mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 21:17:54 +00:00
Code Issues Releases Wiki Activity
42,624 Commits 656 Branches 820 Tags
Commit Graph

355 Commits

Author SHA1 Message Date
Mark Andrews
020c4484fe 3173. [port] Correctly validate root DS responses. [RT #25726] 2011-10-15 05:00:15 +00:00
Evan Hunt
6de9744cf9 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-08 22:13:51 +00:00
Mark Andrews
ea82782532 3120. [bug] Named could fail to validate zones list in a DLV 
that validated insecure without using DLV and had
                        DS records in the parent zone. [RT #24631]
 2011-05-26 04:35:02 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Automatic Updater
c8175ece69 update copyright notice 2011-03-01 23:48:07 +00:00
Scott Mann
d31740ce28 Fixed DNSKEY NODATA responses not cached (RT #22908). 2011-03-01 14:40:39 +00:00
Francis Dupont
664917beda Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:21:35 +00:00
Mark Andrews
4b45a8fc5a handle cname response 2011-02-21 23:37:31 +00:00
Mark Andrews
37dee1ff94 2999. [func] Add GOST support (RFC 5933). [RT #20639] 2010-12-23 04:08:00 +00:00
Mark Andrews
a27b3757fd 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 01:14:51 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00
Mark Andrews
e27d55e3ee 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-05-26 06:28:00 +00:00
Automatic Updater
515c7f3c43 update copyright notice 2010-05-14 23:50:40 +00:00
Mark Andrews
44f175a90a 2892. [bug] Handle REVOKED keys better. [RT #20961] 2010-05-14 04:38:52 +00:00
Mark Andrews
b335299322 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:13:43 +00:00
Mark Andrews
fd95cc0da9 2877. [bug] The validator failed to skip obviously mismatching 
RRSIGs. [RT #21138]
 2010-04-21 05:45:47 +00:00
Mark Andrews
bb6d33103e 2876. [bug] Named could return SERVFAIL for negative responses 
from unsigned zones. [RT #21131]
 2010-04-21 04:16:49 +00:00
Mark Andrews
b8d036c434 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. 
[RT #20877]
 2010-03-26 17:12:48 +00:00
Automatic Updater
4d42b714be update copyright notice 2010-03-04 23:50:34 +00:00
Mark Andrews
22c4126ba5 2958. [bug] When canceling validation it was possible to leak 
memory. [RT #20800]
 2010-03-04 22:25:31 +00:00
Automatic Updater
bd2b08d5a3 update copyright notice 2010-02-25 05:08:01 +00:00
Mark Andrews
0cae66577c 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 04:39:13 +00:00
Evan Hunt
9ead684875 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:46:58 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00
Evan Hunt
7048af0a55 2769. [cleanup] Change #2742 was incomplete. [RT #19589] 2009-11-16 07:56:06 +00:00
Evan Hunt
be69d48443 2742. [cleanup] Clarify some DNSSEC-related log messages in 
validator.c. [RT #19589]
 2009-10-28 05:34:21 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust 
anchors for a view. [RT #20211]
 2009-10-27 22:46:13 +00:00
Evan Hunt
cfb1587eb9 2619. [func] Add support for RFC 5011, automatic trust anchor 
maintenance.  The new "managed-keys" statement can
			be used in place of "trusted-keys" for zones which
			support this protocol.  (Note: this syntax is
			expected to change prior to 9.7.0 final.) [RT #19248]
 2009-06-30 02:53:46 +00:00
Mark Andrews
afbe695de3 "got insecure response; parent indicates it should be secure" wrongly emitted [RT #19800] 2009-06-09 22:57:09 +00:00
Automatic Updater
54cdd2b307 update copyright notice 2009-05-07 23:47:44 +00:00
Francis Dupont
ff380b05fe comment fixes (rt19624) 2009-05-07 09:41:23 +00:00
Mark Andrews
e7eede965d 2597. [bug] Handle a validation failure with a insecure delegation 
from a NSEC3 signed master/slave zone.  [RT #19464]
 2009-05-07 02:34:19 +00:00
Evan Hunt
6b9728dde7 ARM and log message changes to clarify "insecure response". [rt19400] 2009-03-23 22:30:57 +00:00
Automatic Updater
8e3d340655 update copyright notice 2009-03-17 23:48:02 +00:00
Mark Andrews
72dbc7216a 2579. [bug] DNSSEC lookaside validation failed to handle unknown 
algorithms. [RT #19479]
 2009-03-17 01:34:28 +00:00
Evan Hunt
bfe0517fdc Clarify logged message when an insecure DNSSEC response arrives from a zone 
thought to be secure: "insecurity proof failed" instead of "not insecure".
[RT #19400]
 2009-03-01 02:45:38 +00:00
Mark Andrews
7d211b458f 2554. [bug] Validation of uppercase queries from NSEC3 zones could 
fail. [RT #19297]
 2009-02-15 23:46:23 +00:00
Mark Andrews
d2ef5b3c5c 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] 2009-02-15 23:37:29 +00:00
Francis Dupont
708383382f spelling 2009-01-17 15:12:26 +00:00
Automatic Updater
5569e7de51 update copyright notice 2009-01-05 23:47:54 +00:00
Tatuya JINMEI 神明達哉
3fb1637c92 trivial comment cleanups (RT#19118) 2009-01-05 23:20:22 +00:00
Automatic Updater
49960a74b5 update copyright notice 2008-11-14 23:47:33 +00:00
Mark Andrews
50df1ec60a 2495. [bug] Tighten RRSIG checks. [RT #18795] 2008-11-14 22:53:46 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
1bfe8851c0 2421. [bug] Handle the special return value of a empty node as 
if it was a NXRRSET in the validator. [RT #18447]
 2008-08-21 04:43:49 +00:00
Evan Hunt
e4d304b70b Fix build error: parameter type was changed in the prototype but not in 
the function header.
 2008-02-19 17:07:55 +00:00
Mark Andrews
664e11f0b1 2238. [bug] check_ds() could be called with a non DS rdataset. 
[RT #17598]
 2008-02-18 23:06:54 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Automatic Updater
9d5ed744c4 update copyright notice 2008-01-14 23:46:56 +00:00
Mark Andrews
f1263d2aa4 2304. [bug] Check returns from all dns_rdata_tostruct() calls. 
[RT #17460]
 2008-01-14 23:24:24 +00:00