upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib/dns
History
Matthijs Mekking 32686beabc Change default TTLsig to one week 
Commit dc6dafdad1 allows larger TTL values
in zones that go insecure, and ignores the maximum zone TTL.

This means that if you use TTL values larger than 1 day in your zone,
your zone runs the risk of going bogus before it moves safely to
insecure.

Most resolvers by default cap the maximum TTL that they cache RRsets,
at one day (Unbound, Knot, PowerDNS) so that is fine. However, BIND 9's
default is one week.

Change the default TTLsig to one week, so that also for BIND 9
resolvers in the default cases responses for zones that are going
insecure will not be evaluated as bogus.

This change does mean that when unsigning your zone, it will take six
days longer to safely go insecure, regardless of what TTL values you
use in the zone.
2023-08-02 11:16:50 +02:00
..
include Ignore max-zone-ttl on dnssec-policy insecure 2023-08-01 08:56:52 +02:00
rdata Replace DE_CONST(k, v) with v = UNCONST(k) macro 2023-04-03 10:25:56 +00:00
.gitignore 4394. [func] Add rndc command "dnstap-reopen" to close and 2016-06-24 09:37:04 +10:00
acl.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
adb.c Refactor dns_adb_create() to return void 2023-07-27 11:37:44 +02:00
badcache.c Refactor dns_badcache to use cds_lfht lock-free hashtable 2023-07-31 15:51:15 +02:00
byaddr.c remove isc_task completely 2023-02-16 18:35:32 +01:00
cache.c Refactor isc_stats_create() and its downstream users to return void 2023-07-27 11:37:44 +02:00
callbacks.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
catz.c Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
client.c The zone table no longer depends on the loop manager 2023-05-12 20:48:31 +01:00
clientinfo.c refactor dns_clientinfo_init(); use separate function to set ECS 2023-02-07 23:48:22 -08:00
compress.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
db.c Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
dbiterator.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
diff.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
dispatch.c use isc_loop_now() for dispentry timeouts 2023-07-19 15:32:21 +02:00
dlz.c Refactor dns_zone_create() to return void 2023-07-27 11:37:44 +02:00
dns64.c Add isc_rwlock around dns_aclenv .localhost and .localnets member 2022-04-04 19:27:00 +02:00
dnsrps.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
dnssec.c Update findzonekeys function name in log message 2023-06-14 09:08:56 +02:00
dnstap.c Refactor isc_stats_create() and its downstream users to return void 2023-07-27 11:37:44 +02:00
dnstap.proto Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
ds.c Simplify way we tag unreachable code with only ISC_UNREACHABLE() 2022-03-25 08:33:43 +01:00
dst_api.c get_key_struct() can no longer fail 2023-06-14 08:14:38 +00:00
dst_internal.h Probe if ED448 and ED25519 are supported 2023-04-03 12:06:04 +10:00
dst_openssl.h Report file and line when converting OpenSSL errors 2023-04-03 12:06:04 +10:00
dst_parse.c Replace isc_fsaccess API with more secure file creation 2023-03-31 12:52:59 +00:00
dst_parse.h Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
dyndb.c switch to using isc_loopmgr_pause() instead of task exclusive 2023-02-16 17:51:55 +01:00
ecs.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
fixedname.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
forward.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
gen.c Remove unused support for fromwire(DNS_NAME_DOWNCASE) 2023-02-06 13:26:36 +00:00
geoip2.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
gssapi_link.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
gssapictx.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
hmac_link.c Emit deprecated warning for K* file pairs 2023-06-29 08:28:48 +10:00
ipkeylist.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
iptable.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
journal.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
kasp.c Change default TTLsig to one week 2023-08-02 11:16:50 +02:00
key.c Refactor KSK processing 2023-07-20 12:40:52 +02:00
keydata.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
keymgr.c Ignore max-zone-ttl on dnssec-policy insecure 2023-08-01 08:56:52 +02:00
keytable.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
log.c remove {root-}delegation-only 2023-03-23 12:57:01 -07:00
Makefile.am split out cache-specific functions 2023-07-17 14:50:25 +02:00
master.c Apply the semantic patch to remove isc_stdtime_get() 2023-03-31 13:32:56 +02:00
masterdump.c Apply the semantic patch to remove isc_stdtime_get() 2023-03-31 13:32:56 +02:00
message.c convert TSIG keyring storage from RBT to hash table 2023-06-14 08:14:38 +00:00
name.c Correct value of DNS_NAME_MAXLABELS 2023-04-05 14:46:39 +00:00
ncache.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
nsec.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
nsec3.c Cleanup orphaned empty-non-terminal NSEC3 2023-04-25 05:03:12 +01:00
nta.c Apply the semantic patch to remove isc_stdtime_get() 2023-03-31 13:32:56 +02:00
openssl_link.c Report file and line when converting OpenSSL errors 2023-04-03 12:06:04 +10:00
openssl_shim.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
openssl_shim.h Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
opensslecdsa_link.c Introduce dst__openssl_keypair_{compare,isprivate,destroy} 2023-03-08 13:50:46 +01:00
openssleddsa_link.c INSIST that openssleddsa_alg_info() is successful 2023-04-05 08:03:43 +00:00
opensslrsa_link.c Remove redundant NULL checks in OpenSSL RSA glue 2023-03-08 13:50:46 +01:00
order.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
peer.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
private.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
qp.c Cleanup the __tsan_acquire/__tsan_release 2023-07-28 08:59:08 +02:00
qp_p.h Fixes for liburcu-qsbr 2023-05-15 20:49:42 +00:00
rbt-cachedb.c split out cache-specific functions 2023-07-17 14:50:25 +02:00
rbt-zonedb.c Cleanup the __tsan_acquire/__tsan_release 2023-07-28 08:59:08 +02:00
rbt.c Squash dns_name_fullhash() and dns_name_hash() 2023-03-31 12:43:30 +00:00
rbtdb.c fixup! Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
rbtdb_p.h split out cache-specific functions 2023-07-17 14:50:25 +02:00
rcode.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
rdata.c Add new dns_rdatatype_iskeymaterial() function 2023-05-23 08:53:23 +02:00
rdatalist.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
rdataset.c move slab rdataset implementation to rdataslab.c 2023-07-17 14:50:25 +02:00
rdatasetiter.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
rdataslab.c move slab rdataset implementation to rdataslab.c 2023-07-17 14:50:25 +02:00
remote.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
request.c Pin dns_request to the associated loop 2023-07-28 09:01:22 +02:00
resconf.c Properly process extra nameserver lines in resolv.conf 2023-05-16 02:04:55 +00:00
resolver.c Refactor dns_badcache to use cds_lfht lock-free hashtable 2023-07-31 15:51:15 +02:00
result.c Refactor how we map isc_result_t <-> dns_rcode_t 2023-06-15 15:32:04 +02:00
rootns.c Apply the semantic patch to remove isc_stdtime_get() 2023-03-31 13:32:56 +02:00
rpz.c Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
rriterator.c Extend dns_db_allrdatasets to control interation results 2022-12-07 22:20:02 +00:00
rrl.c Squash dns_name_fullhash() and dns_name_hash() 2023-03-31 12:43:30 +00:00
sdlz.c clean up unused dns_db methods 2023-07-17 14:50:25 +02:00
soa.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 08:33:43 +01:00
ssu.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
ssu_external.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
stats.c Refactor isc_stats_create() and its downstream users to return void 2023-07-27 11:37:44 +02:00
tests Move all the unit tests to /tests/<libname>/ 2022-05-28 14:53:02 -07:00
time.c Remove isc_stdtime_get() macro 2023-03-31 13:33:16 +02:00
tkey.c Return REFUSED if GSSAPI is not configured 2023-07-28 14:37:32 +10:00
transport.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
tsig.c rename 'ret' to 'result' 2023-06-14 08:14:38 +00:00
tsig_p.h remove dns__tsig_algallocated() 2023-06-14 08:14:38 +00:00
ttl.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
update.c Tiny refactor revoked key check 2023-07-20 12:44:19 +02:00
validator.c Refactor dns_badcache to use cds_lfht lock-free hashtable 2023-07-31 15:51:15 +02:00
view.c Refactor dns_badcache to use cds_lfht lock-free hashtable 2023-07-31 15:51:15 +02:00
xfrin.c Mark a primary as unreachable on timed out in xfin 2023-07-22 08:17:11 +10:00
zone.c Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
zone_p.h Obsolete dnssec-dnskey-kskonly update-check-ksk 2023-07-20 12:40:54 +02:00
zonekey.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
zoneverify.c Replace DE_CONST(k, v) with v = UNCONST(k) macro 2023-04-03 10:25:56 +00:00
zt.c The zone table no longer depends on the loop manager 2023-05-12 20:48:31 +01:00