git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 10:19:54 +0000 (12:19 +0200)
committer	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 10:58:27 +0000 (12:58 +0200)
commit	6d8a514ecbd72d1f8b2b12fbbbca5c5f87085abd
tree	71065096fdd0cbe3cc355d1efb717bd191a41046	tree \| snapshot
parent	e104d97cd234bdae45dd29cbd81e075782bc100b	commit \| diff

Treat records below a DNAME as out-of-zone data

DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains. Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records. Check that DNAME-obscured
records are not signed.

(cherry picked from commit ff7015a0f89366e77d104da1aab561482e9ddc06)

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom

bin/dnssec/dnssec-signzone.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.h		diff \| blob \| blame \| history
bin/tests/system/verify/tests.sh		diff \| blob \| blame \| history
bin/tests/system/verify/zones/genzones.sh		diff \| blob \| blame \| history