upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-02 13:30:44 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
17253 commits 18 branches 854 tags 440 MiB
Commit graph

1518 commits

Author SHA1 Message Date
Automatic Updater
4dd3ec797d update copyright notice 2010-05-18 02:38:10 +00:00
Mark Andrews
8d31dd9ab6 2897. [bug] NSEC3 chains could be left behind when transitioning 
to insecure. [RT #21040]
 2010-05-18 01:39:41 +00:00
Automatic Updater
515c7f3c43 update copyright notice 2010-05-14 23:50:40 +00:00
Mark Andrews
778a01b1aa 2893. [bug] Improve managed keys support. New named.conf option 
managed-keys-directory. [RT #20924]
 2010-05-14 04:48:28 +00:00
Mark Andrews
44f175a90a 2892. [bug] Handle REVOKED keys better. [RT #20961] 2010-05-14 04:38:52 +00:00
Mark Andrews
b335299322 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:13:43 +00:00
Automatic Updater
a955420bed update copyright notice 2010-05-10 23:50:55 +00:00
Mark Andrews
121f783b66 2881. [bug] Reduce the amount of time the rbtdb write lock 
is held when closing a version. [RT #21198]
 2010-05-10 01:39:03 +00:00
Automatic Updater
4d42b714be update copyright notice 2010-03-04 23:50:34 +00:00
Mark Andrews
2e20dea9fc 2854. [func] nsupdate will now preserve the entered case of domain 
names in update requests it sends. [RT #20928]
 2010-03-04 05:24:56 +00:00
Mark Andrews
13396661f4 2854. [func] dig: allow the final soa record in a axfr response to 
be suppressed, dig +onesoa. [RT #20929]
 2010-03-04 05:18:04 +00:00
Automatic Updater
bd2b08d5a3 update copyright notice 2010-02-25 05:08:01 +00:00
Mark Andrews
0cae66577c 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 04:39:13 +00:00
Automatic Updater
8576a40424 update copyright notice 2010-01-12 23:48:57 +00:00
Francis Dupont
d481cfdab5 fix spelling in comment 2010-01-12 23:23:21 +00:00
Automatic Updater
b871a3e0cd update copyright notice 2010-01-09 23:48:45 +00:00
Francis Dupont
a26d73a734 fix trivial typo in comment 2010-01-09 15:21:10 +00:00
Automatic Updater
400615c294 update copyright notice 2009-12-30 23:49:14 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Evan Hunt
9ead684875 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:46:58 +00:00
Mark Andrews
5b77627c09 2824. [bug] "rndc sign" was not being run by the correct task. 
[RT #20759]
 2009-12-29 22:20:33 +00:00
Evan Hunt
bd31f734ee 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define 
[RT #20771]
 2009-12-24 00:35:46 +00:00
Evan Hunt
4e55893d30 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:16:49 +00:00
Automatic Updater
4b6dc226f7 update copyright notice 2009-12-04 22:06:37 +00:00
Mark Andrews
3d17a3ba61 2801. [func] Detect and report records that are different according 
to DNSSEC but are sematically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};
 2009-12-04 21:09:34 +00:00
Mark Andrews
5d850024cb 2800. [func] Reject zones which have NS records which refer to 
CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]
 2009-12-04 03:33:15 +00:00
Evan Hunt
8e4f3f1cbc 2799. [cleanup] Changed the "secure-to-insecure" option to 
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
			to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
 2009-12-03 23:18:17 +00:00
Evan Hunt
22304041d1 typo caused a missing semicolon 2009-12-03 16:49:09 +00:00
Evan Hunt
e6dda86e8b 2798. [bug] Addressed bugs in managed-keys initialization 
and rollover. [RT #20683]
 2009-12-03 15:40:03 +00:00
Vernon Schryver
5d9922e86f Allow the optional filter-aaaa-on-v4 option in view statements to close #20635 2009-11-28 15:57:37 +00:00
Automatic Updater
2b2fc9b4df update copyright notice 2009-11-25 23:49:22 +00:00
Mark Andrews
d0ca4e90e2 2786. [bug] Additional could be promoted to answer. [RT #20663] 2009-11-25 02:22:05 +00:00
Evan Hunt
cef109efa7 2780. [bug] dnssec-keygen -A none didn't properly unset the 
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
 2009-11-23 02:55:41 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00
Automatic Updater
2d84cba8f4 update copyright notice 2009-11-04 23:48:18 +00:00
Mark Andrews
0181a0a92f 2747. [bug] Journal roll forwards failed to set the re-signing 
time of RRSIGs correctly. [RT #20541]
 2009-11-04 01:25:55 +00:00
Mark Andrews
a3285e811d 2746. [port] hpux: address signed/unsigned expansion mismatch of 
dns_rbtnode_t.nsec. [RT #20542]
 2009-11-04 01:18:19 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust 
anchors for a view. [RT #20211]
 2009-10-27 22:46:13 +00:00
Mark Andrews
63d5a6f680 2736. [func] Improve the performance of NSEC signed zones with 
more than a normal amount of glue below a delegation.
                        [RT #20191]
 2009-10-27 04:46:58 +00:00
Evan Hunt
e8831e51c1 2735. [bug] dnssec-signzone could fail to read keys 
that were specified on the command line with
			full paths, but weren't in the current
			directory. [RT #20421]
 2009-10-27 03:59:45 +00:00
Automatic Updater
5f744ebbdc update copyright notice 2009-10-26 23:47:35 +00:00
Evan Hunt
c8aa7ce70d 2732. [func] Add optional filter-aaaa-on-v4 option, available 
if built with './configure --enable-filter-aaaa'.
			Filters out AAAA answers to clients connecting
			via IPv4.  (This is NOT recommended for general
			use.) [RT #20339]
 2009-10-26 23:14:54 +00:00
Evan Hunt
c021499604 2731. [func] Additional work on change 2709. The key parser 
will now ignore unrecognized fields when the
			minor version number of the private key format
			has been increased.  It will reject any key with
			the major version number increased. [RT #20310]
 2009-10-26 21:18:24 +00:00
Francis Dupont
775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Evan Hunt
cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512. [RT #20023]
 2009-10-22 02:21:31 +00:00
Mark Andrews
7704a47aec 2722. [bug] Ensure that the memory associated with the name of 
a node in a rbt tree is not altered during the life
                        of the node. [RT #20431]
 2009-10-20 04:57:57 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Automatic Updater
8a07de2f03 update copyright notice 2009-10-09 23:48:09 +00:00