ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
28,102 Commits 589 Branches 805 Tags
3f95f4ffbb516ae19d742cf9d81f745bb282f28d
Commit Graph

125 Commits

Author SHA1 Message Date
Mark Andrews
7288d321ae remove re-signing race when testing dnskey-sig-validity 2018-06-27 07:27:07 -04:00
Ondřej Surý
2b8fab6828 Remove genrandom command and all usage of specific random files throughout the system test suite 2018-05-16 09:54:35 +02:00
Ondřej Surý
55a10b7acd Remove $Id markers, Principal Author and Reviewed tags from the full source tree 2018-05-11 13:17:46 +02:00
Ondřej Surý
3f66b8acb0 Update tests to not use '>&-' that closes file descriptor, but instead use correct redirection to '>/dev/null' 2018-05-11 12:44:27 +02:00
Evan Hunt
c592655c0f new option "dnskey-sig-validity" 
- overrides "sig-validity-interval" for DNSKEY, CDNSKEY and CDS RRSIGs
 2018-04-20 12:12:08 -07:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Evan Hunt
0c559199bf final cleanup 
- add CHANGES note
- update copyrights and license headers
- add -j to the make commands in .gitlab-ci.yml to take
  advantage of parallelization in the gitlab CI process
 2018-02-22 22:58:15 -08:00
Evan Hunt
c032c54dda parallelize most system tests 2018-02-22 15:29:02 -08:00
Evan Hunt
45afdb2672 [master] remove default algorithm in dnssec-keygen 
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
 2017-08-30 18:51:11 -07:00
Evan Hunt
6ce8a05f6c [master] update copyrights that had been missed recently 2017-04-23 17:06:00 -07:00
Tinderbox User
1f6505a424 update copyright notice / whitespace 2017-04-22 23:45:41 +00:00
Mukund Sivaraman
03be5a6b4e Improve performance for delegation heavy answers and also general query performance (#44029) 2017-04-22 09:22:44 +05:30
Mukund Sivaraman
dd7d1df874 Increase minimum RSA keygen size to 1024 bits (#36895) 2017-04-21 12:00:40 +05:30
Witold Krecicki
358dfaee18 4487. [test] Make system tests work on Windows. [RT #42931] 2016-10-19 17:18:42 +02:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Evan Hunt
5ecfee97ba [master] copyrights 2016-04-14 19:12:13 -07:00
Evan Hunt
3cd204c4a4 [master] fixed revoked key regression 
4436.	[bug]		Fixed a regression introduced in change #4337 which
			caused signed domains with revoked KSKs to fail
			validation. [RT #42147]
 2016-04-14 18:52:52 -07:00
Tinderbox User
4a7004f3ce update copyright notice / whitespace 2016-03-10 23:45:16 +00:00
Mark Andrews
7c52595464 4331. [func] When loading managed signed zones detect if the 
RRSIG's inception time is in the future and regenerate
                        the RRSIG immediately. [RT #41808]
 2016-03-10 17:01:08 +11:00
Tinderbox User
29756974c5 update copyright notice / whitespace 2015-02-06 23:45:21 +00:00
Evan Hunt
591389c7d4 [master] 5011 tests and fixes 
4056.	[bug]		Expanded automatic testing of trust anchor
			management and fixed several small bugs including
			a memory leak and a possible loss of key state
			information. [RT #38458]

4055.	[func]		"rndc managed-keys" can be used to check status
			of trust anchors or to force keys to be refreshed,
			Also, the managed keys data file has easier-to-read
			comments.  [RT #38458]
 2015-02-05 17:18:15 -08:00
Mark Andrews
a5c7cfbac4 3990. [testing] Add tests for unknown DNSSEC algorithm handling. 
[RT #37541]
 2014-10-30 11:05:26 +11:00
Tinderbox User
be484acb22 update copyright notice 2014-09-30 23:45:22 +00:00
Mark Andrews
c83b91fb63 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] 2014-10-01 07:06:20 +10:00
Mark Andrews
1c95f67232 use $PERL 2014-06-24 13:50:14 +10:00
Tinderbox User
5a31767b09 update copyright notice 2014-06-19 23:45:23 +00:00
Evan Hunt
b8a9632333 [master] complete NTA work 
3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]
 2014-06-18 16:50:38 -07:00
Tinderbox User
aa7b16ec2a update copyright notice 2014-01-21 23:46:16 +00:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests 
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
 2014-01-20 16:08:09 -08:00
Tinderbox User
eade480b33 update copyright notice 2013-12-13 23:46:17 +00:00
Evan Hunt
9b895f30f1 [master] fix insecure delegation across static-stub zones 
3689.	[bug]		Fixed a bug causing an insecure delegation from one
			static-stub zone to another to fail with a broken
			trust chain. [RT #35081]
 2013-12-12 22:19:33 -08:00
Mark Andrews
2c089bf6d2 whitspace 2013-09-16 10:14:07 +10:00
Tinderbox User
63737247d1 update copyright notice 2013-09-05 23:46:16 +00:00
Mark Andrews
b5f4cc132e 3641. [bug] Handle changes to sig-validity-interval settings 
better. [RT #34625]
 2013-09-04 13:45:00 +10:00
Tinderbox User
377b774598 update copyright notice 2013-08-15 23:46:17 +00:00
Mark Andrews
7ace327795 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]
 2013-08-15 10:48:05 +10:00
Tinderbox User
cfa2326b5c update copyright notice 2013-03-14 23:46:11 +00:00
Evan Hunt
4eb998928b [master] algorithm flexibility for rndc 
3525.	[func]		Support for additional signing algorithms in rndc:
			hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
			The -A option to rndc-confgen can be used to
			select the algorithm for the generated key.
			(The default is still hmac-md5; this may
			change in a future release.) [RT #20363]
 2013-03-13 17:53:11 -07:00
Tinderbox User
15c7a1bf20 update copyright notice 2012-10-06 23:46:11 +00:00
Mark Andrews
dbf693fdfd 3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262] 2012-10-06 14:56:33 +10:00
Tinderbox User
23554e8479 update copyright notice 2012-08-14 23:46:02 +00:00
Evan Hunt
8f6d6d72e8 support '-' salt in rndc signing -nsec3param 
3361.	[bug]		"rndc signing -nsec3param" didn't work correctly
			when salt was set to '-' (no salt). [RT #30099]
 2012-08-13 22:24:36 -07:00
Tinderbox User
953692fa1e update copyright notice 2012-07-25 23:46:04 +00:00
ckb
e7857b5ee0 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are 
approaching their expiry, so they don't remain
			in caches after expiry. [RT #26429]
 2012-07-25 17:06:34 -05:00
Mark Andrews
bf8267aa45 reverse bad copyright update 2012-06-29 11:39:47 +10:00
Tinderbox User
247bf37860 update copyright notice 2012-06-29 01:22:18 +00:00
Mark Andrews
9b6e76e5e7 awk and toupper is not portable, use sed instead 2012-05-21 10:13:08 +10:00
Tinderbox User
a847a4bcd6 update copyright notice 2012-05-17 23:46:03 +00:00
Evan Hunt
26833735d3 Handle RRSIG signer case consistently 
3329.	[bug]		Handle RRSIG signer-name case consistently: We
			generate RRSIG records with the signer-name in
			lower case.  We accept them with any case, but if
			they fail to validate, we try again in lower case.
			[RT #27451]
 2012-05-17 10:44:16 -07:00
Evan Hunt
e41d5a00bc added gitignore, removed cvsignore 2012-03-03 23:10:05 -08:00