head	1.3;
access;
symbols
	RELENG_7_4_0_RELEASE:1.1.1.3.2.4
	RELENG_7_4:1.1.1.3.2.4.0.2
	RELENG_7_4_BP:1.1.1.3.2.4
	RELENG_7_3_0_RELEASE:1.1.1.3.2.2.4.1
	RELENG_7_3:1.1.1.3.2.2.0.4
	RELENG_7_3_BP:1.1.1.3.2.2
	RELENG_7_2_0_RELEASE:1.1.1.3.2.2
	RELENG_7_2:1.1.1.3.2.2.0.2
	RELENG_7_2_BP:1.1.1.3.2.2
	RELENG_7_1_0_RELEASE:1.1.1.3.2.1
	RELENG_6_4_0_RELEASE:1.1.1.1.4.2
	RELENG_7_1:1.1.1.3.2.1.0.4
	RELENG_7_1_BP:1.1.1.3.2.1
	RELENG_6_4:1.1.1.1.4.2.0.2
	RELENG_6_4_BP:1.1.1.1.4.2
	RELENG_7_0_0_RELEASE:1.1.1.3.2.1
	RELENG_6_3_0_RELEASE:1.1.1.1.4.1
	RELENG_7_0:1.1.1.3.2.1.0.2
	RELENG_7_0_BP:1.1.1.3.2.1
	BIND_9_4_2:1.1.1.4
	RELENG_6_3:1.1.1.1.4.1.0.6
	RELENG_6_3_BP:1.1.1.1.4.1
	RELENG_7:1.1.1.3.0.2
	RELENG_7_BP:1.1.1.3
	BIND_9_4_1_P1:1.1.1.3
	BIND_9_4_1:1.1.1.3
	BIND_9_3_4:1.1.1.2
	RELENG_6_2_0_RELEASE:1.1.1.1.4.1
	BIND_9_3_3:1.1.1.2
	RELENG_6_2:1.1.1.1.4.1.0.4
	RELENG_6_2_BP:1.1.1.1.4.1
	RELENG_5_5_0_RELEASE:1.1.1.1.2.2
	RELENG_5_5:1.1.1.1.2.2.0.2
	RELENG_5_5_BP:1.1.1.1.2.2
	RELENG_6_1_0_RELEASE:1.1.1.1.4.1
	RELENG_6_1:1.1.1.1.4.1.0.2
	RELENG_6_1_BP:1.1.1.1.4.1
	BIND_9_3_2:1.1.1.2
	RELENG_6_0_0_RELEASE:1.1.1.1
	RELENG_6_0:1.1.1.1.0.6
	RELENG_6_0_BP:1.1.1.1
	RELENG_6:1.1.1.1.0.4
	RELENG_6_BP:1.1.1.1
	RELENG_5_4_0_RELEASE:1.1.1.1.2.1
	RELENG_5_4:1.1.1.1.2.1.0.4
	RELENG_5_4_BP:1.1.1.1.2.1
	BIND_9_3_1:1.1.1.1
	RELENG_5_3_0_RELEASE:1.1.1.1.2.1
	RELENG_5_3:1.1.1.1.2.1.0.2
	RELENG_5_3_BP:1.1.1.1.2.1
	RELENG_5:1.1.1.1.0.2
	BIND_9_3_0:1.1.1.1
	BIND_9_3_0_RC4:1.1.1.1
	ISC:1.1.1;
locks; strict;
comment	@# @;


1.3
date	2009.05.31.05.42.58;	author dougb;	state dead;
branches;
next	1.2;

1.2
date	2008.12.23.22.47.56;	author dougb;	state Exp;
branches;
next	1.1;

1.1
date	2004.09.19.01.30.08;	author trhodes;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2004.09.19.01.30.08;	author trhodes;	state Exp;
branches
	1.1.1.1.2.1
	1.1.1.1.4.1;
next	1.1.1.2;

1.1.1.2
date	2005.12.29.04.22.14;	author dougb;	state Exp;
branches;
next	1.1.1.3;

1.1.1.3
date	2007.06.02.23.21.18;	author dougb;	state Exp;
branches
	1.1.1.3.2.1;
next	1.1.1.4;

1.1.1.4
date	2007.12.02.19.10.09;	author dougb;	state Exp;
branches;
next	;

1.1.1.1.2.1
date	2004.09.26.03.09.40;	author des;	state Exp;
branches;
next	1.1.1.1.2.2;

1.1.1.1.2.2
date	2006.01.14.10.42.04;	author dougb;	state Exp;
branches;
next	;

1.1.1.1.4.1
date	2006.01.14.10.13.41;	author dougb;	state Exp;
branches;
next	1.1.1.1.4.2;

1.1.1.1.4.2
date	2008.06.03.05.38.10;	author dougb;	state Exp;
branches;
next	1.1.1.1.4.3;

1.1.1.1.4.3
date	2009.01.10.04.30.27;	author dougb;	state Exp;
branches;
next	;

1.1.1.3.2.1
date	2007.12.07.08.31.12;	author dougb;	state Exp;
branches;
next	1.1.1.3.2.2;

1.1.1.3.2.2
date	2009.01.10.03.00.21;	author dougb;	state Exp;
branches
	1.1.1.3.2.2.4.1;
next	1.1.1.3.2.3;

1.1.1.3.2.3
date	2010.02.16.05.14.51;	author dougb;	state Exp;
branches;
next	1.1.1.3.2.4;

1.1.1.3.2.4
date	2010.11.04.21.50.19;	author dougb;	state Exp;
branches;
next	;

1.1.1.3.2.2.4.1
date	2010.02.16.18.10.35;	author dougb;	state Exp;
branches;
next	;


desc
@@


1.3
log
@SVN rev 193149 on 2009-05-31 05:42:58Z by dougb

Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
@
text
@ 952:	DOD INTERNET HOST TABLE SPECIFICATION
1032:	DOMAIN ADMINISTRATORS GUIDE
1033:	DOMAIN ADMINISTRATORS OPERATIONS GUIDE
1034:	DOMAIN NAMES - CONCEPTS AND FACILITIES
1035:	DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
1101:	DNS Encoding of Network Names and Other Types
1122:	Requirements for Internet Hosts -- Communication Layers
1123:	Requirements for Internet Hosts -- Application and Support
1183:	New DNS RR Definitions (AFSDB, RP, X25, ISDN and RT)
1348:	DNS NSAP RRs
1535:	A Security Problem and Proposed Correction
	 With Widely Deployed DNS Software
1536:	Common DNS Implementation Errors and Suggested Fixes
1537:	Common DNS Data File Configuration Errors
1591:	Domain Name System Structure and Delegation
1611:	DNS Server MIB Extensions
1612:	DNS Resolver MIB Extensions
1706:	DNS NSAP Resource Records
1712:	DNS Encoding of Geographical Location
1750:	Randomness Recommendations for Security
1876:	A Means for Expressing Location Information in the Domain Name System
1886:	DNS Extensions to support IP version 6
1982:	Serial Number Arithmetic
1995:	Incremental Zone Transfer in DNS
1996:	A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
2052:	A DNS RR for specifying the location of services (DNS SRV)
2104:	HMAC: Keyed-Hashing for Message Authentication
2119:	Key words for use in RFCs to Indicate Requirement Levels
2133:	Basic Socket Interface Extensions for IPv6
2136:	Dynamic Updates in the Domain Name System (DNS UPDATE)
2137:	Secure Domain Name System Dynamic Update
2163:	Using the Internet DNS to Distribute MIXER
	 Conformant Global Address Mapping (MCGAM)
2168:	Resolution of Uniform Resource Identifiers using the Domain Name System
2181:	Clarifications to the DNS Specification
2230:	Key Exchange Delegation Record for the DNS
2308:	Negative Caching of DNS Queries (DNS NCACHE)
2317:	Classless IN-ADDR.ARPA delegation
2373:	IP Version 6 Addressing Architecture
2374:	An IPv6 Aggregatable Global Unicast Address Format
2375:	IPv6 Multicast Address Assignments
2418:	IETF Working Group Guidelines and Procedures
2535:	Domain Name System Security Extensions
2536:	DSA KEYs and SIGs in the Domain Name System (DNS)
2537:	RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)
2538:	Storing Certificates in the Domain Name System (DNS)
2539:	Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
2540:	Detached Domain Name System (DNS) Information
2541:	DNS Security Operational Considerations
2553:	Basic Socket Interface Extensions for IPv6
2671:	Extension Mechanisms for DNS (EDNS0)
2672:	Non-Terminal DNS Name Redirection
2673:	Binary Labels in the Domain Name System
2782:	A DNS RR for specifying the location of services (DNS SRV)
2825:	A Tangled Web: Issues of I18N, Domain Names, and the
	 Other Internet protocols
2826:	IAB Technical Comment on the Unique DNS Root
2845:	Secret Key Transaction Authentication for DNS (TSIG)
2874:	DNS Extensions to Support IPv6 Address Aggregation and Renumbering
2915:	The Naming Authority Pointer (NAPTR) DNS Resource Record
2929:	Domain Name System (DNS) IANA Considerations
2930:	Secret Key Establishment for DNS (TKEY RR)
2931:	DNS Request and Transaction Signatures ( SIG(0)s )
3007:	Secure Domain Name System (DNS) Dynamic Update
3008:	Domain Name System Security (DNSSEC) Signing Authority
3056:	Connection of IPv6 Domains via IPv4 Clouds
3071:	Reflections on the DNS, RFC 1591, and Categories of Domains
3090:	DNS Security Extension Clarification on Zone Status
3110:	RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
3123:	A DNS RR Type for Lists of Address Prefixes (APL RR)
3152:	Delegation of IP6.ARPA
3197:	Applicability Statement for DNS MIB Extensions
3225:	Indicating Resolver Support of DNSSEC
3226:	DNSSEC and IPv6 A6 aware server/resolver message size requirements
3258:	Distributing Authoritative Name Servers via Shared Unicast Addresses
3363:	Representing Internet Protocol version 6 (IPv6)
	 Addresses in the Domain Name System (DNS)
3364:	Tradeoffs in Domain Name System (DNS) Support
	 for Internet Protocol version 6 (IPv6)
3425:	Obsoleting IQUERY
3445:	Limiting the Scope of the KEY Resource Record (RR)
3490:	Internationalizing Domain Names In Applications (IDNA)
3491:	Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)
3492:	Punycode:A Bootstring encoding of Unicode for
	 Internationalized Domain Names in Applications (IDNA)
3493:	Basic Socket Interface Extensions for IPv6
3513:	Internet Protocol Version 6 (IPv6) Addressing Architecture
3596:	DNS Extensions to Support IP Version 6
3597:	Handling of Unknown DNS Resource Record (RR) Types
3645:	Generic Security Service Algorithm for
	 Secret Key Transaction Authentication for DNS (GSS-TSIG)
3655:	Redefinition of DNS Authenticated Data (AD) bit
3658:	Delegation Signer (DS) Resource Record (RR)
3757:	Domain Name System KEY (DNSKEY) Resource Record (RR)
	 Secure Entry Point (SEP) Flag
3833:	Threat Analysis of the Domain Name System (DNS)
3845:	DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
3901:	DNS IPv6 Transport Operational Guidelines
4025:	A Method for Storing IPsec Keying Material in DNS
4033:	DNS Security Introduction and Requirements
4034:	Resource Records for the DNS Security Extensions
4035:	Protocol Modifications for the DNS Security Extensions
4074:	Common Misbehavior Against DNS Queries for IPv6 Addresses
4159:	Deprecation of "ip6.int"
4193:	Unique Local IPv6 Unicast Addresses
4255:	Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
4343:	Domain Name System (DNS) Case Insensitivity Clarification
4367:	What's in a Name: False Assumptions about DNS Names
4398:	Storing Certificates in the Domain Name System (DNS)
4431:	The DNSSEC Lookaside Validation (DLV) DNS Resource Record
4408:	Sender Policy Framework (SPF) for Authorizing Use of Domains
	 in E-Mail, Version 1
4470:	Minimally Covering NSEC Records and DNSSEC On-line Signing
4634:	US Secure Hash Algorithms (SHA and HMAC-SHA)
4641:	DNSSEC Operational Practices
4648:	The Base16, Base32, and Base64 Data Encodings
4701:	A DNS Resource Record (RR) for Encoding
         Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)
5155:	DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
@


1.2
log
@SVN rev 186462 on 2008-12-23 22:47:56Z by dougb

Merge from vendor/bind9/dist as of the 9.4.3 import
@
text
@@


1.1
log
@Initial revision
@
text
@d12 1
a12 1
	   With Widely Deployed DNS Software
d66 1
a79 1
3390:	Internationalizing Domain Names In Applications (IDNA)
d82 1
d85 1
a85 1
	  Internationalized Domain Names in Applications (IDNA)
d91 1
a91 1
	  Secret Key Transaction Authentication for DNS (GSS-TSIG)
d94 2
d98 22
@


1.1.1.1
log
@Vender import of BIND 9.3.0rc4.
@
text
@@


1.1.1.1.4.1
log
@MFC import of BIND 9.3.2
@
text
@d79 1
a81 1
3490:	Internationalizing Domain Names In Applications (IDNA)
a92 2
3757:	Domain Name System KEY (DNSKEY) Resource Record (RR)
	  Secure Entry Point (SEP) Flag
a94 7
3901:	DNS IPv6 Transport Operational Guidelines
4025:	A Method for Storing IPsec Keying Material in DNS
4033:	DNS Security Introduction and Requirements
4034:	Resource Records for the DNS Security Extensions
4035:	Protocol Modifications for the DNS Security Extensions
4074:	Common Misbehavior Against DNS Queries for IPv6 Addresses
4159:	Deprecation of "ip6.int"
@


1.1.1.1.4.2
log
@SVN rev 179502 on 2008-06-03 05:38:10Z by dougb

Update to version 9.3.5. It contains the latest bug fixes, updates
to root server addresses, and a fix for the vulnerability mentioned
here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122

Users of BIND 9.3.x are strongly encouraged to upgrade to this
version. Also, the 9.3.x branch is now in maintenance-only mode.
Users are encouraged to investigate BIND 9.4.x or perhaps 9.5.x.

http://www.isc.org/index.pl?/sw/bind/versions_and_support.php

This udpate is being done by updating the files directly in this
branch rather than an import + MFC because BIND in HEAD is 9.4.x.
@
text
@a103 11
4193:	Unique Local IPv6 Unicast Addresses
4255:	Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
4343:	Domain Name System (DNS) Case Insensitivity Clarification
4367:	What's in a Name: False Assumptions about DNS Names
4398:	Storing Certificates in the Domain Name System (DNS)
4431:	The DNSSEC Lookaside Validation (DLV) DNS Resource Record
4408:	Sender Policy Framework (SPF) for Authorizing Use of Domains
	 in E-Mail, Version 1
4470:	Minimally Covering NSEC Records and DNSSEC On-line Signing
4634:	US Secure Hash Algorithms (SHA and HMAC-SHA)
4641:	DNSSEC Operational Practices
@


1.1.1.1.4.3
log
@SVN rev 186999 on 2009-01-10 04:30:27Z by dougb

Merge from vendor/bind9/dist-9.3 as of the 9.3.6-P1 import
@
text
@d12 1
a12 1
	 With Widely Deployed DNS Software
a65 1
3056:	Connection of IPv6 Domains via IPv4 Clouds
d84 1
a84 1
	 Internationalized Domain Names in Applications (IDNA)
d90 1
a90 1
	 Secret Key Transaction Authentication for DNS (GSS-TSIG)
d94 1
a94 1
	 Secure Entry Point (SEP) Flag
a114 4
4648:	The Base16, Base32, and Base64 Data Encodings
4701:	A DNS Resource Record (RR) for Encoding
         Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)
5155:	DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
@


1.1.1.2
log
@Vendor import of BIND 9.3.2
@
text
@d79 1
a81 1
3490:	Internationalizing Domain Names In Applications (IDNA)
a92 2
3757:	Domain Name System KEY (DNSKEY) Resource Record (RR)
	  Secure Entry Point (SEP) Flag
a94 7
3901:	DNS IPv6 Transport Operational Guidelines
4025:	A Method for Storing IPsec Keying Material in DNS
4033:	DNS Security Introduction and Requirements
4034:	Resource Records for the DNS Security Extensions
4035:	Protocol Modifications for the DNS Security Extensions
4074:	Common Misbehavior Against DNS Queries for IPv6 Addresses
4159:	Deprecation of "ip6.int"
@


1.1.1.3
log
@Vendor import of BIND 9.4.1
@
text
@a103 5
4193:	Unique Local IPv6 Unicast Addresses
4255:	Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
4343:	Domain Name System (DNS) Case Insensitivity Clarification
4367:	What's in a Name: False Assumptions about DNS Names
4431:	The DNSSEC Lookaside Validation (DLV) DNS Resource Record
@


1.1.1.3.2.1
log
@MFC contrib code and bmake changes for BIND version 9.4.2

Approved by:	re (kensmith)
@
text
@a107 1
4398:	Storing Certificates in the Domain Name System (DNS)
a108 5
4408:	Sender Policy Framework (SPF) for Authorizing Use of Domains
	 in E-Mail, Version 1
4470:	Minimally Covering NSEC Records and DNSSEC On-line Signing
4634:	US Secure Hash Algorithms (SHA and HMAC-SHA)
4641:	DNSSEC Operational Practices
@


1.1.1.3.2.2
log
@SVN rev 186996 on 2009-01-10 03:00:21Z by dougb

MFC the BIND 9.4.3 and 9.4.3-P1 updates
@
text
@d12 1
a12 1
	 With Widely Deployed DNS Software
a65 1
3056:	Connection of IPv6 Domains via IPv4 Clouds
d84 1
a84 1
	 Internationalized Domain Names in Applications (IDNA)
d90 1
a90 1
	 Secret Key Transaction Authentication for DNS (GSS-TSIG)
d94 1
a94 1
	 Secure Entry Point (SEP) Flag
a114 4
4648:	The Base16, Base32, and Base64 Data Encodings
4701:	A DNS Resource Record (RR) for Encoding
         Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)
5155:	DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
@


1.1.1.3.2.2.4.1
log
@SVN rev 203961 on 2010-02-16 18:10:35Z by dougb

Merge from stable/7, version 203948:

Upgrade to BIND 9.4-ESV. This version incorporates all bug and security
fixes since the release of 9.4.3, including the most recent -P5 security
fix detailed below.

From the README:
BIND 9.4-ESV will be supported until December 31, 2010, at
which time you will need to upgrade to the current release
of BIND.

This versions address the following vulnerabilities:

BIND 9 Cache Update from Additional Section
https://www.isc.org/advisories/CVE-2009-4022v6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
A nameserver with DNSSEC validation enabled may incorrectly add
unauthenticated records to its cache that are received during the
resolution of a recursive client query

BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses
https://www.isc.org/advisories/CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
There was an error in the DNSSEC NSEC/NSEC3 validation code that could
cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records
proven by NSEC or NSEC3 to exist) to be cached as if they had validated
correctly

These issues only affect systems with DNSSEC validation enabled.

Approved by:	re (kensmith)
@
text
@a22 1
1912:	Common DNS Operational and Configuration Errors
a93 1
3755:	Legacy Resolver Compatibility for Delegation Signer (DS)
a106 2
4294:	IPv6 Node Requirements
4339:	IPv6 Host Configuration of DNS Server Information Approaches
a113 3
4471:	Derivation of DNS Name Predecessor and Successor
4472:	Operational Considerations and Issues with IPv6 DNS
4509:	Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
a114 1
4635:	HMAC SHA TSIG Algorithm Identifiers
a116 1
4697:	Observed DNS Resolution Misbehavior
a118 5
4892:	Requirements for a Mechanism Identifying a Name Server Instance
4955:	DNS Security (DNSSEC) Experiments
4956:	DNS Security (DNSSEC) Opt-In
5001:	DNS Name Server Identifier (NSID) Option
5011:	Automated Updates of DNS Security (DNSSEC) Trust Anchors
a119 7
5205:	Host Identity Protocol (HIP) Domain Name System (DNS) Extension
5395:	Domain Name System (DNS) IANA Considerations
5452:	Measures for Making DNS More Resilient against Forged Answers
5507:	Design Choices When Expanding the DNS
5625:	DNS Proxy Implementation Guidelines
5702:   Use of SHA-2 Algorithms with RSA in
         DNSKEY and RRSIG Resource Records for DNSSEC
@


1.1.1.3.2.3
log
@SVN rev 203948 on 2010-02-16 05:14:51Z by dougb

Upgrade to BIND 9.4-ESV. This version incorporates all bug and security
fixes since the release of 9.4.3, including the most recent -P5 security
fix detailed below.

From the README:
BIND 9.4-ESV will be supported until December 31, 2010, at
which time you will need to upgrade to the current release
of BIND.

This versions address the following vulnerabilities:

BIND 9 Cache Update from Additional Section
https://www.isc.org/advisories/CVE-2009-4022v6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
A nameserver with DNSSEC validation enabled may incorrectly add
unauthenticated records to its cache that are received during the
resolution of a recursive client query

BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses
https://www.isc.org/advisories/CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
There was an error in the DNSSEC NSEC/NSEC3 validation code that could
cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records
proven by NSEC or NSEC3 to exist) to be cached as if they had validated
correctly

These issues only affect systems with DNSSEC validation enabled.

Approved by:	re (kensmith)
@
text
@a22 1
1912:	Common DNS Operational and Configuration Errors
a93 1
3755:	Legacy Resolver Compatibility for Delegation Signer (DS)
a106 2
4294:	IPv6 Node Requirements
4339:	IPv6 Host Configuration of DNS Server Information Approaches
a113 3
4471:	Derivation of DNS Name Predecessor and Successor
4472:	Operational Considerations and Issues with IPv6 DNS
4509:	Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
a114 1
4635:	HMAC SHA TSIG Algorithm Identifiers
a116 1
4697:	Observed DNS Resolution Misbehavior
a118 5
4892:	Requirements for a Mechanism Identifying a Name Server Instance
4955:	DNS Security (DNSSEC) Experiments
4956:	DNS Security (DNSSEC) Opt-In
5001:	DNS Name Server Identifier (NSID) Option
5011:	Automated Updates of DNS Security (DNSSEC) Trust Anchors
a119 7
5205:	Host Identity Protocol (HIP) Domain Name System (DNS) Extension
5395:	Domain Name System (DNS) IANA Considerations
5452:	Measures for Making DNS More Resilient against Forged Answers
5507:	Design Choices When Expanding the DNS
5625:	DNS Proxy Implementation Guidelines
5702:   Use of SHA-2 Algorithms with RSA in
         DNSKEY and RRSIG Resource Records for DNSSEC
@


1.1.1.3.2.4
log
@SVN rev 214812 on 2010-11-04 21:50:19Z by dougb

MFV version 9.4-ESV-R3

This version contains several fixes for DNSSEC and DLV, as well as
fixes relevant to any resolving name server.
@
text
@a140 3
5933:	Use of GOST Signature Algorithms in DNSKEY
         and RRSIG Resource Records for DNSSEC

@


1.1.1.4
log
@Vendor import of BIND 9.4.2
@
text
@a107 1
4398:	Storing Certificates in the Domain Name System (DNS)
a108 5
4408:	Sender Policy Framework (SPF) for Authorizing Use of Domains
	 in E-Mail, Version 1
4470:	Minimally Covering NSEC Records and DNSSEC On-line Signing
4634:	US Secure Hash Algorithms (SHA and HMAC-SHA)
4641:	DNSSEC Operational Practices
@


1.1.1.1.2.1
log
@MFC: BIND 9 and related bits.

Approved by:	re
@
text
@@


1.1.1.1.2.2
log
@MFC import of BIND 9.3.2
@
text
@d79 1
a81 1
3490:	Internationalizing Domain Names In Applications (IDNA)
a92 2
3757:	Domain Name System KEY (DNSKEY) Resource Record (RR)
	  Secure Entry Point (SEP) Flag
a94 7
3901:	DNS IPv6 Transport Operational Guidelines
4025:	A Method for Storing IPsec Keying Material in DNS
4033:	DNS Security Introduction and Requirements
4034:	Resource Records for the DNS Security Extensions
4035:	Protocol Modifications for the DNS Security Extensions
4074:	Common Misbehavior Against DNS Queries for IPv6 Addresses
4159:	Deprecation of "ip6.int"
@


