upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
16504 commits 18 branches 854 tags 440 MiB
Commit graph

7890 commits

Author SHA1 Message Date
Evan Hunt
5b72cda36b update API and def files for 9.7.0b2 release 2009-10-28 18:13:24 +00:00
Evan Hunt
5cb44a38d9 back out change 2740 2009-10-28 18:04:29 +00:00
Evan Hunt
be69d48443 2742. [cleanup] Clarify some DNSSEC-related log messages in 
validator.c. [RT #19589]
 2009-10-28 05:34:21 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e9d45c0a04 2740. [func] Identify bad answers from GTLD servers and treat them 
as referrals. [RT #18884]
 2009-10-27 23:05:53 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust 
anchors for a view. [RT #20211]
 2009-10-27 22:46:13 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Mark Andrews
63d5a6f680 2736. [func] Improve the performance of NSEC signed zones with 
more than a normal amount of glue below a delegation.
                        [RT #20191]
 2009-10-27 04:46:58 +00:00
Evan Hunt
e8831e51c1 2735. [bug] dnssec-signzone could fail to read keys 
that were specified on the command line with
			full paths, but weren't in the current
			directory. [RT #20421]
 2009-10-27 03:59:45 +00:00
Automatic Updater
5f744ebbdc update copyright notice 2009-10-26 23:47:35 +00:00
Evan Hunt
c8aa7ce70d 2732. [func] Add optional filter-aaaa-on-v4 option, available 
if built with './configure --enable-filter-aaaa'.
			Filters out AAAA answers to clients connecting
			via IPv4.  (This is NOT recommended for general
			use.) [RT #20339]
 2009-10-26 23:14:54 +00:00
Evan Hunt
c021499604 2731. [func] Additional work on change 2709. The key parser 
will now ignore unrecognized fields when the
			minor version number of the private key format
			has been increased.  It will reject any key with
			the major version number increased. [RT #20310]
 2009-10-26 21:18:24 +00:00
Automatic Updater
0da9fafc18 update copyright notice 2009-10-24 23:47:36 +00:00
Francis Dupont
775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Automatic Updater
510032fdf4 update copyright notice 2009-10-22 23:48:07 +00:00
Evan Hunt
cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512. [RT #20023]
 2009-10-22 02:21:31 +00:00
Automatic Updater
3cae549ddb update copyright notice 2009-10-21 23:48:05 +00:00
Evan Hunt
8ec993c774 2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and 
isc_base64_totext(), didn't always mark regions of
			memory as fully consumed after conversion.  [RT #20445]
 2009-10-21 01:22:29 +00:00
Automatic Updater
b15df8f9bc update copyright notice 2009-10-20 23:47:32 +00:00
Mark Andrews
7704a47aec 2722. [bug] Ensure that the memory associated with the name of 
a node in a rbt tree is not altered during the life
                        of the node. [RT #20431]
 2009-10-20 04:57:57 +00:00
Mark Andrews
a01095a487 2721. [port] Have dst__entropy_status() prime the random number 
generator. [RT #20369]
 2009-10-20 04:39:48 +00:00
Evan Hunt
bfbd69c43f 2720. [bug] RFC 5011 trust anchor updates could trigger an 
assert if the DNSKEY record was unsigned. [RT #20406]
 2009-10-20 04:13:38 +00:00
Mark Andrews
3c5e54941f 2718. [bug] The space calculations in opensslrsa_todns() were 
incorrect. [RT #20394]
 2009-10-20 02:59:19 +00:00
Mark Andrews
29dd4bdd14 2717. [bug] named failed to update the NSEC/NSEC3 record when 
the last private type record was removed as a result
                        of completing the signing the zone with a key.
                        [RT #20399]
 2009-10-20 02:45:06 +00:00
Mark Andrews
9ac35b4e4d grammar, line length 2009-10-19 02:37:08 +00:00
Automatic Updater
8ab6a775bb update copyright notice 2009-10-16 23:47:54 +00:00
Evan Hunt
8f7de3db7e Respinning to fix memory leak in dnssec-signzone. (Also adopting doc changes.) 2009-10-16 02:59:41 +00:00
Automatic Updater
f6cd5ef97a update copyright notice 2009-10-14 23:47:51 +00:00
Mark Andrews
cbee6197d1 2713. [bug] powerpc: atomic operations missing asm("ics") / 
__isync() calls.
 2009-10-14 03:54:23 +00:00
Evan Hunt
19ac4707ee changes needed for win32 build 2009-10-13 00:55:51 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Mark Andrews
30bb4870da remove, not zero, extended flags 2009-10-12 09:03:06 +00:00
Mark Andrews
11804ca08f zero extended flags 2009-10-12 08:57:38 +00:00
Mark Andrews
515053881b remove extended flags before comparing if set 2009-10-12 06:05:29 +00:00
Mark Andrews
af20baa960 silence compiler warning/enforce const [RT #20390] 2009-10-12 05:50:52 +00:00
Automatic Updater
8667770ad2 update copyright notice 2009-10-10 23:47:58 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Mark Andrews
0d9fb986c5 silence comiler warning 2009-10-10 01:13:39 +00:00
Automatic Updater
8a07de2f03 update copyright notice 2009-10-09 23:48:09 +00:00
Evan Hunt
315a1514a5 2709. [func] Added some data fields, currently unused, to the 
private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]
 2009-10-09 06:09:21 +00:00
Mark Andrews
d1bcaec0d6 2708. [func] Insecure to secure and NSEC3 parameter changes via 
update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.
 2009-10-09 00:33:39 +00:00
Mark Andrews
bb4e0bd8e8 silence ininitialised 2009-10-08 23:58:14 +00:00
Mark Andrews
0838b3c02f Recompute check_ksk as it may have changed 2009-10-08 23:55:57 +00:00
Automatic Updater
15bbb8a129 update copyright notice 2009-10-08 23:48:10 +00:00
Mark Andrews
2847930722 2708. [func] Insecure to secure and NSEC3 parameter changes via 
update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.
 2009-10-08 23:13:07 +00:00
Evan Hunt
246c504f90 2706. [bug] Loading a zone with a very large NSEC3 salt could 
trigger an assert. [RT #20368]
 2009-10-06 21:20:45 +00:00
Automatic Updater
e74245134d update copyright notice 2009-10-06 04:40:14 +00:00
Automatic Updater
464f9144fe update copyright notice 2009-10-05 23:48:27 +00:00
Evan Hunt
ea845a6b72 Rebase all of the API files to interface=60, as this is the first 
beta of a new major release.
 2009-10-05 22:01:26 +00:00