upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-24 17:28:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/lib/dns
History
Matthijs Mekking 8e31f6981a Only warn if we could not delete signature 
BIND can log this warning:

    zone example.ch/IN (signed): Key example.ch/ECDSAP256SHA256/56340
      missing or inactive and has no replacement: retaining signatures.

This log can happen when BIND tries to remove signatures because the
are about to expire or to be resigned. These RRsets may be signed with
the KSK if the ZSK files has been removed from disk. When we have
created a new ZSK we can replace the signatures creeated by the KSK
with signatures from the new ZSK.

It complains about the KSK being missing or inactive, but actually it
takes the key id from the RRSIG.

The warning is logged if BIND detects the private ZSK file is missing.

The warning is logged even if we were able to delete the signature.

With the change from this commit it only logs this warning if it is not
okay to delete the signature.

(cherry picked from commit 2d2858841a)
2022-01-06 09:35:29 +01:00
..
include Fix catalog zone reconfiguration crash 2021-12-01 09:56:59 +00:00
rdata Fix "array subscript is of type 'char'" on NetBSD 9 2021-11-25 18:54:18 +01:00
tests Add dst_key_pubcompare and dst_key_compare unit test 2021-10-28 14:52:28 +00:00
win32 Fix catalog zone reconfiguration crash 2021-12-01 09:56:59 +00:00
.gitignore 4394. [func] Add rndc command "dnstap-reopen" to close and 2016-06-24 09:37:04 +10:00
acl.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
adb.c Replace locked mempools with memory contexts 2021-12-15 13:29:19 +01:00
badcache.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
byaddr.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
cache.c Allow resetting hash table size limits for DNS DBs 2021-06-17 17:17:37 +02:00
callbacks.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
catz.c Prevent existing catalog zone entries being incorrectly deleted 2021-10-28 00:04:44 +11:00
client.c properly initialise resarg->lock 2021-04-19 14:32:53 +02:00
clientinfo.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
compress.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
db.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
dbiterator.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dbtable.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
diff.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dispatch.c Replace locked mempools with memory contexts 2021-12-15 13:29:19 +01:00
dlz.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
dns64.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dnsrps.c Add stale-refresh-time option 2020-11-11 15:59:56 -03:00
dnssec.c Fix cleanup of signature buffer in dns_dnssec_signmessage 2021-10-12 10:19:08 +11:00
dnstap.c Address theoretical resource leak in dns_dt_open() 2021-02-23 09:41:15 +11:00
dnstap.proto fix spelling errors reported by Fossies. 2020-02-21 07:05:31 +00:00
ds.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_api.c Fix bug in dst_key_copymetadata 2021-08-11 15:18:10 +02:00
dst_internal.h Protect dst key metadata with lock 2021-07-01 14:48:47 +02:00
dst_openssl.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_parse.c Add key metadata for DS published/withdrawn 2021-07-01 14:48:23 +02:00
dst_parse.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_pkcs11.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dst_result.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
dyndb.c hacks to get dyndb working without libtool 2021-05-14 12:52:48 +02:00
ecdb.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ecs.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
fixedname.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
forward.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
gen-unix.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
gen-win32.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
gen.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
geoip2.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
gssapi_link.c Stop including <gssapi.h> from <dst/gssapi.h> header 2021-02-16 12:08:21 +11:00
gssapictx.c Free resources when gss_accept_sec_context() fails 2021-04-08 10:41:08 +02:00
hmac_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ipkeylist.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
iptable.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
journal.c Order the diff from dns_db_diffx so that deletes proceed adds 2021-07-23 09:20:25 +10:00
kasp.c Add purge-keys config option 2021-02-23 09:18:55 +01:00
key.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
keydata.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
keymgr.c Migrate a single key to CSK with dnssec-policy 2021-08-23 10:36:42 +02:00
keytable.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
Kyuafile regen master 2017-12-29 01:44:18 +00:00
lib.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
log.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
lookup.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
Makefile.in Remove custom ISC SPNEGO implementation 2021-04-01 10:42:32 +02:00
mapapi increase MAPAPI 2021-08-28 07:45:39 -07:00
master.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
masterdump.c Pause the dbiterator when dumping the zone to the disk 2021-06-04 11:32:31 +02:00
message.c Adjust the fillcount and freemax for dns_message mempools 2021-12-15 13:29:19 +01:00
name.c Use dns_name_copynf() with dns_message_gettempname() when needed 2021-05-22 07:17:01 +02:00
ncache.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
nsec.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
nsec3.c Mark DNSSEC responses with NSEC3 records that exceed 150 as insecure 2021-04-30 11:16:45 +02:00
nta.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
openssl_link.c Remove TLSDNS, TLS and HTTP protocols from netmgr 2021-05-14 12:52:48 +02:00
openssldh_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
opensslecdsa_link.c Make opensslecdsa_parse use fromlabel 2021-01-26 15:04:59 +01:00
openssleddsa_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
opensslrsa_link.c Fix a bug when comparing two RSA keys 2021-10-28 13:46:22 +00:00
order.c Allow "order none" in "rrset-order" rules 2020-10-02 08:50:51 +02:00
peer.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
pkcs11.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
pkcs11ecdsa_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
pkcs11eddsa_link.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
pkcs11rsa_link.c Fix misplaced declaration 2020-12-01 23:19:20 +11:00
portlist.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
private.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rbt.c map files over 2GB could not be loaded 2021-09-01 00:43:54 -07:00
rbtdb.c map files over 2GB could not be loaded 2021-09-01 00:43:54 -07:00
rbtdb.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rcode.c Use isdigit instead of checking character range 2021-05-05 18:23:53 +02:00
rdata.c Parse and print HTTPS and SVCB records 2021-08-18 14:59:29 +10:00
rdatalist.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdatalist_p.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdataset.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdatasetiter.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rdataslab.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
request.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
resolver.c Enable lame response detection even with disabled lame cache 2021-10-28 12:22:33 +02:00
result.c Parse and print HTTPS and SVCB records 2021-08-18 14:59:29 +10:00
rootns.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rpz.c Cleanup redundant isc_rwlock_init() result checks 2021-02-08 15:13:49 +11:00
rriterator.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
rrl.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
sdb.c Add stale-refresh-time option 2020-11-11 15:59:56 -03:00
sdlz.c Do not convert ISC_R_NOSPACE to DNS_R_SERVFAIL too early 2021-11-26 07:44:37 +11:00
soa.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ssu.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ssu_external.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
stats.c Clear dnssec-sign stats for removed keys 2021-08-24 09:51:45 +02:00
tcpmsg.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
time.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
timer.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
tkey.c Use dns_name_copynf() with dns_message_gettempname() when needed 2021-05-22 07:17:01 +02:00
tsec.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
tsig.c Use dns_name_copynf() with dns_message_gettempname() when needed 2021-05-22 07:17:01 +02:00
tsig_p.h update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
ttl.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
update.c Lock kasp when looking for zone keys 2021-05-20 09:52:53 +02:00
validator.c Mark DNSSEC responses with NSEC3 records that exceed 150 as insecure 2021-04-30 11:16:45 +02:00
version.c Use -release instead of -version-info for internal library SONAMEs 2021-01-25 15:28:09 +01:00
view.c Don't freeze / thaw non-explict in-view zones 2021-08-12 04:19:44 +00:00
xfrin.c use a fixedname buffer in dns_message_gettempname() 2021-05-22 07:13:57 +02:00
zone.c Only warn if we could not delete signature 2022-01-06 09:35:29 +01:00
zone_p.h Add NSEC3PARAM unit test, refactor zone.c 2020-11-26 14:15:05 +00:00
zonekey.c update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
zoneverify.c Replace literal 255 with a more descriptive macro name 2021-08-25 15:57:35 -07:00
zt.c rename dns_zone_master and dns_zone_slave 2021-08-30 11:58:29 -07:00