ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,303 Commits 589 Branches 805 Tags
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0
Commit Graph

322 Commits

Author SHA1 Message Date
Evan Hunt
9edd523c22 more win32 build fixes 2009-07-19 05:06:48 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Mark Andrews
ce773a54f9 missing unsigned 2009-06-24 01:27:06 +00:00
Mark Andrews
996b4d8982 fix bad test to determine if both ksk's and zsk's are present. [RT #19802] 2009-06-09 22:54:21 +00:00
Mark Andrews
988023d8bc missing unsigned 2009-06-05 06:59:03 +00:00
Automatic Updater
9f4702d025 update copyright notice 2009-06-04 23:47:53 +00:00
Mark Andrews
97573334cb fix up bad merge 2009-06-04 04:33:11 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Francis Dupont
ddac1a2b98 reserve -F 2009-05-07 09:33:52 +00:00
Francis Dupont
86e018c2bc spelling 2009-01-17 10:26:17 +00:00
Automatic Updater
0cfbb9285a update copyright notice 2009-01-06 23:47:57 +00:00
Francis Dupont
1879dbe0d9 dnssec-signzone needs strtoul() - 19129 2009-01-06 09:14:03 +00:00
Mark Andrews
50df1ec60a 2495. [bug] Tighten RRSIG checks. [RT #18795] 2008-11-14 22:53:46 +00:00
Mark Andrews
dd14c953a8 unsigned constants 2008-09-26 01:27:08 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
177bcb466b update copyright notice 2008-06-02 23:47:04 +00:00
Mark Andrews
d87ad693fc 2377. [bug] Address race condition in dnssec-signzone. [RT #18142] 2008-06-02 00:17:39 +00:00
Automatic Updater
271c4c7ffa update copyright notice 2007-08-28 07:20:43 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
0f8c9b5eed 2191. [func] named-checkzone now allows dumping to stdout (-). 
named-checkconf now has -h for help.
                        named-checkzone now has -h for help.
                        Better handling of '-?' for usage summaries.
                        [RT #16707]
 2007-05-21 02:47:25 +00:00
Automatic Updater
1415fce15f update copyright notice 2007-05-18 23:46:58 +00:00
Mark Andrews
9860862ced 2183. [bug] dnssec-signzone didn't handle offline private keys 
well.  [RT #16832]
 2007-05-18 05:50:35 +00:00
Mark Andrews
2dafa707cc 2078. [bug] dnssec-checkzone output style "default" was badly 
named.  It is now called "relative". [RT #16326]

2077.   [bug]           'dnssec-signzone -O raw' wasn't outputing the
                        complete signed zone. [RT #16326]
 2006-08-30 22:57:16 +00:00
David Hankins
6ed53e5949 2011. [func] dnssec-signzone can now update the SOA record of 
the signed zone, either as an increment or as the
                        system time(). [RT #15633]
 2006-04-13 18:09:56 +00:00
Mark Andrews
c5387e6942 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608] 2006-02-21 23:49:51 +00:00
Mark Andrews
9d3acb28cd Fix a signal race condition with the following change. 
1980.   [func]          dnssec-signzone: output the SOA record as the
                        first record in the signed zone. [RT #15758]
 2006-02-07 21:53:36 +00:00
Mark Andrews
e0fe05b5ae update copyright notice 2006-02-03 23:51:39 +00:00
Mark Andrews
2a35dc09d6 1980. [func] dnssec-signzone: output the SOA record as the 
first record in the signed zone. [RT #15758]
 2006-02-03 00:13:57 +00:00
Mark Andrews
2674e1a455 1940. [bug] Fixed a number of error conditions reported by 
Coverity.
 2005-11-30 03:33:49 +00:00
Mark Andrews
16ee4fe11b 1930. [port] HPUX: ia64 support. [RT #15473] 
1929.   [port]          FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
 2005-10-14 01:14:08 +00:00
Mark Andrews
ed6ca94ad7 finetune isc_thread_key implementation [RT #15408] 2005-09-18 07:16:24 +00:00
Mark Andrews
fb827ed6df 9.4/HEAD sync 2005-07-18 06:03:01 +00:00
Mark Andrews
e174044290 1817. [func] Add support for additional zone file formats for 
improving loading performance.  The masterfile-format
                        option in named.conf can be used to specify a
                        non-default format.  A separate command
                        named-compilezone was provided to generate zone files
                        in the new format.  Additionally, the -I and -O options
                        for dnssec-signzone specify the input and output
                        formats.
 2005-06-28 02:55:09 +00:00
Rob Austein
ab023a6556 1851. [doc] Doxygen comment markup. [RT #11398] 2005-04-27 04:57:32 +00:00
Mark Andrews
6e8a8077fa 1840. [func] dnssec-signzone can now randomize signature endtimes 
(dnssec-signzone -j jitter). [RT #13609]
 2005-03-22 02:20:03 +00:00
Mark Andrews
9f069b2771 update copyright notice 2005-03-17 03:56:12 +00:00
Mark Andrews
24efdccd68 1835. [bug] Update dnssec-signzone's usage message. [RT #13657] 2005-03-16 03:08:48 +00:00
Mark Andrews
797944723c 1803. [bug] dnssec-signzone sometimes failed to remove old 
RRSIGs. [RT #13483]
 2005-03-16 00:10:21 +00:00
Mark Andrews
40e7c805a8 1740. [bug] Replace rbt's hash algorithm as it performed badly 
with certain zones. [RT #12729]
 2004-10-25 01:27:54 +00:00
Mark Andrews
16a68807e1 1704. [port] lwres needed a snprintf() implementation for 
platforms without snprintf().  Add missing
                        "#include <isc/print.h>". [RT #12321]
 2004-08-28 06:20:14 +00:00
Mark Andrews
30b41c205c 1699. [bug] dnssec-signzone can generate "not exact" errors 
when resigning. [RT #12281]
 2004-08-20 00:47:40 +00:00
Mark Andrews
5e4346a4f9 1696. [bug] dnssec-signzone failed to clean out nodes that 
consisted of only NSEC and RRSIG records.
                        [RT #12154]
 2004-08-11 08:55:47 +00:00
Mark Andrews
cc3aafe737 1659. [cleanup] Cleanup some messages that were referring to KEY vs 
DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.   [func]          Update dnssec-keygen to default to KEY for HMAC-MD5
                        and DH.  Tighten which options apply to KEY and
                        DNSKEY records.
 2004-06-11 01:12:40 +00:00
Mark Andrews
42b48d11ca hide ((isc_event_t **) (void *)) cast using a macro, ISC_EVENT_PTR. 2004-04-15 01:58:25 +00:00
Mark Andrews
50105afc55 1589. [func] DNSSEC lookaside validation. 
enable-dnssec -> dnssec-enable
 2004-03-10 02:19:58 +00:00
Mark Andrews
af5073d032 update copyrights 2004-03-05 05:48:29 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
daa73eae70 silence punned messages 2004-02-03 00:59:05 +00:00
Mark Andrews
35541328a8 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.
 2004-01-14 02:06:51 +00:00