From 3f9f79b5c456c33118ea66b413fe2cd187774f93 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Thu, 19 Nov 2009 06:16:55 +0000 Subject: [PATCH 1/9] update --- doc/private/SRCID | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/private/SRCID b/doc/private/SRCID index c2799e427f..e30c58671f 100644 --- a/doc/private/SRCID +++ b/doc/private/SRCID @@ -1,6 +1,6 @@ -# $Id: SRCID,v 1.18 2009/11/19 05:17:19 tbox Exp $ +# $Id: SRCID,v 1.19 2009/11/19 06:16:55 tbox Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. # -SRCID="( $Date: 2009/11/19 05:17:19 $ )" +SRCID="( $Date: 2009/11/19 06:16:55 $ )" From 0088b45de515b891622e7e81dee9602291231c10 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 19 Nov 2009 18:52:40 +0000 Subject: [PATCH 2/9] 2774. [bug] Existing cache DB wasn't being reused after reconfiguration. [RT #20629] --- CHANGES | 3 +++ bin/named/server.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 7bc19c2924..e7f958ad78 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2774. [bug] Existing cache DB wasn't being reused after + reconfiguration. [RT #20629] + 2773. [bug] In autosigned zones, the SOA could be signed with the KSK. [RT #20628] diff --git a/bin/named/server.c b/bin/named/server.c index 99ef01eff0..3297dd8f83 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.554 2009/10/27 22:46:13 each Exp $ */ +/* $Id: server.c,v 1.555 2009/11/19 18:52:40 each Exp $ */ /*! \file */ @@ -1590,8 +1590,8 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS) goto cleanup; if (pview != NULL) { - if (cache_reusable(pview, view, - zero_no_soattl)) { + if (!cache_reusable(pview, view, + zero_no_soattl)) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, From 158908972b4d777cbe02a178de94c3f4977293eb Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Thu, 19 Nov 2009 19:17:11 +0000 Subject: [PATCH 3/9] update --- doc/private/SRCID | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/private/SRCID b/doc/private/SRCID index e30c58671f..221f23fa2e 100644 --- a/doc/private/SRCID +++ b/doc/private/SRCID @@ -1,6 +1,6 @@ -# $Id: SRCID,v 1.19 2009/11/19 06:16:55 tbox Exp $ +# $Id: SRCID,v 1.20 2009/11/19 19:17:11 tbox Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. # -SRCID="( $Date: 2009/11/19 06:16:55 $ )" +SRCID="( $Date: 2009/11/19 19:17:11 $ )" From 3c1e75c23f399c5252e0c9d6ff7ad878d0ec3570 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Thu, 19 Nov 2009 23:19:15 +0000 Subject: [PATCH 4/9] auto update --- doc/private/branches | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/private/branches b/doc/private/branches index a3927119d4..35d7a92781 100644 --- a/doc/private/branches +++ b/doc/private/branches @@ -338,6 +338,7 @@ v9_5_0_P2_danny new v9_5_0_P2_win32 new marka // 2008-09-04 05:59 +0000 v9_5_0_patch active // security fixes 9.5.0 only v9_5_1_patch new marka // 2008-12-03 02:07 +0000 +v9_5_2_patch new marka // 2009-11-18 23:19 +0000 v9_6 new marka // 2008-11-30 22:53 +0000 v9_6_0_patch new marka // 2008-12-23 01:13 +0000 v9_6_1_patch new marka // 2009-07-28 14:11 +0000 From 19af9889242e5e07ce6cd4342ac6f051ef5993b8 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Fri, 20 Nov 2009 23:18:21 +0000 Subject: [PATCH 5/9] auto update --- doc/private/branches | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/private/branches b/doc/private/branches index 35d7a92781..0c844cfc15 100644 --- a/doc/private/branches +++ b/doc/private/branches @@ -283,6 +283,7 @@ rt20541 new marka // 2009-10-30 02:28 +0000 rt20603 new sar // 2009-11-12 01:38 +0000 rt20609 new marka // 2009-11-18 08:46 +0000 rt20619 new sar // 2009-11-16 19:51 +0000 +rt20639 new fdupont // 2009-11-20 08:18 +0000 shane_dbbackend open skan open explorer skan-metazones1 private explorer From 1cd538c05181b7236e4a2d159a99997dcfa1cb5c Mon Sep 17 00:00:00 2001 From: Francis Dupont Date: Sat, 21 Nov 2009 17:54:09 +0000 Subject: [PATCH 6/9] 20643: RSASHA2 NSEC3 compatible in dnssec-keyfromlabel --- CHANGES | 3 +++ bin/dnssec/dnssec-keyfromlabel.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index e7f958ad78..82f8c615da 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible + in dnssec-keyfromlabel. [RT #20643] + 2774. [bug] Existing cache DB wasn't being reused after reconfiguration. [RT #20629] diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c index 44207790ed..918cf24ac2 100644 --- a/bin/dnssec/dnssec-keyfromlabel.c +++ b/bin/dnssec/dnssec-keyfromlabel.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keyfromlabel.c,v 1.26 2009/11/06 01:06:38 each Exp $ */ +/* $Id: dnssec-keyfromlabel.c,v 1.27 2009/11/21 17:51:49 fdupont Exp $ */ /*! \file */ @@ -354,7 +354,8 @@ main(int argc, char **argv) { } if (use_nsec3 && - alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1) { + alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 && + alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512) { fatal("%s is incompatible with NSEC3; " "do not use the -3 option", algname); } From a7df2367f2b4872b4a8b5878fc6024c0621567e9 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Sat, 21 Nov 2009 18:16:28 +0000 Subject: [PATCH 7/9] update --- doc/private/SRCID | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/private/SRCID b/doc/private/SRCID index 221f23fa2e..0f4a0c2719 100644 --- a/doc/private/SRCID +++ b/doc/private/SRCID @@ -1,6 +1,6 @@ -# $Id: SRCID,v 1.20 2009/11/19 19:17:11 tbox Exp $ +# $Id: SRCID,v 1.21 2009/11/21 18:16:28 tbox Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. # -SRCID="( $Date: 2009/11/19 19:17:11 $ )" +SRCID="( $Date: 2009/11/21 18:16:28 $ )" From 8b4aab25fa8c50a238c5c1b41574b888884e5e68 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Sat, 21 Nov 2009 23:18:38 +0000 Subject: [PATCH 8/9] auto update --- doc/private/branches | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/private/branches b/doc/private/branches index 0c844cfc15..221de7a22d 100644 --- a/doc/private/branches +++ b/doc/private/branches @@ -239,6 +239,7 @@ rt19942 new each // 2009-08-27 23:01 +0000 rt19943 new each // 2009-09-15 03:18 +0000 rt19943a new each // 2009-09-23 16:06 +0000 rt19943b new each // 2009-10-02 05:42 +0000 +rt19946 new each // 2009-11-21 06:00 +0000 rt20001 new each // 2009-08-05 15:54 +0000 rt20023 new fdupont // 2009-07-31 15:08 +0000 rt20037 new marka // 2009-08-11 07:46 +0000 From 40ff4bb4824226da0cedf13b3f9e03dd27791a4a Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Sun, 22 Nov 2009 22:36:03 +0000 Subject: [PATCH 9/9] new draft --- ...t => draft-ietf-dnsext-dnssec-gost-04.txt} | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) rename doc/draft/{draft-ietf-dnsext-dnssec-gost-03.txt => draft-ietf-dnsext-dnssec-gost-04.txt} (96%) diff --git a/doc/draft/draft-ietf-dnsext-dnssec-gost-03.txt b/doc/draft/draft-ietf-dnsext-dnssec-gost-04.txt similarity index 96% rename from doc/draft/draft-ietf-dnsext-dnssec-gost-03.txt rename to doc/draft/draft-ietf-dnsext-dnssec-gost-04.txt index 061df67944..1733c7d50d 100644 --- a/doc/draft/draft-ietf-dnsext-dnssec-gost-03.txt +++ b/doc/draft/draft-ietf-dnsext-dnssec-gost-04.txt @@ -1,12 +1,12 @@ DNS Extensions working group V.Dolmatov, Ed. Internet-Draft Cryptocom Ltd. -Intended status: Standards Track November 10, 2009 -Expires: May 10, 2010 +Intended status: Standards Track November 22, 2009 +Expires: May 22, 2010 Use of GOST signature algorithms in DNSKEY and RRSIG Resource Records for DNSSEC - draft-ietf-dnsext-dnssec-gost-03 + draft-ietf-dnsext-dnssec-gost-04 Status of this Memo @@ -49,7 +49,7 @@ Abstract the Domain Name System Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035). -V.Dolmatov Expires May 10, 2010 [Page 1] +V.Dolmatov Expires May 22, 2010 [Page 1] Table of Contents @@ -106,7 +106,7 @@ Table of Contents "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. -V.Dolmatov Expires May 10, 2010 [Page 2] +V.Dolmatov Expires May 22, 2010 [Page 2] 2. DNSKEY Resource Records @@ -164,7 +164,7 @@ V.Dolmatov Expires May 10, 2010 [Page 2] GostAsn1: MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgV/S 2FXdMtzKJBehZvjF4lVSx6m66TwqSe/MFwKSH/3E= -V.Dolmatov Expires May 10, 2010 [Page 3] +V.Dolmatov Expires May 22, 2010 [Page 3] The following DNSKEY RR stores a DNS zone key for example.net @@ -229,7 +229,7 @@ V.Dolmatov Expires May 10, 2010 [Page 3] type {TBA2}. The wire format of a digest value is compatible with RFC 4490 [RFC4490], that is digest is in little-endian representation. -V.Dolmatov Expires May 10, 2010 [Page 4] +V.Dolmatov Expires May 22, 2010 [Page 4] The digest MUST always be calculated with GOST R 34.11-94 parameters identified by id-GostR3411-94-CryptoProParamSet [RFC4357]. @@ -296,9 +296,9 @@ V.Dolmatov Expires May 10, 2010 [Page 4] Currently, the cryptographic resistance of the GOST 34.10-2001 digital signature algorithm is estimated as 2**128 operations of multiple elliptic curve point computations on prime modulus - 2**256. + of order 2**256. -V.Dolmatov Expires May 10, 2010 [Page 5] +V.Dolmatov Expires May 22, 2010 [Page 5] Currently, the cryptographic resistance of GOST 34.11-94 hash algorithm is estimated as 2**128 operations of computations of a @@ -355,7 +355,7 @@ V.Dolmatov Expires May 10, 2010 [Page 5] Rose, "Resource Records for the DNS Security Extensions", RFC 4034, March 2005. -V.Dolmatov Expires May 10, 2010 [Page 6] +V.Dolmatov Expires May 22, 2010 [Page 6] [RFC4035] Arends R., Austein R., Larson M., Massey D., and S. Rose, "Protocol Modifications for the DNS Security @@ -448,7 +448,8 @@ Moscow, 117303, Russian Federation EMail: igus@cryptocom.ru -V.Dolmatov Expires May 10, 2010 [Page 8] +V.Dolmatov Expires May 22, 2010 [Page 8] +