upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-27 09:06:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib/dns
History
Matthijs Mekking 375112a623 Add built-in dnssec-policy "insecure" 
Add a new built-in policy "insecure", to be used to gracefully unsign
a zone. Previously you could just remove the 'dnssec-policy'
configuration from your zone statement, or remove it.

The built-in policy "none" (or not configured) now actually means
no DNSSEC maintenance for the corresponding zone. So if you
immediately reconfigure your zone from whatever policy to "none",
your zone will temporarily be seen as bogus by validating resolvers.

This means we can remove the functions 'dns_zone_use_kasp()' and
'dns_zone_secure_to_insecure()' again. We also no longer have to
check for the existence of key state files to figure out if a zone
is transitioning to insecure.

(cherry picked from commit 2710d9a11d)
2021-04-30 13:58:22 +02:00
..
include Add built-in dnssec-policy "insecure" 2021-04-30 13:58:22 +02:00
rdata Update ZONEMD to match RFC 8976 2021-04-30 11:21:19 +10:00
tests Update ZONEMD to match RFC 8976 2021-04-30 11:21:19 +10:00
win32 Add built-in dnssec-policy "insecure" 2021-04-30 13:58:22 +02:00
.gitignore 4394. [func] Add rndc command "dnstap-reopen" to close and 2016-06-24 09:37:04 +10:00
acl.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
adb.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
badcache.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
byaddr.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
cache.c Check 'stale-refresh-time' when sharing cache between views 2020-11-11 16:06:23 -03:00
callbacks.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
catz.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
client.c properly initialise resarg->lock 2021-04-19 14:32:53 +02:00
clientinfo.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
compress.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
db.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
dbiterator.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dbtable.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
diff.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dispatch.c Silence cppcheck 2.2 false positive in udp_recv() 2020-11-25 13:21:58 +01:00
dlz.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
dns64.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dnsrps.c Add stale-refresh-time option 2020-11-11 15:59:56 -03:00
dnssec.c Purge keys implementation 2021-02-23 09:19:03 +01:00
dnstap.c Address theoretical resource leak in dns_dt_open() 2021-02-23 09:41:15 +11:00
dnstap.proto fix spelling errors reported by Fossies. 2020-02-21 07:05:31 +00:00
ds.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_api.c Move most of the OpenSSL initialization to isc_tls 2021-02-26 17:07:01 +01:00
dst_internal.h Fix handling undefined GSS_SPNEGO_MECHANISM macro 2021-04-16 14:40:06 +02:00
dst_openssl.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_parse.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_parse.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_pkcs11.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_result.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dyndb.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ecdb.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ecs.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
fixedname.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
forward.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
gen-unix.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
gen-win32.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
gen.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
geoip2.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
gssapi_link.c Stop including <gssapi.h> from <dst/gssapi.h> header 2021-02-16 12:08:21 +11:00
gssapictx.c Free resources when gss_accept_sec_context() fails 2021-04-08 10:41:08 +02:00
hmac_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ipkeylist.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
iptable.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
journal.c Refactor dns_journal_rollforward() to work over opened journal 2021-04-16 13:50:20 +02:00
kasp.c Add purge-keys config option 2021-02-23 09:18:55 +01:00
key.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
keydata.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
keymgr.c Check for keyid conflicts between new keys 2021-04-26 10:48:06 +02:00
keytable.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
Kyuafile regen master 2017-12-29 01:44:18 +00:00
lib.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
log.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
lookup.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
Makefile.in Remove custom ISC SPNEGO implementation 2021-04-01 10:42:32 +02:00
mapapi improve calculation of database size 2020-03-12 00:38:37 -07:00
master.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
masterdump.c Use stale TTL as RRset TTL in dumpdb 2021-04-13 10:59:17 +02:00
message.c The dns_message_create() cannot fail, change the return to void 2020-09-30 14:26:26 +02:00
name.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ncache.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
nsec.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
nsec3.c Mark DNSSEC responses with NSEC3 records that exceed 150 as insecure 2021-04-30 11:16:45 +02:00
nta.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
openssl_link.c Use library constructor/destructor to initialize OpenSSL 2021-02-26 17:18:06 +01:00
openssldh_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
opensslecdsa_link.c Make opensslecdsa_parse use fromlabel 2021-01-26 15:04:59 +01:00
openssleddsa_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
opensslrsa_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
order.c Allow "order none" in "rrset-order" rules 2020-10-02 08:50:51 +02:00
peer.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
pkcs11.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
pkcs11ecdsa_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
pkcs11eddsa_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
pkcs11rsa_link.c Fix misplaced declaration 2020-12-01 23:19:20 +11:00
portlist.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
private.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rbt.c Reformat sources using clang-format-11 2020-12-08 19:34:05 +01:00
rbtdb.c Address inconsistencies in checking added RRsets 2021-04-29 11:12:38 +02:00
rbtdb.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rcode.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdata.c Make calling generic rdata methods consistent 2021-04-13 01:54:29 +00:00
rdatalist.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdatalist_p.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdataset.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdatasetiter.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdataslab.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
request.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
resolver.c Address theoretical buffer overrun in recent change 2021-03-03 10:55:38 +01:00
result.c Add NSEC3PARAM unit test, refactor zone.c 2020-11-26 14:15:05 +00:00
rootns.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rpz.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
rriterator.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rrl.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
sdb.c Add stale-refresh-time option 2020-11-11 15:59:56 -03:00
sdlz.c Add stale-refresh-time option 2020-11-11 15:59:56 -03:00
soa.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ssu.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ssu_external.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
stats.c Update comments to have binary notation 2020-09-29 10:40:56 +10:00
tcpmsg.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
time.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
timer.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
tkey.c Stop including <gssapi.h> from <dst/gssapi.h> header 2021-02-16 12:08:21 +11:00
tsec.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
tsig.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
tsig_p.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ttl.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
update.c Add built-in dnssec-policy "insecure" 2021-04-30 13:58:22 +02:00
validator.c Mark DNSSEC responses with NSEC3 records that exceed 150 as insecure 2021-04-30 11:16:45 +02:00
version.c Use -release instead of -version-info for internal library SONAMEs 2021-01-25 15:28:09 +01:00
view.c Initialize checknames field in dns_view_create() 2021-02-23 16:45:36 +01:00
xfrin.c Check SOA owner names in zone transfers 2021-04-29 11:12:38 +02:00
zone.c Add built-in dnssec-policy "insecure" 2021-04-30 13:58:22 +02:00
zone_p.h Add NSEC3PARAM unit test, refactor zone.c 2020-11-26 14:15:05 +00:00
zonekey.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
zoneverify.c Optimise dnssec-verify 2021-01-28 12:18:31 +11:00
zt.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00