upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-04 17:24:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
13780 commits 18 branches 854 tags 440 MiB
Commit graph

1741 commits

Author SHA1 Message Date
Mark Andrews
a9365554b6 2022. [bug] If dnssec validation is disabled only assert CD if 
CD was requested. [RT #16037]

2021.   [bug]           dnssec-enable no; triggered a REQUIRE. [RT #16037]
 2006-05-18 02:00:11 +00:00
Mark Andrews
47012ae6db regen 2006-05-17 02:39:16 +00:00
Mark Andrews
ffcc1bdb36 make query-source{-v6} clearer 2006-05-16 06:07:09 +00:00
Mark Andrews
7b68fa6229 2017. [bug] allow-query default was net correct. [RT #15946] 2006-05-16 03:35:56 +00:00
Mark Andrews
82ecc9cd96 2016. [bug] Return a partial answer if recursion is not 
allowed but requested and we had the answer
                        to the original qname. [RT #15945]
 2006-05-16 03:10:23 +00:00
Mark Andrews
b15d6bddeb regen 2006-05-08 15:46:27 +00:00
Mark Andrews
6412902ffc 2015. [cleanup] use-additional-cache is now acache-enable for 
consistancy.  Default acache-enable off in BIND 9.4
                        as it requires memory usage to be configured.
                        It may be enabled by default in BIND 9.5 once we
                        have more experience with it.
 2006-05-03 01:54:54 +00:00
Mark Andrews
52ece689e0 regen 2006-04-23 10:14:12 +00:00
Mark Andrews
f051d76c87 regen 2006-03-11 02:07:53 +00:00
Mark Andrews
d6b5e0b0e8 update copyright notice 2006-03-10 00:23:21 +00:00
Mark Andrews
84910d09ee 2009. [bug] libbind: coverity fixes. [RT #15808] 2006-03-09 23:57:56 +00:00
Mark Andrews
d2ef84e07b 2008. [func] It is now posssible to enable/disable DNSSEC 
validation from rndc.  This is useful for the
                        mobile hosts where the current connection point
                        breaks DNSSEC (firewall/proxy).  [RT #15592]

                                rndc validation newstate [view]
 2006-03-09 23:39:00 +00:00
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00
Mark Andrews
fe6f384b2e 2006. [security] Allow-query-cache and allow-recursion now default 
to the builtin acls "localnets" and "localhost".

                        This is being done to make caching servers less
                        attractive as reflective amplifying targets for
                        spoofed traffic.  This still leave authoritative
                        servers exposed.

                        The best fix is for full BCP 38 deployment to
                        remove spoofed traffic.
 2006-03-09 03:30:18 +00:00
Mark Andrews
083a5588a3 regen 2006-03-06 02:23:19 +00:00
Mark Andrews
59d84d1b07 2001. [func] Check the KSK flag when updating a secure dynamic zone. 
New zone option "update-check-ksk yes;".  [RT #15817]
 2006-03-06 01:27:52 +00:00
Mark Andrews
ea8874ec35 update copyright notice 2006-03-05 23:58:52 +00:00
Mark Andrews
d76ed813a5 1999. [func] Implement "rrset-order fixed". [RT #13662] 2006-03-03 00:43:35 +00:00
Mark Andrews
641f68d427 update copyright notice 2006-03-02 00:37:23 +00:00
Mark Andrews
45e1bd6358 1991. [cleanup] The configuration data, once read, should be treated 
as readonly.  Expand the use of const to enforce this
                        at compile time. [RT #15813]
 2006-02-28 02:39:52 +00:00
Mark Andrews
95b484c958 fix minor typos 2006-02-26 22:57:18 +00:00
Mark Andrews
d00e58d481 1986. [func] Report when a zone is removed. [RT #15849] 2006-02-21 23:12:27 +00:00
Mark Andrews
7d4a465de0 1597. [func] Allow notify-source and query-source to be specified 
on a per server basis similar to transfer-source.
 2006-02-17 00:24:21 +00:00
Mark Andrews
6e373c5025 1983. [func] Two new update policies. "selfsub" and "selfwild". 
[RT #12895]
 2006-02-16 01:34:24 +00:00
Mark Andrews
e0fe05b5ae update copyright notice 2006-02-03 23:51:39 +00:00
Mark Andrews
d53520b78d 1979. [port] linux: allow named to drop core after changing 
user ids. [RT #15753]
 2006-02-02 23:33:21 +00:00
Mark Andrews
c2b2bd69fa 1977. [bug] Silence noisy log message. [RT #15704] 2006-02-02 22:48:58 +00:00
Mark Andrews
26e2a07a0b update copyright notice 2006-01-27 23:57:46 +00:00
Mark Andrews
c6d4f78152 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and 
HMACSHA512 support. [RT #13606]
 2006-01-27 02:35:15 +00:00
Mark Andrews
3b4098640d regen 2006-01-06 01:55:39 +00:00
Mark Andrews
1b06367c34 update copyright notice 2006-01-06 00:01:44 +00:00
Mark Andrews
dc6da18ccb 1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723] 2006-01-05 23:45:34 +00:00
Mark Andrews
a687a0592b 1962. [bug] Named failed to clear old update-policy when it 
was removed. [RT #15491]
 2006-01-05 03:32:50 +00:00
Mark Andrews
6eb8591f00 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM. 
[RT #15465]
 2006-01-05 03:14:33 +00:00
Mark Andrews
a1bc941093 1959. [func] Control the zeroing of the negative response TTL to 
a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]
 2006-01-05 02:19:02 +00:00
Mark Andrews
1bc63715b7 fixed typos in error messages 2006-01-05 01:37:19 +00:00
Mark Andrews
08c9026166 1953. [func] Named now falls back to advertising EDNS with a 
512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1952.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]
 2006-01-05 00:01:46 +00:00
Mark Andrews
acb4f52369 update copyright notice 2006-01-04 23:50:24 +00:00
Mark Andrews
05d32f6b0f 1951. [security] Drop queries from particular well known ports. 
Don't return FORMERR to queries from particular
                        well known ports.  [RT #15636]
 2006-01-04 05:06:10 +00:00
Mark Andrews
e9733bc599 1949. [func] Addition memory leakage checks. [RT #15544] 2006-01-04 03:16:47 +00:00
Mark Andrews
fabf2ee6b0 1947. [func] It is now possible to configure named to accept 
expired RRSIGs.  Default "dnssec-accept-expired no;".
                        Setting "dnssec-accept-expired yes;" leaves named
                        vulnerable to replay attacks.  [RT #14685]
 2006-01-04 02:35:49 +00:00
Mark Andrews
ade83e60fa silence ambigious else 2005-11-30 03:36:45 +00:00
Mark Andrews
2674e1a455 1940. [bug] Fixed a number of error conditions reported by 
Coverity.
 2005-11-30 03:33:49 +00:00
Mark Andrews
faa4af28cf 1935. [bug] 'acache' was DO sensitive. [RT #15430] 
1934.   [func]          Validate pending NS RRsets, in the authority section,
                        prior to returning them if it can be done without
                        requiring DNSKEYs to be fetched.  [RT #15430]
 2005-11-02 01:28:45 +00:00
Mark Andrews
d08c5dfcd4 1931. [bug] Per-client mctx could require a huge amount of memory, 
particularly for a busy caching server. [RT #15519]
 2005-10-16 23:21:25 +00:00
Mark Andrews
16ee4fe11b 1930. [port] HPUX: ia64 support. [RT #15473] 
1929.   [port]          FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
 2005-10-14 01:14:08 +00:00
Mark Andrews
cedb0bd0c1 regen 2005-10-13 03:14:05 +00:00
Mark Andrews
982e072a50 1927. [bug] Access to soanode or nsnode in rbtdb violated the 
lock order rule and could cause a dead lock.
                        [RT# 15518]
 2005-10-13 01:58:32 +00:00
Mark Andrews
e23932d3c8 1923. [bug] ns_client_detach() called too early. [RT #15499] 2005-10-07 04:03:25 +00:00
Mark Andrews
8ec0567236 1920. [bug] Client memory contexts were not using internal 
malloc. [RT# 15434]
 2005-09-28 04:50:15 +00:00