ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,303 Commits 589 Branches 805 Tags
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0
Commit Graph

322 Commits

Author SHA1 Message Date
Evan Hunt
35f1a4fc93 3085. [func] New '-R' option in dnssec-signzone forces removal 
of signatures which have not yet expired but
			were generated by a key that no longer exists.
			[RT #22471]
 2011-03-21 07:26:47 +00:00
Mark Andrews
6494526350 3070. [bug] dnssec-signzone potential NULL pointer dereference. 
[RT #20256]
 2011-03-11 12:37:01 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Francis Dupont
cf39976b89 while(1) -> for(;;) (cf 23588) 2011-03-10 13:37:21 +00:00
Automatic Updater
0e27506ce3 update copyright notice 2011-03-05 23:52:31 +00:00
Mark Andrews
eff7f78bc6 3061. [func] New option "dnssec-signzone -D", only write out 
generated DNSSEC records. [RT #22896]
 2011-03-05 06:35:41 +00:00
Automatic Updater
26a7306397 update copyright notice 2011-03-04 23:47:47 +00:00
Evan Hunt
61271cdee6 3060. [func] New option "dnssec-signzone -X <date>" allows 
specification of a separate expiration date
			for DNSKEY RRSIGs and other RRSIGs. [RT #22141]
 2011-03-04 22:20:21 +00:00
Automatic Updater
c8175ece69 update copyright notice 2011-03-01 23:48:07 +00:00
Mark Andrews
2f09e7c3fc 3041. [bug] dnssec-signzone failed to generate new signatures on 
ttl changes. [RT #23330]
 2011-02-24 03:04:43 +00:00
Automatic Updater
6e13ffa218 update copyright notice 2010-06-03 23:51:05 +00:00
Mark Andrews
675cc80975 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 03:13:32 +00:00
Automatic Updater
3ee1371212 update copyright notice 2010-01-05 23:48:37 +00:00
Evan Hunt
564d687132 missing newline in dnssec-signzone usage 2010-01-05 15:31:58 +00:00
Automatic Updater
4b6dc226f7 update copyright notice 2009-12-04 22:06:37 +00:00
Mark Andrews
3d17a3ba61 2801. [func] Detect and report records that are different according 
to DNSSEC but are sematically equal according to plain
                        DNS.  Apply plain DNS comparisons rather than DNSSEC
                        comparisons when processing UPDATE requests.
                        dnssec-signzone now removes such semantically duplicate
                        records prior to signing the RRset.

                        named-checkzone -r {ignore|warn|fail} (default warn)
                        named-compilezone -r {ignore|warn|fail} (default warn)

                        named.conf: check-dup-records {ignore|warn|fail};
 2009-12-04 21:09:34 +00:00
Evan Hunt
ce3b2c5189 2788. [bug] dnssec-signzone could sign with keys that were 
not requested [RT #20625]
 2009-11-25 03:17:11 +00:00
Evan Hunt
d312bc5d81 2785. [bug] Revoked keys could fail to self-sign [RT #20652] 2009-11-24 03:42:32 +00:00
Evan Hunt
cef109efa7 2780. [bug] dnssec-keygen -A none didn't properly unset the 
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
 2009-11-23 02:55:41 +00:00
Evan Hunt
00295e0650 2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568] 2009-11-16 04:27:44 +00:00
Mark Andrews
2162c1ed3d add missing period 2009-11-03 01:31:17 +00:00
Evan Hunt
e3b59e4af7 Minor cleanup in dnssec-* tools 2009-10-27 18:56:49 +00:00
Mark Andrews
63d5a6f680 2736. [func] Improve the performance of NSEC signed zones with 
more than a normal amount of glue below a delegation.
                        [RT #20191]
 2009-10-27 04:46:58 +00:00
Evan Hunt
e8831e51c1 2735. [bug] dnssec-signzone could fail to read keys 
that were specified on the command line with
			full paths, but weren't in the current
			directory. [RT #20421]
 2009-10-27 03:59:45 +00:00
Evan Hunt
8f0502e922 2728. [bug] dnssec-keygen, dnssec-keyfromlabel and 
dnssec-signzone now warn immediately if asked to
			write into a nonexistent directory. [RT #20278]
 2009-10-24 00:00:06 +00:00
Automatic Updater
ef9ee92543 update copyright notice 2009-10-13 23:48:12 +00:00
Evan Hunt
19ac4707ee changes needed for win32 build 2009-10-13 00:55:51 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Evan Hunt
315a1514a5 2709. [func] Added some data fields, currently unused, to the 
private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]
 2009-10-09 06:09:21 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Evan Hunt
1210799345 Add /* NOTREACHED */ comments 2009-10-03 18:03:54 +00:00
Evan Hunt
a93a66f618 2794. [bug] Reduce default NSEC3 iterations from 100 to 10. 
[RT #19970]
 2009-09-29 22:17:34 +00:00
Francis Dupont
debd489a44 noreturn RT #20257 2009-09-29 15:06:07 +00:00
Automatic Updater
627f3e0805 update copyright notice 2009-09-25 23:48:13 +00:00
Evan Hunt
1e3c9961bb Move dns_rdataset_init() call earlier so "goto cleanup" won't trigger 
an assert in dns_rdataset_isassociated().  (This is trivial, I'm going
to commit without review.)
 2009-09-25 14:30:10 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
63a1800105 Fix several problems introduced by rt19943 2009-09-24 04:36:28 +00:00
Automatic Updater
d48690af7a update copyright notice 2009-09-23 23:47:56 +00:00
Evan Hunt
53c22b8e0d 2685. [bug] Fixed dnssec-signzone -S handling of revoked keys. 
Also, added warnings when revoking a ZSK, as this is
			not defined by protocol (but is legal).  [RT #19943]
 2009-09-23 16:01:57 +00:00
Mark Andrews
4d0e2cf9b9 2684. [bug] dnssec-signzone should clean the old NSEC chain when 
signing with NSEC3 and vica versa. [RT #20301]
 2009-09-23 14:05:11 +00:00
Mark Andrews
011d0b7dc8 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when 
the NSEC3 parameters used to sign the zone change.
                        [RT #20246]
 2009-09-23 04:30:16 +00:00
Evan Hunt
eab9975bcf 2668. [func] Several improvements to dnssec-* tools, including: 
- dnssec-keygen and dnssec-settime can now set key
			  metadata fields 0 (to unset a value, use "none")
			- dnssec-revoke sets the revocation date in
			  addition to the revoke bit
			- dnssec-settime can now print individual metadata
			  fields instead of always printing all of them,
			  and can print them in unix epoch time format for
			  use by scripts
			[RT #19942]
 2009-09-02 06:29:01 +00:00
Tatuya JINMEI 神明達哉
307d208450 2660. [func] Add a new set of DNS libraries for non-BIND9 
applications.  See README.libdns. [RT #19369]
 2009-09-01 00:22:28 +00:00
Evan Hunt
813b34ebec 2650. [bug] Assertion failure in dnssec-signzone when trying 
to read keyset-* files. [RT #20075]
 2009-08-14 01:07:00 +00:00
Mark Andrews
50eab6c2aa silence compiler warnings 2009-08-13 04:13:58 +00:00
Mark Andrews
99a0cd0236 fix comment 2009-07-21 03:27:38 +00:00
Mark Andrews
520cea04a2 2627. [func] Rationalize dnssec-signzone's signwithkey() calling. 
[RT #19959]
 2009-07-21 01:22:27 +00:00
Francis Dupont
938dfe6dcd re-indent (to be finished) 2009-07-20 12:11:58 +00:00