1. 14 May, 2018 1 commit
  2. 10 May, 2018 13 commits
  3. 03 May, 2018 2 commits
  4. 27 Apr, 2018 2 commits
  5. 25 Apr, 2018 4 commits
    • Evan Hunt's avatar
      Merge branch '159-improve-handling-of-inline-signed-zones-with-missing-signing-keys' into 'v9_9' · acabf5a6
      Evan Hunt authored
      Improve handling of inline signed zones with missing signing keys
      
      Closes #159
      
      See merge request !133
      acabf5a6
    • Michał Kępień's avatar
      Add CHANGES entries · cac0073e
      Michał Kępień authored and Evan Hunt's avatar Evan Hunt committed
      4916.	[bug]		Not creating signing keys for an inline signed zone
      			prevented changes applied to the raw zone from being
      			reflected in the secure zone until signing keys were
      			made available. [GL #159]
      
      4915.	[bug]		Bumped signed serial of an inline signed zone was
      			logged even when an error occurred while updating
      			signatures. [GL #159]
      
      (cherry picked from commit 7d2c09c9)
      (cherry picked from commit e4995efe)
      (cherry picked from commit 821c27bb)
      cac0073e
    • Michał Kępień's avatar
      Apply raw zone deltas to yet unsigned secure zones · 8b0f7f1b
      Michał Kępień authored and Evan Hunt's avatar Evan Hunt committed
      When inline signing is enabled for a zone without creating signing keys
      for it, changes subsequently applied to the raw zone will not be
      reflected in the secure zone due to the dns_update_signaturesinc() call
      inside receive_secure_serial() failing.  Given that an inline zone will
      be served (without any signatures) even with no associated signing keys
      being present, keep applying raw zone deltas to the secure zone until
      keys become available in an attempt to follow the principle of least
      astonishment.
      
      (cherry picked from commit 6acf3269)
      (cherry picked from commit 8a58a607)
      (cherry picked from commit fcbdeed8)
      8b0f7f1b
    • Michał Kępień's avatar
      Only log bumped signed serial after a successful secure zone update · 0d4750a8
      Michał Kępień authored and Evan Hunt's avatar Evan Hunt committed
      If a raw zone is modified, but the dns_update_signaturesinc() call in
      receive_secure_serial() fails, the corresponding secure zone's database
      will not be modified, even though by that time a message containing the
      bumped signed serial will already have been logged.  This creates
      confusion, because a different secure zone version will be served than
      the one announced in the logs.  Move the relevant dns_zone_log() call so
      that it is only performed if the secure zone's database is modified.
      
      (cherry picked from commit cfbc8e26)
      (cherry picked from commit cdc7ab42)
      (cherry picked from commit c042ec70)
      0d4750a8
  6. 22 Apr, 2018 8 commits
  7. 11 Apr, 2018 3 commits
  8. 06 Apr, 2018 6 commits
  9. 19 Mar, 2018 1 commit
    • Mark Andrews's avatar
      Merge branch... · 3683026f
      Mark Andrews authored
      Merge branch '167-coverity-dereferencing-a-null-pointer-in-lib-dns-tests-rbt_test-c-v9_9' into 'v9_9'
      
      Resolve "coverity: Dereferencing a null pointer in lib/dns/tests/rbt_test.c"
      
      Closes #167
      
      See merge request !150
      3683026f