upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-23 18:04:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib/dns
History
Matthijs Mekking beeefe35c4 Fix bug introduced by #763 related to offline keys 
In some cases we want to keep expired signatures. For example, if the
KSK is offline, we don't want to fall back to signing with the ZSK.
We could remove the signatures, but in any case we end up with a broken
zone.

The change made for GL #763 prevented the behavior to sign the DNSKEY
RRset with the ZSK if the KSK was offline (and signatures were expired).

The change causes the definition of "having both keys": if one key is
offline, we still consider having both keys, so we don't fallback
signing with the ZSK if KSK is offline.

That change also works the other way, if the ZSK is offline, we don't
fallback signing with the KSK.

This commit fixes that, so we only fallback signing zone RRsets with
the KSK, not signing key RRsets with the ZSK.
2022-01-06 09:32:32 +01:00
..
include Lock view while accessing its zone table 2022-01-05 16:56:16 +01:00
rdata Drop cppcheck workarounds 2021-12-14 15:03:56 +01:00
tests Add comparekeys to release tarball 2021-11-01 15:17:31 +01:00
.gitignore 4394. [func] Add rndc command "dnstap-reopen" to close and 2016-06-24 09:37:04 +10:00
acl.c Integrate extended ACLs syntax featuring 'port' and 'transport' opts 2021-11-30 12:20:22 +02:00
adb.c Fix the data race when shutting down dns_adb 2021-11-22 11:09:21 +01:00
badcache.c The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
byaddr.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
cache.c Record how often DNS_R_COVERINGNSEC is returned from the cache 2021-12-02 14:18:41 +01:00
callbacks.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
catz.c Prevent existing catalog zone entries being incorrectly deleted 2021-10-15 04:31:37 +00:00
client.c remove all references to isc_socket and related types 2021-10-15 01:01:25 -07:00
clientinfo.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
compress.c Stop providing branch prediction information 2021-10-14 10:33:24 +02:00
db.c Extend dns_db_nodecount to access auxilary rbt node counts 2021-12-02 14:18:41 +01:00
dbiterator.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
diff.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
dispatch.c incidental cleanups 2021-12-08 10:22:03 -08:00
dlz.c dns/ssu.c: Return void when ISC_R_SUCCESS is only returned value 2021-10-13 05:47:48 +02:00
dns64.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
dnsrps.c dns/rbt.c: Implement incremental hash table resizing 2021-10-12 15:01:53 +02:00
dnssec.c Fix cleanup of signature buffer in dns_dnssec_signmessage 2021-10-12 09:56:44 +11:00
dnstap.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
dnstap.proto fix spelling errors reported by Fossies. 2020-02-21 15:05:08 +11:00
ds.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
dst_api.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
dst_internal.h Remove native PKCS#11 support 2021-09-09 15:35:39 +02:00
dst_openssl.h The OpenSSL engine API is deprecated in OpenSSL 3.0.0 2021-10-28 07:39:37 +00:00
dst_parse.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
dst_parse.h Use #pragma once as header guards 2021-10-13 00:49:15 -07:00
dyndb.c Use libuv's shared library handling capabilities 2020-10-28 15:48:58 +01:00
ecs.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
fixedname.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
forward.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
gen.c Error out if gen finds a type or class that is greater than 65535 2021-10-25 21:33:35 +00:00
gen.h Use #pragma once as header guards 2021-10-13 00:49:15 -07:00
geoip2.c Completely remove BIND 9 Windows support 2021-06-09 14:35:14 +02:00
gssapi_link.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
gssapictx.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
hmac_link.c Pass the digest buffer length to EVP_DigestSignFinal 2021-12-17 20:28:01 +11:00
ipkeylist.c implement xfrin via XoT 2021-01-29 12:07:38 +01:00
iptable.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
journal.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
kasp.c Add purge-keys config option 2021-02-23 09:16:48 +01:00
key.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
keydata.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
keymgr.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
keytable.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
log.c Remove LIB<*>_EXTERNAL_DATA defines 2021-07-06 05:33:48 +00:00
lookup.c dns/lookup.c: Return void when ISC_R_SUCCESS is only returned value 2021-10-13 05:47:48 +02:00
Makefile.am Use ERR_get_error_all() instead of deprecated ERR_get_error_line_data() 2021-10-28 07:38:56 +00:00
master.c Replace "master/slave" terms in code 2021-10-12 13:11:13 -07:00
masterdump.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
message.c Reduce freemax values for dns_message mempools 2021-12-15 21:25:00 +01:00
name.c Stop providing branch prediction information 2021-10-14 10:33:24 +02:00
ncache.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
nsec.c Ignore NSEC records without RRSIG and NSEC present 2021-12-02 14:18:42 +01:00
nsec3.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
nta.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
openssl_link.c The OpenSSL engine API is deprecated in OpenSSL 3.0.0 2021-10-28 07:39:37 +00:00
openssl_shim.c Use the special shims file for DH shims 2021-10-28 07:39:37 +00:00
openssl_shim.h Use the special shims file for DH shims 2021-10-28 07:39:37 +00:00
openssldh_link.c Address potential memory leak in openssldh_parse() 2021-11-01 21:50:47 +00:00
opensslecdsa_link.c Reject too long ECDSA public keys 2021-11-23 08:44:47 +11:00
openssleddsa_link.c The OpenSSL engine API is deprecated in OpenSSL 3.0.0 2021-10-28 07:39:37 +00:00
opensslrsa_link.c Silence Coverity false positive 2021-11-03 20:10:34 +11:00
order.c rename dns_name_copynf() to dns_name_copy() 2021-05-22 00:37:27 -07:00
peer.c remove broken-nsec and reject-000-label options 2021-12-23 15:13:46 +11:00
private.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
rbt.c Drop cppcheck workarounds 2021-12-14 15:03:56 +01:00
rbtdb.c Look for covering NSEC under two more conditions 2021-12-02 14:24:37 +01:00
rbtdb.h Use #pragma once as header guards 2021-10-13 00:49:15 -07:00
rcode.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
rdata.c dns/rdata.c: Return void when ISC_R_SUCCESS is only returned value 2021-10-13 05:47:48 +02:00
rdatalist.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
rdatalist_p.h Use #pragma once as header guards 2021-10-13 00:49:15 -07:00
rdataset.c Stop providing branch prediction information 2021-10-14 10:33:24 +02:00
rdatasetiter.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
rdataslab.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
request.c remove all references to isc_socket and related types 2021-10-15 01:01:25 -07:00
resolver.c remove broken-nsec and reject-000-label options 2021-12-23 15:13:46 +11:00
result.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
rootns.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
rpz.c Extend dns_db_nodecount to access auxilary rbt node counts 2021-12-02 14:18:41 +01:00
rriterator.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
rrl.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
sdb.c Extend dns_db_nodecount to access auxilary rbt node counts 2021-12-02 14:18:41 +01:00
sdlz.c Extend dns_db_nodecount to access auxilary rbt node counts 2021-12-02 14:18:41 +01:00
soa.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
ssu.c Add {krb5,ms}-subdomain-self-rhs update policy rules 2021-10-15 11:18:41 +11:00
ssu_external.c Completely remove BIND 9 Windows support 2021-06-09 14:35:14 +02:00
stats.c Clear dnssec-sign stats for removed keys 2021-08-24 09:07:15 +02:00
time.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
timer.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
tkey.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
transport.c Use the TLS context cache for client-side contexts (XoT) 2021-12-29 10:25:15 +02:00
tsec.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
tsig.c Drop cppcheck workarounds 2021-12-14 15:03:56 +01:00
tsig_p.h Use #pragma once as header guards 2021-10-13 00:49:15 -07:00
ttl.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
update.c Fix bug introduced by #763 related to offline keys 2022-01-06 09:32:32 +01:00
validator.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
view.c Lock view while accessing its zone table 2022-01-05 16:56:16 +01:00
xfrin.c Use the TLS context cache for client-side contexts (XoT) 2021-12-29 10:25:15 +02:00
zone.c Fix bug introduced by #763 related to offline keys 2022-01-06 09:32:32 +01:00
zone_p.h Use #pragma once as header guards 2021-10-13 00:49:15 -07:00
zonekey.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
zoneverify.c Make isc_result a static enum 2021-10-06 11:22:20 +02:00
zt.c Add isc_refcount_destroy() for dns_zt reference counters 2022-01-05 16:56:16 +01:00