ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,079 Commits 589 Branches 805 Tags
66317da170ed35b08f5847db2d48b225826327cb
Commit Graph

73 Commits

Author SHA1 Message Date
Evan Hunt
672c06580e [v9_11] correct -M in synopsis 
(cherry picked from commit a477a025d5)
 2017-04-11 12:24:36 -07:00
Mark Andrews
83a28ca274 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831] 
(cherry picked from commit 1b8ce3b330)
 2016-12-07 10:50:50 +11:00
Mark Andrews
704e6c8876 copyright 
(cherry picked from commit 813e9f7ee2)
 2016-07-21 17:02:22 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
30eec077db cleanup trailing white space in SGML like files 2015-10-22 16:09:46 +11:00
Tinderbox User
19c7b1a029 update copyright notice / whitespace 2015-10-06 23:45:23 +00:00
Tinderbox User
2eeb74d1cf regen master 2015-10-06 05:45:21 +00:00
Evan Hunt
14a656f94b [master] upgrade doc toolchain 
4237.	[doc]		Upgraded documentation toolchain to use DocBook 5
			and dblatex. [RT #40766]
 2015-10-05 21:59:35 -07:00
Jeremy C. Reed
f3150c99d7 add missing -Q from synopsis 2014-08-22 08:22:17 -05:00
Mukund Sivaraman
4278293107 [10686] Add version printing option to various BIND utilites 
Squashed commit of the following:

commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
Author: Evan Hunt <each@isc.org>
Date:   Tue Jun 10 16:52:45 2014 -0700

    [rt10686] move version() to dnssectool.c

commit df205b541d1572ea5306a5f671af8b54b9c5c770
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:31 2014 +0530

    Rearrange order of cases

commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:08 2014 +0530

    Add version printer to dnssec-verify

commit a625ea338c74ab5e21634033ef87f170ba37fdbe
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:32:19 2014 +0530

    Add version printer to dnssec-signzone

commit d91e1c0f0697b3304ffa46fccc66af65591040d9
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:26:01 2014 +0530

    Add version printer to dnssec-settime

commit 46fc8775da3e13725c31d13e090b406d69b8694f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:25:48 2014 +0530

    Fix docbook

commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:20:17 2014 +0530

    Add version printer to dnssec-revoke

commit d0916420317d3e8c69cf1b37d2209ea2d072b913
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:17:54 2014 +0530

    Add version printer to dnssec-keygen

commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:14:11 2014 +0530

    Add version printer to dnssec-keyfromlabel

commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:13:39 2014 +0530

    Update usage help output, docbook

commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:07:18 2014 +0530

    Add version printer to dnssec-importkey

commit 9274fc61e38205aad561edf445940b4e73d788dc
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:01:53 2014 +0530

    Add version printer to dnssec-dsfromkey

commit bf4605ea2d7282e751fd73489627cc8a99f45a90
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 20:49:22 2014 +0530

    Add -V to nsupdate usage output
 2014-06-16 12:10:38 +05:30
Evan Hunt
b4ba66ba1e [master] "dnssec-signzone -N date" 
3827.	[func]		"dnssec-signzone -N date" updates serial number
			to the current date in YYYYMMDDNN format.
			[RT #35800]
 2014-04-29 16:29:20 -07:00
Evan Hunt
1753d3c4d7 [master] correct dates in man pages 2014-02-27 11:43:10 -08:00
Evan Hunt
35f6a21f5f [master] max-zone-ttl 
3746.	[func]		New "max-zone-ttl" option enforces maximum
			TTLs for zones. If loading a zone containing a
			higher TTL, the load fails. DDNS updates with
			higher TTLs are accepted but the TTL is truncated.
			(Note: Currently supported for master zones only;
			inline-signing slaves will be added.) [RT #38405]
 2014-02-18 23:26:50 -08:00
Tinderbox User
6ea2385360 regen master 2014-01-16 01:05:38 +00:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Evan Hunt
0bbe3273a2 [master] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]
 2013-12-11 13:25:21 -08:00
Mark Andrews
cbadc440b9 typos 2013-10-13 11:12:43 +11:00
Tinderbox User
43b9448395 regen master 2013-01-25 01:04:51 +00:00
Evan Hunt
c9611b4573 [master] change "fast" to "map" 
3475.	[cleanup]	Changed name of 'map' zone file format (previously
			'fast'). [RT #32458]
 2013-01-24 14:20:48 -08:00
Tinderbox User
3b398443f0 update copyright notice 2012-06-21 23:46:36 +00:00
Evan Hunt
6844e3f010 Add documentation for 'fast' format 2012-06-21 15:39:56 -07:00
Evan Hunt
f30785f506 3252. [bug] When master zones using inline-signing were 
updated while the server was offline, the source
			zone could fall out of sync with the signed
			copy. They can now resynchronize. [RT #26676]
 2011-12-22 07:32:41 +00:00
Evan Hunt
b4d8192d21 3241. [func] Extended the header of raw-format master files to 
include the serial number of the zone from which
			they were generated, if different (as in the case
			of inline-signing zones).  This is to be used in
			inline-signing zones, to track changes between the
			unsigned and signed versions of the zone, which may
			have different serial numbers.

			(Note: raw zonefiles generated by this version of
			BIND are no longer compatble with prior versions.
			To generate a backward-compatible raw zonefile
			using dnssec-signzone or named-compilezone, specify
			output format "raw=0" instead of simply "raw".)
			[RT #26587]
 2011-12-08 16:07:22 +00:00
Evan Hunt
d9eebc0849 3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full" 
option prints in single-line-per-record format.
			[RT #20287]
 2011-11-07 23:16:31 +00:00
Evan Hunt
35f1a4fc93 3085. [func] New '-R' option in dnssec-signzone forces removal 
of signatures which have not yet expired but
			were generated by a key that no longer exists.
			[RT #22471]
 2011-03-21 07:26:47 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Automatic Updater
0e27506ce3 update copyright notice 2011-03-05 23:52:31 +00:00
Mark Andrews
eff7f78bc6 3061. [func] New option "dnssec-signzone -D", only write out 
generated DNSSEC records. [RT #22896]
 2011-03-05 06:35:41 +00:00
Evan Hunt
61271cdee6 3060. [func] New option "dnssec-signzone -X <date>" allows 
specification of a separate expiration date
			for DNSKEY RRSIGs and other RRSIGs. [RT #22141]
 2011-03-04 22:20:21 +00:00
Evan Hunt
8e4f3f1cbc 2799. [cleanup] Changed the "secure-to-insecure" option to 
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
			to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
 2009-12-03 23:18:17 +00:00
Evan Hunt
f80b665135 fix typo: s/pcks11/pkcs11/ 2009-11-03 21:44:46 +00:00
Evan Hunt
c00929ed9f additional doc improvement 2009-10-12 23:02:32 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Evan Hunt
a93a66f618 2794. [bug] Reduce default NSEC3 iterations from 100 to 10. 
[RT #19970]
 2009-09-29 22:17:34 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
eab9975bcf 2668. [func] Several improvements to dnssec-* tools, including: 
- dnssec-keygen and dnssec-settime can now set key
			  metadata fields 0 (to unset a value, use "none")
			- dnssec-revoke sets the revocation date in
			  addition to the revoke bit
			- dnssec-settime can now print individual metadata
			  fields instead of always printing all of them,
			  and can print them in unix epoch time format for
			  use by scripts
			[RT #19942]
 2009-09-02 06:29:01 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Jeremy Reed
6a550cb83c Please bump date on manpage. So we know we aren't using 2000 docs. 
For -P: clean up sentence and clarify that the option skips the tests.

(This is for RT19653. No CHANGES entry added for this minor fix.)
 2009-06-05 21:59:43 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Jeremy Reed
e164806329 Change the SEE ALSO from obsolete 2535 to 4033. 2008-10-14 14:28:25 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Automatic Updater
6e2871232f update copyright notice 2008-09-24 03:16:58 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
561a29af8c minor man page updated from Jeremy [RT #16859] 2007-05-09 01:32:09 +00:00
Mark Andrews
c1a883f2e0 update copyright notice 2007-01-29 23:57:22 +00:00
Rob Austein
5cd4555ad4 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635] 2007-01-29 22:16:02 +00:00