ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
25,303 Commits 589 Branches 805 Tags
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0
Commit Graph

329 Commits

Author SHA1 Message Date
Mark Andrews
675cc80975 2911. [bug] dnssec-signzone didn't handle out of zone records well. 
[RT #21367]
 2010-06-03 03:13:32 +00:00
Automatic Updater
6bb1560124 update copyright notice 2010-01-18 23:48:40 +00:00
Evan Hunt
e11a0c114c 2841. [func] Added "smartsign" and improved "autosign" and 
"dnssec" regression tests. [RT #20865]
 2010-01-18 19:19:31 +00:00
Tatuya JINMEI 神明達哉
d8680445d6 2828. [security] Cached CNAME or DNAME RR could be returned to clients 
without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
 2009-12-30 08:02:23 +00:00
Evan Hunt
0d796b1aaa improve cleanup and add named.run to .cvsignore files 2009-12-06 03:04:39 +00:00
Mark Andrews
c6d2578fd6 2741. [func] Allow the dnssec-keygen progress messages to be 
suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]
 2009-10-28 00:27:10 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Automatic Updater
4f91bcae43 update copyright notice 2009-03-02 23:47:43 +00:00
Evan Hunt
ca42dcc068 2569. [func] Move journalprint, nsec3hash, and genrandom 
commands from bin/tests into bin/tools;
                        "make install" will put them in $sbindir. [RT #19301]
 2009-03-02 03:54:10 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Mark Andrews
8b6418238d remove ns2/dlv.db when cleaning 2007-10-30 23:56:09 +00:00
Mark Andrews
a1e2170ad5 2250. [func] New flag 'memstatistics' to state whether the 
memory statistics file should be written or not.
                        Additionally named's -m option will cause the
                        statistics file to be written. [RT #17113]
 2007-09-26 03:22:45 +00:00
Automatic Updater
70e5a7403f update copyright notice 2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Automatic Updater
db100c22d6 update copyright notice 2007-04-26 23:46:52 +00:00
Mark Andrews
429e23d2f5 2170. [func] Add acache processing to test suite. [RT #16711] 2007-04-26 04:06:50 +00:00
Mark Andrews
d6b5e0b0e8 update copyright notice 2006-03-10 00:23:21 +00:00
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00
Mark Andrews
59d84d1b07 2001. [func] Check the KSK flag when updating a secure dynamic zone. 
New zone option "update-check-ksk yes;".  [RT #15817]
 2006-03-06 01:27:52 +00:00
Mark Andrews
8131d4ed6d update copyright notice 2006-02-26 23:49:50 +00:00
Mark Andrews
95b484c958 fix minor typos 2006-02-26 22:57:18 +00:00
Mark Andrews
35da39a7f1 update copyright notice 2006-01-04 00:37:24 +00:00
Mark Andrews
2a90390dee 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended. 
To generate a RSAMD5 key you must explictly request
                        RSAMD5. [RT #13780]
 2006-01-03 06:06:04 +00:00
Mark Andrews
675d696977 update copyright notice 2005-09-06 03:51:37 +00:00
Mark Andrews
5be3685b0e 1919. [bug] dig's +sigchase code overhauled. [RT #14933] 
1918.   [bug]           The DLV code has been re-worked to make no longer
                        query order sensitive. [RT #14933]
 2005-08-25 00:56:08 +00:00
Mark Andrews
3002b5952d cleanup a couple more files 2004-12-14 01:02:50 +00:00
Mark Andrews
a36db48f57 1789. [bug] Prerequisite test for tkey and dnssec could fail 
with "configure --with-libtool".
 2004-12-08 06:10:49 +00:00
Mark Andrews
756f078904 clean up */dsset-*, */dlvset-* and ns2/dlv.db 2004-09-07 04:14:44 +00:00
Mark Andrews
d7a8ba373d copyright 2004-08-19 04:44:08 +00:00
Mark Andrews
c315e5cfea 1648. [func] Update dnssec-lookaside named.conf syntax to support 
multiple dnssec-lookaside namespaces (not yet
                        implemented).
 2004-06-04 02:31:43 +00:00
Mark Andrews
38e8022ace 1625. [bug] named failed to load/transfer RFC2535 signed zones 
which contained CNAMES. [RT# 11237]
 2004-05-05 01:32:58 +00:00
Mark Andrews
8d414d1559 1600. [bug] Duplicate zone pre-load checks were not case 
insensitive.

1599.   [bug]           Fix memory leak on error path when checking named.conf.

1598.   [func]          Specify that certain parts of the namespace must
                        be secure (dnssec-must-be-secure).
 2004-04-15 23:40:27 +00:00
Mark Andrews
28b863e609 pullup fixed from 9.3 2004-03-16 05:52:24 +00:00
Mark Andrews
50105afc55 1589. [func] DNSSEC lookaside validation. 
enable-dnssec -> dnssec-enable
 2004-03-10 02:19:58 +00:00
Mark Andrews
fa7ee558e0 1584. [bug] "make test" failed with a readonly source tree. 
[RT #10461]
 2004-03-10 01:06:06 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
821644d49b 1574. [bug] Don't attempt to open the controls socket(s) when 
running tests. [RT #9091]
 2004-03-02 02:01:41 +00:00
Mark Andrews
89783da064 1581. [func] Disable DNSSEC support by default. To enable 
DNSSEC specify "enable-dnssec yes;" in named.conf.
 2004-02-17 03:40:23 +00:00
Mark Andrews
841ed46de5 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.
 2004-01-15 04:09:17 +00:00
Mark Andrews
35541328a8 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.
 2004-01-14 02:06:51 +00:00
Mark Andrews
b7e6fb4e84 whitespace 2003-10-26 21:33:47 +00:00
Mark Andrews
93d6dfaf66 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. 2003-09-30 06:00:40 +00:00
Mark Andrews
0f042c7c44 - improves tests of negative insecurity proofs, including tests for the 
SOA TTL 0 hack.
- adds +noauth to a few invocations of dig where the authority section is
  not important.
- removes the bogus first half of the dynamic zone test, which didn't
  do anything other than make the test suite fail if run twice.
- fixed the fact that the keyless.example zone wasn't being securely
  delegated.
bwelling
 2002-07-19 06:20:24 +00:00
Mark Andrews
0b09763c35 1328. [func] DS (delegation signer) support. 2002-06-17 04:01:37 +00:00