/bind-9.11.3/bin/tests/system/dnssec/ns4/ |
H A D | named5.conf | 51 zone secure.example { 56 zone insecure.secure.example { 66 zone secure.example { 71 zone insecure.secure.example {
|
H A D | named1.conf | 27 dnssec-must-be-secure mustbesecure.example yes;
|
/bind-9.11.3/bin/tests/system/dnssec/ns2/ |
H A D | sign.sh | 20 for subdomain in secure badds bogus dynamic keyless nsec3 optout \ 22 kskonly update-nsec3 auto-nsec auto-nsec3 secure.below-cname \ 95 # Sign the privately secure file 97 privzone=private.secure.example. 98 privinfile=private.secure.example.db.in 99 privzonefile=private.secure.example.db 107 # Sign the DLV secure zone. 121 # Sign the badparam secure file 136 # Sign the single-nsec3 secure zone with optout 188 zone=cds.secure [all...] |
/bind-9.11.3/bin/tests/system/dnssec/ |
H A D | clean.sh | 28 rm -f ns1/root.db ns2/example.db ns3/secure.example.db 31 rm -f ns2/cdnskey-update.secure.db 32 rm -f ns2/cdnskey.secure.db 33 rm -f ns2/cds-auto.secure.db ns2/cds-auto.secure.db.jnl 34 rm -f ns2/cds-update.secure.db ns2/cds-update.secure.db.jnl 35 rm -f ns2/cds.secure.db 39 rm -f ns2/private.secure.example.db 62 rm -f ns3/secure [all...] |
H A D | tests.sh | 669 # Check the secure.example domain 673 $DIG $DIGOPTS +noauth a.secure.example. \ 675 $DIG $DIGOPTS +noauth a.secure.example. \ 712 $DIG $DIGOPTS +noauth a.secure.nsec3.example. \ 714 $DIG $DIGOPTS +noauth a.secure.nsec3.example. \ 751 $DIG $DIGOPTS +noauth a.secure.optout.example. \ 753 $DIG $DIGOPTS +noauth a.secure.optout.example. \ 920 # Check the insecure.secure.example domain (insecurity proof) 924 $DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.2 a \ 926 $DIG $DIGOPTS +noauth a.insecure.secure [all...] |
/bind-9.11.3/bin/tests/system/autosign/ |
H A D | clean.sh | 26 rm -f ns2/private.secure.example.db ns2/bar.db 49 rm -f ns3/secure-to-insecure.example.db 50 rm -f ns3/secure-to-insecure2.example.db 51 rm -f ns3/secure.example.db 52 rm -f ns3/secure.nsec3.example.db 53 rm -f ns3/secure.optout.example.db
|
H A D | tests.sh | 70 for z in bar. example. private.secure.example. 559 # Check the secure.example domain 563 $DIG $DIGOPTS +noauth a.secure.example. \ 565 $DIG $DIGOPTS +noauth a.secure.example. \ 602 $DIG $DIGOPTS +noauth a.secure.nsec3.example. \ 604 $DIG $DIGOPTS +noauth a.secure.nsec3.example. \ 641 $DIG $DIGOPTS +noauth a.secure.optout.example. \ 643 $DIG $DIGOPTS +noauth a.secure.optout.example. \ 691 # Check the insecure.secure.example domain (insecurity proof) 695 $DIG $DIGOPTS +noauth a.insecure.secure [all...] |
/bind-9.11.3/bin/tests/system/autosign/ns2/ |
H A D | keygen.sh | 15 for subdomain in secure nsec3 autonsec3 optout rsasha256 rsasha512 nsec3-to-nsec oldsigs sync 30 # Create keys for a private secure zone. 31 zone=private.secure.example
|
/bind-9.11.3/bin/tests/system/autosign/ns4/ |
H A D | named.conf | 27 dnssec-must-be-secure mustbesecure.example yes;
|
/bind-9.11.3/bin/tests/system/dsdigest/ns3/ |
H A D | named.conf | 26 dnssec-must-be-secure . yes;
|
/bind-9.11.3/bin/tests/system/autosign/ns3/ |
H A D | keygen.sh | 28 setup secure.example 37 setup secure.nsec3.example 84 setup secure.optout.example 163 # secure-to-insecure transition test zone; used to test removal of 166 setup secure-to-insecure.example 172 # another secure-to-insecure transition test zone; used to test 175 setup secure-to-insecure2.example 186 infile="secure-to-insecure2.example.db.in" 254 cp secure.example.db.in $zonefile
|
H A D | named.conf | 58 zone "secure.example" { 60 file "secure.example.db"; 98 zone "secure.nsec3.example" { 100 file "secure.nsec3.example.db"; 112 zone "secure.optout.example" { 114 file "secure.optout.example.db"; 161 zone "secure-to-insecure.example" { 163 file "secure-to-insecure.example.db"; 165 dnssec-secure-to-insecure yes; 168 zone "secure [all...] |
/bind-9.11.3/bin/tests/system/dnssec/ns3/ |
H A D | sign.sh | 12 zone=secure.example. 13 infile=secure.example.db.in 14 zonefile=secure.example.db 65 zone=secure.nsec3.example. 66 infile=secure.nsec3.example.db.in 67 zonefile=secure.nsec3.example.db 117 zone=secure.optout.example. 118 infile=secure.optout.example.db.in 119 zonefile=secure.optout.example.db 349 zone=secure [all...] |
/bind-9.11.3/lib/dns/include/dns/ |
H A D | validator.h | 29 * Correct operation is critical to preventing spoofed answers from secure 67 * If the RESULT is ISC_R_SUCCESS and the answer is secure then 99 * Answer is secure. 101 isc_boolean_t secure; member in struct:dns_validatorevent 207 * response was successfully proven to be either secure or
|
/bind-9.11.3/lib/dns/ |
H A D | zone.c | 408 dns_zone_t *secure; member in struct:dns_zone 1054 zone->secure = NULL; 1277 if (zone->secure != NULL) 2262 result = zone_load(zone->secure, DNS_ZONELOADFLAG_THAW, 4379 * 'secure' zone. We now need information about the status of the 4419 * If this is a inline_raw zone the secure version is also locked. 4438 INSIST(LOCKED_ZONE(zone->secure)); 4792 if (zone->secure->db == NULL) 5233 dns_zone_t *secure = NULL; local 5274 secure 9061 isc_boolean_t secure = ISC_FALSE; local 9994 dns_zone_t *secure = NULL; local 10202 dns_zone_t *secure = NULL; local 12647 dns_zone_t *raw = NULL, *secure = NULL; local 14756 dns_zone_t *secure = NULL; local 14776 dns_zone_t *secure = NULL; local 15027 dns_zone_t *secure = NULL; local 15298 dns_zone_t *secure = NULL; local 18345 dns_zone_t *secure = NULL; local [all...] |
H A D | ncache.c | 44 isc_boolean_t optout, isc_boolean_t secure, 113 isc_boolean_t optout, isc_boolean_t secure, 250 if (!secure && trust > dns_trust_answer) 111 addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, isc_boolean_t optout, isc_boolean_t secure, dns_rdataset_t *addedrdataset) argument
|
H A D | view.c | 1918 isc_boolean_t secure = ISC_FALSE; local 1931 anchor, &secure); 1935 if (checknta && secure && view->ntatable_priv != NULL && 1937 secure = ISC_FALSE; 1939 *secure_domain = secure; 1976 * secure. If there are no other configured keys,
|
H A D | rbtdb.c | 630 dns_db_secure_t secure; member in struct:rbtdb_version 1505 version->secure = rbtdb->current_version->secure; 2523 version->secure = dns_db_insecure; 2546 version->secure = dns_db_secure; 2548 version->secure = dns_db_insecure; 2707 * Update the zone's secure status in version before making 3953 dns_db_secure_t secure) 3966 isc_boolean_t need_sig = ISC_TF(secure == dns_db_secure); 4241 if ((search.rbtversion->secure 3950 find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, dns_rbt_t *tree, dns_db_secure_t secure) argument 7981 isc_boolean_t secure; local [all...] |
H A D | update.c | 784 * after a secure update. 901 isc_boolean_t secure = dns_db_issecure(db); local 924 "secure zone with no NSECs"); 939 if (secure) { 1414 "could not get zone keys for secure "
|
H A D | validator.c | 46 * validator_start -> validate -> nsecvalidate (secure wildcard answer) 187 event->secure = ISC_TRUE; 420 * Only extract the dst key if the keyset is secure. 539 * a delegation point we are transitioning from a secure zone to a 542 * If the DS record exists it will be secure. We can continue looking 590 "must be secure failure, no DS" 612 * In either case we are still in a secure zone resume 669 * Only extract the dst key if the keyset is secure. 750 "must be secure failure, no DS " 1617 * There isn't a secure DNSKE [all...] |
H A D | resolver.c | 563 isc_boolean_t secure, 2070 * under a secure entry point. 2200 * question is under a secure entry point and this is a 5019 vevent->secure, ardataset, &eresult); 5055 * Re-cache it as secure and bind the cached 5508 * If this RRset is in a secure domain, is in bailiwick, 5513 * records from a secure domain are only cached if validated 5875 isc_boolean_t optout, isc_boolean_t secure, 5885 if (secure) 5873 ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, isc_boolean_t optout, isc_boolean_t secure, dns_rdataset_t *ardataset, isc_result_t *eresultp) argument
|
/bind-9.11.3/bin/dnssec/ |
H A D | dnssec-signzone.c | 1016 secure(dns_name_t *name, dns_dbnode_t *node) { function 1496 secure(name, node)) 2279 !secure(nextname, nextnode)) { 2407 !secure(nextname, nextnode)) { 3025 fprintf(stderr, "use pseudorandom data (faster but less secure)\n");
|
/bind-9.11.3/lib/bind9/ |
H A D | check.c | 392 mustbesecure(const cfg_obj_t *secure, isc_symtab_t *symtab, isc_log_t *logctx, argument 405 obj = cfg_tuple_get(secure, "name"); 415 result = nameexist(secure, namebuf, 1, symtab, 416 "dnssec-must-be-secure '%s': already " 1264 * Check dnssec-must-be-secure. 1267 (void)cfg_map_get(options, "dnssec-must-be-secure", &obj);
|
/bind-9.11.3/bin/named/ |
H A D | server.c | 4643 result = ns_config_get(maps, "dnssec-must-be-secure", &obj); 10105 CHECK(putstr(text, "secure roots as of ")); 13214 isc_boolean_t secure, maintain, allow; local 13284 secure = dns_db_issecure(db); 13324 if (secure && (zonetype == dns_zone_master || 13400 if (secure) { 13419 } else if (secure || hasraw) {
|
H A D | query.c | 2160 * If we can't promote glue/pending from the cache to secure 2202 * If we can't promote glue/pending from the cache to secure 3069 * Mark the RRsets as secure. Update the cache (db) to reflect the 3089 * Save the updated secure state. Ignore failures. 3107 * Find the secure key that corresponds to rrsig. 3118 isc_boolean_t secure = ISC_FALSE; local 3160 secure = ISC_TRUE; 3165 return (secure); 3388 * If the answer is secure only add NS records if they are secure [all...] |