ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,355 Commits 589 Branches 805 Tags
3fe33590315cd5ab2af1f1b49e5ac36c9c195991
Commit Graph

57 Commits

Author SHA1 Message Date
Tinderbox User
08d747e2d5 update copyright notice / whitespace 2016-06-14 23:46:13 +00:00
Mark Andrews
b283aa31fc do not overflow exit status. [RT #42643] 
(cherry picked from commit 3635d8f910)
 2016-06-14 14:51:25 +10:00
Mark Andrews
da5e13af84 use $PERL 
(cherry picked from commit 1c95f67232)
 2014-06-24 13:51:46 +10:00
Mukund Sivaraman
e8be9e900c [35063] Don't publish an activated key automatically before its publish time 
(cherry picked from commit 79d27f505a)
(cherry picked from commit 2a7ecad81b)
 2014-06-04 15:26:00 +05:30
Evan Hunt
a9eb392c55 [v9_9] testcrypto.sh in system tests 
3714.  [test]          System tests that need to test for cryptography
                       support before running can now use a common
                       "testcrypto.sh" script to do so. [RT #35213]
 2014-02-06 16:10:03 -08:00
Mark Andrews
e95e204520 3635. [bug] Signatures were not being removed from a zone with 
only KSK keys for a algorithm. [RT #24439]

(cherry picked from commit d1e22676de)
 2013-08-15 13:37:47 +10:00
Tinderbox User
17873cf467 update copyright notice 2013-03-01 23:45:45 +00:00
Evan Hunt
cbf2a8f910 [v9_9] bring autosign test into sync with master 2013-02-28 23:45:05 -08:00
Mark Andrews
220805f781 loop 'I:checking expired signatures were updated' test 2012-12-03 09:30:58 +11:00
Tinderbox User
c201888c2a regen v9_9 2012-03-07 01:59:30 +00:00
Evan Hunt
f94af76649 Revert "added gitignore, removed cvsignore" 
This reverts commit e8ae173655.
 2012-03-05 08:24:17 -08:00
Evan Hunt
e8ae173655 added gitignore, removed cvsignore 2012-03-03 23:24:11 -08:00
Evan Hunt
63ed4de0ad fixed a test error that caused autosign to fail on freebsd 2012-02-07 00:33:40 +00:00
Evan Hunt
a1b98b70f9 3277. [bug] Make sure automatic key maintenance is started 
when "auto-dnssec maintain" is turned on during
			"rndc reconfig". [RT #26805]
 2012-02-06 21:33:08 +00:00
Automatic Updater
3a8369b4ea update copyright notice 2012-02-02 23:47:06 +00:00
Mark Andrews
a1f78f4ba2 portable code, ok'd bu Evan 2012-02-02 03:49:18 +00:00
Mark Andrews
9892bae7b7 forcing full sign with unreadable keys 2011-12-22 11:57:30 +00:00
Mark Andrews
281a31ad37 +/- 500ms was too small a fudge factor (-582ms seen in testing), raise to +/- 1000ms 2011-12-22 02:15:24 +00:00
Mark Andrews
91013b0e19 join line for old awk 2011-12-12 12:08:09 +00:00
Mark Andrews
6c1a778723 chech that the final time is within 10 seconds but no greater than the expected interval 2011-12-12 06:51:12 +00:00
Mark Andrews
374b677c50 make grep more precise 2011-11-27 12:04:27 +00:00
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Mark Andrews
1946c596b4 3174. [bug] Always compute to revoked key tag from scratch. 
[RT #24711]
 2011-10-20 21:20:02 +00:00
Mark Andrews
020c4484fe 3173. [port] Correctly validate root DS responses. [RT #25726] 2011-10-15 05:00:15 +00:00
Mark Andrews
f96ba7c746 remove check for oldid as named may have already deleted it 2011-07-26 04:42:20 +00:00
Mark Andrews
acf34e66a8 id was not being properly set 2011-07-26 04:28:35 +00:00
Evan Hunt
b47c020d5c 3133. [bug] Change #3114 was incomplete. [RT #24577] 2011-07-08 01:43:26 +00:00
Evan Hunt
79ce3a9e82 3128. [func] Inserting an NSEC3PARAM via dynamic update in an 
auto-dnssec zone that has not been signed yet
			will cause it to be signed with the specified NSEC3
			parameters when keys are activated.  The
			NSEC3PARAM record will not appear in the zone until
			it is signed, but the parameters will be stored.
			[RT #23684]
 2011-06-10 01:51:09 +00:00
Evan Hunt
5e3affc6a0 3127. [bug] 'rndc thaw' will now remove a zone's journal file 
if the zone serial number has been changed and
			ixfr-from-differences is not in use.  [RT #24687]
 2011-06-10 01:32:38 +00:00
Mark Andrews
ae0691566a date +%s is not portable, use perl -e 'print time();', Adjust messages 2011-05-30 22:32:06 +00:00
Mark Andrews
fe8572e116 The old active key could be deleted before the "former standby key has now 
signed fully" ran causing it to fail.  Delay the deletion by 10 seconds.
 2011-05-30 07:25:19 +00:00
Evan Hunt
0245f7725c 3118. [bug] When rolling to a new DNSSEC key, a private-type 
record could be created and never marked complete.
			[RT #23253]
 2011-05-26 04:25:47 +00:00
Mark Andrews
f1d4986b83 treat asb(x) < 500ms as 0 2011-05-02 23:56:59 +00:00
Mark Andrews
65043f48f2 force numeric comparision 2011-05-02 05:05:05 +00:00
Mark Andrews
07907fa31a handle end of day 2011-05-02 01:35:04 +00:00
Mark Andrews
bbf46f1aa2 fix expression 2011-05-01 21:36:33 +00:00
Mark Andrews
f83682f368 awk -v is not portable, add floating point arithmetic effects 2011-05-01 11:29:20 +00:00
Evan Hunt
39f2d1a96a 3102. [func] New 'dnssec-loadkeys-interval' option configures 
how often, in minutes, to check the key repository
			for updates when using automatic key maintenance.
			Default is every 60 minutes (formerly hard-coded
			to 12 hours). [RT #23744]

3101.	[bug]		Zones using automatic key maintenance could fail
			to check the key repository for updates. [RT #23744]
 2011-04-29 21:37:15 +00:00
Evan Hunt
319b8a1488 3092. [bug] Signatures for records at the zone apex could go 
stale due to an incorrect timer setting. [RT #23769]

3091.	[bug]		Fixed a bug in which zone keys that were published
			and then subsequently activated could fail to trigger
			automatic signing. [RT #22991]
 2011-03-25 23:53:02 +00:00
Evan Hunt
36b2d5f93c use "rndc sync" instead of freeze/thaw cycle to dump zones, now that it's 
available.
 2011-03-21 16:53:44 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Francis Dupont
624664e504 Fixed last autosign test report [RT #23256] 2011-03-02 09:03:45 +00:00
Mark Andrews
be789bc7eb 3045. [removed] Replaced by change #3050. 2011-03-02 04:52:25 +00:00
Mark Andrews
ba88bcf08b 3050. [bug] The autosign system test was timing dependent. 
Wait for the initial autosigning to complete
                        before running the rest of the test. [RT #23035]
 2011-03-02 04:08:58 +00:00
Automatic Updater
c8175ece69 update copyright notice 2011-03-01 23:48:07 +00:00
Francis Dupont
17bc56e321 ove the testsock.pl sleep to autosign test suite [RT #23400] 2011-02-28 14:08:36 +00:00
Evan Hunt
bbedadf76a 2985. [bug] Add a regression test for change #2896. [RT #21324] 2010-12-15 18:44:37 +00:00
Mark Andrews
c6f4972c74 2943. [func] Add support to load new keys into managed zones 
without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]
 2010-08-16 22:21:07 +00:00
Mark Andrews
e24ccb512c 2914. [bug] Make the "autosign" system test more portable. 
[RT #20997]
 2010-06-07 04:45:43 +00:00
Mark Andrews
5ae2eac4c1 2902. [func] Add regression test for change 2897. [RT #21040] 2010-05-19 07:45:38 +00:00