ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,381 Commits 589 Branches 805 Tags
de7ba81cb4e777282827deb06fe7113a852635b5
Commit Graph

48 Commits

Author SHA1 Message Date
Tinderbox User
fcdfeaa0c2 update copyright notice / whitespace 2015-01-13 23:45:46 +00:00
Evan Hunt
fa2cf1a85e [v9_10] document default DNSKEY TTL 
- see RT #38268
 2015-01-13 09:55:21 -08:00
Mukund Sivaraman
ccba3c9ffd [10686] Add version printing option to various BIND utilites 
Squashed commit of the following:

commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
Author: Evan Hunt <each@isc.org>
Date:   Tue Jun 10 16:52:45 2014 -0700

    [rt10686] move version() to dnssectool.c

commit df205b541d1572ea5306a5f671af8b54b9c5c770
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:31 2014 +0530

    Rearrange order of cases

commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:08 2014 +0530

    Add version printer to dnssec-verify

commit a625ea338c74ab5e21634033ef87f170ba37fdbe
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:32:19 2014 +0530

    Add version printer to dnssec-signzone

commit d91e1c0f0697b3304ffa46fccc66af65591040d9
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:26:01 2014 +0530

    Add version printer to dnssec-settime

commit 46fc8775da3e13725c31d13e090b406d69b8694f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:25:48 2014 +0530

    Fix docbook

commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:20:17 2014 +0530

    Add version printer to dnssec-revoke

commit d0916420317d3e8c69cf1b37d2209ea2d072b913
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:17:54 2014 +0530

    Add version printer to dnssec-keygen

commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:14:11 2014 +0530

    Add version printer to dnssec-keyfromlabel

commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:13:39 2014 +0530

    Update usage help output, docbook

commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:07:18 2014 +0530

    Add version printer to dnssec-importkey

commit 9274fc61e38205aad561edf445940b4e73d788dc
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:01:53 2014 +0530

    Add version printer to dnssec-dsfromkey

commit bf4605ea2d7282e751fd73489627cc8a99f45a90
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 20:49:22 2014 +0530

    Add -V to nsupdate usage output

(cherry picked from commit 4278293107)
 2014-06-16 12:14:41 +05:30
Evan Hunt
1753d3c4d7 [master] correct dates in man pages 2014-02-27 11:43:10 -08:00
Evan Hunt
a165a17a81 [master] dnssec-keygen fixes 
3730.	[cleanup]	Added "never" as a synonym for "none" when
			configuring key event dates in the dnssec tools.
			[RT #35277]

3729.	[bug]		dnssec-kegeyn could set the publication date
			incorrectly when only the activation date was
			specified on the command line. [RT #35278]
 2014-02-06 15:59:14 -08:00
Tinderbox User
6ea2385360 regen master 2014-01-16 01:05:38 +00:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Tinderbox User
99d8f5a704 update copyright notice 2012-05-02 23:45:44 +00:00
Mark Andrews
aaaf8d4f48 3317. [func] Add ECDSA support (RFC 6605). [RT #21918] 2012-05-02 23:20:17 +10:00
Automatic Updater
207cee019e update copyright notice 2011-03-17 23:47:30 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Mark Andrews
37dee1ff94 2999. [func] Add GOST support (RFC 5933). [RT #20639] 2010-12-23 04:08:00 +00:00
Automatic Updater
f428e385a4 update copyright notice 2010-08-16 23:46:52 +00:00
Mark Andrews
c6f4972c74 2943. [func] Add support to load new keys into managed zones 
without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]
 2010-08-16 22:21:07 +00:00
Evan Hunt
f80b665135 fix typo: s/pcks11/pkcs11/ 2009-11-03 21:44:46 +00:00
Mark Andrews
c6d2578fd6 2741. [func] Allow the dnssec-keygen progress messages to be 
suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]
 2009-10-28 00:27:10 +00:00
Evan Hunt
cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512. [RT #20023]
 2009-10-22 02:21:31 +00:00
Jeremy Reed
eec29cfd40 Fix typo as reported by SUN Guonian <sun@cnnic.cn>. 
This was seen in 9.7.0a3.
No CHANGES entry as is too minor.
 2009-10-16 15:37:01 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Evan Hunt
b843f577bb 2677. [func] Changes to key metadata behavior: 
- Keys without "publish" or "active" dates set will
			  no longer be used for smart signing.  However,
			  those dates will be set to "now" by default when
			  a key is created; to generate a key but not use
			  it yet, use dnssec-keygen -G.
			- New "inactive" date (dnssec-keygen/settime -I)
			  sets the time when a key is no longer used for
			  signing but is still published.
			- The "unpublished" date (-U) is deprecated in
			  favor of "deleted" (-D).
			[rt20247]
 2009-09-14 18:45:45 +00:00
Evan Hunt
eab9975bcf 2668. [func] Several improvements to dnssec-* tools, including: 
- dnssec-keygen and dnssec-settime can now set key
			  metadata fields 0 (to unset a value, use "none")
			- dnssec-revoke sets the revocation date in
			  addition to the revoke bit
			- dnssec-settime can now print individual metadata
			  fields instead of always printing all of them,
			  and can print them in unix epoch time format for
			  use by scripts
			[RT #19942]
 2009-09-02 06:29:01 +00:00
Evan Hunt
41eeb37b51 2659. [doc] Clarify dnssec-keygen doc: key name must match zone 
name for DNSSEC keys. [RT #19938]
 2009-08-28 21:47:02 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
dde8659175 update copyright notice 2009-06-17 23:53:04 +00:00
Evan Hunt
b272d38cc5 2612. [func] Add default values for the arguments to 
dnssec-keygen.  Without arguments, it will now
			generate a 1024-bit RSASHA1 zone-signing key,
			or with the -f KSK option, a 2048-bit RSASHA1
			key-signing key. [RT #19300]

2611.	[func]		Add -l option to dnssec-dsfromkey to generate
			DLV records instead of DS records. [RT #19300]
 2009-06-17 06:51:44 +00:00
Jeremy Reed
733531b6d5 Change SEE ALSO reference from obsolete 2535 to 4033. 
(Also order these numerically.)
 2008-10-14 14:32:50 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
bf45f72ed3 2195. [func] dnssec-keygen now defaults to nametype "ZONE" 
when generating DNSKEYs. [RT #16954]
 2007-06-18 01:03:13 +00:00
Mark Andrews
561a29af8c minor man page updated from Jeremy [RT #16859] 2007-05-09 01:32:09 +00:00
Mark Andrews
c1a883f2e0 update copyright notice 2007-01-29 23:57:22 +00:00
Rob Austein
5cd4555ad4 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635] 2007-01-29 22:16:02 +00:00
Mark Andrews
79399226b7 remove make-keyset reference 2005-08-30 01:50:05 +00:00
Mark Andrews
b5ad6dfea4 1903. [doc] Review ARM for BIND 9.4. 2005-07-19 04:55:25 +00:00
Mark Andrews
f5d30e2864 update copyright notice 2005-05-13 01:35:48 +00:00
Rob Austein
268a447506 1856. [doc] Switch Docbook toolchain from DSSSL to XSL. 2005-05-11 05:55:41 +00:00
Mark Andrews
c651f15b30 1849. [doc] All forms of the man pages (docbook, man, html) should 
have consistant copyright dates.
 2005-04-07 03:50:05 +00:00
Mark Andrews
cc3aafe737 1659. [cleanup] Cleanup some messages that were referring to KEY vs 
DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.   [func]          Update dnssec-keygen to default to KEY for HMAC-MD5
                        and DH.  Tighten which options apply to KEY and
                        DNSKEY records.
 2004-06-11 01:12:40 +00:00
Mark Andrews
17cb8353e9 update corpauthor 2004-06-03 02:22:35 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
b0c15bd979 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived 
from SOA MINIMUM.

1414.   [func]          Support for KSK flag.
 2003-01-18 02:40:59 +00:00
Mark Andrews
a7038d1a05 copyrights 2002-02-20 03:35:59 +00:00
Brian Wellington
2ca556300b 1180. [func] dnssec-keygen should always generate keys with 
protocol 3 (DNSSEC), since it's less confusing
			that way.
 2002-01-21 10:13:20 +00:00
Brian Wellington
d4ef65050f copyright updates 
(note - this doesn't touch lib/bind at all.  Mark, whenever you're done with
lib/bind, make sure to do the copyright magic)
 2001-04-10 21:52:17 +00:00
Brian Wellington
8ffa8320ab minor changes 2001-03-31 02:25:31 +00:00
Brian Wellington
0b062f4990 converted man pages to docbook and cleaned them up. 2001-03-30 22:50:27 +00:00