ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
18,793 Commits 589 Branches 805 Tags
480adc66edc4ec28d5250737a74b355518ef4738
Commit Graph

56 Commits

Author SHA1 Message Date
Mark Andrews
4304925ee2 grep was not precise enough leading to test failure 2011-05-03 16:09:23 +00:00
Automatic Updater
1da9dbcf48 update copyright notice 2011-01-04 23:47:14 +00:00
Evan Hunt
79bf7c874b 3001. [func] Added a default trust anchor for the root zone, which 
can be switched on by setting "dnssec-validation auto;"
			in the named.conf options. [RT #21727]
 2011-01-03 23:45:08 +00:00
Automatic Updater
33cc94f04c update copyright notice 2010-11-17 23:47:09 +00:00
Mark Andrews
a27b3757fd 2968. [security] Named could fail to prove a data set was insecure 
before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
                        DNSKEY algorithms.  [RT #22309]
 2010-11-16 01:14:51 +00:00
Automatic Updater
cf309ffeee update copyright notice 2010-06-25 23:46:51 +00:00
Mark Andrews
f35a87f58f remove leading zeros on keyid 
account for trusted keys not applying to _bind anymore
 2010-06-25 07:28:46 +00:00
Mark Andrews
bf13e709db 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:24:05 +00:00
Mark Andrews
c6d2578fd6 2741. [func] Allow the dnssec-keygen progress messages to be 
suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]
 2009-10-28 00:27:10 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
70e5a7403f update copyright notice 2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
d6b5e0b0e8 update copyright notice 2006-03-10 00:23:21 +00:00
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00
Mark Andrews
35da39a7f1 update copyright notice 2006-01-04 00:37:24 +00:00
Mark Andrews
2a90390dee 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended. 
To generate a RSAMD5 key you must explictly request
                        RSAMD5. [RT #13780]
 2006-01-03 06:06:04 +00:00
Mark Andrews
50105afc55 1589. [func] DNSSEC lookaside validation. 
enable-dnssec -> dnssec-enable
 2004-03-10 02:19:58 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
821644d49b 1574. [bug] Don't attempt to open the controls socket(s) when 
running tests. [RT #9091]
 2004-03-02 02:01:41 +00:00
Mark Andrews
89783da064 1581. [func] Disable DNSSEC support by default. To enable 
DNSSEC specify "enable-dnssec yes;" in named.conf.
 2004-02-17 03:40:23 +00:00
Mark Andrews
35541328a8 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.
 2004-01-14 02:06:51 +00:00
Mark Andrews
b7e6fb4e84 whitespace 2003-10-26 21:33:47 +00:00
Mark Andrews
93d6dfaf66 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. 2003-09-30 06:00:40 +00:00
Mark Andrews
0b09763c35 1328. [func] DS (delegation signer) support. 2002-06-17 04:01:37 +00:00
Brian Wellington
206bced36f order the parameters to dnssec-keygen consistently. 2001-09-17 17:42:04 +00:00
Brian Wellington
499b34cea0 copyright update 2001-01-09 22:01:04 +00:00
Andreas Gustafsson
f333ea9bdd added notify-source options 2000-11-28 19:07:00 +00:00
Brian Wellington
2c46670fb4 ignore stdout from the dnssec tools 2000-11-22 20:37:50 +00:00
Andreas Gustafsson
4f37905cc3 added 'transfer-source' directives to all system test named.conf 
files, so that tests succeed while transfer-source is still being (ab)used as
the notify source address
 2000-11-22 01:34:19 +00:00
Andreas Gustafsson
5a77e9620a make spacing in listen-on-v6 option consistent with other options 2000-11-21 23:50:10 +00:00
Andreas Gustafsson
321a6df4ff removed redundant "directory ." option 2000-09-01 19:36:05 +00:00
David Lawrence
40f53fa8d9 Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your 
own CVS tree will help minimize CVS conflicts.  Maybe not.
Blame Graff for getting me to trim all trailing whitespace.
 2000-08-01 01:33:37 +00:00
Brian Wellington
529a6b5224 358. [cleanup] Rename the intermediate files used by the dnssec 
programs.
 2000-07-31 15:28:21 +00:00
David Lawrence
15a4474541 word wrap copyright notice at column 70 2000-07-27 09:55:03 +00:00
David Lawrence
9c3531d72a add RCS id string 2000-06-22 22:00:42 +00:00
David Lawrence
d0be1e954b update_copyrights 2000-06-22 01:01:45 +00:00
Michael Sawyer
5a5c480994 .cvsignore files 2000-06-21 01:31:54 +00:00
Brian Wellington
126c8d0c08 Add listen-on-v6 {none;}; , since without it, v6 was binding v4 mapped 
sockets and causing failures on some platforms
 2000-06-13 22:45:20 +00:00
Michael Sawyer
ee6fe1d197 Remove port option from query-sources 2000-06-13 21:49:56 +00:00
Michael Sawyer
5cca51c7c1 Use PERL env variable for execution of perl. 2000-06-13 19:41:59 +00:00
Michael Sawyer
5458e9245c Add query-source everywhere 
Fix out output
 2000-06-13 00:54:53 +00:00
Michael Sawyer
e6e0dadd30 Match output format to what scripts expect 2000-06-12 20:32:47 +00:00
Brian Wellington
5006de6531 - Added query-source to each server. 
- Added an insecure child of a secure parent (insecure.secure.example)
- Added a privately secure child of a secure parent (private.secure.example)
 2000-06-10 01:45:32 +00:00
Andreas Gustafsson
ca793cbfcf run test DNS on port 5300 2000-06-06 23:41:55 +00:00
Andreas Gustafsson
813d6c9781 make conf.sh usable from subdirectory test scripts; 
use conf.sh from subdirectory test scripts
 2000-06-05 19:36:44 +00:00