git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 10:19:54 +0000 (12:19 +0200)
committer	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 11:11:13 +0000 (13:11 +0200)
commit	b3bee6cd37f11be88a11e424be0306f7b8745ec5
tree	1d1b45f0a6e1703d7176c04199d13d4fecb892dd	tree \| snapshot
parent	0aca13a7969b4068fb9876fabc751dc276294142	commit \| diff

Treat records below a DNAME as out-of-zone data

DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains. Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records. Check that DNAME-obscured
records are not signed.

(cherry picked from commit 9a4145168ce80abd218d4ea46a380555d16d6de9)

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom

bin/dnssec/dnssec-signzone.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.h		diff \| blob \| blame \| history
bin/tests/system/verify/tests.sh		diff \| blob \| blame \| history
bin/tests/system/verify/zones/genzones.sh		diff \| blob \| blame \| history