git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 10:19:54 +0000 (12:19 +0200)
committer	Michał Kępień <michal@isc.org>
	Wed, 13 Jun 2018 10:57:03 +0000 (12:57 +0200)
commit	ff7015a0f89366e77d104da1aab561482e9ddc06
tree	580ec69bcbbb3de9eb5b69f0dd26a62ed58b9360	tree \| snapshot
parent	f3b5550c2c31a54fc4de3d384e80ea7fb7e69d54	commit \| diff

Treat records below a DNAME as out-of-zone data

DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains. Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records. Check that DNAME-obscured
records are not signed.

(cherry picked from commit 75c0d85fc48de8a456d47dd03b7355eac55db1f0)

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom

bin/dnssec/dnssec-signzone.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.c		diff \| blob \| blame \| history
bin/dnssec/dnssectool.h		diff \| blob \| blame \| history
bin/tests/system/verify/tests.sh		diff \| blob \| blame \| history
bin/tests/system/verify/zones/genzones.sh		diff \| blob \| blame \| history