ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
04a5477eb23bf495ebc0daabd1494f3409c5a2ec
bind9/lib/dns
History
Aram Sargsyan 354ae2d7e3 Don't trust a placeholder KEYDATA record 
When named starts it creates an empty KEYDATA record in the managed-keys
zone as a placeholder, then schedules a key refresh. If key refresh
fails for some reason (e.g. connectivity problems), named will load the
placeholder key into secroots as a trusted key during the next startup,
which will break the chain of trust, and named will never recover from
that state until managed-keys.bind and managed-keys.bind.jnl files are
manually deleted before (re)starting named again.

Before calling load_secroots(), check that we are not dealing with a
placeholder.
2022-11-01 09:50:34 +00:00
..
include
Refactor dns_master_dump*async() to use offloaded work
2022-10-31 10:30:27 +00:00
rdata
Add dns_rdata_checksvcb
2022-10-29 00:22:54 +11:00
.gitignore
acl.c
Improve reporting for pthread_once errors
2022-10-14 16:39:21 +02:00
adb.c
Update netmgr, tasks, and applications to use isc_loopmgr
2022-08-26 09:09:24 +02:00
badcache.c
Use designated initializers instead of memset()/MEM_ZERO for structs
2022-10-05 16:44:05 +02:00
byaddr.c
Remove dns_lookup and unused functions in dns_byaddr
2022-05-25 14:44:32 +02:00
cache.c
De-duplicate __FILE__, __LINE__
2022-10-17 11:58:26 +01:00
callbacks.c
catz.c
Add and use semantic patch to replace isc_mem_get/allocate+memset
2022-10-05 16:44:05 +02:00
client.c
Remove unused lib/dns/tsec
2022-10-25 10:35:07 +02:00
clientinfo.c
compress.c
Simplify and speed up DNS name compression
2022-10-17 08:45:44 +02:00
db.c
Improve reporting for pthread_once errors
2022-10-14 16:39:21 +02:00
dbiterator.c
diff.c
De-duplicate __FILE__, __LINE__
2022-10-17 11:58:26 +01:00
dispatch.c
Implement TLS transport support for dns_request and dns_dispatch
2022-09-19 16:36:28 +00:00
dlz.c
Improve reporting for pthread_once errors
2022-10-14 16:39:21 +02:00
dns64.c
dnsrps.c
Use designated initializers instead of memset()/MEM_ZERO for structs
2022-10-05 16:44:05 +02:00
dnssec.c
Add the ability specify the signing / verification time
2022-09-26 16:28:12 +02:00
dnstap.c
Use designated initializers instead of memset()/MEM_ZERO for structs
2022-10-05 16:44:05 +02:00
dnstap.proto
ds.c
dst_api.c
Change the return type of isc_lex_create() to void
2022-10-26 12:55:06 +02:00
dst_internal.h
dst_openssl.h
dst_parse.c
dst_parse.h
dyndb.c
Improve reporting for pthread_once errors
2022-10-14 16:39:21 +02:00
ecs.c
fixedname.c
forward.c
Cleanup dns_fwdtable_delete()
2022-06-09 10:47:04 +00:00
gen.c
Use the semantic patch to do the unsigned -> unsigned int change
2022-09-19 15:56:02 +02:00
geoip2.c
gssapi_link.c
gssapictx.c
hmac_link.c
ipkeylist.c
iptable.c
journal.c
De-duplicate __FILE__, __LINE__
2022-10-17 11:58:26 +01:00
kasp.c
Store built-in dnssec-policies in defaultconf
2022-06-28 11:56:31 +02:00
key.c
keydata.c
keymgr.c
Nit changes in keymgr and kasp
2022-06-28 11:56:31 +02:00
keytable.c
Add synth-from-dnssec namespaces for keytable entries
2022-07-05 12:29:01 +10:00
log.c
Makefile.am
Remove unused lib/dns/tsec
2022-10-25 10:35:07 +02:00
master.c
Move the zone loading to the offloaded threads
2022-10-30 14:56:40 -07:00
masterdump.c
Refactor dns_master_dump*async() to use offloaded work
2022-10-31 10:30:27 +00:00
message.c
Simplify and speed up DNS name compression
2022-10-17 08:45:44 +02:00
name.c
Add dns_name_isdnssvcb
2022-10-29 00:22:54 +11:00
ncache.c
Simplify and speed up DNS name compression
2022-10-17 08:45:44 +02:00
nsec3.c
nsec3.c: Add a missing dns_db_detachnode() call
2022-08-23 11:01:31 +02:00
nsec.c
Wait with NSEC3 during a DNSSEC policy change
2022-08-22 15:55:46 +02:00
nta.c
Resolve violation of weak referencing dns_view
2022-10-05 11:59:36 -07:00
openssl_link.c
Add ENGINE_init and ENGINE_finish calls
2022-09-23 13:15:16 +10:00
openssl_shim.c
openssl_shim.h
Remove DH_clear_flags call
2022-07-18 13:38:47 +02:00
openssldh_link.c
Do not use OSSL_PARAM when engine API is compiled
2022-09-23 13:17:53 +10:00
opensslecdsa_link.c
Remove engine related parts for OpenSSL 3.0
2022-09-23 13:17:55 +10:00
openssleddsa_link.c
Free ctx on invalid siglen
2022-09-08 11:27:31 +02:00
opensslrsa_link.c
Check BN_dup results in rsa_check
2022-09-28 09:24:34 +10:00
order.c
peer.c
Add server clause require-cookie
2022-09-13 12:07:13 +10:00
private.c
Increase the BUFSIZ-long buffers
2022-07-15 10:33:46 +00:00
rbt.c
Replace #define DNS_NAMEATTR_ with struct of bools
2022-10-13 17:04:02 +02:00
rbtdb.c
De-duplicate __FILE__, __LINE__
2022-10-17 11:58:26 +01:00
rbtdb.h
rcode.c
Use the semantic patch to do the unsigned -> unsigned int change
2022-09-19 15:56:02 +02:00
rdata.c
Add dns_rdata_checksvcb
2022-10-29 00:22:54 +11:00
rdatalist_p.h
rdatalist.c
dns_rdatalist_tordataset() and dns_rdatalist_fromrdataset() can not fail
2022-08-09 08:19:51 +00:00
rdataset.c
Simplify and speed up DNS name compression
2022-10-17 08:45:44 +02:00
rdatasetiter.c
rdataslab.c
Add and use semantic patch to replace isc_mem_get/allocate+memset
2022-10-05 16:44:05 +02:00
request.c
Simplify and speed up DNS name compression
2022-10-17 08:45:44 +02:00
resolver.c
Match prefetch eligibility behavior with ARM
2022-10-21 10:19:23 +00:00
result.c
rootns.c
rpz.c
De-duplicate __FILE__, __LINE__
2022-10-17 11:58:26 +01:00
rriterator.c
rrl.c
Replace #define DNS_NAMEATTR_ with struct of bools
2022-10-13 17:04:02 +02:00
sdb.c
Change the return type of isc_lex_create() to void
2022-10-26 12:55:06 +02:00
sdlz.c
Change the return type of isc_lex_create() to void
2022-10-26 12:55:06 +02:00
soa.c
ssu_external.c
ssu.c
stats.c
Emit key algorithm + key id in dnssec signing statsistics
2022-09-15 08:42:45 +10:00
tests
Move all the unit tests to /tests/<libname>/
2022-05-28 14:53:02 -07:00
time.c
tkey.c
Refactor tkey.c:buildquery() error handling
2022-08-16 07:36:12 +00:00
transport.c
Implement DoT support for nsupdate
2022-09-23 13:23:49 +00:00
tsig_p.h
tsig.c
Replace #define DNS_NAMEATTR_ with struct of bools
2022-10-13 17:04:02 +02:00
ttl.c
Use the semantic patch to do the unsigned -> unsigned int change
2022-09-19 15:56:02 +02:00
update.c
validator.c
view.c
Change the return type of isc_lex_create() to void
2022-10-26 12:55:06 +02:00
xfrin.c
Simplify and speed up DNS name compression
2022-10-17 08:45:44 +02:00
zone_p.h
zone.c
Don't trust a placeholder KEYDATA record
2022-11-01 09:50:34 +00:00
zonekey.c
zoneverify.c
Add and use semantic patch to replace isc_mem_get/allocate+memset
2022-10-05 16:44:05 +02:00
zt.c