git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 10:19:54 +0000 (12:19 +0200)
committer	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 10:19:54 +0000 (12:19 +0200)
commit	75c0d85fc48de8a456d47dd03b7355eac55db1f0
tree	8693e866f65b8f97f072fcc439757bee17dbd6cd	tree \| snapshot
parent	cf9fd889a63950f370440299d8320e3b896d21a4	commit \| diff

Treat records below a DNAME as out-of-zone data

DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains. Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records. Check that DNAME-obscured
records are not signed.

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom

bin/dnssec/dnssec-signzone.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.h		diff \| blob \| blame \| history
bin/tests/system/verify/tests.sh		diff \| blob \| blame \| history
bin/tests/system/verify/zones/genzones.sh		diff \| blob \| blame \| history