upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-01 07:15:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
13451 commits 18 branches 854 tags 440 MiB
Commit graph

103 commits

Author SHA1 Message Date
Mark Andrews
511621255e 1528. [cleanup] Simplify some dns_name_ functions based on the 
deprecation of bitstring labels.

1527.  [cleanup]       Reduce the number of gettimeofday() calls without
                       losing necessary timer granularity.
 2004-03-08 21:06:29 +00:00
Mark Andrews
a821d5fa3d DNSSEC bis merge from HEAD: 
1581.  [func]          Disable DNSSEC support by default.  To enable
                       DNSSEC specify "enable-dnssec yes;" in named.conf.

1565.  [bug]           CD flag should be copied to outgoing queries unless
                       the query is under a secure entry point in which case
                       CD should be set.

1558.  [func]          New DNSSEC 'disable-algorithms'.  Support entry into
                       child zones for which we don't have a supported
                       algorithm.  Such child zones are treated as unsigned.

1557.  [func]          Implement missing DNSSEC tests for
                       * NOQNAME proof with wildcard answers.
                       * NOWILDARD proof with NXDOMAIN.
                       Cache and return NOQNAME with wildcard answers.

1541.  [func]          NSEC now uses new bitmap format.

1519.  [bug]           dnssec-signzone:nsec_setbit() computed the wrong
                       length of the new bitmap.

1516.  [func]          Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
 2004-03-08 02:08:05 +00:00
Mark Andrews
cbdd3a318b update lib copyrights 2004-03-06 08:15:48 +00:00
Mark Andrews
b1b705a049 pullup: 
uninitalised variable (minimize difference with HEAD).
 2003-08-15 03:01:30 +00:00
Mark Andrews
ae643dbc34 pullup: misc cleanups 2003-08-13 05:06:53 +00:00
Mark Andrews
60c8cebb10 pullup: misc cleanups 2003-08-13 04:55:28 +00:00
Mark Andrews
9052beb238 pullup 
Check return values or cast them to (void), as required by the coding
standards; add exceptions to the coding standards for cases where this is
not desirable
 2003-08-11 05:28:23 +00:00
Mark Andrews
891c424e56 update_copyrights 2002-08-05 06:57:16 +00:00
Mark Andrews
b0fbeb1884 1335. [bug] When performing a nonexistence proof, the validator 
should discard parent NXTs from higher in the DNS.
 2002-08-02 05:39:56 +00:00
Mark Andrews
0b2aba2cd2 reviewed: marka/bwelling 
1247.   [bug]           The validator would incorrectly mark data as insecure
                        when seeing a bogus signature before a correct
                        signature.
 2002-07-15 03:02:56 +00:00
Mark Andrews
b6cb507ae8 reviewed: marka 
1275.   [bug]           When verifying that an NXT proves nonexistence, check
                        the rcode of the message and only do the matching NXT
                        check.  That is, for NXDOMAIN responses, check that
                        the name is in the range between the NXT owner and
                        next name, and for NOERROR NODATA responses, check
                        that the type is not present in the NXT bitmap.
 2002-07-02 04:02:23 +00:00
Brian Wellington
a25169ea43 pullup: 
1006.   [bug]           If a KEY RR was found missing during DNSSEC validation,
			an assertion failure could subsequently be triggered
			in the resolver. [RT #1763]
 2001-09-19 21:51:42 +00:00
Andreas Gustafsson
76c8294c81 format string bugs and improved format string checking [RT #1578] 2001-08-08 22:54:55 +00:00
David Lawrence
92ef1a9b9d use ISC_MAGIC for all magic numbers, for our friends in EBCDIC land 2001-06-04 19:33:39 +00:00
Brian Wellington
26e5029fd5 Added a cast. [RT #899] 2001-02-21 19:57:38 +00:00
Brian Wellington
499b34cea0 copyright update 2001-01-09 22:01:04 +00:00
Brian Wellington
78838d3e0c 8 space -> tab conversion 2000-12-11 19:24:30 +00:00
Brian Wellington
c70908209e replace some INSISTs that theoretically could occur with normal failures 2000-12-05 18:53:43 +00:00
Brian Wellington
f439363eeb minor code simplification 2000-11-08 00:51:24 +00:00
Mark Andrews
368b37b616 dns_rdata_invalidate -> dns_rdata_reset 2000-10-31 03:22:05 +00:00
Mark Andrews
c03bb27f06 532. [func] Implement DNS UPDATE pseudo records using 
DNS_RDATA_UPDATE flag.

 531.   [func]          Rdata really should be initalized before being
                        assigned to (dns_rdata_fromwire(), dns_rdata_fromtext(),
                        dns_rdata_clone(), dns_rdata_fromregion()),
                        check that it is.
 2000-10-25 04:26:57 +00:00
Brian Wellington
d1cbf71409 clean up suspicious looking and incorrect uses of dns_name_fromregion 2000-10-07 00:09:28 +00:00
Brian Wellington
a9ba7e6564 Allow a keyset to be self-signed if the signing key is a trusted-key. 2000-09-12 12:01:50 +00:00
Brian Wellington
d6be55c63f comment the infinite loop fix 2000-09-12 10:21:45 +00:00
Brian Wellington
5c29047792 minor dst api change 2000-09-12 09:59:28 +00:00
Brian Wellington
c38cf70db1 Fix an assertion failure and a case where an rdataset's trust wasn't set. 2000-09-08 14:18:17 +00:00
Brian Wellington
32b2cdf212 427. [bug] Avoid going into an infinite loop when the validator 
gets a negative response to a key query where the
                        records are signed by the missing key.
 2000-09-07 19:46:52 +00:00
Brian Wellington
5e387b9ce6 and more calls to DESTROYLOCK 2000-08-26 01:37:00 +00:00
Brian Wellington
6f071989da cancellation fixes 2000-08-15 01:22:33 +00:00
Brian Wellington
2a123ac026 remove unused variable 2000-08-15 00:52:49 +00:00
Brian Wellington
9cd6710f91 validators can now be cancelled. 2000-08-15 00:21:05 +00:00
Andreas Gustafsson
ef97e09e20 make the validator attach to the view only weakly, so that 
the view can start shutting down even though a validation is in progress.
 2000-08-14 22:17:40 +00:00
David Lawrence
40f53fa8d9 Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your 
own CVS tree will help minimize CVS conflicts.  Maybe not.
Blame Graff for getting me to trim all trailing whitespace.
 2000-08-01 01:33:37 +00:00
Brian Wellington
f15af68028 negative responses to cd queries should work now. 2000-07-27 18:42:08 +00:00
David Lawrence
15a4474541 word wrap copyright notice at column 70 2000-07-27 09:55:03 +00:00
Brian Wellington
98d010a24a If a negative insecurity proof succeeds, set all of the rdatasets in the 
authority section of the message to non-pending, so that the response
has the ad bit set.
 2000-07-27 01:26:15 +00:00
Brian Wellington
5b0413f993 Call isc_log_wouldlog to potentially avoid extra work in validator_log. 2000-07-26 00:50:02 +00:00
Brian Wellington
60783293cc If a failed positive validation led us to try an insecurity proof, and the 
insecurity proof also failed, the validator event should normally contain
the error from the positive validation.
 2000-07-25 01:24:18 +00:00
Brian Wellington
6bc1a64561 If a positive validation fails and it looks like the reason is that there 
are no material DNSSEC signatures, try an insecurity proof.
 2000-07-13 23:52:04 +00:00
Brian Wellington
25496cebad If trying to validate a key set that happens to be a security root, the 
validation should only consist of checking that each key in the key set
is also in the list of security root keys.

Strangeness occurs when the key set is signed, since the key set is marked
as secure, but the sig set is not, since it wasn't used in the validation
process.  This means that a query for a key set at a security root will
have the AD bit set if the key set is unsigned and not if the key set is signed.
 2000-07-07 00:44:01 +00:00
David Lawrence
9c3531d72a add RCS id string 2000-06-22 22:00:42 +00:00
Andreas Gustafsson
6036112f48 more detailed logging during insecurity proofs 2000-06-22 21:14:48 +00:00
Brian Wellington
77c67dfb26 Repeatedly querying for nonexistant data could lead to a crash. 2000-06-07 01:32:47 +00:00
Brian Wellington
e27021ee1f Certain negative responses could crash the validator. 
The insecurity proof code didn't check to see if the name was below a security
root.
 2000-06-03 00:18:43 +00:00
Brian Wellington
75f6c57d95 When an rdataset is signed, its ttl is normalized based on the signature 
validity period.
 2000-05-31 22:01:39 +00:00
Brian Wellington
9a4a878733 removed debugging code 2000-05-26 22:03:47 +00:00
Brian Wellington
ca9af3aaf7 Lots of restructuring to make code easier to follow. Also a few bugs fixed, 
and hopefully not too many new ones introduced.
 2000-05-26 21:45:53 +00:00
Andreas Gustafsson
115635379a style 2000-05-26 17:46:16 +00:00
Brian Wellington
a9bc95f22e dst now stores the key name as a dns_name_t, not a char *. 2000-05-24 23:13:32 +00:00
David Lawrence
ed019cabc1 fixed lines > 79 columns wide 2000-05-24 05:10:00 +00:00