Automatic Updater
0329504246
update copyright notice
2010-05-27 23:49:55 +00:00
Mark Andrews
5cb766e596
line length
2010-05-27 03:27:35 +00:00
Mark Andrews
0517d21ebd
2897. [bug] NSEC3 chains could be left behind when transitioning
...
to insecure. [RT #21040 ]
2010-05-18 01:40:35 +00:00
Mark Andrews
777d3c3963
silence compiler warning
2010-05-18 00:29:31 +00:00
Automatic Updater
fa3174b8f1
regen v9_7
2010-05-15 02:42:00 +00:00
Automatic Updater
71324ae046
update copyright notice
2010-05-14 23:49:21 +00:00
Mark Andrews
812b6d8d11
2893. [bug] Improve managed keys support. New named.conf option
...
managed-keys-directory. [RT #20924 ]
2010-05-14 04:49:40 +00:00
Mark Andrews
b756b7d22f
2891. [maint] Update empty-zones list to match
...
draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
2010-05-14 03:32:11 +00:00
Automatic Updater
3fe2c091cc
update copyright notice
2010-03-12 23:49:56 +00:00
Mark Andrews
02d3754d1e
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
...
[RT #21050 ]
2010-03-12 02:00:58 +00:00
Mark Andrews
2473968416
2956. [bug] named-checkconf did not fail on a bad trusted key.
...
[RT #20705 ]
2010-03-04 06:19:33 +00:00
Automatic Updater
b1416abab6
update copyright notice
2010-02-26 23:49:47 +00:00
Mark Andrews
46ef4ef03a
2853. [bug] add_sigs() could run out of scratch space. [RT #21015 ]
2010-02-26 01:50:39 +00:00
Mark Andrews
8a98023414
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619 ]
2010-02-25 05:05:09 +00:00
Automatic Updater
55690c7b8d
update copyright notice
2010-02-04 23:48:30 +00:00
Mark Andrews
7d47e3d387
2849. [bug] Don't treat errors from the xml2 library as fatal.
...
[RT #20945 ]
2010-02-04 01:07:32 +00:00
Automatic Updater
74f601e769
update copyright notice
2010-01-13 23:48:20 +00:00
Evan Hunt
96c51eadc9
Commit to v9_7 some changes that had been left out:
...
2838. [bug] A KSK revoked by named could not be deleted.
[RT #20881 ]
2837. [port] Prevent Linux spurious warnings about fwrite().
[RT #20812 ]
2010-01-13 19:31:53 +00:00
Tatuya JINMEI 神明達哉
6ca6cc975f
2828. [security] Cached CNAME or DNAME RR could be returned to clients
...
without DNSSEC validation. [RT #20737 ]
9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
2009-12-30 08:33:41 +00:00
Mark Andrews
831bfda9d2
2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
...
was in the process of being created was not properly
recorded in the zone. [RT #20786 ]
2009-12-30 03:55:03 +00:00
Mark Andrews
2b662f27f6
2824. [bug] "rndc sign" was not being run by the correct task.
...
[RT #20759 ]
2009-12-29 22:23:01 +00:00
Evan Hunt
b4df2f48c7
2818. [cleanup] rndc could return an incorrect error code
...
when a zone was not found. [RT #20767 ]
2009-12-24 00:16:08 +00:00
Evan Hunt
84c9c592f8
2817. [cleanup] Removed unnecessary isc_tasc_endexclusive() calls.
...
[RT #20768 ]
2009-12-24 00:00:13 +00:00
Evan Hunt
5a33ab5d65
2815. [bug] Exclusively lock the task when freezing a zone.
...
[RT #19838 ]
2009-12-23 23:33:53 +00:00
Automatic Updater
5470afd66b
update copyright notice
2009-12-18 23:48:18 +00:00
Evan Hunt
7290687619
2813. [bug] Better handling of unreadable DNSSEC key files.
...
[RT #20710 ]
2812. [bug] Make sure updates can't result in a zone with
NSEC-only keys and NSEC3 records. [RT 20748]
2009-12-18 22:13:54 +00:00
Evan Hunt
12178c8652
2805. [bug] Fixed namespace problems encountered when building
...
external programs using non-exported BIND9 libraries
(i.e., built without --enable-exportlib). [RT #20679 ]
2009-12-05 23:31:41 +00:00
Mark Andrews
3d17a3ba61
2801. [func] Detect and report records that are different according
...
to DNSSEC but are sematically equal according to plain
DNS. Apply plain DNS comparisons rather than DNSSEC
comparisons when processing UPDATE requests.
dnssec-signzone now removes such semantically duplicate
records prior to signing the RRset.
named-checkzone -r {ignore|warn|fail} (default warn)
named-compilezone -r {ignore|warn|fail} (default warn)
named.conf: check-dup-records {ignore|warn|fail};
2009-12-04 21:09:34 +00:00
Evan Hunt
e438e29354
claried log message when no active private keys are found to use for
...
signing. [rt20690]
2009-12-04 20:32:07 +00:00
Mark Andrews
5d850024cb
2800. [func] Reject zones which have NS records which refer to
...
CNAMEs, DNAMEs or don't have address record (class IN
only). Reject UPDATEs which would cause the zone
to fail the above checks if committed. [RT #20678 ]
2009-12-04 03:33:15 +00:00
Automatic Updater
089c63b69c
regen
2009-12-04 01:13:45 +00:00
Automatic Updater
63aeaafd97
update copyright notice
2009-12-03 23:48:22 +00:00
Evan Hunt
8e4f3f1cbc
2799. [cleanup] Changed the "secure-to-insecure" option to
...
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
to "dnssec-dnskey-kskonly", for clarity. [RT #20586 ]
2009-12-03 23:18:17 +00:00
Vernon Schryver
5d9922e86f
Allow the optional filter-aaaa-on-v4 option in view statements to close #20635
2009-11-28 15:57:37 +00:00
Mark Andrews
d0ca4e90e2
2786. [bug] Additional could be promoted to answer. [RT #20663 ]
2009-11-25 02:22:05 +00:00
Evan Hunt
d312bc5d81
2785. [bug] Revoked keys could fail to self-sign [RT #20652 ]
2009-11-24 03:42:32 +00:00
Mark Andrews
dc92707066
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
...
buffer size of 512 or less. [RT #20654 ]
2009-11-24 03:09:57 +00:00
Evan Hunt
cef109efa7
2780. [bug] dnssec-keygen -A none didn't properly unset the
...
activation date in all cases. [RT #20648 ]
2779. [bug] Dynamic key revokation could fail. [RT #20644 ]
2778. [bug] dnssec-signzone could fail when a key was revoked
without deleting the unrevoked version. [RT #20638 ]
2009-11-23 02:55:41 +00:00
Evan Hunt
0088b45de5
2774. [bug] Existing cache DB wasn't being reused after
...
reconfiguration. [RT #20629 ]
2009-11-19 18:52:40 +00:00
Evan Hunt
b08325a7f3
2773. [bug] In autosigned zones, the SOA could be signed
...
with the KSK. [RT #20628 ]
2009-11-18 21:22:31 +00:00
Mark Andrews
a39a5f4d81
2772. [security] When validating, track whether pending data was from
...
the additional section or not and only return it if
validates as secure. [RT #20438 ]
2009-11-17 23:55:18 +00:00
Evan Hunt
e2facd7af2
2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
2009-11-09 01:28:32 +00:00
Evan Hunt
cc3ed192b0
2754. [bug] Secure-to-insecure transitions failed when zone
...
was signed with NSEC3. [RT #20587 ]
2009-11-06 08:38:56 +00:00
Mark Andrews
052e7083ac
correct bind9.xsl.h dependancy
2009-11-05 02:59:04 +00:00
Mark Andrews
9d856845d6
2744. [func] Log if a query was over TCP. [RT #19961 ]
2009-11-03 04:39:41 +00:00
Evan Hunt
95f2377b4f
2739. [cleanup] Clean up API for initializing and clearing trust
...
anchors for a view. [RT #20211 ]
2009-10-27 22:46:13 +00:00
Evan Hunt
312a00fb75
add named-symtbl.c to .cvsignore
2009-10-27 06:06:46 +00:00
Mark Andrews
9e9e7112f9
2737. [func] UPDATE requests can leak existance information.
...
[RT #17261 ]
2009-10-27 05:42:25 +00:00
Automatic Updater
5f744ebbdc
update copyright notice
2009-10-26 23:47:35 +00:00
Evan Hunt
c8aa7ce70d
2732. [func] Add optional filter-aaaa-on-v4 option, available
...
if built with './configure --enable-filter-aaaa'.
Filters out AAAA answers to clients connecting
via IPv4. (This is NOT recommended for general
use.) [RT #20339 ]
2009-10-26 23:14:54 +00:00