upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-17 08:03:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib
History
Matthijs Mekking 3609dce81d Don't allow DNSSEC records in the raw zone 
There was an exception for dnssec-policy that allowed DNSSEC in the
unsigned version of the zone. This however causes a crash if the
zone switches from dynamic to inline-signing in the case of NSEC3,
because we are now trying to add an NSEC3 record to a non-NSEC3 node.
This is because BIND expects none of the records in the unsigned
version of the zone to be NSEC3.

Remove the exception for dnssec-policy when copying non DNSSEC
records, but do allow for DNSKEY as this may be a published DNSKEY
from a different provider.

(cherry picked from commit 332b98ae49)
2022-11-03 11:43:08 +01:00
..
bind9 Clarify error message about missing inline-signing & dnssec-policy 2022-10-06 10:27:32 +02:00
dns Don't allow DNSSEC records in the raw zone 2022-11-03 11:43:08 +01:00
irs Move all the unit tests to /tests/<libname>/ 2022-05-31 12:06:00 +02:00
isc Serialize the HTTP/1.1 statschannel requests 2022-10-20 17:23:36 +02:00
isccc Convert DST_ALG defines to enum and group HMAC algorithms 2022-09-27 16:55:33 +02:00
isccfg Handle large numbers when parsing/printing a duration 2022-10-17 08:54:10 +00:00
ns ensure RPZ lookups handle CD=1 correctly 2022-10-19 13:12:31 -07:00
.gitignore The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
Makefile.am move samples/resolve.c to bin/tests/system 2021-04-16 14:29:43 +02:00