d81a3ca82ced32fb915afce7ebc3c0102d4ad65f |
|
01-Mar-2017 |
Mark Andrews <marka@isc.org> |
adjust range
(cherry picked from commit 9301c35ae63a428abb12db5c9bbe19f07c28824f) |
d1bc66f4dfdc4a017b3236139787c85101620bb8 |
|
01-Mar-2017 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
c006cfc5a25be47ae7960d76b7d4a7bc3fc2fb26 |
|
28-Feb-2017 |
Mark Andrews <marka@isc.org> |
Reimplement:
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
(cherry picked from commit f240f4a5decae09cdabb83f824e0fd339377ad7e) |
45fd95544cd650a8e6a0fc39b656d1109b811ac0 |
|
01-Nov-2016 |
Evan Hunt <each@isc.org> |
[v9_11] simplify prereq checks by using feature-test.c
4498. [test] Simplify prerequisite checks in system tests.
[RT #43516]
(cherry picked from commit 5480a74b70651d49dd79bb762a65203512ec2725) |
cc51cd2d2076e33117c60c9effcb8caccde4983b |
|
19-Oct-2016 |
Witold Krecicki <wpk@isc.org> |
4487. [test] Make system tests work on Windows. [RT #42931] |
0c27b3fe77ac1d5094ba3521e8142d9e7973133f |
|
27-Jun-2016 |
Mark Andrews <marka@isc.org> |
4401. [misc] Change LICENSE to MPL 2.0. |
3635d8f9104e70e141a8f191a0e6c1502ceed2f3 |
|
14-Jun-2016 |
Mark Andrews <marka@isc.org> |
do not overflow exit status. [RT #42643] |
7d4f45f6bd729973f6d24554b3aac9f75a5a22c6 |
|
22-Jan-2016 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
9b789c54f8829b867c4a888c47bd2310a790415a |
|
21-Jan-2016 |
Evan Hunt <each@isc.org> |
[master] add regression test for RT #41518
4297. [test] Ensure delegations in RPZ zones fail robustly.
[RT #41518] |
9ae15880201d512667795095880032e043c7b3c3 |
|
09-May-2015 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
b947e1a521c6931f787d6d1b3604d5b138170c3d |
|
07-May-2015 |
Mukund Sivaraman <muks@isc.org> |
Fix a bug in RPZ that could cause unwanted recursion (#39229)
Conflicts:
doc/arm/notes.xml |
7301df07cff7d25a62624c5d0b0cf01c08a39f01 |
|
24-Nov-2014 |
Mark Andrews <marka@isc.org> |
extend the permissible number of queries to 25 from 24 |
06e28e50bd06bf3127b560c97a81f67306bacb02 |
|
18-Sep-2014 |
Mark Andrews <marka@isc.org> |
give the nameserver a little longer to response |
cef76ee5bd845a80e06da934edce4225bdba22a1 |
|
22-Aug-2014 |
Mark Andrews <marka@isc.org> |
3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833] |
f2a91da02e18caed04f1a00a7b7bdb8ff93b774e |
|
31-Jul-2014 |
Mark Andrews <marka@isc.org> |
adjust range |
ac5ed748602c890d596bed07b0b23b8b5f42b2f6 |
|
22-Jul-2014 |
Mark Andrews <marka@isc.org> |
3897. [bug] RPZ summary information was not properly being updated
after a AXFR resulting in changes sometimes being
ignored. [RT #35885] |
48789995c1d85ababbf488bf24198adba466bb87 |
|
15-Jun-2014 |
Mark Andrews <marka@isc.org> |
use $NSUPDATE |
06e0d6bb126e9986f29036e671b59f48b1d2efbc |
|
12-Jun-2014 |
Evan Hunt <each@isc.org> |
[master] address rpz bugs
3877. [bug] Inserting and deleting parent and child nodes
in response policy zones could trigger an assertion
failure. [RT #36272] |
536098609270345606f4e442064bd15b19d1768e |
|
02-Jun-2014 |
Mark Andrews <marka@isc.org> |
set max |
3a26e75e3c475b6f2f34716fa2847bf015db57c5 |
|
02-Jun-2014 |
Mark Andrews <marka@isc.org> |
accept a range of stats values |
44b0e0b1d5bdb103062d6bdeaa5c649c40e2541d |
|
30-May-2014 |
Mark Andrews <marka@isc.org> |
More changes for:
3864. [bug] RPZ didn't work well when being used as forwarder.
[RT #36060] |
3d751891410f9892ca1c1deba2f7d8556ae91b0c |
|
29-May-2014 |
Mark Andrews <marka@isc.org> |
3864. [bug] RPZ didn't work well when being used as forwarder.
[RT #36060] |
20a96edbf9894e327a99f21acf3571422df5c7b0 |
|
21-Feb-2014 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
86a85a3bbd3d4580982b2c02d9b4837bc6c2fae5 |
|
19-Feb-2014 |
Mark Andrews <marka@isc.org> |
don't error on rpz percentage checks as they fail inconsistently on virtual machines |
225146b2c8c7de8dcff979841b56b15aef8aded2 |
|
18-Nov-2013 |
Mark Andrews <marka@isc.org> |
3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026] |
9fa2a0deed3b880f3bf04d4f615c13a0d67cc0ce |
|
21-Sep-2013 |
Mark Andrews <marka@isc.org> |
3652. [bug] Address bug with rpz-drop policy. [RT #34816] |
df0892aea6bfd20a01c3abf2b756625d23830390 |
|
09-Aug-2013 |
Mark Andrews <marka@isc.org> |
3627. [bug] RPZ changes were not effective on slaves. [RT #34450] |
421d4a06479e61fbdc35087f3c4abc9fe65ad72a |
|
12-Jul-2013 |
Evan Hunt <each@isc.org> |
[master] rpz work
3620. [func] Added "rpz-client-ip" policy triggers, enabling
RPZ responses to be configured on the basis of
the client IP address; this can be used, for
example, to blacklist misbehaving recursive
or stub resolvers. [RT #33605]
3619. [bug] Fixed a bug in RPZ with "recursive-only no;"
[RT #33776] |
609b8d08176469485edce25f3c2f50365bbd3819 |
|
26-Feb-2013 |
Mark Andrews <marka@isc.org> |
update copyrights |
30314ce9c5374d941c4895cc8674b98a15847f98 |
|
26-Feb-2013 |
Mark Andrews <marka@isc.org> |
'!' is not portable. |
f97d56e757b9a293ffbaa915ca4d792ae84ba85a |
|
26-Feb-2013 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
94315060c2b0d9deafabe72d6a0482405fd9d377 |
|
25-Feb-2013 |
Evan Hunt <each@isc.org> |
[master] RPZ speedup (phase 2, multiple RPZ's)
3495. [func] Support multiple response-policy zones, while
improving RPZ performance. [RT #32476] |
bf8267aa453e5d2a735ed732a043b77a0b355b20 |
|
29-Jun-2012 |
Mark Andrews <marka@isc.org> |
reverse bad copyright update |
247bf378605811d695e968dbe930a7fc45c0038e |
|
29-Jun-2012 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
1ff22ac042b65c8ff1314bba27eb509cc097a9a7 |
|
07-Jun-2012 |
Mark Andrews <marka@isc.org> |
Don't restart ns5 after killing it |
ba16ade5f81d1852dfe5a0513fe0b4fe5a91818d |
|
04-Jun-2012 |
Mark Andrews <marka@isc.org> |
kill and restart the nameserver after running: perf 'without rpz' norpz |
3787f2ec8a31db88ffa025118be3c3686aca2c47 |
|
01-Jun-2012 |
Evan Hunt <each@isc.org> |
fix solaris portability problem |
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63 |
|
31-May-2012 |
Vernon Schryver <vjs@isc.org> |
Squashed commit of the following:
commit aea73609ac5d41ed091360e94370798965f28f05
commit eef7f44c57a060b24a426eb8888e16176a0a69b1
commit a88a26d864ad399fa2d40e3b9659b4d26f454ca1
commit 1b90d59568e7e3b65690c6bd075cf4d60b03e454
Merge: 74d8f73 cd02924
commit 74d8f73ed553bb64a305e284905762f7ff0029aa
commit 9a59ef6bbd4befe91e5691e8b85afe1cb7ab0706
commit c63606a53b4f1bb7066b37d3cfe588e9dc21a119
commit 2c392a840c8838455d144ce163bd873bee400c97
commit 0241f53563e6e7bed462a883d98a8931f01e0980
commit 79fe22b5d6f04bdaa3073cf54d41952194e879e1
commit 351b3049625f2edd39729dd85413e961b97d4b3b
commit 7207674fc77c9a10d84c0cb94e36d1c09bb31459
commit 543ad34cf08f901c20b438c9d2f45482cff13d5e
commit fc45b99ce4438627fdcbeb4365695ba0065fa46f
commit c425207f57e0a5157372aa7edbb79b13170563e5
commit ef8c5e23ca284e0ea02f69ce1f356d537c19d93b
commit ba0d4e3aa51efe412cfa1d031651f949442d1802
commit 41c7969c7cb6884b93011f7ace3fd9522efc021e
and more from CVS
for rt26172
Add
- optional "recursive-only yes|no" to the response-policy statement
- optional max-policy-ttl to limit the lies that "recursive-only no"
can introduce into resolvers' caches
- test that queries with RD=0 are not rewritten by default
- performance smoke test
Change encoding of PASSTHRU action to "rpz-passthru".
(The old encoding is still accepted.)
Fix rt26180 assert botch in zone_findrdataset() in this branch
as well.
Fix missing signatures on NOERROR results despite RPZ hits
when there are signatures and the client asks for DNSSEC, |
1b428fd3a7dfec33157d6de22c38838249a215e9 |
|
08-Jan-2012 |
Automatic Updater <source@isc.org> |
update copyright notice |
c19cfefe7e345c37ef3bb98b0db2d14fe7b1d583 |
|
07-Jan-2012 |
Evan Hunt <each@isc.org> |
3262. [bug] Signed responses were handled incorrectly by RPZ.
[RT #27316] |
75c622f53bdda9d2f69f05e06eaf7be01fc09a33 |
|
18-Nov-2011 |
Evan Hunt <each@isc.org> |
add regression test for rbtdb.c version-mismatch issue |
7b4b6f361b2fb2291c2019b377a9c0c8e80cfd6b |
|
28-Oct-2011 |
Mark Andrews <marka@isc.org> |
3186. [bug] Version/db mis-match in rpz code. [RT #26180] |
88112d5fcb6b9e1d0f80105a9d2a6f09440c2401 |
|
13-Oct-2011 |
Mark Andrews <marka@isc.org> |
'test -e' is not portable, use 'test -f' |
9fee08f655527a5dd849b171daeeee1dbbccca76 |
|
13-Oct-2011 |
Vernon Schryver <vjs@isc.org> |
Commit rt25172 changes to HEAD including
- fix precedence among competing rules
- improve ARM text including documenting rule precedence
- try to rewrite CNAME chains until first hit
- new "rpz" logging channel
- same fix for "NS ." as in RT 24985 |
475b1ed9cced1f92ce34bc2e59b3065dae48f366 |
|
09-Jun-2011 |
Mark Andrews <marka@isc.org> |
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #23766] |
b64e3b8358177cbef5db7b99fc9ddc2efe48eed7 |
|
09-Jun-2011 |
Mark Andrews <marka@isc.org> |
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715] |
76db58eb818dc4839fa816df6a1a1ecb2c7a6bd0 |
|
27-Apr-2011 |
Evan Hunt <each@isc.org> |
3100. [security] Certain response policy zone configurations could
trigger an INSIST when receiving a query of type
RRSIG. [RT #24280] |
9cee5bb02863bf191e12cd4297adabf1971020de |
|
13-Jan-2011 |
Automatic Updater <source@isc.org> |
update copyright notice |
87708bde16713bc02ff2598f4a82f98c699a2f2d |
|
13-Jan-2011 |
Mark Andrews <marka@isc.org> |
3008. [func] Response policy zones (RPZ) support. [RT #21726] |