BIND 10 #1357: AXFR and AXFR-like IXFR in needs every message signed
BIND 10 Development
do-not-reply at isc.org
Thu Oct 27 09:38:10 UTC 2011
#1357: AXFR and AXFR-like IXFR in needs every message signed
-------------------------------+-----------------------------------------
Reporter: vorner | Owner:
Type: defect | Status: new
Priority: major | Milestone: New Tasks
Component: xfrin | Keywords:
Sensitive: 0 | Defect Severity: N/A
Sub-Project: DNS | Feature Depending on Ticket:
Estimated Difficulty: 0 | Add Hours to Ticket: 0
Total Hours: 0 | Internal?: 0
-------------------------------+-----------------------------------------
The protocol allows not signing all of the AXFR messages in a transfer
(first, last and every 100th must be signed). However, if such transfer
comes in, the xfrin components rejects it at the first unsigned message
(_check_response_tsig is called on each message). This makes xfrin
unusable with TSIG with some servers (tested with pre-release version of
Knot).
--
Ticket URL: <http://bind10.isc.org/ticket/1357>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list