upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-22 09:20:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
19174 commits 18 branches 854 tags 440 MiB
Commit graph

1548 commits

Author SHA1 Message Date
Evan Hunt
65fdd59d4c 3204. [bug] When a master server that has been marked as 
unreachable but sends a NOTIFY, mark it reachable
			again. [RT #25960]
 2011-11-04 05:52:21 +00:00
Evan Hunt
691d1d2c86 3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to 
dnssec.h. [RT #26415]
 2011-11-03 02:56:18 +00:00
Automatic Updater
c282d8a75b update copyright notice 2011-11-01 23:46:12 +00:00
Evan Hunt
23dd98b032 3188. [bug] zone.c:zone_refreshkeys() could fail to detach 
references correctly when errors occurred, causing
			a hang on shutdown. [RT #26372]
 2011-11-01 03:59:35 +00:00
Automatic Updater
871e091d33 update copyright notice 2011-10-27 23:45:36 +00:00
Scott Mann
07a0a4dedb fix edns0 retry issues (rt #23393/24964). 2011-10-27 20:29:42 +00:00
Automatic Updater
7ac50d49b3 update copyright notice 2011-10-20 23:46:05 +00:00
Mark Andrews
45ed7563d3 3174. [bug] Always compute to revoked key tag from scratch. 
[RT #24711]
 2011-10-20 21:26:17 +00:00
Automatic Updater
35973584f3 update copyright notice 2011-09-05 23:45:33 +00:00
Evan Hunt
2533514b8b 3149. [tuning] Improve scalability by allocating one zone 
task per 100 zones at startup time.  (The
			BIND9_ZONE_TASKS_HINT environment variable
			which was established as a temporary measure
			in change #3132 is no longer needed or
			used.) [rt25541]
 2011-09-02 20:22:27 +00:00
Evan Hunt
b55dbfdc1e 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-08 23:15:44 +00:00
Evan Hunt
015872cba9 3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664] 2011-06-02 20:23:49 +00:00
Automatic Updater
7a0ca2b0c7 update copyright notice 2011-05-28 00:15:26 +00:00
Mark Andrews
d44cb7d304 move dns_trust_totext from masterdump.c to rdataset.c so that exportlib will build 2011-05-27 04:41:18 +00:00
Automatic Updater
62bffa3ef0 update copyright notice 2011-05-19 23:46:30 +00:00
Evan Hunt
4b7c993dc2 3114. [bug] Retain expired RRSIGs in dynamic zones if key is 
inactive and there is no replacement key. [RT #23136]
 2011-05-19 04:42:18 +00:00
Automatic Updater
d2d4121e41 update copyright notice 2011-05-06 23:46:35 +00:00
Evan Hunt
77e391dcf0 3107. [bug] dnssec-signzone: Report the correct number of ZSKs 
when using -x. [RT #20852]
 2011-05-06 21:07:23 +00:00
Automatic Updater
2e19f9ff58 update copyright notice 2011-03-03 23:46:43 +00:00
Evan Hunt
031da3eb0c 3053. [bug] Under a sustained high query load with a finite 
max-cache-size, it was possible for cache memory
			to be exhausted and not recovered. [RT #23371]
 2011-03-03 04:43:36 +00:00
Mark Andrews
48e7dcf0d2 2984. [bug] Don't run MX checks when the target of the MX record 
is ".".  [RT #22645]
 2010-12-14 00:46:41 +00:00
Automatic Updater
9164ae2297 update copyright notice 2010-12-09 04:31:30 +00:00
Mark Andrews
93b433d299 2982. [bug] Reference count dst keys. dst_key_attach() can be used 
increment the reference count.

                        Note: dns_tsigkey_createfromkey() callers should now
                        always call dst_key_free() rather than setting it
                        to NULL on success. [RT #22672]
 2010-12-09 01:05:29 +00:00
Automatic Updater
1517558cd3 update copyright notice 2010-12-02 23:46:30 +00:00
Mark Andrews
e7ca8c91ec 2976. [bug] named die on exit after negotiating a GSS-TSIG key. 
[RT #3415]
 2010-12-02 23:26:58 +00:00
Mark Andrews
0a2897853b 2963. [security] The allow-query acl was being applied instead of the 
allow-query-cache acl to cache lookups. [RT #22114]
 2010-09-24 05:54:06 +00:00
Mark Andrews
30579c29be 2943. [func] Add support to load new keys into managed zones 
without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]
 2010-08-16 22:27:18 +00:00
Automatic Updater
770279e013 update copyright notice 2010-08-13 23:46:29 +00:00
Evan Hunt
0658d99891 2936. [func] Improved configuration syntax and multiple-view 
support for addzone/delzone feature (see change
			#2930).  Removed "new-zone-file" option, replaced
			with "allow-new-zones (yes|no)".  The new-zone-file
			for each view is now created automatically, with
			a filename generated from a hash of the view name.
			It is no longer necessary to "include" the
			new-zone-file in named.conf; this happens
			automatically.  Zones that were not added via
			"rndc addzone" can no longer be removed with
			"rndc delzone". [RT #19447]
 2010-08-11 18:19:59 +00:00
Evan Hunt
92f39ccb5b 2930. [experimental] New "rndc addzone" and "rndc delzone" commads 
allow dynamic addition and deletion of zones.
			To enable this feature, specify a "new-zone-file"
			option at the view or options level in named.conf.
			Zone configuration information for the new zones
			will be written into that file.  To make the new
			zones persist after a restart, "include" the file
			into named.conf in the appropriate view.  (Note:
			This feature is not yet documented, and its syntax
			is expected to change.) [RT #19447]
 2010-07-11 00:12:19 +00:00
Automatic Updater
98afc1a6dd update copyright notice 2010-07-09 23:46:27 +00:00
Evan Hunt
59c9c71f36 2929. [bug] Improved handling of GSS security contexts: 
- added LRU expiration for generated TSIGs
			 - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
			 - limited lifetime of generated keys to 1 hour
			   or the lifetime of the context (whichever is
			   smaller)
			[RT #19737]
 2010-07-09 05:14:08 +00:00
Mark Andrews
9777316c64 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:51:07 +00:00
Mark Andrews
13ce1be5d3 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively 
to IPv4 clients.  New acl 'filter-aaaa' (default any).
 2010-06-22 04:04:22 +00:00
Automatic Updater
db8dce00b0 update copyright notice 2010-06-04 23:50:01 +00:00
Mark Andrews
2b631b5d6f remove trailing comma 2010-06-04 00:14:53 +00:00
Automatic Updater
e08a20aa98 update copyright notice 2010-05-18 02:35:12 +00:00
Mark Andrews
0517d21ebd 2897. [bug] NSEC3 chains could be left behind when transitioning 
to insecure. [RT #21040]
 2010-05-18 01:40:35 +00:00
Automatic Updater
71324ae046 update copyright notice 2010-05-14 23:49:21 +00:00
Mark Andrews
812b6d8d11 2893. [bug] Improve managed keys support. New named.conf option 
managed-keys-directory. [RT #20924]
 2010-05-14 04:49:40 +00:00
Mark Andrews
d133eb632a 2892. [bug] Handle REVOKED keys better. [RT #20961] 2010-05-14 04:41:12 +00:00
Mark Andrews
0463ffd804 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:16:32 +00:00
Automatic Updater
efc6a99370 update copyright notice 2010-05-10 23:49:42 +00:00
Mark Andrews
d779f5e15d 2881. [bug] Reduce the amount of time the rbtdb write lock 
is held when closing a version. [RT #21198]
 2010-05-10 01:41:11 +00:00
Automatic Updater
e1bd9f2ed3 update copyright notice 2010-02-25 05:25:53 +00:00
Mark Andrews
8a98023414 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 05:05:09 +00:00
Evan Hunt
96c51eadc9 Commit to v9_7 some changes that had been left out: 
2838.	[bug]		A KSK revoked by named could not be deleted.
			[RT #20881]

2837.	[port]		Prevent Linux spurious warnings about fwrite().
			[RT #20812]
 2010-01-13 19:31:53 +00:00
Automatic Updater
8bd217efdb update copyright notice 2009-12-30 23:48:30 +00:00
Tatuya JINMEI 神明達哉
6ca6cc975f 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:33:41 +00:00
Evan Hunt
a2ba550880 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:46:36 +00:00