upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
6058 commits 18 branches 854 tags 440 MiB
Commit graph

3691 commits

Author SHA1 Message Date
Michael Sawyer
8cfe1a4846 Typo correction in DNS_MAX/MIN_RETRY usage 
Don't #define mins/maxes if they are already defined. (per MG)
 2000-07-25 19:29:00 +00:00
James Brister
d4ab9cd94f 348. [func] New named.conf boolean values 'glue-from-auth' and 
'glue-from-cache' now supported in view and global
			options statement.
 2000-07-25 17:55:43 +00:00
Brian Wellington
969f24b04c dns_dnssec_verifymessage should make sure that it's verifying with the right 
key (which should be the case anyway, but it never hurts to check).  Also
fix a memory leak and change a few _tostruct() calls to not allocate memory.
 2000-07-25 17:12:00 +00:00
Andreas Gustafsson
81b94e091c added new fetch option DNS_FETCHOPT_NOVALIDATE 2000-07-25 17:03:21 +00:00
Brian Wellington
60783293cc If a failed positive validation led us to try an insecurity proof, and the 
insecurity proof also failed, the validator event should normally contain
the error from the positive validation.
 2000-07-25 01:24:18 +00:00
Andreas Gustafsson
398bdb2710 in deleterdataset(), set the DNS_DBADD_FORCE flag 
when adding the deletion rdataset so that rdatasets can be deleted
regardless of their trust level
 2000-07-25 01:19:51 +00:00
Andreas Gustafsson
9037893f90 add() assumed dns_trust_authsecure is the highest trust level, 
but this is no longer the case.  Thus, the DNS_DBADD_FORCE option did not take effect
if the existing data was at level dns_trust_ultimate.  Since the DNS_DBADD_FORCE
option is currently used only with cached data, no actual harm has been done.
 2000-07-25 01:06:01 +00:00
Andreas Gustafsson
56f8b1c404 the "done" variable reintroduced in the previous revision 
was not initialized
 2000-07-24 23:55:19 +00:00
Andreas Gustafsson
516b9de0d9 eliminated needless code duplication between 
the yea_and_nay and notify_setting grammar rules
 2000-07-24 23:32:31 +00:00
Brian Wellington
687d363dea The "Ensures" condition for dns_db_deleterdataset was obviously wrong. 2000-07-24 23:10:50 +00:00
Michael Graff
ef653fbdb1 implement 'notify [ yes | no | explicit ]' 2000-07-24 22:59:44 +00:00
Andreas Gustafsson
6f12e3ca45 Restored the "done" variable removed in 1.150 and made 
the result code check after the loop deal with ISC_R_SUCCESS
instead.  The previous fix had the side effect of keeping multiple
answers to non-ANY queries, causing assertion failures in cache_name()
which is not prepared to deal with this situation
 2000-07-24 20:10:26 +00:00
Brian Wellington
1b1775921e If a message is built for one host, which isn't powered on, the tsig object 
wasn't removed until the xfer object was deleted, so when the xfer tried the
second master, it asserted.
 2000-07-24 05:30:30 +00:00
Michael Sawyer
2f0bfccf31 Remove dead REQUIRE 2000-07-22 00:40:39 +00:00
Michael Sawyer
f592550498 Add comments and make a slight REQUIRE change 2000-07-22 00:27:40 +00:00
Michael Sawyer
0371079513 Wire up key option in masters line. 2000-07-21 23:13:59 +00:00
Brian Wellington
c27767a7b9 tsig keys were not properly ref counted 2000-07-21 23:00:31 +00:00
Brian Wellington
3b2efab212 There's no real difference between the "sring" and "dring" parameters, so 
call them "ring1" and "ring2" instead.  Also remove a bogus assertion.
 2000-07-21 22:38:31 +00:00
Brian Wellington
2483a850e8 The call to dns_tsig_verify doesn't need a keyring. 2000-07-21 22:22:55 +00:00
Andreas Gustafsson
5aa7bca733 dns_rbt_printnode() formatted the node name 
into a buffer of 255 char pointers, not 255 chars; changed it
to use dns_name_format()
 2000-07-21 22:08:42 +00:00
James Brister
c35f1e5937 341. [func] Support 'key' clause in named.conf zone masters 
statement:

                                masters {
                                        10.0.0.1 port 666 key "foo";
                                        10.0.0.2 ;
                                };
 2000-07-21 21:25:01 +00:00
Brian Wellington
a49acbf201 Store tsig keys in an rbt, not a list. 2000-07-21 20:53:59 +00:00
Michael Sawyer
b6e3718b20 Should really allocate memory before trying to use it. 2000-07-21 20:51:44 +00:00
Andreas Gustafsson
e30c4dbe6f typos 2000-07-21 20:37:01 +00:00
Brian Wellington
84a47e20ae If the request was signed with a tsig key, verify the signature on the 
response.
 2000-07-21 20:33:13 +00:00
Brian Wellington
4be64854b4 The wrong name was being duped when a tsig key was generated using tkey. 2000-07-21 20:32:12 +00:00
Michael Sawyer
5813d091e9 Spacing changes 
replace memset with slightly more portable NULL initialization
properly NULL masterkeynames when zone is created
 2000-07-21 20:10:03 +00:00
Michael Sawyer
9b72c4648f Internal code for masters with key entries. Not wired into config yet. 2000-07-21 18:47:23 +00:00
Brian Wellington
d6e6858bb9 If dns_request_getresponse() fails, log it. 2000-07-20 19:34:16 +00:00
Brian Wellington
a5e73f3e9d Having a non-noerror value inn the tsig error field should always return 
DNS_R_TSIGERRORSET in dns_tsig_verify.  Change the result text to reflect
this.
 2000-07-20 19:32:57 +00:00
Andreas Gustafsson
b7ebc6a127 minor tweak to hash function of previous change 2000-07-20 01:15:25 +00:00
Andreas Gustafsson
f969863d54 replaced the hash function in dns_name_hash() by one 
that is simpler, faster, and produces a much more even distribution,
particularly when the data to hash ends with a null byte like domain
names often do
 2000-07-20 01:14:48 +00:00
Andreas Gustafsson
99eba32b06 Removed the code added in revision 1.57: 
"Store CNAMEs and their SIGs (if any) in their own name structure on
  the name list.  I.e. do not mix CNAMEs with non-CNAME data.  Do the
  same thing for DNAMEs."

because it caused DNSSEC validation of responses to ANY queries at
nodes with CNAME records to fail, and no one was able to figure out
why it was added in the first place.  As a beneficial side effect,
findname() now finds names even if they have attribute bits set
differently from the one being searched for.  This supersedes
the fix of revision 1.133.
 2000-07-20 00:05:32 +00:00
Andreas Gustafsson
aa5940281a When handling the response to an ANY query in a secure zone, deal with 
the multiple answer RRsets by validating each one separately.  Also,
eliminated the "done" variable in answer_response() because in the
rare situations where it got set to ISC_TRUE, it caused the function
to return prematurely by exiting a loop with a result of ISC_R_SUCCESS
and hitting a "if (result != ISC_R_NOMORE) return (result);" test
immediately following following the loop.

This should fix [RT #109], "ANY query in secure zone crashes server".
 2000-07-19 23:19:05 +00:00
Brian Wellington
209ec709f3 Use the isc hmac library instead of a separate implementation (not that 
the separate implementation was especially complicated).  dst hmac-md5 should
really go away at some point.
 2000-07-18 18:15:27 +00:00
James Brister
4ca8537286 Removed some debugging cruft. 
Fixed handling of octal/hexadecimal numbers on input.
 2000-07-18 13:19:27 +00:00
Brian Wellington
9df7d74e42 Use isc_base64_decodestring() instead of an explicit lexer. 2000-07-18 01:14:17 +00:00
Brian Wellington
49c8a96fba Don't require that tsig keys must be on a keyring. Also some other cleanup. 2000-07-18 00:46:03 +00:00
Brian Wellington
7a184cd4e5 don't copy a name structure, copy a pointer. 2000-07-18 00:44:52 +00:00
Brian Wellington
f6579931b3 Added calls to isc_log_wouldlog() in additional logging functions. 2000-07-17 23:25:35 +00:00
Brian Wellington
9c4cba349f 334. [func] Added hmac-md5 to libisc. 2000-07-17 17:33:39 +00:00
Andreas Gustafsson
0e65062acb strengthened the check added in the previous change: 
the new query domain must not only be a non-child of the query name,
it must be a parent of the query name (or equal to the query name)
 2000-07-16 18:26:18 +00:00
Andreas Gustafsson
64024eaa4d 333. [bug] The resolver incorrectly accepted referrals to 
subdomains of the query domain, causing an
                        assertion failure.
 2000-07-15 01:02:25 +00:00
David Lawrence
891a1bead8 Use new function dns_name_reset() to make a name have no data, instead 
of dns_name_concatenate(NULL, NULL, name, NULL).

Define DNS_NAME_USELINE to get macroized name functions.  Removed
older FAST_COUNTLABELS and FAST_ISABSOLUTE to use standard name
interface, which are covered by DNS_NAME_USEINLINE.
 2000-07-14 19:17:39 +00:00
David Lawrence
da527e4ff6 332. [func] New function dns_name_reset(). 2000-07-14 19:12:54 +00:00
Brian Wellington
da892e9733 Typo in comment - isc_time_microdiff returns microseconds, not milliseconds. 2000-07-14 16:59:32 +00:00
Andreas Gustafsson
10f4e9668a the INSIST condition of 1.145 was too strong, weakened it; 
dded another INSIST to help track down the INSIST(!external) crash
 2000-07-14 00:37:27 +00:00
Andreas Gustafsson
55da37e18f removed dead code 2000-07-14 00:33:09 +00:00
Brian Wellington
6bc1a64561 If a positive validation fails and it looks like the reason is that there 
are no material DNSSEC signatures, try an insecurity proof.
 2000-07-13 23:52:04 +00:00
Brian Wellington
4250285838 Return DNS_R_NAMETOOLONG in a few places where less useful errors were 
returned before.
 2000-07-13 18:10:18 +00:00