0c27b3fe77ac1d5094ba3521e8142d9e7973133f |
|
27-Jun-2016 |
Mark Andrews <marka@isc.org> |
4401. [misc] Change LICENSE to MPL 2.0. |
3cd204c4a46f21bf2a38f35e79af45ac595be943 |
|
15-Apr-2016 |
Evan Hunt <each@isc.org> |
[master] fixed revoked key regression
4436. [bug] Fixed a regression introduced in change #4337 which
caused signed domains with revoked KSKs to fail
validation. [RT #42147] |
4a7004f3cec6958b8b20bccf07b9f6a44f0fd590 |
|
11-Mar-2016 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
7c525954642f8fb3698b555115edb09fe3bd3354 |
|
10-Mar-2016 |
Mark Andrews <marka@isc.org> |
4331. [func] When loading managed signed zones detect if the
RRSIG's inception time is in the future and regenerate
the RRSIG immediately. [RT #41808] |
a5c7cfbac4e401c41741c123347739ab87c80a52 |
|
30-Oct-2014 |
Mark Andrews <marka@isc.org> |
3990. [testing] Add tests for unknown DNSSEC algorithm handling.
[RT #37541] |
c83b91fb6345464807161cc36c5d9046a15d5866 |
|
30-Sep-2014 |
Mark Andrews <marka@isc.org> |
3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] |
5a31767b0982ba0fd5211d51fd002730c929656a |
|
20-Jun-2014 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
b8a9632333a92d73a503afe1aaa7990016c8bee9 |
|
19-Jun-2014 |
Evan Hunt <each@isc.org> |
[master] complete NTA work
3882. [func] By default, negative trust anchors will be tested
periodically to see whether data below them can be
validated, and if so, they will be allowed to
expire early. The "rndc nta -force" option
overrides this behvaior. The default NTA lifetime
and the recheck frequency can be configured by the
"nta-lifetime" and "nta-recheck" options. [RT #36146] |
eade480b330b543777431760fd6c467c21affc86 |
|
14-Dec-2013 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
9b895f30f1734fd463a02b27cfd0cf36ec9893d5 |
|
13-Dec-2013 |
Evan Hunt <each@isc.org> |
[master] fix insecure delegation across static-stub zones
3689. [bug] Fixed a bug causing an insecure delegation from one
static-stub zone to another to fail with a broken
trust chain. [RT #35081] |
e7857b5ee05414961bb11f9e57f654163fae6acb |
|
26-Jul-2012 |
ckb <ckb@isc.org> |
3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
approaching their expiry, so they don't remain
in caches after expiry. [RT #26429] |
a847a4bcd665fb1cafc1b2a0a42be7a1ede82a89 |
|
18-May-2012 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
26833735d3d95e731a1cfb2a9b12c9bc10ba208a |
|
17-May-2012 |
Evan Hunt <each@isc.org> |
Handle RRSIG signer case consistently
3329. [bug] Handle RRSIG signer-name case consistently: We
generate RRSIG records with the signer-name in
lower case. We accept them with any case, but if
they fail to validate, we try again in lower case.
[RT #27451] |
25845da41a621f35e76dc8560ca40de6859e0a11 |
|
04-Nov-2011 |
Evan Hunt <each@isc.org> |
3203. [bug] Increase log level to 'info' for validation failures
from expired or not-yet-valid RRSIGs. [RT #21796] |
eff7f78bc65f30efd87a398e66084ddab72799d3 |
|
05-Mar-2011 |
Mark Andrews <marka@isc.org> |
3061. [func] New option "dnssec-signzone -D", only write out
generated DNSSEC records. [RT #22896] |
664917bedafa65dee4349c84324a31731aa1e228 |
|
28-Feb-2011 |
Francis Dupont <fdupont@isc.org> |
Use RRSIG original TTL in validated RRset TTL [RT #23332] |
4f07b2b00cf52582b2ee9b55aabe7eb5066e57e7 |
|
23-Feb-2011 |
Mark Andrews <marka@isc.org> |
3040. [bug] Named failed to validate insecure zones where a node
with a CNAME existed between the trust anchor and the
top of the zone. [RT #23338] |
c41b2924a59a9a6af8c22a20c172f75fd5e1e9d3 |
|
16-Feb-2011 |
Automatic Updater <source@isc.org> |
update copyright notice |
b1b42b03b774d77ddfd38e5e0a5c0a3ed1944b89 |
|
15-Feb-2011 |
Mark Andrews <marka@isc.org> |
3020. [bug] auto-dnssec failed to correctly update the zone when changing the DNSKEY RRset. [RT #23232] |
c5fa3706950224af3f5ae6d22944b1b8298d4edd |
|
15-Feb-2011 |
Mark Andrews <marka@isc.org> |
3019. [func] Test: check apex NSEC3 records after adding DNSKEY
record via UPDATE. [RT #23229] |
6bb1560124ce99fe50b9847ce29fcaed52564900 |
|
19-Jan-2010 |
Automatic Updater <source@isc.org> |
update copyright notice |
e11a0c114cdaf8f7e7832e9f1a011138248093a6 |
|
18-Jan-2010 |
Evan Hunt <each@isc.org> |
2841. [func] Added "smartsign" and improved "autosign" and
"dnssec" regression tests. [RT #20865] |
d8680445d6212d5552ea8a22fd2f9951b11c4b10 |
|
30-Dec-2009 |
Tatuya JINMEI 神明達哉 <ji <jinmei@isc.org> |
2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?) |
990dca4605f47703dfdadacb594fbafe01760661 |
|
28-Oct-2009 |
Automatic Updater <source@isc.org> |
update copyright notice |
e09cdbac087b88524ac40e943d040e2a032c48f2 |
|
27-Oct-2009 |
Mark Andrews <marka@isc.org> |
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
test. [RT #20453] |
3398334b3acda24b086957286288ca9852662b12 |
|
25-Sep-2008 |
Automatic Updater <source@isc.org> |
update copyright notice |
6098d364b690cb9dabf96e9664c4689c8559bd2e |
|
24-Sep-2008 |
Mark Andrews <marka@isc.org> |
2448. [func] Add NSEC3 support. [RT #15452] |
70e5a7403f0e0a3bd292b8287c5fed5772c15270 |
|
20-Jun-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
ec5347e2c775f027573ce5648b910361aa926c01 |
|
19-Jun-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
38e8022ace865803bdd609c9763cd7d7ba2818dc |
|
05-May-2004 |
Mark Andrews <marka@isc.org> |
1625. [bug] named failed to load/transfer RFC2535 signed zones
which contained CNAMES. [RT# 11237] |
8d414d155953f89a4eff40f16878438a8c9228f3 |
|
16-Apr-2004 |
Mark Andrews <marka@isc.org> |
1600. [bug] Duplicate zone pre-load checks were not case
insensitive.
1599. [bug] Fix memory leak on error path when checking named.conf.
1598. [func] Specify that certain parts of the namespace must
be secure (dnssec-must-be-secure). |
dafcb997e390efa4423883dafd100c975c4095d6 |
|
05-Mar-2004 |
Mark Andrews <marka@isc.org> |
update copyright notice |
35541328a8c18ba1f984300dfe30ec8713c90031 |
|
14-Jan-2004 |
Mark Andrews <marka@isc.org> |
1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers. |
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5 |
|
20-Feb-2002 |
Mark Andrews <marka@isc.org> |
copyrights |
473ca0bf8c73e5fc3132df074b2d4e14be5eaa1e |
|
22-Jan-2002 |
Andreas Gustafsson <source@isc.org> |
Added RT #2399 regression test |
e4b5f088ca2dad7c81a9df0172fd534a3a880879 |
|
19-Sep-2001 |
Andreas Gustafsson <source@isc.org> |
Added RT #1763 regression test |
a41ab607a452e2e90ae0cb142a0a985e4fda2fbd |
|
20-Feb-2001 |
Brian Wellington <source@isc.org> |
Test that validation of ANY queries works. Also add data to be used for
CNAME/DNAME tests, but not the tests yet since they fail. |
499b34cea04a46823d003d4c0520c8b03e8513cb |
|
09-Jan-2001 |
Brian Wellington <source@isc.org> |
copyright update |
40f53fa8d9c6a4fc38c0014495e7a42b08f52481 |
|
01-Aug-2000 |
David Lawrence <source@isc.org> |
Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your
own CVS tree will help minimize CVS conflicts. Maybe not.
Blame Graff for getting me to trim all trailing whitespace. |
15a44745412679c30a6d022733925af70a38b715 |
|
27-Jul-2000 |
David Lawrence <source@isc.org> |
word wrap copyright notice at column 70 |
9c3531d72aeaad6c5f01efe6a1c82023e1379e4d |
|
23-Jun-2000 |
David Lawrence <source@isc.org> |
add RCS id string |
d0be1e954bd4674fc27f2616c72adb37cf3525a2 |
|
22-Jun-2000 |
David Lawrence <source@isc.org> |
update_copyrights |
d98372394fd6253336e9c9d580f48bd6ff9710f7 |
|
18-May-2000 |
Michael Sawyer <source@isc.org> |
Addition of test suite. |
0e9dcd548051a8ec34744bfa18b4e09fea742a39 |
|
16-May-2000 |
Andreas Gustafsson <source@isc.org> |
added system tests |