mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity
19,775 Commits 657 Branches 820 Tags
Commit Graph

381 Commits

Author SHA1 Message Date
Evan Hunt
c19cfefe7e 3262. [bug] Signed responses were handled incorrectly by RPZ. 
[RT #27316]
 2012-01-07 00:19:59 +00:00
Automatic Updater
f76bddd50b update copyright notice 2012-01-04 23:46:49 +00:00
Evan Hunt
56c9fcf075 3260. [bug] "rrset-order cyclic" could appear not to rotate 
for some query patterns.  [RT #27170/27185]
 2012-01-04 03:06:51 +00:00
Evan Hunt
7c6a1a11fa 3218. [security] Cache lookup could return RRSIG data associated with 
nonexistent records, leading to an assertion
			failure. [RT #26590]
 2011-11-16 09:44:32 +00:00
Mark Andrews
7b4b6f361b 3186. [bug] Version/db mis-match in rpz code. [RT #26180] 2011-10-28 11:46:50 +00:00
Mark Andrews
ada40193c8 3175. [bug] Fix how DNSSEC positive wildcard responses from a 
NSEC3 signed zone are validated.  Stop sending a
                        unnecessary NSEC3 record when generating such
                        responses. [RT #26200]
 2011-10-20 21:42:11 +00:00
Automatic Updater
304a539c59 update copyright notice 2011-10-13 22:48:24 +00:00
Vernon Schryver
9fee08f655 Commit rt25172 changes to HEAD including 
- fix precedence among competing rules
  - improve ARM text including documenting rule precedence
  - try to rewrite CNAME chains until first hit
  - new "rpz" logging channel
  - same fix for "NS ." as in RT 24985
 2011-10-13 01:32:34 +00:00
Automatic Updater
ea68e8eba9 update copyright notice 2011-10-12 23:46:34 +00:00
Mark Andrews
af850c4120 3168. [bug] Nxdomain redirection could trigger a assert with 
a ANY query. [RT #26017]
 2011-10-12 23:09:35 +00:00
Automatic Updater
0e11ca0f0b update copyright notice 2011-10-11 23:46:45 +00:00
Evan Hunt
793814f807 3164. [func] Enable DLZ modules to retrieve client information, 
so that responses can be changed depending on the
			source address of the query. [RT #25768]
 2011-10-11 00:09:03 +00:00
Automatic Updater
ca894e53b5 update copyright notice 2011-09-02 23:46:33 +00:00
Evan Hunt
9e4afc9b39 3151. [bug] Queries for type RRSIG or SIG could be handled 
incorrectly.  [RT #21050]
 2011-09-02 21:55:16 +00:00
Mark Andrews
475b1ed9cc 3126. [security] Using DNAME record to generate replacements caused 
RPZ to exit with a assertion failure. [RT #23766]
 2011-06-09 03:10:17 +00:00
Mark Andrews
b64e3b8358 3125. [security] Using wildcard CNAME records as a replacement with 
RPZ caused named to exit with a assertion failure.
                        [RT #24715]
 2011-06-09 00:42:51 +00:00
Evan Hunt
6de9744cf9 3124. [bug] Use an rdataset attribute flag to indicate 
negative-cache records rather than using rrtype 0;
			this will prevent problems when that rrtype is
			used in actual DNS packets. [RT #24777]

3123.	[security]	Change #2912 exposed a latent flaw in
			dns_rdataset_totext() that could cause named to
			crash with an assertion failure. [RT #24777]
 2011-06-08 22:13:51 +00:00
Mark Andrews
c0984ac8bd 3115. [bug] Named could fail to return requested data when 
following a CNAME that points into the same zone.
                        [RT #2445]
 2011-05-20 05:09:30 +00:00
Automatic Updater
46ce2f7b60 update copyright notice 2011-04-27 23:47:26 +00:00
Evan Hunt
76db58eb81 3100. [security] Certain response policy zone configurations could 
trigger an INSIST when receiving a query of type
			RRSIG. [RT #24280]
 2011-04-27 17:46:47 +00:00
Evan Hunt
7a2173839c 3099. [test] "dlz" system test now runs but gives R:SKIPPED if 
not compiled with --with-dlz-filesystem.  [RT #24146]

3098.	[bug]		DLZ zones were answering without setting the AA bit.
			[RT #24146]
 2011-04-19 22:30:52 +00:00
Francis Dupont
a8e6a8cd6c fix too long with dname error 2011-03-18 21:12:19 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Evan Hunt
422009fe5b 3066. [func] The DLZ "dlopen" driver is now built by default, 
no longer requiring a configure option.  To
			disable it, use "configure --without-dlopen".
                        Driver also supported on win32.  [RT #23467]
 2011-03-10 04:36:16 +00:00
Automatic Updater
45caada8cb update copyright notice 2011-02-23 23:47:20 +00:00
Mark Andrews
0e507dbb81 2039. [func] Redirect on NXDOMAIN support. [RT #23146] 2011-02-23 03:08:11 +00:00
Scott Mann
57b403c1e9 Fix prz SERVFAILs after failed zone transfers (RT23246). 2011-02-18 15:18:30 +00:00
Mark Andrews
c1ee8bb4ba 3013. [bug] The DNS64 ttl was not always being set as expected. 
[RT #23034]
 2011-02-03 07:35:56 +00:00
Mark Andrews
cc5e0baaef arguements out of order 2011-01-13 23:16:06 +00:00
Automatic Updater
9cee5bb028 update copyright notice 2011-01-13 04:59:26 +00:00
Mark Andrews
87708bde16 3008. [func] Response policy zones (RPZ) support. [RT #21726] 2011-01-13 01:59:28 +00:00
Evan Hunt
d9ad0a55bb 3000. [bug] More TKEY/GSS fixes: 
- nsupdate can now get the default realm from
			   the user's Kerberos principal
			 - corrected gsstest compilation flags
			 - improved documentation
			 - fixed some NULL dereferences
			[RT #22795]
 2010-12-24 02:20:47 +00:00
Tatuya JINMEI 神明達哉
743bbdc18f 2947. [func] Add new zone type "static-stub". It's like a stub 
zone, but the nameserver names and/or their IP
			addresses are statically configured. [RT #21474]

(for 9.8.0)
 2010-12-16 09:51:30 +00:00
Automatic Updater
b8a9a7bef2 update copyright notice 2010-12-08 23:51:56 +00:00
Mark Andrews
e334405421 2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991] 2010-12-08 02:46:17 +00:00
Mark Andrews
ed83fa75f5 2963. [security] The allow-query acl was being applied instead of the 
allow-query-cache acl to cache lookups. [RT #22114]
 2010-09-24 05:09:03 +00:00
Mark Andrews
082f42dcf2 2960. [func] Check that named accepts non-authoritative answers. 
[RT #21594]
 2010-09-15 12:07:56 +00:00
Mark Andrews
8fb412590e 2953. [bug] Silence spurious "expected covering NSEC3, got an 
exact match" message when returning a wildcard
                        no data response. [RT #21744]
 2010-09-07 02:28:17 +00:00
Tatuya JINMEI 神明達哉
f1f39b7e07 2931. [bug] Temporarily and partially disable change 2864 
because it would cause inifinite attempts of RRSIG
			queries.  This is an urgent care fix; we'll
			revisit the issue and complete the fix later.
			[RT #21710]
 2010-07-15 01:17:45 +00:00
Automatic Updater
1b67d9b719 update copyright notice 2010-06-26 23:46:49 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00
Automatic Updater
b61690dbad update copyright notice 2010-06-22 23:46:52 +00:00
Mark Andrews
48dfee7150 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively 
to IPv4 clients.  New acl 'filter-aaaa' (default any).
 2010-06-22 04:03:38 +00:00
Automatic Updater
230987e819 update copyright notice 2010-03-12 23:51:11 +00:00
Mark Andrews
fa2cb8d61d 2864. [bug] Direct SIG/RRSIG queries were not handled correctly. 
[RT #21050]
 2010-03-12 01:48:35 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Vernon Schryver
5d9922e86f Allow the optional filter-aaaa-on-v4 option in view statements to close #20635 2009-11-28 15:57:37 +00:00
Mark Andrews
d0ca4e90e2 2786. [bug] Additional could be promoted to answer. [RT #20663] 2009-11-25 02:22:05 +00:00
Mark Andrews
dc92707066 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP 
buffer size of 512 or less.  [RT #20654]
 2009-11-24 03:09:57 +00:00
Mark Andrews
a39a5f4d81 2772. [security] When validating, track whether pending data was from 
the additional section or not and only return it if
                        validates as secure. [RT #20438]
 2009-11-17 23:55:18 +00:00