mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity
17,783 Commits 660 Branches 820 Tags
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1
Commit Graph

183 Commits

Author SHA1 Message Date
Mark Andrews
8aee18709f 2980. [bug] named didn't properly handle UPDATES that changed the 
TTL of the NSEC3PARAM RRset. [RT #22363]
 2010-12-07 02:53:34 +00:00
Mark Andrews
8d31dd9ab6 2897. [bug] NSEC3 chains could be left behind when transitioning 
to insecure. [RT #21040]
 2010-05-18 01:39:41 +00:00
Automatic Updater
cc9ed75dd9 update copyright notice 2010-02-26 23:50:59 +00:00
Mark Andrews
64f8608ed6 2853. [bug] add_sigs() could run out of scratch space. [RT #21015] 2010-02-26 01:39:49 +00:00
Mark Andrews
57fb4f7bbe 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that 
was in the process of being created was not properly
                        recorded in the zone. [RT #20786]
 2009-12-30 02:43:09 +00:00
Automatic Updater
928e12ccdc update copyright notice 2009-12-18 23:49:03 +00:00
Evan Hunt
4e55893d30 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:16:49 +00:00
Mark Andrews
3d17a3ba61 2801. [func] Detect and report records that are different according 
to DNSSEC but are sematically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};
 2009-12-04 21:09:34 +00:00
Evan Hunt
e438e29354 claried log message when no active private keys are found to use for 
signing. [rt20690]
 2009-12-04 20:32:07 +00:00
Mark Andrews
5d850024cb 2800. [func] Reject zones which have NS records which refer to 
CNAMEs, DNAMEs or don't have address record (class IN
                        only).  Reject UPDATEs which would cause the zone
                        to fail the above checks if committed. [RT #20678]
 2009-12-04 03:33:15 +00:00
Automatic Updater
63aeaafd97 update copyright notice 2009-12-03 23:48:22 +00:00
Evan Hunt
8e4f3f1cbc 2799. [cleanup] Changed the "secure-to-insecure" option to 
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
			to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
 2009-12-03 23:18:17 +00:00
Evan Hunt
d312bc5d81 2785. [bug] Revoked keys could fail to self-sign [RT #20652] 2009-11-24 03:42:32 +00:00
Evan Hunt
cef109efa7 2780. [bug] dnssec-keygen -A none didn't properly unset the 
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
 2009-11-23 02:55:41 +00:00
Evan Hunt
b08325a7f3 2773. [bug] In autosigned zones, the SOA could be signed 
with the KSK. [RT #20628]
 2009-11-18 21:22:31 +00:00
Evan Hunt
e2facd7af2 2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597] 2009-11-09 01:28:32 +00:00
Evan Hunt
cc3ed192b0 2754. [bug] Secure-to-insecure transitions failed when zone 
was signed with NSEC3. [RT #20587]
 2009-11-06 08:38:56 +00:00
Mark Andrews
9e9e7112f9 2737. [func] UPDATE requests can leak existance information. 
[RT #17261]
 2009-10-27 05:42:25 +00:00
Automatic Updater
510032fdf4 update copyright notice 2009-10-22 23:48:07 +00:00
Mark Andrews
d2a8d00228 2724. [bug] Updates to a existing node in secure zone using NSEC 
were failing. [RT #20448]
 2009-10-22 01:55:55 +00:00
Automatic Updater
8667770ad2 update copyright notice 2009-10-10 23:47:58 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Automatic Updater
15bbb8a129 update copyright notice 2009-10-08 23:48:10 +00:00
Mark Andrews
2847930722 2708. [func] Insecure to secure and NSEC3 parameter changes via 
update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.
 2009-10-08 23:13:07 +00:00
Mark Andrews
88471538d6 2652. [func] Provide more detail about what record is being 
deleted. [RT #20061]
 2009-08-17 07:18:41 +00:00
Mark Andrews
bd190a40a8 2640. [security] A specially crafted update packet will cause named 
to exit. [RT #20000]
 2009-07-28 15:45:43 +00:00
Mark Andrews
47323be2af 2591. [bug] named could die when processing a update in 
removed_orphaned_ds(). [RT #19507]
 2009-04-30 06:59:11 +00:00
Tatuya JINMEI 神明達哉
3af7cd2661 2580. [bug] UpdateRej statistics counter could be incremented twice 
for one rejection. [RT #19476]
 2009-03-18 22:17:24 +00:00
Tatuya JINMEI 神明達哉
d9059b0c38 2537. [func] Added more statistics counters including those on socket 
I/O events and query RTT histograms.  [RT #18802]
 2009-01-27 22:30:00 +00:00
Mark Andrews
3efa3f07d5 2530. [bug] named failed to reject insecure to secure transitions 
via UPDATE. [RT #19101]
 2009-01-20 01:40:04 +00:00
Automatic Updater
d362465c77 update copyright notice 2009-01-17 23:47:43 +00:00
Francis Dupont
b9d4899121 spelling 2009-01-17 11:35:11 +00:00
Mark Andrews
515a537cd1 silence compiler 2008-11-19 06:21:45 +00:00
Automatic Updater
7f950d7cb7 update copyright notice 2008-11-06 23:47:06 +00:00
Mark Andrews
1f3e0508c2 2485. [bug] Change update's the handling of obscured RRSIG 
records.  Not all orphand DS records were being
                        removed. [RT #18828]
 2008-11-06 02:31:41 +00:00
Automatic Updater
6e2871232f update copyright notice 2008-09-24 03:16:58 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
8907d8fa04 2355. [func] Extend the number statistics counters available. 
[RT #17590]
 2008-04-03 05:55:52 +00:00
Mark Andrews
3f42cf2f3e 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]

back out incorrect branch rt1091 and apply correct branch rt1091a.
 2008-04-02 02:37:42 +00:00
Automatic Updater
e672951ed2 update copyright notice 2008-04-01 23:47:10 +00:00
Mark Andrews
a76b380643 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]
 2008-04-01 01:37:25 +00:00
Mark Andrews
c09c2bf800 2331. [bug] Failure to regenerate any signatures was not being reported 
or past back to the UPDATE client. [RT #17570]
 2008-02-07 03:12:15 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Automatic Updater
1da14e066c update copyright notice 2008-01-02 23:47:02 +00:00
Mark Andrews
92f60809e8 2286. [func] Allow a TCP connection to be used as a weak 
authentication method for reverse zones.
                        New update-policy methods tcp-self and 6to4-self.
                        [RT #17378]
 2008-01-02 05:13:42 +00:00
Mark Andrews
dc0ecf08db 2284. [bug] Memory leak in UPDATE prerequisite processing. 
[RT #17377]
 2008-01-02 04:26:26 +00:00
Mark Andrews
d91df50b67 2219. [bug] Apply zone consistancy checks to additions, not 
removals, when updating. [RT #17097]
 2007-08-28 00:05:06 +00:00
Mark Andrews
c5adbd722d 2217. [func] Adjust update log levels. [RT #17092] 2007-08-27 04:31:42 +00:00
Mark Andrews
6e5e27c38d 2211. [func] Update "dynamic update temporarily disabled" message. 
[RT #17065]
 2007-08-14 00:36:43 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00