upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-29 18:09:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
16551 commits 18 branches 854 tags 440 MiB
Commit graph

542 commits

Author SHA1 Message Date
Evan Hunt
6f6f08b7a4 2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588] 2009-11-06 01:06:38 +00:00
Automatic Updater
64affc54f9 regen 2009-11-03 21:59:04 +00:00
Evan Hunt
f80b665135 fix typo: s/pcks11/pkcs11/ 2009-11-03 21:44:46 +00:00
Mark Andrews
2162c1ed3d add missing period 2009-11-03 01:31:17 +00:00
Automatic Updater
575e15fed9 regen 2009-10-28 01:14:38 +00:00
Mark Andrews
c6d2578fd6 2741. [func] Allow the dnssec-keygen progress messages to be 
suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]
 2009-10-28 00:27:10 +00:00
Evan Hunt
e3b59e4af7 Minor cleanup in dnssec-* tools 2009-10-27 18:56:49 +00:00
Mark Andrews
63d5a6f680 2736. [func] Improve the performance of NSEC signed zones with 
more than a normal amount of glue below a delegation.
                        [RT #20191]
 2009-10-27 04:46:58 +00:00
Evan Hunt
e8831e51c1 2735. [bug] dnssec-signzone could fail to read keys 
that were specified on the command line with
			full paths, but weren't in the current
			directory. [RT #20421]
 2009-10-27 03:59:45 +00:00
Automatic Updater
5f744ebbdc update copyright notice 2009-10-26 23:47:35 +00:00
Evan Hunt
c021499604 2731. [func] Additional work on change 2709. The key parser 
will now ignore unrecognized fields when the
			minor version number of the private key format
			has been increased.  It will reject any key with
			the major version number increased. [RT #20310]
 2009-10-26 21:18:24 +00:00
Francis Dupont
775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Evan Hunt
8f0502e922 2728. [bug] dnssec-keygen, dnssec-keyfromlabel and 
dnssec-signzone now warn immediately if asked to
			write into a nonexistent directory. [RT #20278]
 2009-10-24 00:00:06 +00:00
Automatic Updater
8e821eea5f regen 2009-10-23 01:14:48 +00:00
Evan Hunt
cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512. [RT #20023]
 2009-10-22 02:21:31 +00:00
Automatic Updater
5a24d24c8f regen 2009-10-17 01:14:35 +00:00
Jeremy Reed
eec29cfd40 Fix typo as reported by SUN Guonian <sun@cnnic.cn>. 
This was seen in 9.7.0a3.
No CHANGES entry as is too minor.
 2009-10-16 15:37:01 +00:00
Mark Andrews
1ed01b3390 silence compiler warning 2009-10-14 22:07:13 +00:00
Automatic Updater
ef9ee92543 update copyright notice 2009-10-13 23:48:12 +00:00
Evan Hunt
19ac4707ee changes needed for win32 build 2009-10-13 00:55:51 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Automatic Updater
3b2c6af63e regen 2009-10-12 23:16:15 +00:00
Evan Hunt
c00929ed9f additional doc improvement 2009-10-12 23:02:32 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Automatic Updater
8de0d8a690 regen 2009-10-11 01:14:49 +00:00
Evan Hunt
3727725bb7 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only' 
zone option cause a zone to be signed with only KSKs
			signing the DNSKEY RRset, not ZSKs.  This reduces
			the size of a DNSKEY answer.  [RT #20340]
 2009-10-10 01:48:00 +00:00
Evan Hunt
315a1514a5 2709. [func] Added some data fields, currently unused, to the 
private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]
 2009-10-09 06:09:21 +00:00
Automatic Updater
2a6d4c9948 regen 2009-10-07 01:14:42 +00:00
Evan Hunt
22b23fb59d tbox wants an #include <isc/print.h>... 2009-10-06 23:22:51 +00:00
Evan Hunt
d1f39121a6 2707. [func] dnssec-keyfromlabel no longer require engine name 
to be specified in the label if there is a default
			engine or the -E option has been used.  Also, it
			now uses default algorithms as dnssec-keygen does
			(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
			[RT #20371]
 2009-10-06 22:58:45 +00:00
Automatic Updater
8ec3c08523 regen 2009-10-06 01:14:42 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Evan Hunt
1210799345 Add /* NOTREACHED */ comments 2009-10-03 18:03:54 +00:00
Automatic Updater
66fec05962 regen 2009-09-30 01:14:47 +00:00
Evan Hunt
a93a66f618 2794. [bug] Reduce default NSEC3 iterations from 100 to 10. 
[RT #19970]
 2009-09-29 22:17:34 +00:00
Francis Dupont
debd489a44 noreturn RT #20257 2009-09-29 15:06:07 +00:00
Automatic Updater
f3d1a0ba52 regen 2009-09-26 01:14:51 +00:00
Automatic Updater
627f3e0805 update copyright notice 2009-09-25 23:48:13 +00:00
Evan Hunt
1e3c9961bb Move dns_rdataset_init() call earlier so "goto cleanup" won't trigger 
an assert in dns_rdataset_isassociated().  (This is trivial, I'm going
to commit without review.)
 2009-09-25 14:30:10 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
63a1800105 Fix several problems introduced by rt19943 2009-09-24 04:36:28 +00:00
Automatic Updater
d48690af7a update copyright notice 2009-09-23 23:47:56 +00:00
Evan Hunt
53c22b8e0d 2685. [bug] Fixed dnssec-signzone -S handling of revoked keys. 
Also, added warnings when revoking a ZSK, as this is
			not defined by protocol (but is legal).  [RT #19943]
 2009-09-23 16:01:57 +00:00
Mark Andrews
4d0e2cf9b9 2684. [bug] dnssec-signzone should clean the old NSEC chain when 
signing with NSEC3 and vica versa. [RT #20301]
 2009-09-23 14:05:11 +00:00
Mark Andrews
011d0b7dc8 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when 
the NSEC3 parameters used to sign the zone change.
                        [RT #20246]
 2009-09-23 04:30:16 +00:00
Automatic Updater
f8e3e03cac regen 2009-09-15 01:14:42 +00:00
Evan Hunt
b843f577bb 2677. [func] Changes to key metadata behavior: 
- Keys without "publish" or "active" dates set will
			  no longer be used for smart signing.  However,
			  those dates will be set to "now" by default when
			  a key is created; to generate a key but not use
			  it yet, use dnssec-keygen -G.
			- New "inactive" date (dnssec-keygen/settime -I)
			  sets the time when a key is no longer used for
			  signing but is still published.
			- The "unpublished" date (-U) is deprecated in
			  favor of "deleted" (-D).
			[rt20247]
 2009-09-14 18:45:45 +00:00
Automatic Updater
c7d32c0b0f regen 2009-09-08 01:14:42 +00:00
Francis Dupont
210970a248 two votes for keys -> key pair 2009-09-07 23:11:48 +00:00
Francis Dupont
1f821c1058 merge rt19294 2009-09-07 12:58:33 +00:00