]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 81b78d6) | patch
Stop treating SIG and NXT records specially
authorOndřej Surý <ondrej@isc.org>
Tue, 19 May 2026 13:38:28 +0000 (15:38 +0200)
committerOndřej Surý <ondrej@isc.org>
Thu, 28 May 2026 11:21:00 +0000 (13:21 +0200)
commit2de202a6b7a1faea8f7dc232e9f8c24faf7d2bb9
treedded92256e52827d685b1e80a12bb3efd3ef6885tree | snapshot
parent81b78d6c101725f23aa13eecad8238a6777048b5commit | diff
Stop treating SIG and NXT records specially

RFC 3755 retired SIG and NXT in favour of RRSIG and NSEC.  BIND still
warned about them at zone load, refused them in dynamic updates,
parsed SIG with a non-zero "type covered" field as a signature on an
RRset, and tracked them via dns_rdatatype_issig().  Those carve-outs
were the sole path that made the GL#5818 crash class reachable.

Treat both types as ordinary unknown rdata: they load, transfer, sign
and answer like any other record, and dynamic updates carry them
through the generic path.  SIG(0) is unaffected; its message-parsing
carve-out is preserved.
bin/tests/system/nsupdate/ans11/ans.py diff | blob | blame | history
bin/tests/system/nsupdate/tests_update_sig.py diff | blob | blame | history
lib/dns/include/dns/rdata.h diff | blob | blame | history
lib/dns/master.c diff | blob | blame | history
lib/dns/message.c diff | blob | blame | history
lib/dns/nsec.c diff | blob | blame | history
lib/dns/nsec3.c diff | blob | blame | history
lib/dns/qpzone.c diff | blob | blame | history
lib/dns/resolver.c diff | blob | blame | history
lib/ns/update.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git