git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 10:19:54 +0000 (12:19 +0200)
committer	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 11:01:54 +0000 (13:01 +0200)
commit	9a4145168ce80abd218d4ea46a380555d16d6de9
tree	552f302b01c7608834db1c086fd744224f99c1ee	tree \| snapshot
parent	b56c3d3102da383da3e319298a43cc4073972943	commit \| diff

Treat records below a DNAME as out-of-zone data

DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains. Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records. Check that DNAME-obscured
records are not signed.

(cherry picked from commit 6d8a514ecbd72d1f8b2b12fbbbca5c5f87085abd)

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom

bin/dnssec/dnssec-signzone.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.h		diff \| blob \| blame \| history
bin/tests/system/verify/tests.sh		diff \| blob \| blame \| history
bin/tests/system/verify/zones/genzones.sh		diff \| blob \| blame \| history