ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,854 Commits 589 Branches 805 Tags
v9.4-ESV-R3
Commit Graph

2756 Commits

Author SHA1 Message Date
Mark Andrews
e96e6e8077 9.4-ESV-R3 2010-09-02 07:27:40 +00:00
Mark Andrews
43a1ec8d9f 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. 
[RT #20877]
 2010-09-02 07:21:53 +00:00
Mark Andrews
cad9e1ff1f 2678. [func] Treat DS queries as if "minimal-response yes;" 
was set. [RT #20258]

2427.   [func]          Treat DNSKEY queries as if "minimal-response yes;"
                        was set. [RT #18528]
 2010-07-03 09:03:01 +00:00
Mark Andrews
7b67408765 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-26 00:11:50 +00:00
Mark Andrews
5c7be0bf56 s/to soon/too soon/ 2010-06-23 03:32:30 +00:00
Mark Andrews
8310668e43 2921. [bug] The resolver could attempt to destroy a fetch context 
to soon.  [RT #19878]
 2010-06-23 01:48:55 +00:00
Mark Andrews
1a677bc3f7 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-06-03 00:36:02 +00:00
Mark Andrews
eb12f97615 2900. [bug] The placeholder negative caching element was not 
properly constructed triggering a INSIST in
                        dns_ncache_towire(). [RT #21346]
 2010-06-03 00:21:52 +00:00
Mark Andrews
0cd3b8cc3e 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-06-03 00:07:59 +00:00
Mark Andrews
078580a74d 9.4-ESV-R2 2010-05-10 01:56:40 +00:00
Mark Andrews
af9bcac6c5 2876. [bug] Named could return SERVFAIL for negative responses 
from unsigned zones. [RT #21131]
 2010-04-21 04:23:47 +00:00
Mark Andrews
4692e05150 9.4-ESV-R1 2010-03-04 00:25:25 +00:00
Mark Andrews
b6a3b10da7 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-26 01:03:56 +00:00
Mark Andrews
d88ec94a81 9.4-ESV 2010-01-21 01:10:54 +00:00
Mark Andrews
f4405a6c1a missing from original commit: 
2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]
 2010-01-21 00:59:17 +00:00
Tatuya JINMEI 神明達哉
59721b321d 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)

Additional notes specific to 9.4-ESV:
- I needed to explicitly enable dnssec-validation in "pending" system tests
  because it's disabled by default for 9.4.  This is not a problem of this
  patch - the test was broken for 9.4 when it was first introduced.  Another
  reason why we need more detailed tests.
- I modified the test case for 9.4 so that it allows pending-additional-to-answer
   promotion as 9.4 doesn't include this bug fix.
 2009-12-30 08:55:48 +00:00
Evan Hunt
d7985983b0 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:44:05 +00:00
Mark Andrews
e312c286f8 9.4-ESVrc1 2009-12-11 00:39:13 +00:00
Mark Andrews
6a0c80c7c4 2797. [bug] Don't decrement the dispatch manager's maxbuffers. 
[RT #20613]
 2009-12-02 23:37:04 +00:00
Mark Andrews
d975e0ed8e rt# 2009-11-26 21:34:06 +00:00
Mark Andrews
54d83f4a68 2790. [bug] Handle DS queries to stub zones. 2009-11-26 03:45:43 +00:00
Mark Andrews
b4bd8d0662 772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-25 04:50:25 +00:00
Mark Andrews
12d58e5804 9.4-ESVb1 2009-11-05 06:14:04 +00:00
Mark Andrews
bf3057c014 9.4-ESV 2009-10-13 00:07:58 +00:00
Evan Hunt
121672f23c 2698. [cleanup] configure --enable-libbind is deprecated. [RT #20090] 2009-10-03 16:23:15 +00:00
Mark Andrews
45f4234351 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and 
S_IFREG are defined after including <isc/stat.h>.
                        [RT #20309]
 2009-10-01 05:25:44 +00:00
Mark Andrews
c6473dc038 2690. [bug] win32: fix isc_thread_key_getspecific() prototype. 
[RT #20315]
 2009-09-25 05:52:20 +00:00
Mark Andrews
ca202d441e 2689. [bug] Correctly handle snprintf result. [RT #20306] 2009-09-24 22:25:30 +00:00
Tatuya JINMEI 神明達哉
aaa2233e76 2525. [experimental] New logging category "query-errors" to provide detailed 
internal information about query failures, especially
			about server failures.  (backported as a special
			exception to the general policy) [RT #19027]
 2009-09-24 21:38:52 +00:00
Mark Andrews
2b4ed367f3 2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT, 
to decide to fetch the destination address. [RT #20305]
 2009-09-24 06:43:52 +00:00
Tatuya JINMEI 神明達哉
b517a7a336 fixed the position of the period. 2009-09-19 21:46:59 +00:00
Tatuya JINMEI 神明達哉
8c8119ce24 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly 
decoded [RT #20269].

BIND 9.7.0, 9.6.2, 9.5.2, 9.4.4
 2009-09-18 21:57:08 +00:00
Mark Andrews
76a4707aad 2672. [bug] Don't enable searching in 'host' when doing reverse 
lookups. [RT #20218]
 2009-09-08 23:29:03 +00:00
Mark Andrews
60abc54118 9.4-ESV-20090907 2009-09-07 02:24:31 +00:00
Mark Andrews
9b2c4fd0ef 2670. [bug] Unexpected connect failures failed to log enough 
information to be useful. [RT #20205]
 2009-09-07 02:17:09 +00:00
Evan Hunt
db00fbebac back out changes 2661 & 2662 2009-09-01 07:18:54 +00:00
Evan Hunt
9a3ef95d13 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr() 
returned a misleading error code when lwresd was
			down. [RT #20028]

2661.	[bug]		Check whether socket fd exceeds FD_SETSIZE when
			creating lwres context. [RT #20029]
 2009-09-01 06:55:10 +00:00
Mark Andrews
2bbae36bce restore change description: 2637. [func] Rationalize dnssec-signzone's signwithkey() calling. 2009-08-18 00:34:27 +00:00
Mark Andrews
554ed4936f 9.4.4b1 2009-08-13 05:01:32 +00:00
Mark Andrews
bd4803f39e 2649. [bug] Set the domain for forward only zones. [RT #19944] 2009-08-13 04:55:16 +00:00
Mark Andrews
6a1d766e4a 2648. [port] win32: isc_time_seconds() was broken. [RT #19900] 2009-08-13 03:42:27 +00:00
Mark Andrews
3fdca50cc7 2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987] 2009-08-13 02:19:39 +00:00
Evan Hunt
e8e9e1dbeb 2642. [bug] nsupdate could dump core on solaris when reading 
improperly formatted key files.  [RT #20015]
 2009-07-29 23:56:27 +00:00
Mark Andrews
55b1dda9d8 2640. [security] A specially crafted update packet will cause named 
to exit. [RT #20000]
 2009-07-28 15:57:26 +00:00
Mark Andrews
3855aee9c1 2637. [func] Rationalize dnssec-signzone's signwithkey() calling. 
[RT #19959]
 2009-07-21 03:38:12 +00:00
Evan Hunt
2b7c68e9bb 2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses. 
[RT #19716]
 2009-07-18 21:13:55 +00:00
Mark Andrews
6e6859cb8f 2633. [bug] Handle 15 bit rand() functions. [RT #19783] 2009-07-16 06:01:32 +00:00
Mark Andrews
ceaf8479c0 2632. [func] util/kit.sh: warn if documentation appears to be out of 
date.  [RT #19922]
 2009-07-16 05:39:37 +00:00
Mark Andrews
e6c0f07e73 2623. [bug] Named started seaches for DS non-optimally. [RT #19915] 2009-07-13 06:34:13 +00:00
Mark Andrews
32a1ab66b9 2920. [bug] Delay thawing the zone until the reload of it has 
completed successfully.  [RT #19750]
 2009-07-11 04:30:50 +00:00