Mark Andrews
404f3152fa
4019. [func] If named is not configured to validate the answer
...
then allow fallback to plain DNS on timeout even
when we know the server supports EDNS. [RT #37978 ]
2014-12-05 18:12:56 +11:00
Tinderbox User
19c3ef455b
update copyright notice / whitespace
2014-12-03 23:46:11 +00:00
Mark Andrews
f6f0878e11
4018. [bug] Fall back to plain DNS when EDNS queries are being
...
dropped was failing. [RT #37965 ]
4017. [testing] Add system test to check lookups to legacy servers
with broken DNS behaviour. [RT #37965 ]
2014-12-04 07:07:09 +11:00
Mark Andrews
bbc8cca27d
4015. [bug] Nameservers that are skipped due to them being
...
CNAMEs were not being logged. They are now logged
to category 'cname' as per BIND 8. [RT #37935 ]
(cherry picked from commit ea3aa401bc
2014-12-03 11:47:10 +11:00
Mark Andrews
301160944f
4014. [bug] When including a master file origin_changed was
...
not being properly set leading to a potentially
spurious 'inherited owner' warning. [RT #37919 ]
(cherry picked from commit 6444de08d1
2014-12-03 09:46:28 +11:00
Francis Dupont
cb5b973a9e
Hardened OpenSSL digest/HMAC calls [RT #37944 ]
2014-12-02 12:58:05 +01:00
Evan Hunt
03d0fb5be2
[v9_9] win32 build fix
2014-11-20 15:57:17 -08:00
Evan Hunt
e2ed17e190
[v9_9] remove inadvertently-retained content from quota.h
2014-11-20 12:55:39 -08:00
Evan Hunt
1d47cb124d
[v9_9] refactor max-recursion-queries
...
- the counters weren't set correctly when fetches timed out.
instead we now pass down a counter object.
(cherry picked from commit 05e448935c6c049c57d9
2014-11-19 18:38:52 -08:00
Evan Hunt
711e833921
[v9_9] add max-recursion-queries
...
also fixes and documentation for max-recursion-depth
(cherry picked from commit c4f54e5bd1b3aa528d7e
2014-11-18 22:14:55 -08:00
Evan Hunt
603a0e2637
[v9_9] limit recursion depth and iterative queries
...
4006. [security] A flaw in delegation handling could be exploited
to put named into an infinite loop. This has
been addressed by placing limits on the number
of levels of recursion named will allow (default 7),
and the number of iterative queries that it will
send (default 50) before terminating a recursive
query (CVE-2014-8500).
The recursion depth limit is configured via the
"max-recursion-depth" option. [RT #35780 ]
2014-11-17 23:49:07 -08:00
Evan Hunt
922588e83e
[v9_9] fix false positive compiler warning
...
a "pointer always evaluates to true" warning was blocking
compilation of the radix ATF test when using --enable-developer
with gcc 4.8.2.
2014-11-15 00:55:20 -08:00
Evan Hunt
f6e2e95a7d
[v9_9] reference leak with AAAA glue but not A
...
4004. [bug] When delegations had AAAA glue but not A, a
reference could be leaked causing an assertion
failure on shutdown. [RT #37796 ]
(cherry picked from commit c4abb1971696b6923a25
2014-11-14 09:04:52 -08:00
Tinderbox User
ea276ca5fa
update copyright notice
2014-11-04 23:46:04 +00:00
Mark Andrews
7e43c092d4
add missing opening bracket
...
(cherry picked from commit a31d0513c3
2014-11-04 17:14:08 +11:00
Mark Andrews
c75e6e9756
DNS_STYLEFLAG_NOCRYPTO not supported in 9.9.x
2014-11-04 14:02:42 +11:00
Mark Andrews
4cc275ad08
3998. [bug] isc_radix_search was returning matches that were
...
to precise. [RT #37680 ]
(cherry picked from commit b976c39c07
2014-11-04 12:41:07 +11:00
Mark Andrews
bb4ef32432
3997. [protocol] Add OPENGPGKEY record. [RT# 37671]
2014-11-04 12:25:38 +11:00
Tinderbox User
2c0599bc2b
update copyright notice
2014-10-31 23:46:07 +00:00
Mark Andrews
14a1fe655c
3996. [bug] Address use after free on out of memory error in
...
keyring_add. [RT #37639 ]
(cherry picked from commit c2f8108123
2014-10-31 11:45:01 +11:00
Mark Andrews
241cf99bf5
3995. [bug] receive_secure_serial holds the zone lock for too
...
long. [RT #37626 ]
(cherry picked from commit 4e59131f181083f358ae
2014-10-31 11:40:05 +11:00
Mark Andrews
b73923f773
3989. [cleanup] Remove redundent dns_db_resigned calls. [RT #35748 ]
...
(cherry picked from commit eb5243365c
2014-10-30 10:55:10 +11:00
Tinderbox User
c64d8daa09
update copyright notice
2014-10-21 23:46:11 +00:00
Francis Dupont
88f53e412b
Handle VS14 incompatible changes [RT #37380 ]
2014-10-21 09:36:43 +02:00
Mark Andrews
f2b44f6586
3981. [bug] Cache DS/NXDOMAIN independently of other query types.
...
[RT #37467 ]
(cherry picked from commit 72775a79fe
2014-10-18 13:10:16 +11:00
Evan Hunt
7b4063bd24
[v9_9] add diffie-hellman key unit test
...
3978. [test] Added a unit test for Diffie-Hellman key
computation, completing change #3974 . [RT #37477 ]
(cherry picked from commit 188690149bbc59dcd76e
2014-10-17 15:58:29 -07:00
Evan Hunt
d1d6b9c1b3
[v9_9] correctly validate 5011 trust anchors
...
3976. [bug] When refreshing managed-key trust anchors, clear
any cached trust so that they will always be
revalidated with the current set of secure
roots. [RT #37506 ]
(cherry picked from commit eb6d61d5e05c409ba290
2014-10-17 15:42:02 -07:00
Tinderbox User
bff9e4ff82
update copyright notice
2014-10-16 23:46:04 +00:00
Mark Andrews
a83faea899
initialize rdataset->private7
...
(cherry picked from commit ca77632f65
2014-10-16 11:25:11 +11:00
Tinderbox User
9c4c75ddbf
update copyright notice
2014-10-13 23:46:06 +00:00
Mark Andrews
8b85186a3f
3974. [bug] handle DH_compute_key() failure correctly in
...
openssldh_link.c. [RT #37477 ]
(cherry picked from commit 58a1051e92
2014-10-13 23:42:43 +11:00
Mark Andrews
db7f16f51c
silence compiler warning
...
(cherry picked from commit bbec761a67
2014-10-08 17:47:59 +11:00
Tinderbox User
027014d649
update copyright notice
2014-10-04 23:46:05 +00:00
Mark Andrews
53373a6929
3971. [bug] Reduce the cascasding failures due to a bad $TTL line
...
in named-checkconf / named-checkzone. [RT #37138 ]
(cherry picked from commit c81d56c03e
2014-10-05 08:30:37 +11:00
Mark Andrews
aaf8ae4297
3966. [bug] Missing dns_db_closeversion call in receive_secure_db.
...
[RT #35746 ]
(cherry picked from commit 9c0589bc8b
2014-10-03 07:52:17 +10:00
Tinderbox User
aaa24cf075
update copyright notice
2014-09-30 23:47:13 +00:00
Mark Andrews
650404030c
3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with
...
BADSIG. [RT #37216 ]
(cherry picked from commit a6869655d6
2014-10-01 07:43:17 +10:00
Mark Andrews
a962ff7d5e
3959. [bug] Updates could be lost if they arrived immediately
...
after a rndc thaw. [RT #37233 ]
(cherry picked from commit fa827173df
2014-10-01 07:00:02 +10:00
Tinderbox User
141adfd898
update copyright notice
2014-09-29 23:46:13 +00:00
Mark Andrews
332652409f
3958. [bug] Detect when writeable files have multiple references
...
in named.conf. [RT #37172 ]
(cherry picked from commit 386d6c08167bc048dfd20e3bba051a5f9d3cc545)
2014-09-29 11:32:52 +10:00
Mark Andrews
0ae15932ae
3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
...
and ECDSAP384SHA384. [RT #37183 ]
(cherry picked from commit 80169c379d
2014-09-29 10:27:24 +10:00
Tinderbox User
911e552d6c
update copyright notice
2014-09-28 23:46:05 +00:00
Mark Andrews
c41a438d4d
3955. [bug] Notify messages due to changes are no longer queued
...
behind startup notify messages. [RT #24454 ]
(cherry picked from commit 319659fc23
2014-09-29 09:35:15 +10:00
Tinderbox User
9dca2871b7
update copyright notice
2014-09-27 23:46:06 +00:00
Mark Andrews
bb2451e0e1
3953. [bug] Don't escape semi-colon in TXT fields. [RT #37159 ]
...
(cherry picked from commit 9a36fb86f5
2014-09-27 12:14:57 +10:00
Mark Andrews
6c34e1c183
3952. [bug] dns_name_fullcompare failed to set *nlabelsp when the
...
two name pointers were the same. [RT #37176 ]
(cherry picked from commit a266ab205b
2014-09-27 11:47:17 +10:00
Evan Hunt
9ce5221877
[v9_9] prep 9.9.6
2014-09-16 09:35:23 -07:00
Evan Hunt
17c9e5f31d
[v9_9] spelling
2014-09-15 18:19:39 -07:00
Mark Andrews
c0416dd92b
update named-checkzone manpage for SPF changes
2014-09-13 07:56:19 +10:00
Tinderbox User
e438b6de1e
update copyright notice
2014-09-05 23:46:22 +00:00
