ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
20,067 Commits 589 Branches 805 Tags
v9.6-ESV-R9b2
Commit Graph

358 Commits

Author SHA1 Message Date
Mark Andrews
e252b8b8da 3461. [bug] Negative responses could incorrectly have AD=1 
set. [RT #32237]
 2013-01-10 21:55:05 +11:00
Tinderbox User
0701549b85 update copyright notice 2013-01-04 23:45:11 +00:00
Evan Hunt
7a904931ad [v9_6] allow-query-on works now 
3448.	[bug]		The allow-query-on ACL was not processed correctly.
			[RT #29486]
(cherry picked from commit 222d38735f)
(cherry picked from commit 8d9207a17b)
(cherry picked from commit ba2599657b)
 2013-01-03 15:39:21 -08:00
Evan Hunt
9e09039ce8 fixed an exploitable hang bug 
3383.	[security]	A certain combinations of records in the RBT could
                        cause named to hang while populating the additional
                        section of a response. [RT #31090]
 2012-09-26 17:21:30 -07:00
Mark Andrews
58085bf485 3371. [bug] AD=1 should behave like DO=1 when deciding whether to 
add NS RRsets to the additional section or not.
                        [RT #30479]
 2012-08-31 11:34:14 +10:00
Evan Hunt
2f16faf485 revert rt26429 due to incompatibilities with 9.6 2012-07-25 22:22:16 -07:00
Evan Hunt
0953cc2c36 fix merge errors 2012-07-25 21:19:51 -07:00
Tinderbox User
2615007d77 update copyright notice 2012-07-25 23:45:12 +00:00
ckb
8d74549a5c 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are 
approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]
 2012-07-25 17:38:47 -05:00
Mark Andrews
f694d83e78 3299. [bug] Make SDB handle errors from database drivers better. 
[RT #28534]
 2012-03-28 10:37:28 +11:00
Evan Hunt
66fb5237d3 set $Id$ 2012-03-07 08:19:59 -08:00
Automatic Updater
e0229601aa update copyright notice 2012-01-04 23:45:30 +00:00
Evan Hunt
eec7032275 3260. [bug] "rrset-order cyclic" could appear not to rotate 
for some query patterns.  [RT #27170/27185]
 2012-01-04 03:12:03 +00:00
Mark Andrews
0b20398de2 3218. [security] Cache lookup could return RRSIG data associated with 
nonexistent records, leading to an assertion
                        failure. [RT #26590]
 2011-11-16 09:45:25 +00:00
Mark Andrews
48e7804399 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:47:47 +00:00
Automatic Updater
4061571044 update copyright notice 2011-09-02 23:45:15 +00:00
Evan Hunt
62da6b0e7e 3151. [bug] Queries for type RRSIG or SIG could be handled 
incorrectly.  [RT #21050]
 2011-09-02 21:53:54 +00:00
Mark Andrews
6969f82320 silence clang warnings 2011-08-31 23:33:23 +00:00
Mark Andrews
3ddb69e254 3081. [bug] Failure of DNAME substitution did not return 
YXDOMAIN. [RT #23591]
 2011-03-19 09:47:54 +00:00
Automatic Updater
9e5debd879 update copyright notice 2011-03-12 04:57:33 +00:00
Mark Andrews
5b4cdf0f41 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 10:50:00 +00:00
Mark Andrews
ff826c2844 2964. [bug] view->queryacl was being overloaded. Seperate the 
usage into view->queryacl, view->cacheacl and
                        view->queryonacl. [RT #22114]
 2010-09-24 08:09:08 +00:00
Mark Andrews
af6b256444 2960. [func] Check that named accepts non-authoritative answers. 
[RT #21594]
 2010-09-15 12:16:51 +00:00
Mark Andrews
453c9289b5 2953. [bug] Silence spurious "expected covering NSEC3, got an 
exact match" message when returning a wildcard
                        no data response. [RT #21744]
 2010-09-07 02:53:19 +00:00
Tatuya JINMEI 神明達哉
e9f69b0324 2931. [bug] Temporarily and partially disable change 2864 
because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]
 2010-07-15 01:30:33 +00:00
Automatic Updater
a4d4e19af8 update copyright notice 2010-06-26 23:45:54 +00:00
Mark Andrews
bc3343cc10 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:57:04 +00:00
Automatic Updater
08f36cf4fb update copyright notice 2010-03-12 23:48:26 +00:00
Mark Andrews
5641d615c8 2864. [bug] Direct SIG/RRSIG queries were not handled correctly. 
[RT #21050]
 2010-03-12 02:01:57 +00:00
Tatuya JINMEI 神明達哉
450c3bb498 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:34:30 +00:00
Mark Andrews
fce41660df 2593. [bug] Improve a corner source of SERVFAILs [RT #19632] 2009-12-03 04:38:28 +00:00
Mark Andrews
eb5f89b06e 2786. [bug] Additional could be promoted to answer. [RT #20663] 2009-11-25 02:25:56 +00:00
Mark Andrews
32967e6895 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP 
buffer size of 512 or less.  [RT #20654]
 2009-11-24 03:15:31 +00:00
Mark Andrews
e7f4d4e09d 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-18 00:15:38 +00:00
Mark Andrews
c363a13c50 2729. [func] When constructing a CNAME from a DNAME use the DNAME 
TTL. [RT #20451]
 2009-10-27 22:45:07 +00:00
Mark Andrews
69f73c967e 2678. [func] Treat DS queries as if "minimal-response yes;" 
was set. [RT #20258]
 2009-09-14 23:19:36 +00:00
Mark Andrews
4a8fa74137 2643. [bug] Stub zones interacted badly with NSEC3 support. 
[RT #19777]
 2009-08-05 02:11:48 +00:00
Tatuya JINMEI 神明達哉
81bae80881 cleanup: removed redundant initialization [RT #19866] 2009-06-26 08:03:47 +00:00
Mark Andrews
50b107e596 2576. [bug] NSEC record were not being correctly signed when 
a zone transitions from insecure to secure.
                        Handle such incorrectly signed zones. [RT #19114]
 2009-03-13 01:38:51 +00:00
Mark Andrews
b783a1581b 2551. [bug] Potential Reference leak on return. [RT #19341] 2009-02-15 23:07:33 +00:00
Tatuya JINMEI 神明達哉
809350646f 2537. [experimental] Added more statistics counters including those on socket 
I/O events and query RTT histograms. [RT #18802]
 2009-01-29 22:40:36 +00:00
Mark Andrews
d7900926bf spelling 2009-01-18 23:25:18 +00:00
Automatic Updater
eb38c046c2 update copyright notice 2009-01-07 23:47:16 +00:00
Tatuya JINMEI 神明達哉
8bdbeeb578 2525. [experimental] New logging category "query-errors" to provide detailed 
internal information about query failures, especially
			about server failures. [RT #19027]
 2009-01-07 01:50:15 +00:00
Tatuya JINMEI 神明達哉
7170458302 2516. [bug] glue sort for responses was performed even when not 
needed. [RT #19039]
 2008-12-29 23:50:35 +00:00
Mark Andrews
a14aff6984 2484. [bug] It was possible to trigger a REQUIRE failure when 
adding NSEC3 proofs to the response in
                        query_addwildcardproof().  [RT #18828]
 2008-11-03 23:57:22 +00:00
Mark Andrews
24a56e15f7 silence compiler warning 2008-10-15 02:37:11 +00:00
Mark Andrews
e6c5224571 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache. 
[RT #18697]
 2008-10-02 20:35:39 +00:00
Automatic Updater
6e2871232f update copyright notice 2008-09-24 03:16:58 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00