Mark Andrews
e396d5d72d
Add support for 'dohpath' to SVCB (and HTTPS)
...
dohpath is specfied in draft-ietf-add-svcb-dns and has a value
of 7. It must be a relative path (start with a /), be encoded
as UTF8 and contain the variable dns ({?dns}).
(cherry picked from commit 6d561d3886 )
2022-10-04 15:33:49 +11:00
Michal Nowak
120077bcc2
Merge branch 'mnowak/add-oracle-linux-9-v9_16' into 'v9_16'
...
[v9_16] Add Oracle Linux 9
See merge request isc-projects/bind9!6808
2022-10-03 13:17:57 +00:00
Michal Nowak
7ae22392da
Add Oracle Linux 9
...
(cherry picked from commit be08cf41d9 )
2022-10-03 13:28:26 +02:00
Mark Andrews
47e8a98240
keymgr: use DEFAULT_ALGORITHM instead of {nsec3}rsasha1
2022-10-03 13:28:26 +02:00
Michal Nowak
f822943473
coverage: use $DEFAULT_ALGORITHM
2022-10-03 13:28:25 +02:00
Mark Andrews
21cd56b42b
Fix mkeys to work with DEFAULT_ALGORITHM properly
...
Stop using a RSASHA1 fixed key in ns3's named.conf as the
trusted key and instead compute a broken digest from the
real digest to use in trusted-keys.
(cherry picked from commit be4cbe2b80 )
2022-10-03 13:28:25 +02:00
Mark Andrews
42727aab9a
kasp: stop using RSASHA1 unless necessary for the test
...
Moves tests from being RSASHA1 based to RSASHA256 based where possible
and split out the remaining RSASHA1 based tests so that they are not
run on OS's that don't support RSASHA1.
(cherry picked from commit db028684e5 )
2022-10-03 13:28:25 +02:00
Mark Andrews
4daa3d6dae
keymgr2kasp: use FIPS compliant algorithms and key sizes
...
migrate-nomatch-alglen: switched to RSASHA256 instead of RSASHA1
and the key size now changes from 2048 bits to 3072 bits instead
of 1024 bits to 2048 bits.
migrate-nomatch-algnum: switched to RSASHA256 instead of RSASHA1
as initial algorithm and adjusted mininum key size to 2048 bits.
rsasha256: adjusted minimum key size to 2048 bits.
(cherry picked from commit 048b015166 )
2022-10-03 13:28:25 +02:00
Mark Andrews
3d642f46f2
dnssec/signer/general: Replace RSASHA1 keys with RSASHA512 keys
...
RSASHA1 is verify only in FIPS mode. Use RSASHA256 instead.
(cherry picked from commit 9c6de6d12d )
2022-10-03 13:28:25 +02:00
Mark Andrews
c6abcefee1
Check if RSASHA1 is supported by the OS
...
(cherry picked from commit 1690cb7bb4 )
2022-10-03 13:28:25 +02:00
Mark Andrews
77e0878444
autosign: use FIPS compatible algorithms and key sizes
...
The nsec-only.example zone was not converted as we use it to
test nsec-only DNSSEC algorithms to nsec3 conversion failure.
The subtest is skipped in fips mode.
Update "checking revoked key with duplicate key ID" test
to use FIPS compatible algorithm.
(cherry picked from commit 99ad09975e )
2022-10-03 13:28:25 +02:00
Mark Andrews
e6d1117891
rsabigexponent: convert the test from RSASHA1 to RSASHA256
...
RSASHA1 is not supported on some platforms.
(cherry picked from commit 8c3c011860 )
2022-10-03 13:28:25 +02:00
Mark Andrews
fe4d8ca7c7
mkeys: use $() instead of back quotes
...
(cherry picked from commit 0e45a2b02c )
2022-10-03 13:19:35 +02:00
Mark Andrews
4950ab72e8
Upgrade uses of hmac-sha1 to DEFAULT_HMAC
...
where the test is not hmac-sha1 specific
(cherry picked from commit c533e8bc5b )
2022-10-03 13:19:35 +02:00
Mark Andrews
aafc3f8cf3
Add CHANGES not for [GL #3440 ]
...
(cherry picked from commit be88c583bd )
2022-10-03 13:19:35 +02:00
Mark Andrews
e8545ad255
zonechecks: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 459e6980e5 )
2022-10-03 13:19:35 +02:00
Mark Andrews
864a2b127a
wildcard: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 3f65c9cf85 )
2022-10-03 13:19:34 +02:00
Mark Andrews
76a154d8b1
views: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 86b29606c3 )
2022-10-03 13:19:34 +02:00
Mark Andrews
16c6557aa2
verify: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 93f7c7cdcd )
2022-10-03 13:19:34 +02:00
Mark Andrews
150ace9801
upforwd: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 5585909904 )
2022-10-03 13:19:34 +02:00
Mark Andrews
516694cd8c
unknown: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 9970d4317d )
2022-10-03 13:19:34 +02:00
Mark Andrews
b8645af516
synthfromdnssec: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 73fd49f8bb )
2022-10-03 13:19:34 +02:00
Mark Andrews
a2d8660485
staticstub: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 32337b9dbf )
2022-10-03 13:19:34 +02:00
Mark Andrews
204811ae41
smartsign: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 941b95edb0 )
2022-10-03 13:19:34 +02:00
Mark Andrews
49d8978cb4
rpz: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 1861c3e503 )
2022-10-03 13:19:34 +02:00
Mark Andrews
b26a89df34
rootkeysentinel: use $DEFAULT_ALGORITHM
...
(cherry picked from commit b0e1d9b1b3 )
2022-10-03 13:19:34 +02:00
Mark Andrews
e78c158ba6
resolver: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 05ef8c81dd )
2022-10-03 13:19:34 +02:00
Mark Andrews
52ce408f0d
redirect: use $DEFAULT_ALGORITHM
...
(cherry picked from commit e0e03602ba )
2022-10-03 13:19:33 +02:00
Mark Andrews
ce8cef8a4b
pending: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 6fd50b9fda )
2022-10-03 13:19:33 +02:00
Mark Andrews
1b94de8d1f
nsupdate: use $DEFAULT_ALGORITHM
...
(cherry picked from commit c2d18567fc )
2022-10-03 13:19:33 +02:00
Mark Andrews
fd8bd94212
mkeys: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 78fa082999 )
2022-10-03 13:19:33 +02:00
Mark Andrews
61cfb9a68e
mirror: use $DEFAULT_ALGORITHM
...
(cherry picked from commit ff95bafa39 )
2022-10-03 13:19:33 +02:00
Mark Andrews
17a26bced4
metadata: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 3f1dc83bfb )
2022-10-03 13:19:33 +02:00
Mark Andrews
6843c764c6
inline: use $DEFAULT_ALGORITHM
...
(cherry picked from commit e3acddefd1 )
2022-10-03 13:19:33 +02:00
Mark Andrews
45c21fd5af
dsdigest: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 49de14cb9e )
2022-10-03 13:19:33 +02:00
Mark Andrews
4ba58611c7
dnssec: use $DEFAULT_ALGORITHM
...
(cherry picked from commit d0b0139c90 )
2022-10-03 13:19:33 +02:00
Mark Andrews
53625cc639
dns64: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 5cbf1e1598 )
2022-10-03 13:19:33 +02:00
Mark Andrews
7cf9e28924
chain: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 3419178bd2 )
2022-10-03 13:19:33 +02:00
Mark Andrews
5f146c76bd
cds: use $DEFAULT_ALGORITHM
...
(cherry picked from commit 6cf0b73ede )
2022-10-03 13:19:33 +02:00
Mark Andrews
1bd3c49454
autosign: use $DEFAULT_ALGORITHM
...
(cherry picked from commit bb810b0ac9 )
2022-10-03 13:19:32 +02:00
Mark Andrews
212814cb7e
Merge branch '3541-have-named-v-report-supported-algorithms-v9_16' into 'v9_16'
...
Report supported crypto algorithms [v9_16]
See merge request isc-projects/bind9!6838
2022-09-30 14:25:28 +00:00
Petr Špaček
85d0d86b62
Add release note for new crypto algorithm logging
...
(cherry picked from commit c138a8aa59 )
2022-09-30 09:57:32 +10:00
Petr Špaček
2c09403ab4
Document list of crypto algorithms in named -V output
...
(cherry picked from commit c648e280e4 )
2022-09-30 09:57:32 +10:00
Mark Andrews
e8439121ad
Deduplicate string formating
...
(cherry picked from commit d34ecdb366 )
2022-09-30 09:57:32 +10:00
Mark Andrews
ffbd1ab762
Add CHANGES entry for [GL #3541 ]
...
(cherry picked from commit e876de442e )
2022-09-30 09:57:32 +10:00
Mark Andrews
21d4befe09
silence scan-build false positive
...
(cherry picked from commit 3156d36495 )
2022-09-30 09:57:32 +10:00
Mark Andrews
3265fc496e
Report algorithms supported by named at startup
...
(cherry picked from commit cb1515e71f )
2022-09-30 09:57:32 +10:00
Mark Andrews
989811b6d9
Have 'named -V' report supported algorithms
...
These cover DNSSEC, DS, HMAC and TKEY algorithms.
(cherry picked from commit b308f866c0 )
2022-09-30 09:57:32 +10:00
Matthijs Mekking
07748eb298
Merge branch 'matthijs-dnssec-guide-dnssec-policy-requires-inline-signing-v9_16' into 'v9_16'
...
[v9_16] Add dnssec-policy inline-signing requirement to documentation
See merge request isc-projects/bind9!6833
2022-09-28 09:56:53 +00:00
Matthijs Mekking
df11527a9a
Add inline-signing to config examples
...
Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.
(cherry picked from commit b13a0c8836d2d8bc5b4de1cdfcdb2057c0bb9d93)
2022-09-28 10:54:52 +02:00