Commit Graph

6417 Commits

Author SHA1 Message Date
Aram Sargsyan
5b6e4465be Add CHANGES and release notes for [GL #3459]
(cherry picked from commit 0b0cf12741)
2022-09-08 09:41:15 +02:00
Aram Sargsyan
6f46bfe705 Document RRL processing for wildcard names
All valid wildcard domain names are interpreted as the zone's origin
name concatenated to the "*" name.

(cherry picked from commit 89c2032421)
2022-09-08 09:41:15 +02:00
Matthijs Mekking
77105a2f60 Add change and release note for #3381
Because folks want to know.

(cherry picked from commit 2b95c11905a1a5faff9efa97a4f2498aadfa467b)
2022-09-06 10:27:34 +02:00
Ondřej Surý
561ef63e14 Add CHANGES and release note for [GL #3485]
(cherry picked from commit 0fe7acb4e6)
2022-09-05 10:22:25 +02:00
Michal Nowak
87dc26e494 Add FreeBSD 13.1
(cherry picked from commit bc425be55e1736d4f2ffada5e8d76f96b08c8351)
2022-08-18 17:34:08 +02:00
Michal Nowak
16458122a8 Merge tag 'v9_16_32' into v9_16
BIND 9.16.32
2022-08-18 11:55:55 +02:00
Michal Nowak
591d58be6e Add OpenBSD 7.1
(cherry picked from commit 7edf8ab47cfd0cc3a633e941b2880ee11d75d6cd)
2022-08-16 17:17:34 +02:00
Matthijs Mekking
294431b8f8 Add release note and change entry for #2982
News worthy.

(cherry picked from commit 2bd4486766)
2022-08-09 09:38:23 +02:00
Michał Kępień
571a5b7cca Set up release notes for BIND 9.16.33 2022-08-05 06:58:17 +02:00
Michał Kępień
c2ca99b710 Tweak and reword release notes 2022-08-04 23:59:36 +02:00
Michał Kępień
814d9f7bc8 Prepare release notes for BIND 9.16.32 2022-08-04 23:59:36 +02:00
Aram Sargsyan
23bf8afbcb Add CHANGES and release notes for [GL #3461]
(cherry picked from commit 0d64f55f5d)
2022-08-01 14:01:37 +00:00
Matthijs Mekking
3c2f517415 Add change entry and release note for #3462
News worthy.

(cherry picked from commit 44bbc0175c)
2022-07-26 10:02:26 +02:00
Mark Andrews
8be8257914 Add release note for [GL #3469]
(cherry picked from commit 16b133af40)
2022-07-25 11:37:49 -04:00
Evan Hunt
a20584dcf8 CHANGES and release note for [GL #2918] 2022-07-22 15:24:34 -07:00
Evan Hunt
1ed5eb38e4 clarify "max-zone-ttl" documentation
The "max-zone-ttl" option should now be configured as part of
dnssec-policy. Use of this option in zone/view/options will be ignored
in any zone that also has dnssec-policy configured.
2022-07-22 15:24:29 -07:00
Petr Špaček
a94c063c19 Avoid opt-out flag in dnssec-signzone examples
Since !6413 we discourage opt-out, so we should not be advertising it in
the examples. Even worse, it was just thrown into the command line
without even mentioning its meaning in the surrounding text.

Related: !6413
(cherry picked from commit beae857288)
2022-07-21 15:19:38 +02:00
Petr Špaček
445863c9fd Remove errorneous shell output redirection from dnssec-signzone example
The > looked like shell output redirection. It was present since we
imported DNSSEC Guide into the ARM.

(cherry picked from commit 1ab564d605)
2022-07-21 15:19:38 +02:00
Michal Nowak
a0e7b05aba Merge tag 'v9_16_31' into v9_16
BIND 9.16.31
2022-07-21 14:37:36 +02:00
Michał Kępień
31012c1c0d Update documentation for named's -M option
Add "internal" to the list of legal values for the -M command-line
option (commit 1f7d2d53f0 added that
flag).

Make the style of the relevant paragraph more in line with the next one
and split its contents up into an unordered list of options for improved
readability.

(cherry picked from commit f0c31ceb3b)
2022-07-15 10:45:34 +02:00
Michal Nowak
0043999f54 Add Alpine Linux 3.16
(cherry picked from commit 0d0ab3db10)
2022-07-12 13:59:30 +02:00
Matthijs Mekking
60c297d717 Add release note and change entry for #3438
Bug worth mentioning.

(cherry picked from commit 689215a675)
2022-07-12 12:48:57 +02:00
Michał Kępień
c660730ea3 Set up release notes for BIND 9.16.32 2022-07-11 08:52:51 +02:00
Michał Kępień
5cbf8d3c18 Tweak and reword release notes 2022-07-11 06:32:55 +02:00
Michał Kępień
59da803e86 Prepare release notes for BIND 9.16.31 2022-07-11 06:32:55 +02:00
Petr Špaček
4caaff0afa Deduplicate Manual Signing between DNSSEC chapter and DNSSEC Guide
The two procedures were essentially the same, but each instance was
missing some details from the other. They are now combined into one text
in the DNSSEC Guide and linked from DNSSEC chapter.

(cherry picked from commit 7d25027898)
2022-07-07 12:04:39 +02:00
Suzanne Goldlust
71f3d521cb Minor grammar improvements in the Signing chapter of the DNSSEC Guide
(cherry picked from commit 6b1ad4dcfb)
2022-07-07 11:48:33 +02:00
Petr Špaček
dd46af7f59 Deduplicate key filename description in the DNSSEC Guide
Third time ...

(cherry picked from commit 7e96801841)
2022-07-07 11:40:45 +02:00
Petr Špaček
6c1b34e9b5 Use ECDSAP256SHA256 in DNSSEC signing examples
(cherry picked from commit 3eb6898a14)
2022-07-07 11:39:32 +02:00
Matthijs Mekking
0a13a85dff Add a section about key rollover
Describe how to do key rollovers with dnssec-policy. Update the
revert to unsigned recipe in the DNSSEC guide.

(cherry picked from commit f721986589)
2022-07-07 11:37:25 +02:00
Petr Špaček
75854c5e6b Rewrite DNSSEC Validation subchapter in the ARM
Mostly deduplicating and linking information across the ARM.
Generally people should not touch it unless they what they are doing, so
let's try to discourage them a bit.

(cherry picked from commit bffa3063f0)
2022-07-07 11:07:32 +02:00
Petr Špaček
c9e52437ca Resynchronize DNSSEC chapter with the main branch
This is essentially a backport of !6296.

Replace DNSSEC chapter with version from the main branch, commit
901b6425d2.

There were structural changes to the ARM in the main branch, and
replacing the whole file with a new version is an order of magniture
easier than attempting to cherry-pick individual changes which should, in
the end, produce the same file under a different name.

File names in the main branch and v9_16 are now in sync (for the DNSSEC
chapter).

Fixes: #3320
2022-07-07 10:34:06 +02:00
Evan Hunt
4897f3ccc0 Improve $GENERATE documentation
Clarify the documentation of $GENERATE modifiers and add an example.

(cherry picked from commit 13fb2faf7a)
2022-07-06 11:35:16 +10:00
Aram Sargsyan
d31223d477 Add CHANGES and release note for [GL #3398] 2022-07-01 08:42:28 +00:00
Petr Špaček
561f2a3930 Declare Debian 9 (Stretch) community-maintained
(cherry picked from commit 4ce1f25210)
2022-06-28 17:59:21 +02:00
Matthijs Mekking
68105e66cf Add some clarifications wrt dynamic zones
These were suggested by GitLab user @elmaimbo.

(cherry picked from commit fb517eb52a)
2022-06-27 11:56:59 +02:00
Michal Nowak
009c7871ec Add Ubuntu 22.04 LTS (Jammy Jellyfish)
(cherry picked from commit 4c2af3bdfa)
2022-06-22 12:04:13 +02:00
Matthijs Mekking
e1f0acc3e7 Document where updates and DNSSEC records are stored
Make clear that inline-signing stores DNSSEC records in a signed
version of the zone, using the zone's filename plus ".signed" extension.

Tell that dynamic zones store updates in the zone's filename.

DNSSEC records for dynamic zones also go in the zone's filename, unless
inline-signing is enabled.

Then, dnssec-policy assumes inline-signing, but only if the zone is
not dynamic.

(cherry picked from commit 8860f6b4ff)
2022-06-20 16:50:42 +02:00
Petr Špaček
3eae58207a Update NSEC3 guidance to match draft-ietf-dnsop-nsec3-guidance-10
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10
is on it's way to become RFC, so let's update our recommendations in the
docs to be in line with it.

The default values for dnssec-policy and dnssec-signzone were adapted to
match v9_16 branch.

(cherry picked from commit 2ee3f4e6c8)
2022-06-15 18:10:50 +02:00
Michał Kępień
68fadd52c1 Merge tag 'v9_16_30' into v9_16
BIND 9.16.30
2022-06-15 16:02:06 +02:00
Petr Špaček
b14b29b969 Update FAQ in the DNSSEC Guide
Mention DoT/DoH, update stats, remove mentions of early stages of
deployment.

(cherry picked from commit fd3a2c7854)
2022-06-14 18:18:54 +02:00
Petr Špaček
308c7f7c5c Update Authoritative Server Hardware requirements in DNSSEC Guide
Based on measurements done on BIND v9_19_2 using bank. TLD and a
synthetitc fullly signed zone, using RSASHA256 and ECDSAP256SHA256
algorithms with NSEC and NSEC3 without opt-out.

(cherry picked from commit 635885afe6)
2022-06-14 18:18:36 +02:00
Petr Špaček
0efc93ce1a Update DNSSEC validation deployment stats in DNSSEC Guide
(cherry picked from commit 832c172985)
2022-06-14 18:18:36 +02:00
Petr Špaček
b64c8459f7 Rewrite Recursive Server Hardware requirements in DNSSEC Guide
This section was completely out of date. Current measurements on dataset
Telco EU 2022-02 and BIND 9.19.1 indicate absolutely different results
than described in the old version of the text.

(cherry picked from commit 6cf8066b9c)
2022-06-14 18:18:36 +02:00
Petr Špaček
4319b776f8 Remove outdated software requirements from DNSSEC Guide
Guide in this repo is tied to latest version anyway, so let's not even
mention ancient versions of BIND.

This also solves the OpenSSL question because it is now mandatory for
build, which subsequently removes the entropy problem - so let's not
mention it either.

(cherry picked from commit 6e79877759)
2022-06-14 18:18:35 +02:00
Ondřej Surý
5cd2acb374 Add CHANGES and release note for [GL #3400]
(cherry picked from commit 646df5cbbc)
2022-06-14 11:55:03 +02:00
Petr Špaček
f01f316268 Clarify dnssec-keyfromlabel -a in man page
(cherry picked from commit 5f53003dae)
2022-06-10 08:02:33 +02:00
Tom Krizek
b3c7bd1c04 Auto-format Python files with black
This patch is strictly the result of:
$ black $(git ls-files '*.py' '*.py.in')

There have been no manual changes.
2022-06-08 13:34:19 +02:00
Tom Krizek
cf92d05908 Enforce Python codestyle with black
Black is an opinionated tool for auto-formatting Python code so we no
longer have to worry about the codestyle.

For the codestyle decisions and discussion, refer to the upstream
documentation [1].

[1] https://black.readthedocs.io/en/stable/the_black_code_style/current_style.html
2022-06-08 13:29:01 +02:00
Tom Krizek
8668c8c061 Remove trailing whitespace
My editor doesn't like that!

(cherry picked from commit 5d64d05be9)
2022-06-08 13:24:30 +02:00