mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity
23,469 Commits 656 Branches 820 Tags
Commit Graph

818 Commits

Author SHA1 Message Date
Mark Andrews
29dd4bdd14 2717. [bug] named failed to update the NSEC/NSEC3 record when 
the last private type record was removed as a result
                        of completing the signing the zone with a key.
                        [RT #20399]
 2009-10-20 02:45:06 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Automatic Updater
8667770ad2 update copyright notice 2009-10-10 23:47:58 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Mark Andrews
bb4e0bd8e8 silence ininitialised 2009-10-08 23:58:14 +00:00
Mark Andrews
0838b3c02f Recompute check_ksk as it may have changed 2009-10-08 23:55:57 +00:00
Automatic Updater
15bbb8a129 update copyright notice 2009-10-08 23:48:10 +00:00
Mark Andrews
2847930722 2708. [func] Insecure to secure and NSEC3 parameter changes via 
update are now fully supported and no longer require
                        defines to enable.  We now no longer overload the
                        NSEC3PARAM flag field, nor the NSEC OPT bit at the
                        apex.  Secure to insecure changes are controlled by
                        by the named.conf option 'secure-to-insecure'.

                        Warning: If you had previously enabled support by
                        adding defines at compile time to BIND 9.6 you should
                        ensure that all changes that are in progress have
                        completed prior to upgrading to BIND 9.7.  BIND 9.7
                        is not backwards compatible.
 2009-10-08 23:13:07 +00:00
Automatic Updater
464f9144fe update copyright notice 2009-10-05 23:48:27 +00:00
Evan Hunt
3ff75c89eb 2704. [bug] Serial of dynamic and stub zones could be inconsistent 
with their SOA serial.  [RT #19387]
 2009-10-05 19:39:20 +00:00
Francis Dupont
adb6972f01 minor fix, cf 20295 2009-09-22 08:38:14 +00:00
Automatic Updater
6d7e30b030 update copyright notice 2009-09-10 23:48:00 +00:00
Evan Hunt
dbabab1f37 rt20045: 
- sync_keyzone() could leak ISC_R_NOMORE, causing zone_postload() to think
  it had failed
- journal roll-forward on key zones complained about having the wrong
  number of SOA records
- dns_soa_buildrdata() could return a pointer to memory allocated on the
  stack
 2009-09-10 01:47:09 +00:00
Evan Hunt
b1f3364f52 2664. [bug] create_keydata() and minimal_update() in zone.c 
didn't properly check return values for some
			functions.  [RT #19956]
 2009-09-01 07:04:12 +00:00
Automatic Updater
1f5dc0fc22 update copyright notice 2009-08-13 07:14:05 +00:00
Mark Andrews
8cff1a894f 2647. [bug] Remove unnecessary SOA updates when a new KSK is 
added. [RT #19913]
 2009-08-13 02:53:01 +00:00
Automatic Updater
4a979d3577 update copyright notice 2009-07-17 23:47:41 +00:00
Evan Hunt
aeff7de836 2634. [port] win32: Add support for libxml2, enable 
statschannel. [RT #19773]
 2009-07-17 06:25:45 +00:00
Automatic Updater
fd4dcaddae update copyright notice 2009-07-13 23:47:42 +00:00
Evan Hunt
ef370118d5 2626. [bug] Multiple trusted-keys could trigger an assertion 
failure. [RT #19914]
 2009-07-13 21:49:57 +00:00
Automatic Updater
c8da39c6c7 update copyright notice 2009-07-02 23:47:26 +00:00
Mark Andrews
109580e7e5 2920. [bug] Delay thawing the zone until the reload of it has 
completed successfully.  [RT #19750]
 2009-07-02 07:39:03 +00:00
Automatic Updater
f66c8eed51 update copyright notice 2009-06-30 23:48:01 +00:00
Evan Hunt
cfb1587eb9 2619. [func] Add support for RFC 5011, automatic trust anchor 
maintenance.  The new "managed-keys" statement can
			be used in place of "trusted-keys" for zones which
			support this protocol.  (Note: this syntax is
			expected to change prior to 9.7.0 final.) [RT #19248]
 2009-06-30 02:53:46 +00:00
Mark Andrews
b577875266 missing line breaks 2009-06-17 04:29:43 +00:00
Francis Dupont
ff380b05fe comment fixes (rt19624) 2009-05-07 09:41:23 +00:00
Automatic Updater
d76bbb6c40 update copyright notice 2009-04-28 23:48:01 +00:00
Jeremy Reed
f20f19de19 2587. [func] Improve logging by reporting serial numbers for 
when zone serial has gone backwards or unchanged.
			[RT #19506]
 2009-04-28 12:48:35 +00:00
Mark Andrews
64e161a7f7 2582. [bug] Don't emit warning log message when we attempt to 
remove non-existant journal. [RT #19516]
 2009-03-26 22:51:54 +00:00
Mark Andrews
56708c6fb4 2576. [bug] NSEC record were not being correctly signed when 
a zone transitions from insecure to secure.
                        Handle such incorrectly signed zones. [RET #19114]
 2009-03-13 01:35:18 +00:00
Mark Andrews
e502b133d6 2556. [cleanup] PCI compliance: 
* new libisc log module file
                        * isc_dir_chroot() now also changes the working
                          directory to "/".
                        * additional INSISTs
                        * additional logging when files can't be removed.
 2009-02-16 02:01:16 +00:00
Tatuya JINMEI 神明達哉
d9059b0c38 2537. [func] Added more statistics counters including those on socket 
I/O events and query RTT histograms.  [RT #18802]
 2009-01-27 22:30:00 +00:00
Automatic Updater
d362465c77 update copyright notice 2009-01-17 23:47:43 +00:00
Francis Dupont
09eaa8e309 spelling 2009-01-17 15:18:15 +00:00
Mark Andrews
455ada05af 2471. [bug] named-checkzone was not reporting missing manditory 
glue when sibling checks were disabled. [RT #18768]
 2008-10-24 00:28:00 +00:00
Automatic Updater
6e2871232f update copyright notice 2008-09-24 03:16:58 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
fbfed7400f "while (1) {} -> do {} while (1);" to suppress a warning 2008-04-09 04:29:16 +00:00
Mark Andrews
375e2c913a 2359. [bug] Fix NSID bug. [RT #17942] 2008-04-07 05:32:52 +00:00
Mark Andrews
8907d8fa04 2355. [func] Extend the number statistics counters available. 
[RT #17590]
 2008-04-03 05:55:52 +00:00
Mark Andrews
db30f4bdcb 2353. [func] Add support for Name Server ID (RFC 5001). 
'dig +nsid' requests NSID from server.
                        'request-nsid yes;' causes recursive server to send
                        NSID requests to upstream servers.  Server responds
                        to NSID requests with the string configured by
                        'server-id' option.  [RT #17091]
 2008-04-03 02:01:08 +00:00
Mark Andrews
3f42cf2f3e 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]

back out incorrect branch rt1091 and apply correct branch rt1091a.
 2008-04-02 02:37:42 +00:00
Mark Andrews
a0735eeac5 unit16_t -> isc_uint16_t 2008-04-02 01:48:32 +00:00
Automatic Updater
e672951ed2 update copyright notice 2008-04-01 23:47:10 +00:00
Mark Andrews
a76b380643 2349. [func] Provide incremental re-signing support for secure 
dynamic zones. [RT #1091]
 2008-04-01 01:37:25 +00:00
Automatic Updater
cbf0854acc update copyright notice 2008-01-24 23:47:00 +00:00
Tatuya JINMEI 神明達哉
1c3ed2a83d 2320. [func] Make statistics couters thread-safe for platforms 
that support certain atomic operations. [RT #17466]
 2008-01-24 02:00:44 +00:00
Mark Andrews
541b9722d8 2273. [bug] Adjust log level to WARNING when saving inconsistant 
stub/slave master and journal files. [RT# 17279]
 2007-12-02 22:27:54 +00:00
Mark Andrews
ca84283333 2244. [func] Allow the check of nameserver names against the 
SOA MNAME field to be disabled by specifying
                        'notify-to-soa yes;'.  [RT #17073]
 2007-09-18 00:22:31 +00:00