4978 Commits

Author SHA1 Message Date
Mark Andrews
5addd0b6cd 9.7.3b1 2010-12-10 01:23:06 +00:00
Mark Andrews
7035aa0ee2 dst_key_attach 2010-12-09 07:56:12 +00:00
Automatic Updater
9164ae2297 update copyright notice 2010-12-09 04:31:30 +00:00
Mark Andrews
93b433d299 2982. [bug] Reference count dst keys. dst_key_attach() can be used
increment the reference count.

                        Note: dns_tsigkey_createfromkey() callers should now
                        always call dst_key_free() rather than setting it
                        to NULL on success. [RT #22672]
2010-12-09 01:05:29 +00:00
Mark Andrews
e69bed0b94 2980. [bug] named didn't properly handle UPDATES that changed the
TTL of the NSEC3PARAM RRset. [RT #22363]
2010-12-07 03:01:40 +00:00
Mark Andrews
d41b478b81 s/dns_key_free/dst_key_free/ 2010-12-03 12:04:24 +00:00
Automatic Updater
1517558cd3 update copyright notice 2010-12-02 23:46:30 +00:00
Mark Andrews
e7ca8c91ec 2976. [bug] named die on exit after negotiating a GSS-TSIG key.
[RT #3415]
2010-12-02 23:26:58 +00:00
Mark Andrews
7f2d8ae5da 2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
wrong lock which could lead to server deadlock.
                        [RT #22614]
2010-12-02 05:07:03 +00:00
Automatic Updater
14f8d8220c update copyright notice 2010-11-30 23:46:15 +00:00
Evan Hunt
f72883c6ae 2974. [bug] Some vaild UPDATE requests could fail due to a
consistency check examining the existing version
			of the zone rather than the new version resulting
			from the UPDATE. [RT #22413]
2010-11-30 02:27:38 +00:00
Automatic Updater
97c708294d update copyright notice 2010-11-17 23:46:32 +00:00
Evan Hunt
a53c04f050 2971. [bug] Fixed a bug that caused journal files not to be
compacted on Windows systems as a result of
			non-POSIX-compliant rename() semantics. [RT #22434]
2010-11-17 00:29:31 +00:00
Mark Andrews
8f110ca521 2970. [security] Adding a NO DATA negative cache entry failed to clear
any matching RRSIG records.  A subsequent lookup of
                        of NO DATA cache entry could trigger a INSIST when the
                        unexpected RRSIG was also returned with the NO DATA
                        cache entry.  [RT #22288]
2010-11-16 07:28:37 +00:00
Mark Andrews
8bdc865433 2968. [security] Named could fail to prove a data set was insecure
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
2010-11-16 01:21:49 +00:00
Mark Andrews
0a2897853b 2963. [security] The allow-query acl was being applied instead of the
allow-query-cache acl to cache lookups. [RT #22114]
2010-09-24 05:54:06 +00:00
Automatic Updater
6d7a4c30a2 update copyright notice 2010-09-15 12:38:04 +00:00
Mark Andrews
1872751420 2961. [bug] Be still more selective about the non-authoritative
answers we apply change 2748 to. [RT #22074]
2010-09-15 12:23:17 +00:00
Mark Andrews
fea199b0ce 2957. [bug] entropy_get() and entropy_getpseudo() failed to match
the API for RAND_bytes() and RAND_pseudo_bytes()
                        respectively. [RT #21962]
2010-09-15 03:20:37 +00:00
Mark Andrews
910ceb6004 2928. [bug] Be more selective about the non-authoritative
answer we apply change 2748 to. [RT #21594]
2010-09-13 23:25:22 +00:00
Mark Andrews
1cbe92ed8c 2951. [bug] named failed to generate a correct signed response
in a optout, delegation only zone with no secure
                        delegations. [RT #22007]
2010-09-07 01:05:59 +00:00
Mark Andrews
6ee56d59da 2950. [bug] named failed to perform a SOA up to date check when
falling back to TCP on UDP timeouts when
                        ixfr-from-differences was set. [RT #21595]
2010-09-06 04:43:08 +00:00
Mark Andrews
ed09ec058a 2949. [bug] dns_view_setnewzones() contained a memory leak if
it was called multiple times. [RT #21942]
2010-09-06 04:34:03 +00:00
Mark Andrews
704e4daff8 dns_view_setnewzones 2010-08-17 01:21:07 +00:00
Mark Andrews
b45ded3b33 9.7.2rc1 2010-08-17 00:51:33 +00:00
Automatic Updater
5d98af56f2 update copyright notice 2010-08-16 23:46:31 +00:00
Mark Andrews
30579c29be 2943. [func] Add support to load new keys into managed zones
without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]
2010-08-16 22:27:18 +00:00
Mark Andrews
ff2047b685 2941. [bug] sdb and sdlz (dlz's zone database) failed to support
DNAME at the zone apex.  [RT #21610]
2010-08-16 05:14:58 +00:00
Automatic Updater
770279e013 update copyright notice 2010-08-13 23:46:29 +00:00
Mark Andrews
71e5c19636 2938. [bug] When generating signed responses, from a signed zone
that uses NSEC3, named would use a uninitialised
                        pointer if it needed to skip a NSEC3 record because
                        it didn't match the selected NSEC3PARAM record for
                        zone. [RT# 21868]
2010-08-13 07:00:40 +00:00
Evan Hunt
289fd68776 Removed a leftover UNUSED statement referencing a parameter that doesn't
exist anymore.
2010-08-12 04:04:34 +00:00
Tatuya JINMEI 神明達哉
879dcb926c 2937. [bug] Worked around an apparent race condition in over
memory conditions.  Without this fix a DNS cache DB or
			ADB could incorrectly stay in an over memory state,
			effectively refusing further caching, which
			subsequently made a BIND 9 caching server unworkable.
			This fix prevents this problem from happening by
			polling the state of the memory context, rather than
			making a copy of the state, which appeared to cause
			a race.  This is a "workaround" in that it doesn't
			solve the possible race per se, but several experiments
			proved this change solves the symptom.  Also, the
			polling overhead hasn't been reported to be an issue.
			This bug should only affect a caching server that
			specifies a finite max-cache-size.  It's also quite
			likely that the bug happens only when enabling threads,
			but it's not confirmed yet. [RT #21818]
2010-08-11 22:56:59 +00:00
Evan Hunt
0658d99891 2936. [func] Improved configuration syntax and multiple-view
support for addzone/delzone feature (see change
			#2930).  Removed "new-zone-file" option, replaced
			with "allow-new-zones (yes|no)".  The new-zone-file
			for each view is now created automatically, with
			a filename generated from a hash of the view name.
			It is no longer necessary to "include" the
			new-zone-file in named.conf; this happens
			automatically.  Zones that were not added via
			"rndc addzone" can no longer be removed with
			"rndc delzone". [RT #19447]
2010-08-11 18:19:59 +00:00
Evan Hunt
4b186490dd Added function definitions and moved a variable declaration for win32 build. 2010-07-12 18:52:23 +00:00
Evan Hunt
ae7644fbdc updated api files for 9.7.2b1 release 2010-07-12 18:11:12 +00:00
Evan Hunt
92f39ccb5b 2930. [experimental] New "rndc addzone" and "rndc delzone" commads
allow dynamic addition and deletion of zones.
			To enable this feature, specify a "new-zone-file"
			option at the view or options level in named.conf.
			Zone configuration information for the new zones
			will be written into that file.  To make the new
			zones persist after a restart, "include" the file
			into named.conf in the appropriate view.  (Note:
			This feature is not yet documented, and its syntax
			is expected to change.) [RT #19447]
2010-07-11 00:12:19 +00:00
Automatic Updater
98afc1a6dd update copyright notice 2010-07-09 23:46:27 +00:00
Evan Hunt
59c9c71f36 2929. [bug] Improved handling of GSS security contexts:
- added LRU expiration for generated TSIGs
			 - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
			 - limited lifetime of generated keys to 1 hour
			   or the lifetime of the context (whichever is
			   smaller)
			[RT #19737]
2010-07-09 05:14:08 +00:00
Mark Andrews
5a7f05ee3c 2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]
2010-06-25 23:52:09 +00:00
Automatic Updater
c65ab74d31 update copyright notice 2010-06-25 23:46:33 +00:00
Mark Andrews
9777316c64 2924. [func] 'rndc secroots' dump a combined summary of the
current managed keys combined with trusted keys.
                        [RT #20904]
2010-06-25 03:51:07 +00:00
Automatic Updater
5b17e46285 update copyright notice 2010-06-23 23:46:36 +00:00
Mark Andrews
773efb00d2 2921. [bug] The resolver could attempt to destroy a fetch context
to soon.  [RT #19878]
2010-06-23 01:50:55 +00:00
Mark Andrews
13ce1be5d3 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
to IPv4 clients.  New acl 'filter-aaaa' (default any).
2010-06-22 04:04:22 +00:00
Mark Andrews
21879ffd57 AAAA not A 2010-06-18 05:37:15 +00:00
Mark Andrews
e2edd40cb4 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET. 2010-06-18 02:13:01 +00:00
Automatic Updater
5c24ec251e update copyright notice 2010-06-09 23:49:43 +00:00
Mark Andrews
a5840f0a32 2915. [cleanup] Be smarter about which objects we attempt to compile
based on configure options. [RT #21444]
2010-06-09 01:51:39 +00:00
Automatic Updater
db8dce00b0 update copyright notice 2010-06-04 23:50:01 +00:00
Mark Andrews
2b631b5d6f remove trailing comma 2010-06-04 00:14:53 +00:00