4056. [bug] Fixed several small bugs in automatic trust anchor
management, including a memory leak and a possible
loss of key state information. [RT #38458]
3817. [func] The "delve" command is now spelled "delv" to avoid
a namespace collision with the Xapian project.
[RT #35801]
(cherry picked from commit 2ae159b376)
[RT #31951]
Squashed commit of the following:
commit 7369da0369e1de1fe6c5b5f84df8848b9a0984eb
Author: Mark Andrews <marka@isc.org>
Date: Fri Nov 23 17:24:04 2012 +1100
dupped/created reversed in log message
commit 0cef5faaf3ac22b00ed0f95b6bb7a146cf4cac15
Author: Mark Andrews <marka@isc.org>
Date: Fri Nov 23 13:40:14 2012 +1100
remove space from DS hash
3404. [bug] dnssec-signzone: When re-signing a zone, remove
RRSIG and NSEC records from nodes that used to be
in-zone but are now below a zone cut. [RT #31556]
3329. [bug] Handle RRSIG signer-name case consistently: We
generate RRSIG records with the signer-name in
lower case. We accept them with any case, but if
they fail to validate, we try again in lower case.
[RT #27451]
include the serial number of the zone from which
they were generated, if different (as in the case
of inline-signing zones). This is to be used in
inline-signing zones, to track changes between the
unsigned and signed versions of the zone, which may
have different serial numbers.
(Note: raw zonefiles generated by this version of
BIND are no longer compatble with prior versions.
To generate a backward-compatible raw zonefile
using dnssec-signzone or named-compilezone, specify
output format "raw=0" instead of simply "raw".)
[RT #26587]
- 'rndc signing -list' displays the current
state of signing operations
- 'rndc signing -clear' clears the signing state
records for keys that have fully signed the zone
- 'rndc signing -nsec3param' sets the NSEC3
parameters for the zone
The 'rndc keydone' syntax is removed. [RT #23729]
of DNSSEC records in signed dynamic zones. Set to
'no-resign' to disable automatic RRSIG regeneration
while retaining the ability to sign new or changed
data. [RT #24533]
of DNSSEC data in dig output and in generated
zone files:
- DNSKEY record comments are more verbose, no
longer used in multiline mode only
- multiline RRSIG records reformatted
- multiline output mode for NSEC3PARAM records
- "dig +norrcomments" suppresses DNSKEY comments
- "dig +split=X" breaks hex/base64 records into
fields of width X; "dig +nosplit" disables this.
[RT #22820]
