9.8.0-P2

author: Internet Software Consortium, Inc <@isc.org> 2011-08-20 15:46:20 -0600
committer: Internet Software Consortium, Inc <@isc.org> 2011-08-20 15:46:20 -0600
commit: a593e6f3a919cf95145c05b3a6c89ef0e06a2c9b (patch)
tree: f3fc9865c2f94d34816155ec698f15417f9afc4b /lib
parent: f13cea168cb5adc1f6fff6a08956a95e127f92a2 (diff)
download: bind9-a593e6f3a919cf95145c05b3a6c89ef0e06a2c9b.tar.gz
4 files changed, 24 insertions, 16 deletions
diff --git a/lib/dns/api b/lib/dns/api
index af1a23fe..9d9c7586 100644
--- a/lib/dns/api
+++ b/lib/dns/api
@@ -1,3 +1,3 @@
 LIBINTERFACE = 82
-LIBREVISION = 1
+LIBREVISION = 2
 LIBAGE = 1
diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c
index 211d5fc6..e72571ee 100644
--- a/lib/dns/ncache.c
+++ b/lib/dns/ncache.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ncache.c,v 1.50.124.1 2011-02-03 07:39:03 marka Exp $ */
+/* $Id: ncache.c,v 1.50.124.1.2.1 2011-05-27 00:57:31 each Exp $ */
 
 /*! \file */
 
@@ -186,7 +186,7 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache,
 					 */
 					isc_buffer_availableregion(&buffer,
 								   &r);
-					if (r.length < 2)
+					if (r.length < 3)
 						return (ISC_R_NOSPACE);
 					isc_buffer_putuint16(&buffer,
 							     rdataset->type);
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 7895c7cc..fa6fa610 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.197 2010-12-23 04:07:58 marka Exp $ */
+/* $Id: validator.c,v 1.197.40.1 2011-05-27 00:57:31 each Exp $ */
 
 #include <config.h>
 
@@ -428,7 +428,8 @@ fetch_callback_validator(isc_task_t *task, isc_event_t *event) {
 		validator_done(val, ISC_R_CANCELED);
 	} else if (eresult == ISC_R_SUCCESS) {
 		validator_log(val, ISC_LOG_DEBUG(3),
-			      "keyset with trust %d", rdataset->trust);
+			      "keyset with trust %s",
+			      dns_trust_totext(rdataset->trust));
 		/*
 		 * Only extract the dst key if the keyset is secure.
 		 */
@@ -505,7 +506,8 @@ dsfetched(isc_task_t *task, isc_event_t *event) {
 		validator_done(val, ISC_R_CANCELED);
 	} else if (eresult == ISC_R_SUCCESS) {
 		validator_log(val, ISC_LOG_DEBUG(3),
-			      "dsset with trust %d", rdataset->trust);
+			      "dsset with trust %s",
+			       dns_trust_totext(rdataset->trust));
 		val->dsset = &val->frdataset;
 		result = validatezonekey(val);
 		if (result != DNS_R_WAIT)
@@ -660,7 +662,8 @@ keyvalidated(isc_task_t *task, isc_event_t *event) {
 		validator_done(val, ISC_R_CANCELED);
 	} else if (eresult == ISC_R_SUCCESS) {
 		validator_log(val, ISC_LOG_DEBUG(3),
-			      "keyset with trust %d", val->frdataset.trust);
+			      "keyset with trust %s",
+			      dns_trust_totext(val->frdataset.trust));
 		/*
 		 * Only extract the dst key if the keyset is secure.
 		 */
@@ -731,10 +734,10 @@ dsvalidated(isc_task_t *task, isc_event_t *event) {
 		isc_boolean_t have_dsset;
 		dns_name_t *name;
 		validator_log(val, ISC_LOG_DEBUG(3),
-			      "%s with trust %d",
+			      "%s with trust %s",
 			      val->frdataset.type == dns_rdatatype_ds ?
 			      "dsset" : "ds non-existance",
-			      val->frdataset.trust);
+			      dns_trust_totext(val->frdataset.trust));
 		have_dsset = ISC_TF(val->frdataset.type == dns_rdatatype_ds);
 		name = dns_fixedname_name(&val->fname);
 		if ((val->attributes & VALATTR_INSECURITY) != 0 &&
@@ -1385,8 +1388,8 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) {
 		INSIST(type == dns_rdatatype_dlv);
 		if (val->frdataset.trust != dns_trust_secure) {
 			validator_log(val, ISC_LOG_DEBUG(3),
-				      "covering nsec: trust %u",
-				      val->frdataset.trust);
+				      "covering nsec: trust %s",
+				      dns_trust_totext(val->frdataset.trust));
 			goto notfound;
 		}
 		result = dns_rdataset_first(&val->frdataset);
@@ -1721,8 +1724,8 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) {
 			 * See if we've got the key used in the signature.
 			 */
 			validator_log(val, ISC_LOG_DEBUG(3),
-				      "keyset with trust %d",
-				      val->frdataset.trust);
+				      "keyset with trust %s",
+				      dns_trust_totext(val->frdataset.trust));
 			result = get_dst_key(val, siginfo, val->keyset);
 			if (result != ISC_R_SUCCESS) {
 				/*
@@ -2492,8 +2495,11 @@ validatezonekey(dns_validator_t *val) {
 				      " insecure DS");
 			return (DNS_R_MUSTBESECURE);
 		}
-		markanswer(val, "validatezonekey (2)");
-		return (ISC_R_SUCCESS);
+		if (val->view->dlv == NULL || DLVTRIED(val)) {
+			markanswer(val, "validatezonekey (2)");
+			return (ISC_R_SUCCESS);
+		}
+		return (startfinddlvsep(val, val->event->name));
 	}
 
 	/*
@@ -3231,7 +3237,8 @@ dlvvalidated(isc_task_t *task, isc_event_t *event) {
 		validator_done(val, ISC_R_CANCELED);
 	} else if (eresult == ISC_R_SUCCESS) {
 		validator_log(val, ISC_LOG_DEBUG(3),
-			      "dlvset with trust %d", val->frdataset.trust);
+			      "dlvset with trust %s",
+			      dns_trust_totext(val->frdataset.trust));
 		dns_rdataset_clone(&val->frdataset, &val->dlv);
 		val->havedlvsep = ISC_TRUE;
 		if (dlv_algorithm_supported(val))
diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def
index 83a1cf62..dac286ef 100644
--- a/lib/dns/win32/libdns.def
+++ b/lib/dns/win32/libdns.def
@@ -675,6 +675,7 @@ dns_tkey_processgssresponse
 dns_tkey_processquery
 dns_tkeyctx_create
 dns_tkeyctx_destroy
+dns_trust_totext
 dns_tsig_sign
 dns_tsig_verify
 dns_tsigkey_attach
author	Internet Software Consortium, Inc <@isc.org>	2011-08-20 15:46:20 -0600
committer	Internet Software Consortium, Inc <@isc.org>	2011-08-20 15:46:20 -0600
commit	a593e6f3a919cf95145c05b3a6c89ef0e06a2c9b (patch)
tree	f3fc9865c2f94d34816155ec698f15417f9afc4b /lib
parent	f13cea168cb5adc1f6fff6a08956a95e127f92a2 (diff)
download	bind9-a593e6f3a919cf95145c05b3a6c89ef0e06a2c9b.tar.gz