upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 10:59:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
18462 commits 18 branches 854 tags 440 MiB
Commit graph

1528 commits

Author SHA1 Message Date
Mark Andrews
48e7dcf0d2 2984. [bug] Don't run MX checks when the target of the MX record 
is ".".  [RT #22645]
 2010-12-14 00:46:41 +00:00
Automatic Updater
9164ae2297 update copyright notice 2010-12-09 04:31:30 +00:00
Mark Andrews
93b433d299 2982. [bug] Reference count dst keys. dst_key_attach() can be used 
increment the reference count.

                        Note: dns_tsigkey_createfromkey() callers should now
                        always call dst_key_free() rather than setting it
                        to NULL on success. [RT #22672]
 2010-12-09 01:05:29 +00:00
Automatic Updater
1517558cd3 update copyright notice 2010-12-02 23:46:30 +00:00
Mark Andrews
e7ca8c91ec 2976. [bug] named die on exit after negotiating a GSS-TSIG key. 
[RT #3415]
 2010-12-02 23:26:58 +00:00
Mark Andrews
0a2897853b 2963. [security] The allow-query acl was being applied instead of the 
allow-query-cache acl to cache lookups. [RT #22114]
 2010-09-24 05:54:06 +00:00
Mark Andrews
30579c29be 2943. [func] Add support to load new keys into managed zones 
without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]
 2010-08-16 22:27:18 +00:00
Automatic Updater
770279e013 update copyright notice 2010-08-13 23:46:29 +00:00
Evan Hunt
0658d99891 2936. [func] Improved configuration syntax and multiple-view 
support for addzone/delzone feature (see change
			#2930).  Removed "new-zone-file" option, replaced
			with "allow-new-zones (yes|no)".  The new-zone-file
			for each view is now created automatically, with
			a filename generated from a hash of the view name.
			It is no longer necessary to "include" the
			new-zone-file in named.conf; this happens
			automatically.  Zones that were not added via
			"rndc addzone" can no longer be removed with
			"rndc delzone". [RT #19447]
 2010-08-11 18:19:59 +00:00
Evan Hunt
92f39ccb5b 2930. [experimental] New "rndc addzone" and "rndc delzone" commads 
allow dynamic addition and deletion of zones.
			To enable this feature, specify a "new-zone-file"
			option at the view or options level in named.conf.
			Zone configuration information for the new zones
			will be written into that file.  To make the new
			zones persist after a restart, "include" the file
			into named.conf in the appropriate view.  (Note:
			This feature is not yet documented, and its syntax
			is expected to change.) [RT #19447]
 2010-07-11 00:12:19 +00:00
Automatic Updater
98afc1a6dd update copyright notice 2010-07-09 23:46:27 +00:00
Evan Hunt
59c9c71f36 2929. [bug] Improved handling of GSS security contexts: 
- added LRU expiration for generated TSIGs
			 - added the ability to use a non-default realm
                         - added new "realm" keyword in nsupdate
			 - limited lifetime of generated keys to 1 hour
			   or the lifetime of the context (whichever is
			   smaller)
			[RT #19737]
 2010-07-09 05:14:08 +00:00
Mark Andrews
9777316c64 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:51:07 +00:00
Mark Andrews
13ce1be5d3 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively 
to IPv4 clients.  New acl 'filter-aaaa' (default any).
 2010-06-22 04:04:22 +00:00
Automatic Updater
db8dce00b0 update copyright notice 2010-06-04 23:50:01 +00:00
Mark Andrews
2b631b5d6f remove trailing comma 2010-06-04 00:14:53 +00:00
Automatic Updater
e08a20aa98 update copyright notice 2010-05-18 02:35:12 +00:00
Mark Andrews
0517d21ebd 2897. [bug] NSEC3 chains could be left behind when transitioning 
to insecure. [RT #21040]
 2010-05-18 01:40:35 +00:00
Automatic Updater
71324ae046 update copyright notice 2010-05-14 23:49:21 +00:00
Mark Andrews
812b6d8d11 2893. [bug] Improve managed keys support. New named.conf option 
managed-keys-directory. [RT #20924]
 2010-05-14 04:49:40 +00:00
Mark Andrews
d133eb632a 2892. [bug] Handle REVOKED keys better. [RT #20961] 2010-05-14 04:41:12 +00:00
Mark Andrews
0463ffd804 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:16:32 +00:00
Automatic Updater
efc6a99370 update copyright notice 2010-05-10 23:49:42 +00:00
Mark Andrews
d779f5e15d 2881. [bug] Reduce the amount of time the rbtdb write lock 
is held when closing a version. [RT #21198]
 2010-05-10 01:41:11 +00:00
Automatic Updater
e1bd9f2ed3 update copyright notice 2010-02-25 05:25:53 +00:00
Mark Andrews
8a98023414 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 05:05:09 +00:00
Evan Hunt
96c51eadc9 Commit to v9_7 some changes that had been left out: 
2838.	[bug]		A KSK revoked by named could not be deleted.
			[RT #20881]

2837.	[port]		Prevent Linux spurious warnings about fwrite().
			[RT #20812]
 2010-01-13 19:31:53 +00:00
Automatic Updater
8bd217efdb update copyright notice 2009-12-30 23:48:30 +00:00
Tatuya JINMEI 神明達哉
6ca6cc975f 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:33:41 +00:00
Evan Hunt
a2ba550880 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:46:36 +00:00
Mark Andrews
2b662f27f6 2824. [bug] "rndc sign" was not being run by the correct task. 
[RT #20759]
 2009-12-29 22:23:01 +00:00
Evan Hunt
5f7159f897 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define 
[RT #20771]
 2009-12-24 00:35:21 +00:00
Evan Hunt
7290687619 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:13:54 +00:00
Automatic Updater
4b6dc226f7 update copyright notice 2009-12-04 22:06:37 +00:00
Mark Andrews
3d17a3ba61 2801. [func] Detect and report records that are different according 
to DNSSEC but are sematically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};
 2009-12-04 21:09:34 +00:00
Mark Andrews
5d850024cb 2800. [func] Reject zones which have NS records which refer to 
CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]
 2009-12-04 03:33:15 +00:00
Evan Hunt
8e4f3f1cbc 2799. [cleanup] Changed the "secure-to-insecure" option to 
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
			to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
 2009-12-03 23:18:17 +00:00
Evan Hunt
22304041d1 typo caused a missing semicolon 2009-12-03 16:49:09 +00:00
Evan Hunt
e6dda86e8b 2798. [bug] Addressed bugs in managed-keys initialization 
and rollover. [RT #20683]
 2009-12-03 15:40:03 +00:00
Vernon Schryver
5d9922e86f Allow the optional filter-aaaa-on-v4 option in view statements to close #20635 2009-11-28 15:57:37 +00:00
Automatic Updater
2b2fc9b4df update copyright notice 2009-11-25 23:49:22 +00:00
Mark Andrews
d0ca4e90e2 2786. [bug] Additional could be promoted to answer. [RT #20663] 2009-11-25 02:22:05 +00:00
Evan Hunt
cef109efa7 2780. [bug] dnssec-keygen -A none didn't properly unset the 
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
 2009-11-23 02:55:41 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00
Automatic Updater
2d84cba8f4 update copyright notice 2009-11-04 23:48:18 +00:00
Mark Andrews
0181a0a92f 2747. [bug] Journal roll forwards failed to set the re-signing 
time of RRSIGs correctly. [RT #20541]
 2009-11-04 01:25:55 +00:00
Mark Andrews
a3285e811d 2746. [port] hpux: address signed/unsigned expansion mismatch of 
dns_rbtnode_t.nsec. [RT #20542]
 2009-11-04 01:18:19 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust 
anchors for a view. [RT #20211]
 2009-10-27 22:46:13 +00:00
Mark Andrews
63d5a6f680 2736. [func] Improve the performance of NSEC signed zones with 
more than a normal amount of glue below a delegation.
                        [RT #20191]
 2009-10-27 04:46:58 +00:00
Evan Hunt
e8831e51c1 2735. [bug] dnssec-signzone could fail to read keys 
that were specified on the command line with
			full paths, but weren't in the current
			directory. [RT #20421]
 2009-10-27 03:59:45 +00:00