mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 21:17:54 +00:00
Code Issues Releases Wiki Activity
38,334 Commits 656 Branches 820 Tags
Commit Graph

318 Commits

Author SHA1 Message Date
Mark Andrews
1a09fefa59 3415. [bug] named could die with a REQUIRE failure id a valdation 
was canceled. [RT #31804]

Squashed commit of the following:

commit d414d3cb4244daeca4159ac1f8a82322e4a20e5a
Author: Mark Andrews <marka@isc.org>
Date:   Wed Nov 7 14:19:28 2012 +1100

    check that val->fetch != NULL before calling dns_resolver_destroyfetch
 2012-11-09 09:09:52 +11:00
Evan Hunt
47c5b8af92 [master] silence coverity warnings 
3401.	[bug]		Addressed Coverity warnings. [RT #31484]
 2012-10-23 22:04:06 -07:00
Mark Andrews
dbf693fdfd 3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262] 2012-10-06 14:56:33 +10:00
Evan Hunt
41bbb34bc2 fix coverity issues 
3388.	[bug]		Fixed several Coverity warnings. [RT #30996]
 2012-10-02 23:44:03 -07:00
Mark Andrews
058e44186b 3387. [func] Support for a DS digest can be disabled at 
runtime with disable-ds-digests. [RT #21581]
 2012-10-03 12:38:43 +10:00
ckb
e7857b5ee0 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are 
approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]
 2012-07-25 17:06:34 -05:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Mark Andrews
28a8f5b0de set $Id$ 2012-03-08 00:21:15 +11:00
Automatic Updater
5fec28507a update copyright notice 2012-02-15 21:19:59 +00:00
Mark Andrews
6d386978b3 3285. [bug] val-frdataset was incorrectly disassociated in 
proveunsecure after calling startfinddlvsep.
                        [RT #27928]
 2012-02-15 20:59:40 +00:00
Evan Hunt
25845da41a 3203. [bug] Increase log level to 'info' for validation failures 
from expired or not-yet-valid RRSIGs. [RT #21796]
 2011-11-04 05:36:28 +00:00
Automatic Updater
dfc015bc7e update copyright notice 2011-10-20 23:46:51 +00:00
Mark Andrews
ada40193c8 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:42:11 +00:00
Mark Andrews
020c4484fe 3173. [port] Correctly validate root DS responses. [RT #25726] 2011-10-15 05:00:15 +00:00
Evan Hunt
6de9744cf9 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-08 22:13:51 +00:00
Mark Andrews
ea82782532 3120. [bug] Named could fail to validate zones list in a DLV 
that validated insecure without using DLV and had
                        DS records in the parent zone. [RT #24631]
 2011-05-26 04:35:02 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Automatic Updater
c8175ece69 update copyright notice 2011-03-01 23:48:07 +00:00
Scott Mann
d31740ce28 Fixed DNSKEY NODATA responses not cached (RT #22908). 2011-03-01 14:40:39 +00:00
Francis Dupont
664917beda Use RRSIG original TTL in validated RRset TTL [RT #23332] 2011-02-28 14:21:35 +00:00
Mark Andrews
4b45a8fc5a handle cname response 2011-02-21 23:37:31 +00:00
Mark Andrews
37dee1ff94 2999. [func] Add GOST support (RFC 5933). [RT #20639] 2010-12-23 04:08:00 +00:00
Mark Andrews
a27b3757fd 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 01:14:51 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00
Mark Andrews
e27d55e3ee 2904. [bug] When using DLV, sub-zones of the zones in the DLV, 
could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]
 2010-05-26 06:28:00 +00:00
Automatic Updater
515c7f3c43 update copyright notice 2010-05-14 23:50:40 +00:00
Mark Andrews
44f175a90a 2892. [bug] Handle REVOKED keys better. [RT #20961] 2010-05-14 04:38:52 +00:00
Mark Andrews
b335299322 2890. [bug] Handle the introduction of new trusted-keys and 
DS, DLV RRsets better. [RT #21097]
 2010-05-14 00:13:43 +00:00
Mark Andrews
fd95cc0da9 2877. [bug] The validator failed to skip obviously mismatching 
RRSIGs. [RT #21138]
 2010-04-21 05:45:47 +00:00
Mark Andrews
bb6d33103e 2876. [bug] Named could return SERVFAIL for negative responses 
from unsigned zones. [RT #21131]
 2010-04-21 04:16:49 +00:00
Mark Andrews
b8d036c434 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call. 
[RT #20877]
 2010-03-26 17:12:48 +00:00
Automatic Updater
4d42b714be update copyright notice 2010-03-04 23:50:34 +00:00
Mark Andrews
22c4126ba5 2958. [bug] When canceling validation it was possible to leak 
memory. [RT #20800]
 2010-03-04 22:25:31 +00:00
Automatic Updater
bd2b08d5a3 update copyright notice 2010-02-25 05:08:01 +00:00
Mark Andrews
0cae66577c 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] 2010-02-25 04:39:13 +00:00
Evan Hunt
9ead684875 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] 2009-12-30 06:46:58 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00
Evan Hunt
7048af0a55 2769. [cleanup] Change #2742 was incomplete. [RT #19589] 2009-11-16 07:56:06 +00:00
Evan Hunt
be69d48443 2742. [cleanup] Clarify some DNSSEC-related log messages in 
validator.c. [RT #19589]
 2009-10-28 05:34:21 +00:00
Evan Hunt
95f2377b4f 2739. [cleanup] Clean up API for initializing and clearing trust 
anchors for a view. [RT #20211]
 2009-10-27 22:46:13 +00:00
Evan Hunt
cfb1587eb9 2619. [func] Add support for RFC 5011, automatic trust anchor 
maintenance.  The new "managed-keys" statement can
			be used in place of "trusted-keys" for zones which
			support this protocol.  (Note: this syntax is
			expected to change prior to 9.7.0 final.) [RT #19248]
 2009-06-30 02:53:46 +00:00
Mark Andrews
afbe695de3 "got insecure response; parent indicates it should be secure" wrongly emitted [RT #19800] 2009-06-09 22:57:09 +00:00
Automatic Updater
54cdd2b307 update copyright notice 2009-05-07 23:47:44 +00:00
Francis Dupont
ff380b05fe comment fixes (rt19624) 2009-05-07 09:41:23 +00:00
Mark Andrews
e7eede965d 2597. [bug] Handle a validation failure with a insecure delegation 
from a NSEC3 signed master/slave zone.  [RT #19464]
 2009-05-07 02:34:19 +00:00
Evan Hunt
6b9728dde7 ARM and log message changes to clarify "insecure response". [rt19400] 2009-03-23 22:30:57 +00:00
Automatic Updater
8e3d340655 update copyright notice 2009-03-17 23:48:02 +00:00
Mark Andrews
72dbc7216a 2579. [bug] DNSSEC lookaside validation failed to handle unknown 
algorithms. [RT #19479]
 2009-03-17 01:34:28 +00:00
Evan Hunt
bfe0517fdc Clarify logged message when an insecure DNSSEC response arrives from a zone 
thought to be secure: "insecurity proof failed" instead of "not insecure".
[RT #19400]
 2009-03-01 02:45:38 +00:00
Mark Andrews
7d211b458f 2554. [bug] Validation of uppercase queries from NSEC3 zones could 
fail. [RT #19297]
 2009-02-15 23:46:23 +00:00