mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity
28,483 Commits 656 Branches 820 Tags
Commit Graph

59 Commits

Author SHA1 Message Date
Matthijs Mekking
1dd11fc754 Allow unsupported alg in zone /w dnssec-signzone 
dnssec-signzone should sign a zonefile that contains a DNSKEY record
with an unsupported algorithm.  Current behavior is that it will
fail, hitting a fatal error.  The fix detects unsupported algorithms
and will not try to add it to the keylist.

Also when determining the maximum iterations for NSEC3, don't take
into account DNSKEY records in the zonefile with an unsupported
algorithm.
 2018-12-19 12:54:31 +01:00
Ondřej Surý
b2b43fd235 Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool 2018-11-08 12:21:53 +07:00
Ondřej Surý
7fd3dc63de Add generic message digest API (isc_md) to replace specific MD functions md5/sha1/sha256 2018-10-25 08:15:42 +02:00
Ondřej Surý
994e656977 Replace custom isc_boolean_t with C standard bool type 2018-08-08 09:37:30 +02:00
Ondřej Surý
cb6a185c69 Replace custom isc_u?intNN_t types with C99 u?intNN_t types 2018-08-08 09:37:28 +02:00
Ondřej Surý
b105ccee68 Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp() 2018-07-20 10:06:14 -04:00
Ondřej Surý
55a10b7acd Remove $Id markers, Principal Author and Reviewed tags from the full source tree 2018-05-11 13:17:46 +02:00
Michał Kępień
4df4a8e731 Use dns_fixedname_initname() where possible 
Replace dns_fixedname_init() calls followed by dns_fixedname_name()
calls with calls to dns_fixedname_initname() where it is possible
without affecting current behavior and/or performance.

This patch was mostly prepared using Coccinelle and the following
semantic patch:

    @@
    expression fixedname, name;
    @@
    -	dns_fixedname_init(&fixedname);
    	...
    -	name = dns_fixedname_name(&fixedname);
    +	name = dns_fixedname_initname(&fixedname);

The resulting set of changes was then manually reviewed to exclude false
positives and apply minor tweaks.

It is likely that more occurrences of this pattern can be refactored in
an identical way.  This commit only takes care of the low-hanging fruit.
 2018-04-09 12:14:16 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Michał Kępień
910a01550a [master] Rename nsec3param_salt_totext() to dns_nsec3param_salttotext(), make it public, add unit tests 
4786.	[cleanup]	Turn nsec3param_salt_totext() into a public function,
			dns_nsec3param_salttotext(), and add unit tests for it.
			[RT #46289]
 2017-10-25 09:46:18 +02:00
Tinderbox User
9ab5ec1d72 update copyright notice / whitespace 2017-07-21 23:46:06 +00:00
Mark Andrews
4bf32aa587 4654. [cleanup] Don't use C++ keywords delete, new and namespace. 
[RT #45538]
 2017-07-21 11:52:24 +10:00
Tinderbox User
ed07d7a8f5 update copyright notice / whitespace 2016-12-30 23:46:36 +00:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Mark Andrews
d811a7d9ef 4405. [bug] Change 4342 introduced a regression where you could 
not remove a delegation in a NSEC3 signed zone using
                        OPTOUT via nsupdate. [RT #42702]
 2016-07-06 10:13:15 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Evan Hunt
420a43c8d8 [master] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]
 2015-08-17 18:26:44 -07:00
Tinderbox User
c110d61b17 update copyright notice / whitespace 2015-01-20 23:45:26 +00:00
Evan Hunt
11463c0ac2 [master] clean up gcc -Wshadow warnings 
4039.	[cleanup]	Cleaned up warnings from gcc -Wshadow. [RT #37381]
 2015-01-20 13:29:18 -08:00
Mark Andrews
fec7998314 3942. [bug] Wildcard responses from a optout range should be 
marked as insecure. [RT #37072]
 2014-09-04 13:57:50 +10:00
Mark Andrews
e58154a6ec silence coverity warnings 2014-07-02 15:28:02 +10:00
Mark Andrews
b16d99bac1 3872. [bug] Address issues found by static analysis. [RT #36209] 2014-06-10 09:17:15 +10:00
Mark Andrews
36e5ac0033 3819. [bug] NSEC3 hashes need to be able to be entered and 
displayed without padding.  This is not a issue for
                        currently defined algorithms but may be for future
                        hash algorithms. [RT #27925]
 2014-04-24 18:58:03 +10:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Mark Andrews
c3c8823fed 3681. [port] Update the Windows build system to support feature 
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]
 2013-12-04 12:47:23 +11:00
Mark Andrews
b5f4cc132e 3641. [bug] Handle changes to sig-validity-interval settings 
better. [RT #34625]
 2013-09-04 13:45:00 +10:00
Tinderbox User
12253af346 update copyright notice 2013-04-10 23:46:01 +00:00
Evan Hunt
b99bfa184b [master] unify internal and export libraries 
3550.	[func]		Unified the internal and export versions of the
			BIND libraries, allowing external clients to use
			the same libraries as BIND. [RT #33131]
 2013-04-10 13:49:57 -07:00
Mark Andrews
8462dfb880 3443. [bug] The NOQNAME proof was not being returned from cached 
insecure responses. [RT #21409]
 2012-12-19 09:55:02 +11:00
Mark Andrews
463f4ad70b silence clang --analyzer warnin by checking rdata.length 2012-12-10 08:24:17 +11:00
Tinderbox User
6d5f928b26 update copyright notice 2012-06-25 23:46:00 +00:00
Mark Andrews
ad127d839d 3341. [func] New "dnssec-verify" command checks a signed zone 
to ensure correctness of signatures and of NSEC/NSEC3
                        chains. [RT #23673]
 2012-06-25 13:57:32 +10:00
Mark Andrews
28a8f5b0de set $Id$ 2012-03-08 00:21:15 +11:00
Automatic Updater
80c7083796 update copyright notice 2012-01-27 23:46:59 +00:00
Mark Andrews
ef9f4d0977 3266. [bug] The maximum number of NSEC3 iterations for a 
DNSKEY RRset was not being properly computed.
                        [RT #26543]
 2012-01-27 00:49:42 +00:00
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Evan Hunt
79ce3a9e82 3128. [func] Inserting an NSEC3PARAM via dynamic update in an 
auto-dnssec zone that has not been signed yet
			will cause it to be signed with the specified NSEC3
			parameters when keys are activated.  The
			NSEC3PARAM record will not appear in the zone until
			it is signed, but the parameters will be stored.
			[RT #23684]
 2011-06-10 01:51:09 +00:00
Evan Hunt
6de9744cf9 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-08 22:13:51 +00:00
Automatic Updater
c1aef54e14 update copyright notice 2011-03-12 04:59:49 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Mark Andrews
8aee18709f 2980. [bug] named didn't properly handle UPDATES that changed the 
TTL of the NSEC3PARAM RRset. [RT #22363]
 2010-12-07 02:53:34 +00:00
Mark Andrews
b00de53de2 2907. [bug] The export version of libdns had undefined references. 
[RT #21444]
 2010-06-02 00:38:29 +00:00
Automatic Updater
4dd3ec797d update copyright notice 2010-05-18 02:38:10 +00:00
Mark Andrews
8d31dd9ab6 2897. [bug] NSEC3 chains could be left behind when transitioning 
to insecure. [RT #21040]
 2010-05-18 01:39:41 +00:00
Automatic Updater
842920c7db update copyright notice 2010-01-04 23:48:51 +00:00
Evan Hunt
d3a6cd7c7e 2830. [bug] Changing the OPTOUT setting could take multiple 
passes. [RT #20813]
 2010-01-04 22:47:58 +00:00
Mark Andrews
d524a81532 2796. [bug] Missing dns_rdataset_disassociate() call in 
dns_nsec3_delnsec3sx(). [RT #20681]
 2009-12-01 05:28:40 +00:00
Automatic Updater
126dce8ebf update copyright notice 2009-11-03 23:48:23 +00:00
Mark Andrews
554d22d2de 2743. [bug] RRSIG could be incorrectly sent in the NSEC3 record 
for a insecure delegation.
 2009-11-03 01:07:48 +00:00