ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,355 Commits 589 Branches 805 Tags
3fe33590315cd5ab2af1f1b49e5ac36c9c195991
Commit Graph

151 Commits

Author SHA1 Message Date
Mark Andrews
590a4026f0 simplify 
(cherry picked from commit 26f652d387)
 2016-05-18 10:40:55 +10:00
Mark Andrews
fae464f93f silence compiler warning 
(cherry picked from commit 75167fb746)
 2016-05-17 17:50:38 +10:00
Tinderbox User
c88775524d update copyright notice / whitespace 2016-05-05 23:47:00 +00:00
Mark Andrews
091afd6fdc 4360. [bug] Silence spurious 'bad key type' message when there is 
a existing TSIG key. [RT #42195]

(cherry picked from commit 5ac427050f)
(cherry picked from commit 525dc475ee)
 2016-05-05 22:44:58 +10:00
Mukund Sivaraman
99d84ecd2a Fix -Wshadow warnings (#38762) 
These happen due to ntohs()/htons() macro expansion in glibc.

(cherry picked from commit f5a62d97e3)
(cherry picked from commit c203b9040a)
 2015-03-09 09:41:13 +05:30
Tinderbox User
2477b2ba0f update copyright notice / whitespace 2015-03-03 23:46:07 +00:00
Mark Andrews
1c33552240 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 
(cherry picked from commit 29d52c001f)
(cherry picked from commit a55c3151b2)
 2015-03-03 16:52:02 +11:00
Mukund Sivaraman
e8be9e900c [35063] Don't publish an activated key automatically before its publish time 
(cherry picked from commit 79d27f505a)
(cherry picked from commit 2a7ecad81b)
 2014-06-04 15:26:00 +05:30
Mark Andrews
b9d7857d16 3836. [bug] Address C++ keyword usage in header file. 
(cherry picked from commit dd820d8fd2)
 2014-05-02 11:36:12 +10:00
Tinderbox User
864ca7ce33 update copyright notice 2014-01-09 23:45:53 +00:00
Evan Hunt
8c7ce6d3e6 [v9_9] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]

(cherry picked from commit ebe54c7d2221c6a0a4b3d96bcae3280c823a45e6)
 2014-01-08 16:38:56 -08:00
Evan Hunt
2c73b0a857 [v9_9] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]

(cherry picked from commit 0bbe3273a2)
 2013-12-11 13:25:44 -08:00
Mark Andrews
2e4548087a 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-11-13 12:54:37 +11:00
Tinderbox User
d1fb83012b update copyright notice 2013-08-15 23:45:44 +00:00
Mark Andrews
cbc2132d2a 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]

(cherry picked from commit 7ace327795)
 2013-08-15 11:20:18 +10:00
Evan Hunt
da54871ef3 [v9_9] remove unnecessary memcpy 2012-12-20 10:34:08 -08:00
Evan Hunt
152c393671 [v9_9] silence noisy OpenSSL logging 
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
(cherry picked from commit 0e37e9e3d7)
 2012-10-24 13:00:06 -07:00
Mark Andrews
a9ed19a031 3394. [bug] Adjust 'sucessfully validated after lower casing 
signer' log level and category. [RT #31414]
 2012-10-16 11:56:28 +11:00
Mark Andrews
046bfacea1 3367. [bug] dns_dnsseckey_create() result was not being checked. 
[RT #30685]
 2012-08-21 12:04:35 +10:00
Mark Andrews
acebc2457c 3339. [func] Allow the maximum supported rsa exponent size to be 
specified: "max-rsa-exponent-size <value>;" [RT #29228]
 2012-06-20 21:34:24 +10:00
Tinderbox User
a2093c07a5 update copyright notice 2012-05-17 23:45:48 +00:00
Evan Hunt
e39b4d8054 Handle RRSIG signer case consistently 
3329.	[bug]	Handle RRSIG signer-name case consistently: We
		generate RRSIG records with the signer-name in
		lower case.  We accept them with any case, but if
		they fail to validate, we try again in lower case.
		[RT #27451]
 2012-05-17 10:59:07 -07:00
Mark Andrews
b2cc45dd7f 3302. [bug] dns_dnssec_findmatchingkeys could fail to find 
keys if the zone name contained character that
                        required special mappings. [RT #28600]
 2012-03-30 12:07:13 +11:00
Tinderbox User
5abefae88a update copyright notice 2012-03-10 23:45:42 +00:00
Evan Hunt
c9481a4625 set $Id$ 2012-03-07 08:18:58 -08:00
Mark Andrews
04281728d4 3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent 
timestamp. [RT #26883]
 2011-12-07 22:36:25 +00:00
Mark Andrews
069182809a remove unnecessary assignment to found_ttl 2011-08-26 05:29:48 +00:00
Evan Hunt
485522d7e1 3108. [cleanup] dnssec-signzone: Clarified some error and 
warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
			code (use -P instead). [RT #20852]

3107.	[bug]		dnssec-signzone: Report the correct number of ZSKs
			when using -x. [RT #20852]
 2011-05-06 21:08:33 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Mark Andrews
0e095727ff 3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant 
timestamp when determining which keys are active.
                        [RT #23642]
 2011-03-17 01:17:21 +00:00
Automatic Updater
c1aef54e14 update copyright notice 2011-03-12 04:59:49 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Automatic Updater
5bdf8cd3c2 update copyright notice 2010-01-13 23:48:59 +00:00
Francis Dupont
f77148e029 a KSK revoked by named could not be deleted. [RT #20881] 2010-01-13 08:35:24 +00:00
Automatic Updater
928e12ccdc update copyright notice 2009-12-18 23:49:03 +00:00
Evan Hunt
4e55893d30 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:16:49 +00:00
Automatic Updater
b314ea10b4 update copyright notice 2009-11-24 23:48:12 +00:00
Evan Hunt
d312bc5d81 2785. [bug] Revoked keys could fail to self-sign [RT #20652] 2009-11-24 03:42:32 +00:00
Automatic Updater
94e3a63110 update copyright notice 2009-11-23 23:48:16 +00:00
Evan Hunt
5985af3f5c 2781. [bug] Inactive keys could be used for signing. [RT #20649] 2009-11-23 15:18:07 +00:00
Evan Hunt
cef109efa7 2780. [bug] dnssec-keygen -A none didn't properly unset the 
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
 2009-11-23 02:55:41 +00:00
Evan Hunt
7ee4b13ded 2771. [bug] dnssec-signzone: DNSKEY records could be 
corrupted when importing from key files [RT #20624]
 2009-11-17 05:46:53 +00:00
Evan Hunt
e856482b1f 2767. [bug] named could crash on startup if a zone was 
configured with auto-dnssec and there was no
			key-directory. [RT #20615]
 2009-11-16 01:44:33 +00:00
Evan Hunt
e8831e51c1 2735. [bug] dnssec-signzone could fail to read keys 
that were specified on the command line with
			full paths, but weren't in the current
			directory. [RT #20421]
 2009-10-27 03:59:45 +00:00
Evan Hunt
c021499604 2731. [func] Additional work on change 2709. The key parser 
will now ignore unrecognized fields when the
			minor version number of the private key format
			has been increased.  It will reject any key with
			the major version number increased. [RT #20310]
 2009-10-26 21:18:24 +00:00
Automatic Updater
8ab6a775bb update copyright notice 2009-10-16 23:47:54 +00:00
Evan Hunt
8f7de3db7e Respinning to fix memory leak in dnssec-signzone. (Also adopting doc changes.) 2009-10-16 02:59:41 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Evan Hunt
b843f577bb 2677. [func] Changes to key metadata behavior: 
- Keys without "publish" or "active" dates set will
			  no longer be used for smart signing.  However,
			  those dates will be set to "now" by default when
			  a key is created; to generate a key but not use
			  it yet, use dnssec-keygen -G.
			- New "inactive" date (dnssec-keygen/settime -I)
			  sets the time when a key is no longer used for
			  signing but is still published.
			- The "unpublished" date (-U) is deprecated in
			  favor of "deleted" (-D).
			[rt20247]
 2009-09-14 18:45:45 +00:00