390 commits

Author	SHA1	Message	Date
Mark Andrews	85fcd0b9b2	3299. [bug] Make SDB handle errors from database drivers better. ... [RT #28534]	2012-03-28 10:21:13 +11:00
Evan Hunt	207845805e	set $Id$	2012-03-07 08:18:20 -08:00
Evan Hunt	2d7f41d66c	Revert "Re-created rt27597a for ongoing DLZ work" ... This reverts commit d731ee9121.	2012-03-05 15:42:52 -08:00
Evan Hunt	d731ee9121	Re-created rt27597a for ongoing DLZ work	2012-03-05 14:45:30 -08:00
Evan Hunt	632c0f1e91	Revert accidental merge of unfinished DLZ work	2012-03-05 14:44:21 -08:00
Evan Hunt	954501715d	checkpoint: multiple-DLZ functionality ... - multiple DLZ's can be specified, including multiple DLZ's using the same driver; e.g., two different back-ends both loaded by the dlopen driver - new "search" option can be specified in a DLZ indicating whether this DLZ database should be searched for unknown zones. The default is "yes". If "no", then the zone can only be found by named if it's registered in the zone table, which happens if the zone is configured for dynamic updates, or if "dlz <dlzname>" is specified in the zone statement. (The latter functionality is incomplete in this commit).	2012-03-03 22:43:38 -08:00
Mark Andrews	81274f4b08	3280. [bug] Potential double free of a rdataset on out of memory ... with DNS64. [RT #27762]	2012-02-07 01:07:47 +00:00
Automatic Updater	41f1164438	update copyright notice	2012-01-31 23:47:33 +00:00
Evan Hunt	93143fd81a	3273. [bug] AAAA responses could be returned in the additional ... section even when filter-aaaa-on-v4 was in use. [RT #27292]	2012-01-31 06:58:39 +00:00
Evan Hunt	c19cfefe7e	3262. [bug] Signed responses were handled incorrectly by RPZ. ... [RT #27316]	2012-01-07 00:19:59 +00:00
Automatic Updater	f76bddd50b	update copyright notice	2012-01-04 23:46:49 +00:00
Evan Hunt	56c9fcf075	3260. [bug] "rrset-order cyclic" could appear not to rotate ... for some query patterns. [RT #27170/27185]	2012-01-04 03:06:51 +00:00
Evan Hunt	7c6a1a11fa	3218. [security] Cache lookup could return RRSIG data associated with ... nonexistent records, leading to an assertion failure. [RT #26590]	2011-11-16 09:44:32 +00:00
Mark Andrews	7b4b6f361b	3186. [bug] Version/db mis-match in rpz code. [RT #26180]	2011-10-28 11:46:50 +00:00
Mark Andrews	ada40193c8	3175. [bug] Fix how DNSSEC positive wildcard responses from a ... NSEC3 signed zone are validated. Stop sending a unnecessary NSEC3 record when generating such responses. [RT #26200]	2011-10-20 21:42:11 +00:00
Automatic Updater	304a539c59	update copyright notice	2011-10-13 22:48:24 +00:00
Vernon Schryver	9fee08f655	Commit rt25172 changes to HEAD including ... - fix precedence among competing rules - improve ARM text including documenting rule precedence - try to rewrite CNAME chains until first hit - new "rpz" logging channel - same fix for "NS ." as in RT 24985	2011-10-13 01:32:34 +00:00
Automatic Updater	ea68e8eba9	update copyright notice	2011-10-12 23:46:34 +00:00
Mark Andrews	af850c4120	3168. [bug] Nxdomain redirection could trigger a assert with ... a ANY query. [RT #26017]	2011-10-12 23:09:35 +00:00
Automatic Updater	0e11ca0f0b	update copyright notice	2011-10-11 23:46:45 +00:00
Evan Hunt	793814f807	3164. [func] Enable DLZ modules to retrieve client information, ... so that responses can be changed depending on the source address of the query. [RT #25768]	2011-10-11 00:09:03 +00:00
Automatic Updater	ca894e53b5	update copyright notice	2011-09-02 23:46:33 +00:00
Evan Hunt	9e4afc9b39	3151. [bug] Queries for type RRSIG or SIG could be handled ... incorrectly. [RT #21050]	2011-09-02 21:55:16 +00:00
Mark Andrews	475b1ed9cc	3126. [security] Using DNAME record to generate replacements caused ... RPZ to exit with a assertion failure. [RT #23766]	2011-06-09 03:10:17 +00:00
Mark Andrews	b64e3b8358	3125. [security] Using wildcard CNAME records as a replacement with ... RPZ caused named to exit with a assertion failure. [RT #24715]	2011-06-09 00:42:51 +00:00
Evan Hunt	6de9744cf9	3124. [bug] Use an rdataset attribute flag to indicate ... negative-cache records rather than using rrtype 0; this will prevent problems when that rrtype is used in actual DNS packets. [RT #24777] 3123. [security] Change #2912 exposed a latent flaw in dns_rdataset_totext() that could cause named to crash with an assertion failure. [RT #24777]	2011-06-08 22:13:51 +00:00
Mark Andrews	c0984ac8bd	3115. [bug] Named could fail to return requested data when ... following a CNAME that points into the same zone. [RT #2445]	2011-05-20 05:09:30 +00:00
Automatic Updater	46ce2f7b60	update copyright notice	2011-04-27 23:47:26 +00:00
Evan Hunt	76db58eb81	3100. [security] Certain response policy zone configurations could ... trigger an INSIST when receiving a query of type RRSIG. [RT #24280]	2011-04-27 17:46:47 +00:00
Evan Hunt	7a2173839c	3099. [test] "dlz" system test now runs but gives R:SKIPPED if ... not compiled with --with-dlz-filesystem. [RT #24146] 3098. [bug] DLZ zones were answering without setting the AA bit. [RT #24146]	2011-04-19 22:30:52 +00:00
Francis Dupont	a8e6a8cd6c	fix too long with dname error	2011-03-18 21:12:19 +00:00
Mark Andrews	0874abad14	3069. [cleanup] Silence warnings messages from clang static analysis. ... [RT #20256]	2011-03-11 06:11:27 +00:00
Evan Hunt	422009fe5b	3066. [func] The DLZ "dlopen" driver is now built by default, ... no longer requiring a configure option. To disable it, use "configure --without-dlopen". Driver also supported on win32. [RT #23467]	2011-03-10 04:36:16 +00:00
Automatic Updater	45caada8cb	update copyright notice	2011-02-23 23:47:20 +00:00
Mark Andrews	0e507dbb81	2039. [func] Redirect on NXDOMAIN support. [RT #23146]	2011-02-23 03:08:11 +00:00
Scott Mann	57b403c1e9	Fix prz SERVFAILs after failed zone transfers (RT23246).	2011-02-18 15:18:30 +00:00
Mark Andrews	c1ee8bb4ba	3013. [bug] The DNS64 ttl was not always being set as expected. ... [RT #23034]	2011-02-03 07:35:56 +00:00
Mark Andrews	cc5e0baaef	arguements out of order	2011-01-13 23:16:06 +00:00
Automatic Updater	9cee5bb028	update copyright notice	2011-01-13 04:59:26 +00:00
Mark Andrews	87708bde16	3008. [func] Response policy zones (RPZ) support. [RT #21726]	2011-01-13 01:59:28 +00:00
Evan Hunt	d9ad0a55bb	3000. [bug] More TKEY/GSS fixes: ... - nsupdate can now get the default realm from the user's Kerberos principal - corrected gsstest compilation flags - improved documentation - fixed some NULL dereferences [RT #22795]	2010-12-24 02:20:47 +00:00
Tatuya JINMEI 神明達哉	743bbdc18f	2947. [func] Add new zone type "static-stub". It's like a stub ... zone, but the nameserver names and/or their IP addresses are statically configured. [RT #21474] (for 9.8.0)	2010-12-16 09:51:30 +00:00
Automatic Updater	b8a9a7bef2	update copyright notice	2010-12-08 23:51:56 +00:00
Mark Andrews	e334405421	2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]	2010-12-08 02:46:17 +00:00
Mark Andrews	ed83fa75f5	2963. [security] The allow-query acl was being applied instead of the ... allow-query-cache acl to cache lookups. [RT #22114]	2010-09-24 05:09:03 +00:00
Mark Andrews	082f42dcf2	2960. [func] Check that named accepts non-authoritative answers. ... [RT #21594]	2010-09-15 12:07:56 +00:00
Mark Andrews	8fb412590e	2953. [bug] Silence spurious "expected covering NSEC3, got an ... exact match" message when returning a wildcard no data response. [RT #21744]	2010-09-07 02:28:17 +00:00
Tatuya JINMEI 神明達哉	f1f39b7e07	2931. [bug] Temporarily and partially disable change 2864 ... because it would cause inifinite attempts of RRSIG queries. This is an urgent care fix; we'll revisit the issue and complete the fix later. [RT #21710]	2010-07-15 01:17:45 +00:00
Automatic Updater	1b67d9b719	update copyright notice	2010-06-26 23:46:49 +00:00
Mark Andrews	810656a187	2925. [bug] Named failed to accept uncachable negative responses ... from insecure zones. [RT# 21555]	2010-06-25 23:50:13 +00:00