2131 Commits

Author SHA1 Message Date
Automatic Updater
0329504246 update copyright notice 2010-05-27 23:49:55 +00:00
Mark Andrews
5cb766e596 line length 2010-05-27 03:27:35 +00:00
Mark Andrews
0517d21ebd 2897. [bug] NSEC3 chains could be left behind when transitioning
to insecure. [RT #21040]
2010-05-18 01:40:35 +00:00
Mark Andrews
777d3c3963 silence compiler warning 2010-05-18 00:29:31 +00:00
Automatic Updater
fa3174b8f1 regen v9_7 2010-05-15 02:42:00 +00:00
Automatic Updater
71324ae046 update copyright notice 2010-05-14 23:49:21 +00:00
Mark Andrews
812b6d8d11 2893. [bug] Improve managed keys support. New named.conf option
managed-keys-directory. [RT #20924]
2010-05-14 04:49:40 +00:00
Mark Andrews
b756b7d22f 2891. [maint] Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
2010-05-14 03:32:11 +00:00
Automatic Updater
3fe2c091cc update copyright notice 2010-03-12 23:49:56 +00:00
Mark Andrews
02d3754d1e 2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
[RT #21050]
2010-03-12 02:00:58 +00:00
Mark Andrews
2473968416 2956. [bug] named-checkconf did not fail on a bad trusted key.
[RT #20705]
2010-03-04 06:19:33 +00:00
Automatic Updater
b1416abab6 update copyright notice 2010-02-26 23:49:47 +00:00
Mark Andrews
46ef4ef03a 2853. [bug] add_sigs() could run out of scratch space. [RT #21015] 2010-02-26 01:50:39 +00:00
Mark Andrews
8a98023414 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 05:05:09 +00:00
Automatic Updater
55690c7b8d update copyright notice 2010-02-04 23:48:30 +00:00
Mark Andrews
7d47e3d387 2849. [bug] Don't treat errors from the xml2 library as fatal.
[RT #20945]
2010-02-04 01:07:32 +00:00
Automatic Updater
74f601e769 update copyright notice 2010-01-13 23:48:20 +00:00
Evan Hunt
96c51eadc9 Commit to v9_7 some changes that had been left out:
2838.	[bug]		A KSK revoked by named could not be deleted.
			[RT #20881]

2837.	[port]		Prevent Linux spurious warnings about fwrite().
			[RT #20812]
2010-01-13 19:31:53 +00:00
Tatuya JINMEI 神明達哉
6ca6cc975f 2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
2009-12-30 08:33:41 +00:00
Mark Andrews
831bfda9d2 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
was in the process of being created was not properly
                        recorded in the zone. [RT #20786]
2009-12-30 03:55:03 +00:00
Mark Andrews
2b662f27f6 2824. [bug] "rndc sign" was not being run by the correct task.
[RT #20759]
2009-12-29 22:23:01 +00:00
Evan Hunt
b4df2f48c7 2818. [cleanup] rndc could return an incorrect error code
when a zone was not found. [RT #20767]
2009-12-24 00:16:08 +00:00
Evan Hunt
84c9c592f8 2817. [cleanup] Removed unnecessary isc_tasc_endexclusive() calls.
[RT #20768]
2009-12-24 00:00:13 +00:00
Evan Hunt
5a33ab5d65 2815. [bug] Exclusively lock the task when freezing a zone.
[RT #19838]
2009-12-23 23:33:53 +00:00
Automatic Updater
5470afd66b update copyright notice 2009-12-18 23:48:18 +00:00
Evan Hunt
7290687619 2813. [bug] Better handling of unreadable DNSSEC key files.
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
2009-12-18 22:13:54 +00:00
Evan Hunt
12178c8652 2805. [bug] Fixed namespace problems encountered when building
external programs using non-exported BIND9 libraries
			(i.e., built without --enable-exportlib). [RT #20679]
2009-12-05 23:31:41 +00:00
Mark Andrews
3d17a3ba61 2801. [func] Detect and report records that are different according
to DNSSEC but are sematically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};
2009-12-04 21:09:34 +00:00
Evan Hunt
e438e29354 claried log message when no active private keys are found to use for
signing. [rt20690]
2009-12-04 20:32:07 +00:00
Mark Andrews
5d850024cb 2800. [func] Reject zones which have NS records which refer to
CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]
2009-12-04 03:33:15 +00:00
Automatic Updater
089c63b69c regen 2009-12-04 01:13:45 +00:00
Automatic Updater
63aeaafd97 update copyright notice 2009-12-03 23:48:22 +00:00
Evan Hunt
8e4f3f1cbc 2799. [cleanup] Changed the "secure-to-insecure" option to
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
			to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
2009-12-03 23:18:17 +00:00
Vernon Schryver
5d9922e86f Allow the optional filter-aaaa-on-v4 option in view statements to close #20635 2009-11-28 15:57:37 +00:00
Mark Andrews
d0ca4e90e2 2786. [bug] Additional could be promoted to answer. [RT #20663] 2009-11-25 02:22:05 +00:00
Evan Hunt
d312bc5d81 2785. [bug] Revoked keys could fail to self-sign [RT #20652] 2009-11-24 03:42:32 +00:00
Mark Andrews
dc92707066 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
buffer size of 512 or less.  [RT #20654]
2009-11-24 03:09:57 +00:00
Evan Hunt
cef109efa7 2780. [bug] dnssec-keygen -A none didn't properly unset the
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
2009-11-23 02:55:41 +00:00
Evan Hunt
0088b45de5 2774. [bug] Existing cache DB wasn't being reused after
reconfiguration. [RT #20629]
2009-11-19 18:52:40 +00:00
Evan Hunt
b08325a7f3 2773. [bug] In autosigned zones, the SOA could be signed
with the KSK. [RT #20628]
2009-11-18 21:22:31 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
                        validates as secure. [RT #20438]
2009-11-17 23:55:18 +00:00
Evan Hunt
e2facd7af2 2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597] 2009-11-09 01:28:32 +00:00
Evan Hunt
cc3ed192b0 2754. [bug] Secure-to-insecure transitions failed when zone
was signed with NSEC3. [RT #20587]
2009-11-06 08:38:56 +00:00
Mark Andrews
052e7083ac correct bind9.xsl.h dependancy 2009-11-05 02:59:04 +00:00
Mark Andrews
9d856845d6 2744. [func] Log if a query was over TCP. [RT #19961] 2009-11-03 04:39:41 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust
anchors for a view. [RT #20211]
2009-10-27 22:46:13 +00:00
Evan Hunt
312a00fb75 add named-symtbl.c to .cvsignore 2009-10-27 06:06:46 +00:00
Mark Andrews
9e9e7112f9 2737. [func] UPDATE requests can leak existance information.
[RT #17261]
2009-10-27 05:42:25 +00:00
Automatic Updater
5f744ebbdc update copyright notice 2009-10-26 23:47:35 +00:00
Evan Hunt
c8aa7ce70d 2732. [func] Add optional filter-aaaa-on-v4 option, available
if built with './configure --enable-filter-aaaa'.
			Filters out AAAA answers to clients connecting
			via IPv4.  (This is NOT recommended for general
			use.) [RT #20339]
2009-10-26 23:14:54 +00:00