ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,303 Commits 589 Branches 805 Tags
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0
Commit Graph

143 Commits

Author SHA1 Message Date
Evan Hunt
8d0a1ede2f RT #20213: 
- correctly use -K option in dnssec-keygen
- fix an improper free() in dnssec-revoke
- fix grammar in dnssec-settime
 2009-09-04 16:57:22 +00:00
Automatic Updater
d7201de09b update copyright notice 2009-09-02 23:48:03 +00:00
Evan Hunt
eab9975bcf 2668. [func] Several improvements to dnssec-* tools, including: 
- dnssec-keygen and dnssec-settime can now set key
			  metadata fields 0 (to unset a value, use "none")
			- dnssec-revoke sets the revocation date in
			  addition to the revoke bit
			- dnssec-settime can now print individual metadata
			  fields instead of always printing all of them,
			  and can print them in unix epoch time format for
			  use by scripts
			[RT #19942]
 2009-09-02 06:29:01 +00:00
Tatuya JINMEI 神明達哉
307d208450 2660. [func] Add a new set of DNS libraries for non-BIND9 
applications.  See README.libdns. [RT #19369]
 2009-09-01 00:22:28 +00:00
Automatic Updater
26d8ffe715 update copyright notice 2009-07-19 23:47:55 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
f66c8eed51 update copyright notice 2009-06-30 23:48:01 +00:00
Evan Hunt
cfb1587eb9 2619. [func] Add support for RFC 5011, automatic trust anchor 
maintenance.  The new "managed-keys" statement can
			be used in place of "trusted-keys" for zones which
			support this protocol.  (Note: this syntax is
			expected to change prior to 9.7.0 final.) [RT #19248]
 2009-06-30 02:53:46 +00:00
Automatic Updater
dde8659175 update copyright notice 2009-06-17 23:53:04 +00:00
Evan Hunt
b272d38cc5 2612. [func] Add default values for the arguments to 
dnssec-keygen.  Without arguments, it will now
			generate a 1024-bit RSASHA1 zone-signing key,
			or with the -f KSK option, a 2048-bit RSASHA1
			key-signing key. [RT #19300]

2611.	[func]		Add -l option to dnssec-dsfromkey to generate
			DLV records instead of DS records. [RT #19300]
 2009-06-17 06:51:44 +00:00
Automatic Updater
54cdd2b307 update copyright notice 2009-05-07 23:47:44 +00:00
Francis Dupont
ddac1a2b98 reserve -F 2009-05-07 09:33:52 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
271c4c7ffa update copyright notice 2007-08-28 07:20:43 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
bf45f72ed3 2195. [func] dnssec-keygen now defaults to nametype "ZONE" 
when generating DNSKEYs. [RT #16954]
 2007-06-18 01:03:13 +00:00
Mark Andrews
0f8c9b5eed 2191. [func] named-checkzone now allows dumping to stdout (-). 
named-checkconf now has -h for help.
                        named-checkzone now has -h for help.
                        Better handling of '-?' for usage summaries.
                        [RT #16707]
 2007-05-21 02:47:25 +00:00
Mark Andrews
f8574167b2 update copyright notice 2007-01-09 23:49:38 +00:00
Mark Andrews
92f56936fb update copyright notice 2007-01-09 03:11:16 +00:00
Mark Andrews
c6d4f78152 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and 
HMACSHA512 support. [RT #13606]
 2006-01-27 02:35:15 +00:00
Mark Andrews
35da39a7f1 update copyright notice 2006-01-04 00:37:24 +00:00
Mark Andrews
2a90390dee 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended. 
To generate a RSAMD5 key you must explictly request
                        RSAMD5. [RT #13780]
 2006-01-03 06:06:04 +00:00
Mark Andrews
ed6ca94ad7 finetune isc_thread_key implementation [RT #15408] 2005-09-18 07:16:24 +00:00
Mark Andrews
69fe9aaafd update copyright notice 2005-04-29 00:24:12 +00:00
Rob Austein
ab023a6556 1851. [doc] Doxygen comment markup. [RT #11398] 2005-04-27 04:57:32 +00:00
Mark Andrews
cc3aafe737 1659. [cleanup] Cleanup some messages that were referring to KEY vs 
DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.   [func]          Update dnssec-keygen to default to KEY for HMAC-MD5
                        and DH.  Tighten which options apply to KEY and
                        DNSKEY records.
 2004-06-11 01:12:40 +00:00
Mark Andrews
50105afc55 1589. [func] DNSSEC lookaside validation. 
enable-dnssec -> dnssec-enable
 2004-03-10 02:19:58 +00:00
Mark Andrews
af5073d032 update copyrights 2004-03-05 05:48:29 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
b0c15bd979 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived 
from SOA MINIMUM.

1414.   [func]          Support for KSK flag.
 2003-01-18 02:40:59 +00:00
Mark Andrews
93e353425a 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset 
dnssec-signkey now report their version in the
                        usage message.
 2002-12-03 05:01:34 +00:00
Mark Andrews
a7038d1a05 copyrights 2002-02-20 03:35:59 +00:00
Brian Wellington
2ca556300b 1180. [func] dnssec-keygen should always generate keys with 
protocol 3 (DNSSEC), since it's less confusing
			that way.
 2002-01-21 10:13:20 +00:00
Brian Wellington
d9af67ef70 add RSA to the secalgs list in rdata.c (as a synonym for RSAMD5), remove the 
special case code in dnssec-keygen to parse RSA.
 2001-11-15 19:44:52 +00:00
Andreas Gustafsson
d25365515e consistently begin error messages with a lower case letter 2001-10-11 22:53:46 +00:00
Brian Wellington
ce1d4c7aeb Print an error when creating a zone key with an algorithm that is not 
allowed for a zone key.
 2001-10-11 22:19:15 +00:00
Andreas Gustafsson
94ce9c52fb Improve error messages printed by dnssec tools when compiled 
without crypto support (patch from Olafur)
 2001-10-04 23:48:16 +00:00
Brian Wellington
f2d88ed98c clarify help text 2001-09-25 22:47:02 +00:00
Brian Wellington
39504d4517 remove dead code, consolidate dupliacted code. 2001-09-21 00:17:01 +00:00
Andreas Gustafsson
2f734e0a7e sizeof style 2001-09-19 23:08:24 +00:00
Brian Wellington
2dee13b8b8 rsasha1 stuff 2001-09-19 00:15:05 +00:00
Brian Wellington
b7b9b499f4 remove unused code 2001-09-19 00:03:37 +00:00
Brian Wellington
36e37042c6 997. [func] Add support for RSA-SHA1 keys. 2001-09-15 00:01:58 +00:00
Brian Wellington
3f543c371f 981. [func] The dnssec tools can now take multiple '-r randomfile' 
arguments.
 2001-09-05 23:15:42 +00:00
Brian Wellington
cda383abe0 don't call dst_algorithm_supported(), an unsupported algorithm will be caught 
anyway.
 2001-07-10 18:53:09 +00:00
Brian Wellington
c3de05e48a send usage to stderr, not stdout. 2001-02-15 23:26:29 +00:00
Brian Wellington
499b34cea0 copyright update 2001-01-09 22:01:04 +00:00
Brian Wellington
78838d3e0c 8 space -> tab conversion 2000-12-11 19:24:30 +00:00
Brian Wellington
b7bf1bc9d9 openssl rsa doesn't have a 2048 bit limit. Change it to 4096, which 
takes a long time and a lot of entropy to generate.
 2000-11-07 20:10:14 +00:00