Commit Graph

66 Commits

Author SHA1 Message Date
Michał Kępień
8b0f7f1b8d Apply raw zone deltas to yet unsigned secure zones
When inline signing is enabled for a zone without creating signing keys
for it, changes subsequently applied to the raw zone will not be
reflected in the secure zone due to the dns_update_signaturesinc() call
inside receive_secure_serial() failing.  Given that an inline zone will
be served (without any signatures) even with no associated signing keys
being present, keep applying raw zone deltas to the secure zone until
keys become available in an attempt to follow the principle of least
astonishment.

(cherry picked from commit 6acf326969)
(cherry picked from commit 8a58a60772)
(cherry picked from commit fcbdeed802)
2018-04-25 12:24:36 -07:00
Ondřej Surý
9f830be501 update file headers to remove copyright years 2018-03-15 09:09:15 +01:00
Evan Hunt
7677cb277a final cleanup
- add CHANGES note
- update copyrights and license headers
2018-02-25 13:13:26 -08:00
Evan Hunt
f8fe59f279 parallelize most system tests
(cherry picked from commit c032c54dda)
(cherry picked from commit 2b81f322cb)
(cherry picked from commit 167fa161d1)
(cherry picked from commit 1f297d33a0)
2018-02-25 11:17:55 -08:00
Mark Andrews
4a51a6fd40 4840. [test] Add tests to cover fallback to using ZSK on inactive
KSK. [RT #46787]

(cherry picked from commit 32d09cd7e0)
(cherry picked from commit 0d6328ce5f)
(cherry picked from commit 51f13bcd2f)
2017-12-06 20:50:56 +11:00
Evan Hunt
36794f5653 [v9_9] fix test descriptions 2017-12-04 15:48:09 -08:00
Tinderbox User
bd9577293b update copyright notice / whitespace 2017-12-03 23:47:49 +00:00
Mark Andrews
5ed673c0d2 4837. [bug] dns_update_signatures{inc} (add_sigs) was not
properly determining if there were active KSK and
                        ZSK keys for a algorithm when update-check-ksk is
                        true (default) leaving records unsigned. [RT #46743]

(cherry picked from commit 196e01da5f)
(cherry picked from commit bf459d24a1)
(cherry picked from commit 5623f65cc4)
2017-12-04 10:09:45 +11:00
Tinderbox User
de1ba63361 update copyright notice / whitespace 2017-09-18 23:58:51 +00:00
Michał Kępień
c0ef11fb2e [v9_9] Prevent possible infinite signing loop after retransferring an inline-signed slave using NSEC3
4727.	[bug]		Retransferring an inline-signed slave using NSEC3
			around the time its NSEC3 salt was changed could result
			in an infinite signing loop. [RT #45080]

(cherry picked from commit 4ceebc8874)
2017-09-18 09:30:56 +02:00
Tinderbox User
077f3c4e27 update copyright notice / whitespace 2017-09-14 00:03:54 +00:00
Mark Andrews
646280bc74 give more time for the initial signing of bits in the inline signing test to complete
(cherry picked from commit e930487ce7)
2017-09-13 12:19:56 +10:00
Tinderbox User
08d747e2d5 update copyright notice / whitespace 2016-06-14 23:46:13 +00:00
Mark Andrews
b283aa31fc do not overflow exit status. [RT #42643]
(cherry picked from commit 3635d8f910)
2016-06-14 14:51:25 +10:00
Tinderbox User
124e64db5e update copyright notice / whitespace 2015-03-04 23:46:08 +00:00
Mark Andrews
263413c7a7 4082. [bug] Incrementally sign large inline zone deltas.
[RT #37927]

(cherry picked from commit 1b05d22789)
2015-03-05 10:08:11 +11:00
Tinderbox User
141adfd898 update copyright notice 2014-09-29 23:46:13 +00:00
Mark Andrews
332652409f 3958. [bug] Detect when writeable files have multiple references
in named.conf. [RT #37172]

(cherry picked from commit 386d6c08167bc048dfd20e3bba051a5f9d3cc545)
2014-09-29 11:32:52 +10:00
Mark Andrews
a4e8344569 make test for nsec3param more robust
(cherry picked from commit 62275d5306)
2014-06-27 15:51:36 +10:00
Evan Hunt
5409faef5e [v9_9] use posix-compatible shell in system tests
3839.	[test]		Use only posix-compatible shell in system tests.
			[RT #35625]

(cherry picked from commit 60988462e5)
(cherry picked from commit 812cf443bb)
2014-05-06 22:18:08 -07:00
Evan Hunt
8b5a1caae7 [v9_9] use test -r in system tests
3806.	[test]		Improved system test portability. [RT #35625]

(cherry picked from commit 922959581bbdd70d5c9cae1cb107974c3d38ed08)
2014-04-09 20:30:17 -07:00
Evan Hunt
5f7e36daf3 [v9_9] tests directory cleanup 2014-03-06 11:19:52 -08:00
Tinderbox User
51cd9d32ed update copyright notice 2014-02-10 23:45:47 +00:00
Mark Andrews
4735ad1cfd back port algorithm detection support from master 2014-02-10 11:47:28 +11:00
Evan Hunt
a9eb392c55 [v9_9] testcrypto.sh in system tests
3714.  [test]          System tests that need to test for cryptography
                       support before running can now use a common
                       "testcrypto.sh" script to do so. [RT #35213]
2014-02-06 16:10:03 -08:00
Curtis Blackburn
1a890ff58a [v9_9]3682. [bug] Correct the behavior of rndc retransfer to allow
inline-signing slave zones to retain NSEC3 parameters instead of
			reverting to NSEC [RT #34745]
2013-12-04 12:32:21 -06:00
Tinderbox User
a960d3a679 update copyright notice 2013-11-13 23:45:54 +00:00
Mark Andrews
5b609bd57e back port inline system test fixes from master 2013-11-13 16:00:48 +11:00
Mark Andrews
6ddfac8f4e 3671. [bug] Don't allow dnssec-importkey overwrite a existing
non-imported private key.
2013-11-13 12:58:43 +11:00
Mark Andrews
2e4548087a 3642. [func] Allow externally generated DNSKEY to be imported
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
2013-11-13 12:54:37 +11:00
Tinderbox User
d1fb83012b update copyright notice 2013-08-15 23:45:44 +00:00
Mark Andrews
e95e204520 3635. [bug] Signatures were not being removed from a zone with
only KSK keys for a algorithm. [RT #24439]

(cherry picked from commit d1e22676de)
2013-08-15 13:37:47 +10:00
Tinderbox User
dca4d27d76 update copyright notice 2013-07-10 23:45:37 +00:00
Evan Hunt
de875fd13d [v9_9] count the test cases correctly 2013-07-09 22:53:53 -07:00
Evan Hunt
c2cb8c8fc0 [v9_9] address race conditions with removing inline zones
3513.	[bug]		named could crash when deleting inline-signing
			zones with "rndc delzone". [RT #34066]
(cherry picked from commit 927e4c9fec)
2013-07-09 17:50:43 -07:00
Tinderbox User
0103c44f73 update copyright notice 2013-05-29 23:45:44 +00:00
Mark Andrews
e2a54c4408 3577. [bug] Handle zero TTL values better. [RT #33411]
(cherry picked from commit 5f238c3c64)
2013-05-29 18:12:22 +10:00
Mark Andrews
e8bb6cd101 force integer output 2012-11-17 23:59:32 +11:00
Mark Andrews
74dec1b138 3398. [bug] SOA parameters were not being updated with inline
signed zones if the zone was modified while the
                        server was offline. [RT #29272]
2012-10-19 10:25:51 +11:00
Tinderbox User
c201888c2a regen v9_9 2012-03-07 01:59:30 +00:00
Evan Hunt
f94af76649 Revert "added gitignore, removed cvsignore"
This reverts commit e8ae173655.
2012-03-05 08:24:17 -08:00
Evan Hunt
e8ae173655 added gitignore, removed cvsignore 2012-03-03 23:24:11 -08:00
Automatic Updater
2ded752b75 update copyright notice 2012-02-23 07:09:02 +00:00
Mark Andrews
1032216f5c 3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036] 2012-02-23 07:02:20 +00:00
Automatic Updater
1000049f5a update copyright notice 2012-01-31 23:47:03 +00:00
Evan Hunt
17e8be7d61 add missing file 2012-01-31 01:12:29 +00:00
Evan Hunt
0ff738279f 3270. [bug] "rndc reload" didn't reuse existing zones correctly
when inline-signing was in use. [RT #27650]
2012-01-31 01:11:55 +00:00
Mark Andrews
bfe720adb5 reverse accidental commit 2012-01-17 08:26:03 +00:00
Automatic Updater
0d1cf4f5bc update copyright notice 2012-01-16 23:46:46 +00:00
Mark Andrews
00164c8db2 fetches in progress/buckets 2012-01-16 08:35:09 +00:00