Tinderbox User
00f6aff939
update copyright notice / whitespace
2016-01-28 23:46:23 +00:00
Mark Andrews
3eda1730b7
4305. [bug] dnssec-signzone was not removing unnecessary rrsigs
...
from the zone's apex. [RT #41483 ]
(cherry picked from commit 832ab79d1f
2016-01-28 15:43:00 +11:00
Evan Hunt
05d0d33cb8
[v9_9] timing safe memory comparisons
...
4183. [cleanup] Use timing-safe memory comparisons in cryptographic
code. Also, the timing-safe comparison functions have
been renamed to avoid possible confusion with
memcmp(). [RT #40148 ]
(cherry picked from commit 420a43c8d8
2015-08-17 18:31:11 -07:00
Mark Andrews
64b34aee39
4128. [bug] Address issues raised by Coverity 7.6. [RT #39537 ]
...
(cherry picked from commit e53e202ef3
2015-05-28 13:26:19 +10:00
Mark Andrews
f381cb86da
4127. [protocol] CDS and CDNSKEY need to be signed by the key signing
...
key as per RFC 7344, Section 4.1. [RT #37215 ]
(cherry picked from commit 598b502695
2015-05-27 15:45:46 +10:00
Mark Andrews
1c33552240
4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759 ]
...
(cherry picked from commit 29d52c001fa55c3151b2
2015-03-03 16:52:02 +11:00
Mark Andrews
fc07bc787f
4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708 ]
...
(cherry picked from commit af669cb4fd374fce8495
2015-02-27 11:05:33 +11:00
Tinderbox User
9cbd625449
update copyright notice / whitespace
2015-01-20 23:47:26 +00:00
Evan Hunt
57f015bd2a
[v9_9] clean up gcc -Wshadow warnings
...
4039. [cleanup] Cleaned up warnings from gcc -Wshadow. [RT #37381 ]
2015-01-20 14:55:41 -08:00
Evan Hunt
f7f3bd0c6e
[v9_9] don't clear signatures from zone cuts
...
3922. [bug] When resigning, dnssec-signzone was removing
all signatures from delegation nodes. It now
retains DS and (if applicable) NSEC signatures.
[RT #36946 ]
(cherry picked from commit eeb13c7cd2
2014-08-21 22:57:31 -07:00
Mukund Sivaraman
2d2897f476
[10686] Add version printing option to various BIND utilites
...
Squashed commit of the following:
commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
Author: Evan Hunt <each@isc.org >
Date: Tue Jun 10 16:52:45 2014 -0700
[rt10686] move version() to dnssectool.c
commit df205b541d1572ea5306a5f671af8b54b9c5c770
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:38:31 2014 +0530
Rearrange order of cases
commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:38:08 2014 +0530
Add version printer to dnssec-verify
commit a625ea338c74ab5e21634033ef87f170ba37fdbe
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:32:19 2014 +0530
Add version printer to dnssec-signzone
commit d91e1c0f0697b3304ffa46fccc66af65591040d9
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:26:01 2014 +0530
Add version printer to dnssec-settime
commit 46fc8775da3e13725c31d13e090b406d69b8694f
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:25:48 2014 +0530
Fix docbook
commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:20:17 2014 +0530
Add version printer to dnssec-revoke
commit d0916420317d3e8c69cf1b37d2209ea2d072b913
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:17:54 2014 +0530
Add version printer to dnssec-keygen
commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:14:11 2014 +0530
Add version printer to dnssec-keyfromlabel
commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:13:39 2014 +0530
Update usage help output, docbook
commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:07:18 2014 +0530
Add version printer to dnssec-importkey
commit 9274fc61e38205aad561edf445940b4e73d788dc
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 21:01:53 2014 +0530
Add version printer to dnssec-dsfromkey
commit bf4605ea2d7282e751fd73489627cc8a99f45a90
Author: Mukund Sivaraman <muks@isc.org >
Date: Tue Jun 10 20:49:22 2014 +0530
Add -V to nsupdate usage output
(cherry picked from commit 4278293107ccba3c9ffd
2014-06-16 12:28:33 +05:30
Evan Hunt
0ed727f405
[v9_9] use ANSI prototypes, clean up some casts
...
(cherry picked from commit b454c03196
2014-03-04 10:48:05 -08:00
Evan Hunt
ec146546f4
[v9_9] dnssec-keygen fixes
...
3730. [cleanup] Added "never" as a synonym for "none" when
configuring key event dates in the dnssec tools.
[RT #35277 ]
3729. [bug] dnssec-kegeyn could set the publication date
incorrectly when only the activation date was
specified on the command line. [RT #35278 ]
(cherry picked from commit 5f06c523186be56c5b0cd9b1c230ea7a53960c53)
2014-02-06 15:51:56 -08:00
Tinderbox User
864ca7ce33
update copyright notice
2014-01-09 23:45:53 +00:00
Evan Hunt
8c7ce6d3e6
[v9_9] replace memcpy() with memmove().
...
3698. [cleanup] Replaced all uses of memcpy() with memmove().
[RT #35120 ]
(cherry picked from commit ebe54c7d2221c6a0a4b3d96bcae3280c823a45e6)
2014-01-08 16:38:56 -08:00
Tinderbox User
c75c9ee78e
update copyright notice
2013-12-11 23:46:56 +00:00
Evan Hunt
2c73b0a857
[v9_9] dnssec-signzone -Q
...
3686. [func] "dnssec-signzone -Q" drops signatures from keys
that are still published but no longer active.
[RT #34990 ]
(cherry picked from commit 0bbe3273a2
2013-12-11 13:25:44 -08:00
Mark Andrews
a92a3ecf44
silence compiler warnings
...
(cherry picked from commit 53f70575bd
2013-12-06 17:39:33 +11:00
Mark Andrews
3b38a23089
3681. [port] Update the Windows build system to support feature
...
selection and WIN64 builds. This is a work in
progress. [RT #34160 ]
(cherry picked from commit c3c8823fed
2013-12-04 13:48:45 +11:00
Tinderbox User
c3e768f1fb
update copyright notice
2013-01-23 23:45:39 +00:00
Evan Hunt
bf9d2fd260
[v9_9] fix incorrect nsec3 check
...
- check for NSEC3 in empty nodes when not due to optout delegations
- fixed typo in output ("Bad record NSEC record")
- incidentally fixed an error in signzone that caused an
incorrect warning about missing DNSKEYs when using -S
and -3 together
3473. [bug] dnssec-signzone/verify could incorrectly report
an error condition due to an empty node above an
opt-out delegation lacking an NSEC3. [RT #32072 ]
(cherry picked from commit 9a0dd99a75
2013-01-23 14:57:18 -08:00
Mark Andrews
09b906e5d1
throw fatal error on realloc failure
2012-12-10 10:17:14 +11:00
Evan Hunt
d8861c4350
[v9_9] remove spurious signatures from glue
...
3404. [bug] dnssec-signzone: When re-signing a zone, remove
RRSIG and NSEC records from nodes that used to be
in-zone but are now below a zone cut. [RT #31556 ]
(cherry picked from commit 4b3d727d96
2012-10-24 15:47:51 -07:00
Evan Hunt
8c18302d8b
fix coverity issues
...
3388. [bug] Fixed several Coverity warnings. [RT #30996 ]
2012-10-02 23:46:15 -07:00
Mark Andrews
5ffdd53520
use binary mode for raw/fast
2012-09-12 17:25:22 +10:00
Tinderbox User
9418237f65
update copyright notice
2012-06-26 23:45:42 +00:00
Mark Andrews
7c25aaf620
3341. [func] New "dnssec-verify" command checks a signed zone
...
to ensure correctness of signatures and of NSEC/NSEC3
chains. [RT #23673 ]
2012-06-25 14:57:32 +10:00
Evan Hunt
f30785f506
3252. [bug] When master zones using inline-signing were
...
updated while the server was offline, the source
zone could fall out of sync with the signed
copy. They can now resynchronize. [RT #26676 ]
2011-12-22 07:32:41 +00:00
Mark Andrews
b11fd36119
move declaration to start of block
2011-12-08 23:45:02 +00:00
Evan Hunt
b4d8192d21
3241. [func] Extended the header of raw-format master files to
...
include the serial number of the zone from which
they were generated, if different (as in the case
of inline-signing zones). This is to be used in
inline-signing zones, to track changes between the
unsigned and signed versions of the zone, which may
have different serial numbers.
(Note: raw zonefiles generated by this version of
BIND are no longer compatble with prior versions.
To generate a backward-compatible raw zonefile
using dnssec-signzone or named-compilezone, specify
output format "raw=0" instead of simply "raw".)
[RT #26587 ]
2011-12-08 16:07:22 +00:00
Automatic Updater
0237221b8a
update copyright notice
2011-11-07 23:46:50 +00:00
Evan Hunt
d9eebc0849
3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full"
...
option prints in single-line-per-record format.
[RT #20287 ]
2011-11-07 23:16:31 +00:00
Evan Hunt
653a78de95
3165. [bug] dnssec-signzone could generate new signatures when
...
resigning, even when valid signatures were already
present. [RT #26025 ]
2011-10-11 19:26:06 +00:00
Automatic Updater
3d73f493d0
update copyright notice
2011-07-19 23:47:48 +00:00
Mark Andrews
96ade2bc52
3134. [bug] Improve the accuracy of dnssec-signzone's signing
...
statistics. [RT #16030 ]
2011-07-19 04:09:27 +00:00
Evan Hunt
79ce3a9e82
3128. [func] Inserting an NSEC3PARAM via dynamic update in an
...
auto-dnssec zone that has not been signed yet
will cause it to be signed with the specified NSEC3
parameters when keys are activated. The
NSEC3PARAM record will not appear in the zone until
it is signed, but the parameters will be stored.
[RT #23684 ]
2011-06-10 01:51:09 +00:00
Evan Hunt
be84733145
3110. [bug] dnssec-signzone: Wrong error message could appear
...
when attempting to sign with no KSK. [RT #24369 ]
2011-05-07 00:31:13 +00:00
Evan Hunt
485522d7e1
3108. [cleanup] dnssec-signzone: Clarified some error and
...
warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
code (use -P instead). [RT #20852 ]
3107. [bug] dnssec-signzone: Report the correct number of ZSKs
when using -x. [RT #20852 ]
2011-05-06 21:08:33 +00:00
Evan Hunt
c2255e8614
Fixed a bug that was exposed by change #3085 .
2011-03-22 03:19:38 +00:00
Evan Hunt
dff7e38491
initialize delset
2011-03-21 16:17:57 +00:00
Evan Hunt
35f1a4fc93
3085. [func] New '-R' option in dnssec-signzone forces removal
...
of signatures which have not yet expired but
were generated by a key that no longer exists.
[RT #22471 ]
2011-03-21 07:26:47 +00:00
Mark Andrews
6494526350
3070. [bug] dnssec-signzone potential NULL pointer dereference.
...
[RT #20256 ]
2011-03-11 12:37:01 +00:00
Mark Andrews
0874abad14
3069. [cleanup] Silence warnings messages from clang static analysis.
...
[RT #20256 ]
2011-03-11 06:11:27 +00:00
Francis Dupont
cf39976b89
while(1) -> for(;;) (cf 23588)
2011-03-10 13:37:21 +00:00
Automatic Updater
0e27506ce3
update copyright notice
2011-03-05 23:52:31 +00:00
Mark Andrews
eff7f78bc6
3061. [func] New option "dnssec-signzone -D", only write out
...
generated DNSSEC records. [RT #22896 ]
2011-03-05 06:35:41 +00:00
Automatic Updater
26a7306397
update copyright notice
2011-03-04 23:47:47 +00:00
Evan Hunt
61271cdee6
3060. [func] New option "dnssec-signzone -X <date>" allows
...
specification of a separate expiration date
for DNSKEY RRSIGs and other RRSIGs. [RT #22141 ]
2011-03-04 22:20:21 +00:00
Automatic Updater
c8175ece69
update copyright notice
2011-03-01 23:48:07 +00:00
Mark Andrews
2f09e7c3fc
3041. [bug] dnssec-signzone failed to generate new signatures on
...
ttl changes. [RT #23330 ]
2011-02-24 03:04:43 +00:00
