ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

DNSSEC bis merge from HEAD:

Browse Source 
1581.  [func]          Disable DNSSEC support by default.  To enable
                       DNSSEC specify "enable-dnssec yes;" in named.conf.

1565.  [bug]           CD flag should be copied to outgoing queries unless
                       the query is under a secure entry point in which case
                       CD should be set.

1558.  [func]          New DNSSEC 'disable-algorithms'.  Support entry into
                       child zones for which we don't have a supported
                       algorithm.  Such child zones are treated as unsigned.

1557.  [func]          Implement missing DNSSEC tests for
                       * NOQNAME proof with wildcard answers.
                       * NOWILDARD proof with NXDOMAIN.
                       Cache and return NOQNAME with wildcard answers.

1541.  [func]          NSEC now uses new bitmap format.

1519.  [bug]           dnssec-signzone:nsec_setbit() computed the wrong
                       length of the new bitmap.

1516.  [func]          Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
This commit is contained in:
Mark Andrews
2004-03-08 02:08:05 +00:00
parent 83a9f037e5
commit a821d5fa3d
112 changed files with 4272 additions and 2752 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tests/system/dnssec/ns1/named.conf
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.16.206.2 2004/03/06 10:21:57 marka Exp $ */
/* $Id: named.conf,v 1.16.206.3 2004/03/08 02:07:44 marka Exp $ */
// NS1
@@ -31,6 +31,7 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
enable-dnssec yes;
};
zone "." {

14
bin/tests/system/dnssec/ns1/sign.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.12.12.1 2004/03/06 10:21:58 marka Exp $
# $Id: sign.sh,v 1.12.12.2 2004/03/08 02:07:45 marka Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
@@ -26,21 +26,16 @@ zone=.
infile=root.db.in
zonefile=root.db
keyname=`$KEYGEN -a RSA -b 768 -n zone -r $RANDFILE $zone`
(cd ../ns2 && sh sign.sh )
cp ../ns2/keyset-example. .
$KEYSIGNER -r $RANDFILE keyset-example. $keyname > /dev/null
cat signedkey-example. >> ../ns2/example.db.signed
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname > /dev/null
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
cat $infile $keyname.key > $zonefile
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
echo $SIGNER -g -r $RANDFILE -o $zone $zonefile
$SIGNER -g -r $RANDFILE -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
@@ -56,3 +51,4 @@ EOF
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
cp trusted.conf ../ns6/trusted.conf