Wouter Wijngaards
152458c40b
- spelling fixes from Igor Sobrado Delgado.
...
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
2015-11-18 14:11:46 +00:00
Wouter Wijngaards
e08aa7c5e1
- Fix validation failure in case upstream forwarder (ISC BIND) does
...
not have the same trust anchors and decides to insert unsigned NS
record in authority section.
git-svn-id: file:///svn/unbound/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
2015-02-09 11:44:46 +00:00
Wouter Wijngaards
2b90f38a70
And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings.
...
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
2014-02-07 13:28:39 +00:00
Wouter Wijngaards
daab92e954
- algorithm compromise protection using the algorithms signalled in
...
the DS record. Also, trust anchors, DLV, and RFC5011 receive this,
and thus, if you have multiple algorithms in your trust-anchor-file
then it will now behave different than before. Also, 5011 rollover
for algorithms needs to be double-signature until the old algorithm
is revoked.
git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-12-21 14:19:55 +00:00
Wouter Wijngaards
e9582487d9
Work on validation of multiple algorithms.
...
git-svn-id: file:///svn/unbound/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-12-20 15:58:12 +00:00
Wouter Wijngaards
46345c0809
- Fix bug when DLV below a trust-anchor that uses NSEC3 optout where
...
the zone has a secure delegation hosted on the same server did not
verify as secure (it was insecure by mistake).
git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-10-11 12:21:19 +00:00
Wouter Wijngaards
8b274b92aa
- Algorithm rollover operational reality intrudes, for trust-anchor,
...
5011-store, and DLV-anchor if one key matches it's good enough.
git-svn-id: file:///svn/unbound/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
2010-09-16 13:40:26 +00:00
Wouter Wijngaards
c68aebb3d7
- Fix SOA excluded from negative DS responses. Reported by Hauke
...
Lampe. The negative cache did not include proper SOA records for
negative qtype DS responses which makes BIND barf on it, such
responses are now only used internally.
- Fix negative cache lookup of closestencloser check of DS type bit.
git-svn-id: file:///svn/unbound/trunk@1932 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-12-09 14:55:19 +00:00
Wouter Wijngaards
07f5b21b7b
parameter documented
...
git-svn-id: file:///svn/unbound/trunk@1887 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-11-02 15:23:41 +00:00
Wouter Wijngaards
bf8bc06860
Fix autotrust initialised with DS.
...
git-svn-id: file:///svn/unbound/trunk@1884 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-11-02 13:56:14 +00:00
Wouter Wijngaards
f42d27e1a2
- Made new validator error string available from libunbound for
...
applications. It is in result->why_bogus, a zero-terminated string.
unbound-host prints it by default if a result is bogus.
Also the errinf is public in module_qstate (for other modules).
Binary API different. bumped library ABI version.
git-svn-id: file:///svn/unbound/trunk@1874 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-10-08 17:05:53 +00:00
Wouter Wijngaards
a909fa9a3a
neater explanation for unsigned or signatureless negative DS replies.
...
git-svn-id: file:///svn/unbound/trunk@1870 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-10-08 06:57:23 +00:00
Wouter Wijngaards
e0b639accd
More vallog reason. Doxygen.
...
git-svn-id: file:///svn/unbound/trunk@1869 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-10-08 06:35:14 +00:00
Wouter Wijngaards
ce45cbda6d
- moved version number to 1.4.0 because of 1.3.4 release with only
...
the NSEC3 patch.
- val-log-level: 2 shows extended error information for validation
failures, but still one (longish) line per failure. For example:
validation failure <example.com. DNSKEY IN>: signature expired from
192.0.2.4 for trust anchor example.com. while building chain of trust
validation failure <www.example.com. A IN>: no signatures from
192.0.2.6 for key example.com. while building chain of trust
git-svn-id: file:///svn/unbound/trunk@1868 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-10-07 16:45:47 +00:00
Wouter Wijngaards
5d2e8e8e97
Retry mode, DS and prime.
...
git-svn-id: file:///svn/unbound/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-10-07 07:52:02 +00:00
Wouter Wijngaards
a8dccbdd40
autotrust
...
git-svn-id: file:///svn/unbound/trunk@1765 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-08-17 15:58:27 +00:00
Wouter Wijngaards
41e589b08b
Fixup trust anchor algorithm check.
...
git-svn-id: file:///svn/unbound/trunk@1532 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-03-18 13:07:48 +00:00
Wouter Wijngaards
05cd134de9
Do not mark additional section items bogus.
...
git-svn-id: file:///svn/unbound/trunk@1222 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-09-02 14:35:13 +00:00
Wouter Wijngaards
b2710818d4
Faster due to time-sharing.
...
git-svn-id: file:///svn/unbound/trunk@966 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-02-19 13:12:23 +00:00
Wouter Wijngaards
09e18ffdbb
fixup validator classification of root referrals.
...
git-svn-id: file:///svn/unbound/trunk@936 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-02-08 12:24:01 +00:00
Wouter Wijngaards
63aa7463e8
ISO C
...
git-svn-id: file:///svn/unbound/trunk@712 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-10-22 09:14:29 +00:00
Wouter Wijngaards
6f49c2fe55
regional nicer, remove region-allocator.
...
git-svn-id: file:///svn/unbound/trunk@697 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-10-18 20:31:43 +00:00
Wouter Wijngaards
75792c34dc
fixup insecure glue on referrals.
...
git-svn-id: file:///svn/unbound/trunk@688 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-10-17 15:48:54 +00:00
Wouter Wijngaards
e8bcec4529
print validator classification type.
...
update plan items.
git-svn-id: file:///svn/unbound/trunk@619 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-09-18 12:33:51 +00:00
Wouter Wijngaards
0e90c03e95
Referral validation.
...
git-svn-id: file:///svn/unbound/trunk@553 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-28 09:39:43 +00:00
Wouter Wijngaards
f9cc9481e2
validator also computes insecure and indeterminate for rrsets and stores
...
that.
git-svn-id: file:///svn/unbound/trunk@551 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-27 14:55:06 +00:00
Wouter Wijngaards
3a422ba496
prettier proof routines.
...
git-svn-id: file:///svn/unbound/trunk@544 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-24 10:36:15 +00:00
Wouter Wijngaards
6890f55d17
refuse unsigned authority section. clean additional section as option.
...
git-svn-id: file:///svn/unbound/trunk@543 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-24 09:44:29 +00:00
Wouter Wijngaards
b54a0400ab
CNAME validation.
...
git-svn-id: file:///svn/unbound/trunk@542 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-23 15:23:45 +00:00
Wouter Wijngaards
1b42a51048
VALIDATE state and positive response validation.
...
git-svn-id: file:///svn/unbound/trunk@532 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-20 12:31:12 +00:00
Wouter Wijngaards
cedeaa8316
ds2ke and nsec work.
...
git-svn-id: file:///svn/unbound/trunk@529 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-17 11:41:49 +00:00
Wouter Wijngaards
b2639ba961
val_util work.
...
git-svn-id: file:///svn/unbound/trunk@497 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-07 14:30:01 +00:00
Wouter Wijngaards
188bfacd05
validator work.
...
git-svn-id: file:///svn/unbound/trunk@493 be551aaa-1e26-0410-a405-d3ace91eadb9
2007-08-06 12:57:29 +00:00