61da update copyright notice 2011-05-19 23:47:17 +00:00
Evan Hunt
ff330a6273 another post-commit fix for change 3114: call dns_db_resigned()/ 
dns_db_setsigningtime() only when incrementally resigning, not other
times.
 2011-05-19 21:29:07 +00:00
Evan Hunt
276f9fac3e another post-commit bugfix for change 3114: need to take rndc freeze into 
account in determining whether zone is dynamic
 2011-05-19 04:44:58 +00:00
Evan Hunt
d9343d917a minor code simplification 2011-05-19 04:33:17 +00:00
Evan Hunt
2a4f494565 Change 3114 wasn't complete--needed to remove another call to 
dns_db_resigned().
 2011-05-19 04:28:33 +00:00
Scott Mann
a50ce0f80b Fix for RT #23136 task 1. 2011-05-19 00:31:57 +00:00
Evan Hunt
ab77e813ea add dns_dnssec_signs 2011-05-17 01:48:24 +00:00
Automatic Updater
687d47f6c9 update copyright notice 2011-05-16 23:47:41 +00:00
Evan Hunt
5c8ec4d5ea "make install" was failing when building with both exportlibs and libtool. 
(trivial makefile fix, no CHANGES note.) [RT #24425]
 2011-05-16 22:58:05 +00:00
Evan Hunt
de7df3e56f 3111. [bug] Improved consistency checks for dnssec-enable and 
dnssec-validation, added test cases to the
                        checkconf system test. [RT #24398]
 2011-05-07 05:55:17 +00:00
Automatic Updater
40717638fa update copyright notice 2011-05-06 23:47:29 +00:00
Evan Hunt
ac21f918f2 3109. [func] The also-notify option now uses the same syntax 
as a zone's masters clause.  This means it is
			now possible to specify a TSIG key to use when
			sending notifies to a given server, or to include
			an explicit named masters list in an also-notfiy
			statement.  [RT #23508]
 2011-05-06 21:23:51 +00:00
Evan Hunt
485522d7e1 3108. [cleanup] dnssec-signzone: Clarified some error and 
warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
			code (use -P instead). [RT #20852]

3107.	[bug]		dnssec-signzone: Report the correct number of ZSKs
			when using -x. [RT #20852]
 2011-05-06 21:08:33 +00:00
Evan Hunt
989fb50178 fixed an error in prior commit 2011-05-05 18:04:01 +00:00
Evan Hunt
d454a60f56 3103. [bug] Configuring 'dnssec-validation auto' in a view 
instead of in the options statement could trigger
			an assertion failure in named-checkconf. [RT #24382]
 2011-05-05 16:13:35 +00:00
Automatic Updater
54968ae88e update copyright notice 2011-04-29 23:47:18 +00:00
Evan Hunt
39f2d1a96a 3102. [func] New 'dnssec-loadkeys-interval' option configures 
how often, in minutes, to check the key repository
			for updates when using automatic key maintenance.
			Default is every 60 minutes (formerly hard-coded
			to 12 hours). [RT #23744]

3101.	[bug]		Zones using automatic key maintenance could fail
			to check the key repository for updates. [RT #23744]
 2011-04-29 21:37:15 +00:00
Mark Andrews
1b9a5fa77f isc_file_isplainfile 2011-04-08 05:36:15 +00:00
Mark Andrews
53c1e5f991 dns_cache_create3 2011-04-08 04:45:03 +00:00
Mark Andrews
2b3bcbce23 3096. [bug] Set KRB5_KTNAME before calling log_cred() in 
dst_gssapi_acceptctx(). [RT #24004]
 2011-04-07 23:03:22 +00:00
Mark Andrews
9cf04a12ec 3095. [bug] Handle isolated reserved ports in the port range. 
[RT #23957]
 2011-04-06 10:27:16 +00:00
Mark Andrews
6b89a2c905 format portability: cast socklen_t -> long and use %ld 2011-04-05 06:33:50 +00:00
Mark Andrews
60821a4c33 1 -> 1U 2011-04-04 11:09:11 +00:00
Mark Andrews
64abedd85a unsigned constants 2011-03-28 05:32:16 +00:00
Mark Andrews
fade3b5f91 unsigned constants 2011-03-28 05:20:08 +00:00
Mark Andrews
d97637ce11 unsigned constants 2011-03-28 03:41:55 +00:00
Evan Hunt
319b8a1488 3092. [bug] Signatures for records at the zone apex could go 
stale due to an incorrect timer setting. [RT #23769]

3091.	[bug]		Fixed a bug in which zone keys that were published
			and then subsequently activated could fail to trigger
			automatic signing. [RT #22991]
 2011-03-25 23:53:02 +00:00
Automatic Updater
6333ba02a5 update copyright notice 2011-03-21 23:47:21 +00:00
Evan Hunt
0994d3a21b 3087. [bug] DDNS updates using SIG(0) with update-policy match 
type "external" could cause a crash. [RT #23735]
 2011-03-21 19:54:03 +00:00
Evan Hunt
1063914c30 Fixed some problems from change #3084 that turned up after committing it; 
"freeze" and "thaw" weren't working quite right when used without a
specific zone name.
 2011-03-21 18:38:40 +00:00
Evan Hunt
7cb226ec34 3084. [func] A new command "rndc sync" dumps pending changes in 
a dynamic zone to disk; "rndc sync -clean" also
			removes the journal file after syncing.  Also,
			"rndc freeze" no longer removes journal files.
			[RT #22473]
 2011-03-21 07:22:14 +00:00
Mark Andrews
5095e72ac3 3083. [bug] NOTIFY messages were not being sent when generating 
a NSEC3 chain incrementally. [RT #23702]
 2011-03-21 01:02:39 +00:00
Mark Andrews
b76715a02f Use UINT_MAX to initialise split_width (unsigned int) instead of -1. 2011-03-20 02:31:54 +00:00
Automatic Updater
7885190562 update copyright notice 2011-03-18 23:47:36 +00:00
Francis Dupont
d99d0c19b2 introduce STDTIME_ON_32BITS 2011-03-18 09:00:45 +00:00
Automatic Updater
207cee019e update copyright notice 2011-03-17 23:47:30 +00:00
Francis Dupont
50f64cf0e5 silent compiler warnings for DLZ exernal driver support and example 2011-03-17 09:25:54 +00:00
Mark Andrews
ed53ec0b06 3077. [bug] zone.c:zone_refreshkeys() incorrectly called 
dns_zone_attach(), use zone->irefs instead. [RT #23303]
 2011-03-17 05:21:50 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Mark Andrews
0e095727ff 3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant 
timestamp when determining which keys are active.
                        [RT #23642]
 2011-03-17 01:17:21 +00:00
Francis Dupont
0a25550b46 remove extra space 2011-03-14 13:40:52 +00:00
Francis Dupont
52c3f66536 isc_mutex_destroy() returns a value 2011-03-14 13:39:17 +00:00
Mark Andrews
26b49e8459 3074. [bug] Make the adb cache read through for zone data and 
glue learn for zone named is authoritative for.
                        [RT #22842]
 2011-03-13 02:49:28 +00:00
Automatic Updater
c1aef54e14 update copyright notice 2011-03-12 04:59:49 +00:00
Evan Hunt
f563fcf124 Forgot to initialize a fixedname, which made it a brokenname. 2011-03-11 17:19:05 +00:00