diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2010-03-03 05:45:24 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2010-03-03 05:45:24 +0000 |
| commit | eda14e83f216771932ca56c65bc62d994af63706 (patch) | |
| tree | 62d02001f69506ed0ec63ea339614e3658d10ebf /contrib/bind9/bin/named/update.c | |
| parent | 9be0746b5fea430f6dd3031cf32a361d5a197cf3 (diff) | |
| parent | 841024d54f1f0a07feccf84d8938b00bc1f362b5 (diff) | |
| download | src-eda14e83f216771932ca56c65bc62d994af63706.tar.gz src-eda14e83f216771932ca56c65bc62d994af63706.zip | |
Upgrade to version 9.6.2. This version includes all previously released
security patches to the 9.6.1 version, as well as many other bug fixes.
This version also incorporates a different fix for the problem we had
patched in contrib/bind9/bin/dig/dighost.c, so that file is now back
to being the same as the vendor version.
Due to the fact that the DNSSEC algorithm that will be used to sign the
root zone is only included in this version and in 9.7.x those who wish
to do validation MUST upgrade to one of these prior to July 2010.
Notes
Notes:
svn path=/head/; revision=204619
Diffstat (limited to 'contrib/bind9/bin/named/update.c')
| -rw-r--r-- | contrib/bind9/bin/named/update.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/contrib/bind9/bin/named/update.c b/contrib/bind9/bin/named/update.c index b0a556d5cc41..74a192ad07b0 100644 --- a/contrib/bind9/bin/named/update.c +++ b/contrib/bind9/bin/named/update.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.151.12.5.12.1 2009/07/28 14:18:08 marka Exp $ */ +/* $Id: update.c,v 1.151.12.9 2009/12/30 04:02:56 marka Exp $ */ #include <config.h> @@ -3031,7 +3031,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, } else { CHECK(get_iterations(db, ver, &iterations)); CHECK(dns_nsec3_maxiterations(db, ver, client->mctx, &max)); - if (iterations > max) { + if (max != 0 && iterations > max) { flag = ISC_TRUE; update_log(client, zone, ISC_LOG_WARNING, "too many NSEC3 iterations (%u) for " @@ -3157,6 +3157,24 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, &newtuple)); CHECK(do_one_tuple(&newtuple, db, ver, diff)); } + + /* + * Remove any existing CREATE request to add an + * otherwise indentical chain with a reversed + * OPTOUT state. + */ + buf[1] ^= DNS_NSEC3FLAG_OPTOUT; + CHECK(rr_exists(db, ver, name, &rdata, &flag)); + + if (flag) { + CHECK(dns_difftuple_create(diff->mctx, + DNS_DIFFOP_DEL, + name, tuple->ttl, + &rdata, + &newtuple)); + CHECK(do_one_tuple(&newtuple, db, ver, diff)); + } + /* * Remove the temporary add record. */ @@ -4140,9 +4158,6 @@ update_action(isc_task_t *task, isc_event_t *event) { goto common; failure: - if (result == DNS_R_REFUSED) - inc_stats(zone, dns_nsstatscounter_updaterej); - /* * The reason for failure should have been logged at this point. */ |