ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

DNSSEC bis merge from HEAD:

Browse Source 
1581.  [func]          Disable DNSSEC support by default.  To enable
                       DNSSEC specify "enable-dnssec yes;" in named.conf.

1565.  [bug]           CD flag should be copied to outgoing queries unless
                       the query is under a secure entry point in which case
                       CD should be set.

1558.  [func]          New DNSSEC 'disable-algorithms'.  Support entry into
                       child zones for which we don't have a supported
                       algorithm.  Such child zones are treated as unsigned.

1557.  [func]          Implement missing DNSSEC tests for
                       * NOQNAME proof with wildcard answers.
                       * NOWILDARD proof with NXDOMAIN.
                       Cache and return NOQNAME with wildcard answers.

1541.  [func]          NSEC now uses new bitmap format.

1519.  [bug]           dnssec-signzone:nsec_setbit() computed the wrong
                       length of the new bitmap.

1516.  [func]          Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
This commit is contained in:
Mark Andrews
2004-03-08 02:08:05 +00:00
parent 83a9f037e5
commit a821d5fa3d
112 changed files with 4272 additions and 2752 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
bin/tests/system/dnssec/ns3/sign.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.12.12.1 2004/03/06 10:22:02 marka Exp $
# $Id: sign.sh,v 1.12.12.2 2004/03/08 02:07:47 marka Exp $
RANDFILE=../random.data
@@ -23,9 +23,7 @@ zone=secure.example.
infile=secure.example.db.in
zonefile=secure.example.db
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null
keyname=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
cat $infile $keyname.key >$zonefile
@@ -37,8 +35,33 @@ zonefile=bogus.example.db
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null
cat $infile $keyname.key >$zonefile
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
cat $infile $keyname.key >$zonefile
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
zone=keyless.example.
infile=keyless.example.db.in
zonefile=keyless.example.db
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
cat $infile $keyname.key >$zonefile
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
# Change the signer field of the a.b.keyless.example SIG A
# to point to a provably nonexistent KEY record.
mv $zonefile.signed $zonefile.tmp
<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/
if /^a.b.keyless.example/../NXT/;' >$zonefile.signed
rm -f $zonefile.tmp