Commit Graph

6399 Commits

Author SHA1 Message Date
Michal Nowak
a0e7b05aba Merge tag 'v9_16_31' into v9_16
BIND 9.16.31
2022-07-21 14:37:36 +02:00
Michał Kępień
31012c1c0d Update documentation for named's -M option
Add "internal" to the list of legal values for the -M command-line
option (commit 1f7d2d53f0 added that
flag).

Make the style of the relevant paragraph more in line with the next one
and split its contents up into an unordered list of options for improved
readability.

(cherry picked from commit f0c31ceb3b)
2022-07-15 10:45:34 +02:00
Michal Nowak
0043999f54 Add Alpine Linux 3.16
(cherry picked from commit 0d0ab3db10)
2022-07-12 13:59:30 +02:00
Matthijs Mekking
60c297d717 Add release note and change entry for #3438
Bug worth mentioning.

(cherry picked from commit 689215a675)
2022-07-12 12:48:57 +02:00
Michał Kępień
c660730ea3 Set up release notes for BIND 9.16.32 2022-07-11 08:52:51 +02:00
Michał Kępień
5cbf8d3c18 Tweak and reword release notes 2022-07-11 06:32:55 +02:00
Michał Kępień
59da803e86 Prepare release notes for BIND 9.16.31 2022-07-11 06:32:55 +02:00
Petr Špaček
4caaff0afa Deduplicate Manual Signing between DNSSEC chapter and DNSSEC Guide
The two procedures were essentially the same, but each instance was
missing some details from the other. They are now combined into one text
in the DNSSEC Guide and linked from DNSSEC chapter.

(cherry picked from commit 7d25027898)
2022-07-07 12:04:39 +02:00
Suzanne Goldlust
71f3d521cb Minor grammar improvements in the Signing chapter of the DNSSEC Guide
(cherry picked from commit 6b1ad4dcfb)
2022-07-07 11:48:33 +02:00
Petr Špaček
dd46af7f59 Deduplicate key filename description in the DNSSEC Guide
Third time ...

(cherry picked from commit 7e96801841)
2022-07-07 11:40:45 +02:00
Petr Špaček
6c1b34e9b5 Use ECDSAP256SHA256 in DNSSEC signing examples
(cherry picked from commit 3eb6898a14)
2022-07-07 11:39:32 +02:00
Matthijs Mekking
0a13a85dff Add a section about key rollover
Describe how to do key rollovers with dnssec-policy. Update the
revert to unsigned recipe in the DNSSEC guide.

(cherry picked from commit f721986589)
2022-07-07 11:37:25 +02:00
Petr Špaček
75854c5e6b Rewrite DNSSEC Validation subchapter in the ARM
Mostly deduplicating and linking information across the ARM.
Generally people should not touch it unless they what they are doing, so
let's try to discourage them a bit.

(cherry picked from commit bffa3063f0)
2022-07-07 11:07:32 +02:00
Petr Špaček
c9e52437ca Resynchronize DNSSEC chapter with the main branch
This is essentially a backport of !6296.

Replace DNSSEC chapter with version from the main branch, commit
901b6425d2.

There were structural changes to the ARM in the main branch, and
replacing the whole file with a new version is an order of magniture
easier than attempting to cherry-pick individual changes which should, in
the end, produce the same file under a different name.

File names in the main branch and v9_16 are now in sync (for the DNSSEC
chapter).

Fixes: #3320
2022-07-07 10:34:06 +02:00
Evan Hunt
4897f3ccc0 Improve $GENERATE documentation
Clarify the documentation of $GENERATE modifiers and add an example.

(cherry picked from commit 13fb2faf7a)
2022-07-06 11:35:16 +10:00
Aram Sargsyan
d31223d477 Add CHANGES and release note for [GL #3398] 2022-07-01 08:42:28 +00:00
Petr Špaček
561f2a3930 Declare Debian 9 (Stretch) community-maintained
(cherry picked from commit 4ce1f25210)
2022-06-28 17:59:21 +02:00
Matthijs Mekking
68105e66cf Add some clarifications wrt dynamic zones
These were suggested by GitLab user @elmaimbo.

(cherry picked from commit fb517eb52a)
2022-06-27 11:56:59 +02:00
Michal Nowak
009c7871ec Add Ubuntu 22.04 LTS (Jammy Jellyfish)
(cherry picked from commit 4c2af3bdfa)
2022-06-22 12:04:13 +02:00
Matthijs Mekking
e1f0acc3e7 Document where updates and DNSSEC records are stored
Make clear that inline-signing stores DNSSEC records in a signed
version of the zone, using the zone's filename plus ".signed" extension.

Tell that dynamic zones store updates in the zone's filename.

DNSSEC records for dynamic zones also go in the zone's filename, unless
inline-signing is enabled.

Then, dnssec-policy assumes inline-signing, but only if the zone is
not dynamic.

(cherry picked from commit 8860f6b4ff)
2022-06-20 16:50:42 +02:00
Petr Špaček
3eae58207a Update NSEC3 guidance to match draft-ietf-dnsop-nsec3-guidance-10
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10
is on it's way to become RFC, so let's update our recommendations in the
docs to be in line with it.

The default values for dnssec-policy and dnssec-signzone were adapted to
match v9_16 branch.

(cherry picked from commit 2ee3f4e6c8)
2022-06-15 18:10:50 +02:00
Michał Kępień
68fadd52c1 Merge tag 'v9_16_30' into v9_16
BIND 9.16.30
2022-06-15 16:02:06 +02:00
Petr Špaček
b14b29b969 Update FAQ in the DNSSEC Guide
Mention DoT/DoH, update stats, remove mentions of early stages of
deployment.

(cherry picked from commit fd3a2c7854)
2022-06-14 18:18:54 +02:00
Petr Špaček
308c7f7c5c Update Authoritative Server Hardware requirements in DNSSEC Guide
Based on measurements done on BIND v9_19_2 using bank. TLD and a
synthetitc fullly signed zone, using RSASHA256 and ECDSAP256SHA256
algorithms with NSEC and NSEC3 without opt-out.

(cherry picked from commit 635885afe6)
2022-06-14 18:18:36 +02:00
Petr Špaček
0efc93ce1a Update DNSSEC validation deployment stats in DNSSEC Guide
(cherry picked from commit 832c172985)
2022-06-14 18:18:36 +02:00
Petr Špaček
b64c8459f7 Rewrite Recursive Server Hardware requirements in DNSSEC Guide
This section was completely out of date. Current measurements on dataset
Telco EU 2022-02 and BIND 9.19.1 indicate absolutely different results
than described in the old version of the text.

(cherry picked from commit 6cf8066b9c)
2022-06-14 18:18:36 +02:00
Petr Špaček
4319b776f8 Remove outdated software requirements from DNSSEC Guide
Guide in this repo is tied to latest version anyway, so let's not even
mention ancient versions of BIND.

This also solves the OpenSSL question because it is now mandatory for
build, which subsequently removes the entropy problem - so let's not
mention it either.

(cherry picked from commit 6e79877759)
2022-06-14 18:18:35 +02:00
Ondřej Surý
5cd2acb374 Add CHANGES and release note for [GL #3400]
(cherry picked from commit 646df5cbbc)
2022-06-14 11:55:03 +02:00
Petr Špaček
f01f316268 Clarify dnssec-keyfromlabel -a in man page
(cherry picked from commit 5f53003dae)
2022-06-10 08:02:33 +02:00
Tom Krizek
b3c7bd1c04 Auto-format Python files with black
This patch is strictly the result of:
$ black $(git ls-files '*.py' '*.py.in')

There have been no manual changes.
2022-06-08 13:34:19 +02:00
Tom Krizek
cf92d05908 Enforce Python codestyle with black
Black is an opinionated tool for auto-formatting Python code so we no
longer have to worry about the codestyle.

For the codestyle decisions and discussion, refer to the upstream
documentation [1].

[1] https://black.readthedocs.io/en/stable/the_black_code_style/current_style.html
2022-06-08 13:29:01 +02:00
Tom Krizek
8668c8c061 Remove trailing whitespace
My editor doesn't like that!

(cherry picked from commit 5d64d05be9)
2022-06-08 13:24:30 +02:00
Michał Kępień
913c0b833c Set up release notes for BIND 9.16.31 2022-06-03 11:05:47 +02:00
Michał Kępień
e012953aea Add release note for GL #3327 2022-06-02 20:57:12 +02:00
Michał Kępień
35aaf41516 Reorder release notes 2022-06-02 20:57:12 +02:00
Michał Kępień
ee8b00bdf2 Tweak and reword release notes 2022-06-02 20:57:12 +02:00
Michał Kępień
501ac73a7c Prepare release notes for BIND 9.16.30 2022-06-02 20:57:12 +02:00
Petr Špaček
cc1599e454 ARM style change: render literals in black color
After enormous amount of bikesheding about colors we decided to override
ReadTheDocs default style for literals (``literal`` in the RST markup).

Justification:
- The default RTD "light red literal on white background" is hard to
  read.  https://webaim.org/resources/contrastchecker/ reports that text
  colored as rgb(231, 76, 60) on white background has insufficient
  contrast.
- The ARM has enormous amount of literals all over the place and thus
  one sentence can contain several black/red/black color changes. This
  is distracting. As a consequence, the ARM looks like a Geronimo
  Stilton book.

What we experimented with as replacements for red:
- Green - way too distracting
- Blue - too similar to "usual clickable link"
- Violet - too Geronimo Stilton style
- Brown - better but still distracting

After all the bikesheding we settled on black, i.e. the same as all
"normal" text. I.e. the color is now the same and literals are denoted
by monospaced font and a box around the literal. This has best contrast
and is way less distracting than it used to be.

This lead to a new problem: Internal references to "term definitions"
defined using directives like .. option:: were rendered almost the same
as literals:
- References: monospaced + box + bold + clickable
- Literals: monospaced + box To distinguish these two we added black
  dotted underline to clickable references.

I hereby declare the bikeshed painted.

(cherry picked from commit 833af31e7b)
2022-06-02 17:24:41 +02:00
Petr Špaček
dafacea24c Allow wrapping for ARM table content
RTD style default never wraps <th> and <td> elements and that just does
not work for real sentences or any other long lines.

We can reconsider styling some tables separately, but at the moment we
do not have use for tables with long but unwrappable lines so it's
easier to allow wrapping globally.

(cherry picked from commit a5dd98ac1b)
2022-06-02 17:24:39 +02:00
Aram Sargsyan
a0121f4908 Add CHANGES and release note for [GL #3380]
(cherry picked from commit b8073cbe72)
2022-06-02 10:34:05 +00:00
Michal Nowak
db5f8ebb6f Merge tag 'v9_16_29' into v9_16
BIND 9.16.29
2022-05-19 13:14:59 +02:00
Evan Hunt
9aa68d0dd7 specify time format in the documentation for 'rdnc dnssec -checkds'
also clarified the writing in the surrounding paragraph.

(cherry picked from commit 83f9466d61)
2022-05-18 15:37:13 -07:00
Matthijs Mekking
e8bcf3de5b Add changes and release notes for #3302
Add a comment to make danger happy.

(cherry picked from commit 0f89f0b134)
2022-05-16 10:35:50 +02:00
Matthijs Mekking
24913fc696 Remove confusing parental-source line
Remove the line "This address must appear in the secondary server’s
parental-agents zone clause". This line is a copy paste error from
notify-source.

Rewrap.

(cherry picked from commit 313f606692)
2022-05-11 15:01:35 +00:00
Petr Špaček
0366ff94ee Remove ARM notes about Solaris 2.5.1
It was released in May 1996 and hopefully is not used to run BIND
anymore.

(cherry picked from commit 4388656f60)
2022-05-11 12:54:01 +02:00
Michal Nowak
9b7487b2f2 Set up release notes for BIND 9.16.30 2022-05-11 11:04:21 +02:00
Michal Nowak
85d1c24a90 Tweak and reword release notes 2022-05-10 00:03:20 +02:00
Michal Nowak
e4f535334e Prepare release notes for BIND 9.16.29 2022-05-06 17:06:36 +02:00
Petr Menšík
c1127e3550 Export built-in default configuration for named binary
It might be useful to display built-in configuration with all its
values. It should make it easier to test what default values has changed
in a new release.

Related: #1326
(cherry picked from commit cf722d18b3)
2022-04-29 12:26:46 +02:00
Petr Špaček
cf44faf6ae Pin Sphinx related package versions to match ReadTheDocs and our CI
This seems to be most appropriate way to ensure consistency between
release tarballs and public presentation on ReadTheDocs.

Previous attempt with removing docutils constraint, which relied on pip
depedency solver to pick the same packages as in CI was flawed. RTD
installs a bit different set of packages so it was inherently
unreliable.

As a result RTD pulled in sphinx-rtd-theme==0.4.3 while CI
had 1.0.0, and this inconsistency caused Table of Contents in Release
Notes to render incorrectly. Previous solution was to downgrade
docutils to < 0.17, but I think we should rather pin exact versions.

For the long history of messing with versions read also
isc-projects/bind9@2a8eda0084
isc-projects/images@d4435b97be
isc-projects/bind9@6a2daddf5b

(cherry picked from commit 6088ba3837)
2022-04-27 14:35:52 +02:00