upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-27 09:06:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
30021 commits 18 branches 854 tags 440 MiB
Commit graph

966 commits

Author SHA1 Message Date
Michał Kępień
5201b96d03 [master] Fix calculation of dates for a successor key 
4685.	[bug]		dnssec-settime incorrectly calculated publication and
			activation dates for a successor key. [RT #45806]
 2017-08-21 09:55:36 +02:00
Tinderbox User
1c3b9b7666 update copyright notice / whitespace 2017-08-14 23:48:00 +00:00
Michał Kępień
877c264edc [master] Make dnssec-verify suggest using -o when appropriate 
4679.	[cleanup]	Suggest using -o when dnssec-verify finds a SOA record
			not at top of zone and -o is not used. [RT #45519]
 2017-08-14 14:01:27 +02:00
Tinderbox User
f4eb664ce3 update copyright notice / whitespace 2017-08-09 23:47:50 +00:00
Evan Hunt
cdacec1dcb [master] silence gcc 7 warnings 
4673.	[port]		Silence GCC 7 warnings. [RT #45592]
 2017-08-09 00:17:44 -07:00
Tinderbox User
7f18709b08 regen master 2017-08-02 01:09:18 +00:00
Tinderbox User
b74e1c3b50 update copyright notice / whitespace 2017-08-01 23:46:29 +00:00
Tinderbox User
8cc38b581c regen master 2017-08-01 01:08:53 +00:00
Francis Dupont
9b9182fe00 Added Ed25519 support (#44696) 2017-07-31 15:26:00 +02:00
Tinderbox User
9edeb0f922 update copyright notice / whitespace 2017-07-28 23:46:10 +00:00
Michał Kępień
c150f68609 [master] Clarify error message printed by dnssec-dsfromkey 
4663.	[cleanup]	Clarify error message printed by dnssec-dsfromkey.
			[RT #21731]
 2017-07-28 10:29:22 +02:00
Tinderbox User
9ab5ec1d72 update copyright notice / whitespace 2017-07-21 23:46:06 +00:00
Mark Andrews
4bf32aa587 4654. [cleanup] Don't use C++ keywords delete, new and namespace. 
[RT #45538]
 2017-07-21 11:52:24 +10:00
Tinderbox User
70698c6d17 regen master 2017-04-24 01:06:39 +00:00
Evan Hunt
6ce8a05f6c [master] update copyrights that had been missed recently 2017-04-23 17:06:00 -07:00
Tinderbox User
f5fa655319 regen master 2017-04-23 01:06:11 +00:00
Mukund Sivaraman
dd7d1df874 Increase minimum RSA keygen size to 1024 bits (#36895) 2017-04-21 12:00:40 +05:30
Mark Andrews
3742338a7b 4585. [port] win32: Set CompileAS value. [RT #42474] 2017-04-20 12:41:40 +10:00
Tinderbox User
e67fe90a1f regen master 2017-04-12 01:05:15 +00:00
Tinderbox User
b4099ed035 update copyright notice / whitespace 2017-04-11 23:45:37 +00:00
Evan Hunt
a477a025d5 [master] correct -M in synopsis 2017-04-11 12:24:10 -07:00
Tinderbox User
16fde7f0b3 regen master 2016-12-07 01:05:34 +00:00
Mark Andrews
1b8ce3b330 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831] 2016-12-07 10:49:55 +11:00
Evan Hunt
6087f87afb [master] make uninstall 
4503.	[cleanup]	"make uninstall" now removes file installed by
			BIND. (This currently excludes Python files
			due to lack of support in setup.py.) [RT #42912]
 2016-11-01 19:17:07 -07:00
Witold Krecicki
358dfaee18 4487. [test] Make system tests work on Windows. [RT #42931] 2016-10-19 17:18:42 +02:00
Mark Andrews
63fe88e8d8 4456. [doc] Add DOCTYPE and lang attribute to <html> tags. 
[RT #42587]
 2016-08-26 15:14:04 +10:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
30e4fbdfb5 consolidate copyrights 2016-07-21 17:24:07 +10:00
Tinderbox User
6807a2dc3c regen master 2016-07-21 07:11:01 +00:00
Mark Andrews
813e9f7ee2 copyright 2016-07-21 17:00:44 +10:00
Tinderbox User
6aba65d9f0 regen master 2016-07-06 01:05:19 +00:00
Mark Andrews
27505a932f one -f the -D sync's should have been just -D 2016-07-06 08:33:02 +10:00
Tinderbox User
33d0a7767d regen master 2016-06-27 05:29:38 +00:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
9f5443280f 4397. [bug] Update Windows python support. [RT #42538] 2016-06-24 16:04:10 +10:00
Tinderbox User
e76f113739 regen master 2016-06-02 01:05:09 +00:00
Tinderbox User
1c6d1ca335 update copyright notice / whitespace 2016-06-01 23:45:30 +00:00
Francis Dupont
2a8aa10492 Merged rt42505 (misc DNSSEC bugs) 2016-06-01 09:18:49 +02:00
Tinderbox User
f89adb2c2a update copyright notice / whitespace 2016-05-05 23:45:48 +00:00
Mark Andrews
5ac427050f 4360. [bug] Silence spurious 'bad key type' message when there is 
a existing TSIG key. [RT #42195]
 2016-05-05 22:27:08 +10:00
Evan Hunt
f6096b958c [master] dnssec-keymgr 
4349.   [contrib]       kasp2policy: A python script to create a DNSSEC
                        policy file from an OpenDNSSEC KASP XML file.

4348.	[func]		dnssec-keymgr: A new python-based DNSSEC key
			management utility, which reads a policy definition
			file and can create or update DNSSEC keys as needed
			to ensure that a zone's keys match policy, roll over
			correctly on schedule, etc.  Thanks to Sebastian
			Castro for assistance in development. [RT #39211]
 2016-04-28 00:16:01 -07:00
Tinderbox User
6632721990 regen master 2016-02-12 01:04:18 +00:00
Tinderbox User
b7f3400f3b update copyright notice / whitespace 2016-01-28 23:45:29 +00:00
Mark Andrews
832ab79d1f 4305. [bug] dnssec-signzone was not removing unnecessary rrsigs 
from the zone's apex. [RT #41483]
 2016-01-28 15:42:34 +11:00
Evan Hunt
30370d905e [master] removed /Gy- from VS project files 
4302.	[port]		win32: fixed a build error in VS 2015. [RT #41426]
 2016-01-27 15:27:57 -08:00
Tinderbox User
4df65ccfec update copyright notice / whitespace 2016-01-25 23:45:24 +00:00
Mark Andrews
f8432e3f24 4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534] 2016-01-26 00:09:03 +11:00
Mark Andrews
5b1c7ef35b 4264. [bug] Check const of strchr/strrchr assignments match 
argument's const status. [RT #41150]
 2015-11-20 18:38:24 +11:00
Tinderbox User
dec590a3de regen master 2015-11-18 01:04:11 +00:00
Jeremy C. Reed
cca02d061f Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-09 22:07:27 -05:00
Tinderbox User
3865e18d3d update copyright notice / whitespace 2015-11-09 23:45:22 +00:00
Jeremy C. Reed
dde7a7d357 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2015-11-09 11:25:01 -05:00
Evan Hunt
e13d04fda9 [master] fix python script versions 
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
 2015-11-08 21:34:24 -08:00
Tinderbox User
e62b9c9ce6 regen master 2015-11-06 01:04:13 +00:00
Jeremy C. Reed
f02194c053 clean up refpurpose contents to be consistent 
This is to be consistent with other manuals:
 - no period punctuation at end
 - no capitalization at beginning unless acronym or proper noun
 - and no simple article (like "A") to start sentence.

While the docbook specification says refpurpose is a "one sentence",
its examples show it with the rules shown above.

Also compared with many manpages as this is common format for the
.Nd macro's one line description.
 2015-11-05 13:01:07 -05:00
Mark Andrews
e939674d53 4252. [func] Add support for automating the generation CDS and 
CDNSKEY rrsets to named and dnssec-signzone.
                        [RT #40424]
 2015-11-05 12:09:48 +11:00
Tinderbox User
9d557856c2 regen master 2015-10-22 05:53:09 +00:00
Mark Andrews
30eec077db cleanup trailing white space in SGML like files 2015-10-22 16:09:46 +11:00
Tinderbox User
fd2597f756 regen master 2015-10-07 04:11:09 +00:00
Tinderbox User
010a51c427 regen master 2015-10-07 01:06:58 +00:00
Tinderbox User
19c7b1a029 update copyright notice / whitespace 2015-10-06 23:45:23 +00:00
Tinderbox User
2eeb74d1cf regen master 2015-10-06 05:45:21 +00:00
Evan Hunt
14a656f94b [master] upgrade doc toolchain 
4237.	[doc]		Upgraded documentation toolchain to use DocBook 5
			and dblatex. [RT #40766]
 2015-10-05 21:59:35 -07:00
Mark Andrews
7867d18ce0 Introduce end-of-line normalization 2015-09-29 08:25:35 +10:00
Mark Andrews
3b83676e07 *.vcxproj.in should use CRLF as EOL 2015-08-27 21:57:18 +00:00
Evan Hunt
420a43c8d8 [master] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]
 2015-08-17 18:26:44 -07:00
Tinderbox User
22be030b50 regen master 2015-05-29 01:04:57 +00:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00
Mark Andrews
e53e202ef3 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 2015-05-28 13:17:07 +10:00
Tinderbox User
481870b95f regen master 2015-05-28 01:04:54 +00:00
Tinderbox User
3813d22587 update copyright notice / whitespace 2015-05-27 23:45:25 +00:00
Mark Andrews
598b502695 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]
 2015-05-27 15:25:45 +10:00
Francis Dupont
3759f10fc5 added print.h includes, updated copyrights 2015-05-23 14:21:51 +02:00
Mark Andrews
bc8f82492d 4098. [bug] Address use-after-free issue when using a 
predecessor key with dnssec-settime. [RT #39272]
 2015-04-15 12:33:21 +10:00
Mark Andrews
29d52c001f 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 2015-03-03 16:43:42 +11:00
Tinderbox User
5e93bad21b update copyright notice / whitespace 2015-03-01 23:45:20 +00:00
Mark Andrews
af669cb4fd 4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708] 2015-02-27 10:55:55 +11:00
Mark Andrews
e785f9c1c7 4057. [bug] 'dnssec-dsfromkey -T 0' failed to add ttl field. 
[RT #38565]
 2015-02-06 17:01:50 +11:00
Tinderbox User
c110d61b17 update copyright notice / whitespace 2015-01-20 23:45:26 +00:00
Evan Hunt
11463c0ac2 [master] clean up gcc -Wshadow warnings 
4039.	[cleanup]	Cleaned up warnings from gcc -Wshadow. [RT #37381]
 2015-01-20 13:29:18 -08:00
Tinderbox User
ef8014e56f regen master 2015-01-14 01:04:44 +00:00
Tinderbox User
a6ca100924 update copyright notice / whitespace 2015-01-13 23:45:21 +00:00
Evan Hunt
03f979494f [master] document default DNSKEY TTL 
- see RT #38268
 2015-01-13 09:54:57 -08:00
Tinderbox User
6478b87fd2 regen master 2014-10-17 01:04:36 +00:00
Jeremy C. Reed
edad003e63 Remove the apostrophe 's from plural acronyms 
This is to be consistent with our common usage of just using a
plural "s" without apostrophe.

This was brought up via discussion in ticket 37505.

I didn't have this reviewed.
 2014-10-16 11:55:51 -05:00
Mark Andrews
80169c379d 3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256 
and ECDSAP384SHA384. [RT #37183]
 2014-09-29 10:18:54 +10:00
Tinderbox User
5fa6a064b8 regen master 2014-09-05 19:26:47 +00:00
Tinderbox User
cefd74ae81 regen master 2014-08-23 01:06:12 +00:00
Jeremy C. Reed
f3150c99d7 add missing -Q from synopsis 2014-08-22 08:22:17 -05:00
Evan Hunt
eeb13c7cd2 [master] don't clear signatures from zone cuts 
3922.	[bug]		When resigning, dnssec-signzone was removing
			all signatures from delegation nodes. It now
			retains	DS and (if applicable) NSEC signatures.
			[RT #36946]
 2014-08-21 22:56:12 -07:00
Mark Andrews
e58154a6ec silence coverity warnings 2014-07-02 15:28:02 +10:00
Tinderbox User
6f12058975 regen master 2014-06-17 01:05:10 +00:00
Mukund Sivaraman
4278293107 [10686] Add version printing option to various BIND utilites 
Squashed commit of the following:

commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
Author: Evan Hunt <each@isc.org>
Date:   Tue Jun 10 16:52:45 2014 -0700

    [rt10686] move version() to dnssectool.c

commit df205b541d1572ea5306a5f671af8b54b9c5c770
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:31 2014 +0530

    Rearrange order of cases

commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:08 2014 +0530

    Add version printer to dnssec-verify

commit a625ea338c74ab5e21634033ef87f170ba37fdbe
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:32:19 2014 +0530

    Add version printer to dnssec-signzone

commit d91e1c0f0697b3304ffa46fccc66af65591040d9
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:26:01 2014 +0530

    Add version printer to dnssec-settime

commit 46fc8775da3e13725c31d13e090b406d69b8694f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:25:48 2014 +0530

    Fix docbook

commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:20:17 2014 +0530

    Add version printer to dnssec-revoke

commit d0916420317d3e8c69cf1b37d2209ea2d072b913
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:17:54 2014 +0530

    Add version printer to dnssec-keygen

commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:14:11 2014 +0530

    Add version printer to dnssec-keyfromlabel

commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:13:39 2014 +0530

    Update usage help output, docbook

commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:07:18 2014 +0530

    Add version printer to dnssec-importkey

commit 9274fc61e38205aad561edf445940b4e73d788dc
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:01:53 2014 +0530

    Add version printer to dnssec-dsfromkey

commit bf4605ea2d7282e751fd73489627cc8a99f45a90
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 20:49:22 2014 +0530

    Add -V to nsupdate usage output
 2014-06-16 12:10:38 +05:30
Tinderbox User
e68c527dff regen master 2014-04-30 01:05:11 +00:00
Evan Hunt
b4ba66ba1e [master] "dnssec-signzone -N date" 
3827.	[func]		"dnssec-signzone -N date" updates serial number
			to the current date in YYYYMMDDNN format.
			[RT #35800]
 2014-04-29 16:29:20 -07:00
Tinderbox User
a7051299c6 update copyright notice 2014-04-10 23:46:10 +00:00
Tinderbox User
914ed533b8 regen master 2014-04-10 01:05:11 +00:00
Evan Hunt
540daf2887 [master] missing manpage install rule for dnssec-importkey 2014-04-09 17:17:25 -07:00
Evan Hunt
acbb301e64 [master] better error output when initializing pkcs11 
3786.	[func]		Provide more detailed error codes when using
			native PKCS#11. "pkcs11-tokens" now fails robustly
			rather than asserting when run against an HSM with
			an incomplete PCKS#11 API implementation. [RT #35479]
 2014-03-12 20:52:01 -07:00
Evan Hunt
b454c03196 [master] use ANSI prototypes, clean up some casts 2014-03-04 10:42:25 -08:00
Evan Hunt
7d769b7ba7 [master] don't use keyname from command line if using -S 2014-03-04 09:07:26 -08:00
Tinderbox User
e23798e2ab update copyright notice 2014-02-28 23:46:19 +00:00
Tinderbox User
794b79e6bb regen master 2014-02-28 01:07:06 +00:00
Evan Hunt
a60bf97f9f [master] dnssec-keyfromlabel -S and -i 
3764.	[bug]		The dnssec-keygen/settime -S and -i options
			(to set up a successor key and set the prepublication
			interval) were missing from dnssec-keyfromlabel.
			[RT #35394]
 2014-02-27 16:25:32 -08:00
Tinderbox User
938440694b update copyright notice 2014-02-27 23:46:22 +00:00
Evan Hunt
1753d3c4d7 [master] correct dates in man pages 2014-02-27 11:43:10 -08:00
Evan Hunt
3a01ded15d [master] enable windows python tools 
3757.	[port]		Enable Python tools (dnssec-coverage,
			dnssec-checkds) to run on Windows. [RT #34355]
 2014-02-26 08:43:50 -08:00
Evan Hunt
6ce1aa1902 [master] tag mismatch 2014-02-20 20:59:24 -08:00
Tinderbox User
0e1dece22e regen master 2014-02-20 19:19:27 +00:00
Evan Hunt
35f6a21f5f [master] max-zone-ttl 
3746.	[func]		New "max-zone-ttl" option enforces maximum
			TTLs for zones. If loading a zone containing a
			higher TTL, the load fails. DDNS updates with
			higher TTLs are accepted but the TTL is truncated.
			(Note: Currently supported for master zones only;
			inline-signing slaves will be added.) [RT #38405]
 2014-02-18 23:26:50 -08:00
Mark Andrews
2729aea3c1 3738. [bug] --enable-openssl-hash failed to build. [RT #35343] 2014-02-13 15:09:08 +11:00
Mark Andrews
5deedd7057 use unsigned constants 2014-02-13 07:48:44 +11:00
Evan Hunt
dbb012765c [master] merge libiscpk11 to libisc 
3735.	[cleanup]	Merged the libiscpk11 library into libisc
			to simplify dependencies. [RT #35205]
 2014-02-11 21:20:28 -08:00
Tinderbox User
81f58902eb update copyright notice 2014-02-07 23:46:39 +00:00
Tinderbox User
bbbf2e27d3 regen master 2014-02-07 02:03:45 +00:00
Mark Andrews
11d8c966ea fix closing tag 2014-02-07 12:26:16 +11:00
Evan Hunt
a165a17a81 [master] dnssec-keygen fixes 
3730.	[cleanup]	Added "never" as a synonym for "none" when
			configuring key event dates in the dnssec tools.
			[RT #35277]

3729.	[bug]		dnssec-kegeyn could set the publication date
			incorrectly when only the activation date was
			specified on the command line. [RT #35278]
 2014-02-06 15:59:14 -08:00
Evan Hunt
08c67b5b7a [master] improved native-pkcs11 doc 
3728.	[doc]		Expanded native-PKCS#11 documentation,
			specifically pkcs11: URI labels. [RT #35287]
 2014-02-06 15:40:00 -08:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Tinderbox User
dd1ce8b524 regen master 2014-01-17 01:05:10 +00:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Tinderbox User
6ea2385360 regen master 2014-01-16 01:05:38 +00:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Tinderbox User
3f9791eac4 regen master 2013-12-12 01:05:00 +00:00
Tinderbox User
de77dcc2c1 update copyright notice 2013-12-11 23:47:38 +00:00
Evan Hunt
0bbe3273a2 [master] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]
 2013-12-11 13:25:21 -08:00
Mark Andrews
53f70575bd silence compiler warnings 2013-12-06 17:38:25 +11:00
Mark Andrews
c3c8823fed 3681. [port] Update the Windows build system to support feature 
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]
 2013-12-04 12:47:23 +11:00
Mark Andrews
6b0434299b 3671. [bug] Don't allow dnssec-importkey overwrite a existing 
non-imported private key.
 2013-11-13 12:01:09 +11:00
Tinderbox User
77b7c54f1a regen master 2013-10-13 01:04:48 +00:00
Mark Andrews
cbadc440b9 typos 2013-10-13 11:12:43 +11:00
Tinderbox User
63737247d1 update copyright notice 2013-09-05 23:46:16 +00:00
Evan Hunt
690bd6bf5d [master] fix inline test, add importkey to win32 build 2013-09-04 18:56:50 -07:00
Tinderbox User
d2bdd5b314 regen master 2013-09-05 01:04:31 +00:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Mark Andrews
b5f4cc132e 3641. [bug] Handle changes to sig-validity-interval settings 
better. [RT #34625]
 2013-09-04 13:45:00 +10:00
Mark Andrews
7cd9d53c8c don't print out result as it is not meaningful here 2013-08-16 09:44:30 +10:00
Mark Andrews
7ace327795 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]
 2013-08-15 10:48:05 +10:00
Mark Andrews
9d69017bc6 3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error 
message. [RT #34045]
 2013-07-03 15:41:48 +10:00
Evan Hunt
b7e40659ef [master] rebuild resigning heaps when loading map files 
3597.	[bug]		Ensure automatic-resigning heaps are reconstructed
			when loading zones in map format. [RT #33381]
 2013-06-14 10:16:10 -07:00
Evan Hunt
8f1e278931 [master] updated win32 build 
3596.	[port]		Updated win32 build documentation, added
                        dnssec-verify. [RT #22067]
 2013-06-13 17:31:41 -07:00
Evan Hunt
e47208b6fb [master] silence ccc-analyzer 
3567.	[bug]		Silence clang static analyzer warnings. [RT #33365]
 2013-05-03 14:31:27 -07:00
Evan Hunt
96139421d6 [master] win32 portability fixes 2013-03-26 23:01:13 -07:00
Tinderbox User
8bbfb495a2 regen master 2013-01-26 01:04:30 +00:00
Tinderbox User
43b9448395 regen master 2013-01-25 01:04:51 +00:00
Evan Hunt
c9611b4573 [master] change "fast" to "map" 
3475.	[cleanup]	Changed name of 'map' zone file format (previously
			'fast'). [RT #32458]
 2013-01-24 14:20:48 -08:00
Tinderbox User
3aaa526a94 update copyright notice 2013-01-23 23:45:55 +00:00
Evan Hunt
9a0dd99a75 [master] fix incorrect nsec3 check 
- check for NSEC3 in empty nodes when not due to optout delegations
    - fixed typo in output ("Bad record NSEC record")
    - incidentally fixed an error in signzone that caused an
      incorrect warning about missing DNSKEYs when using -S
      and -3 together

3473.	[bug]		dnssec-signzone/verify could incorrectly report
			an error condition due to an empty node above an
			opt-out delegation lacking an NSEC3. [RT #32072]
 2013-01-23 14:56:00 -08:00
Tinderbox User
5ac5300fdf update copyright notice 2013-01-17 23:46:25 +00:00
Curtis Blackburn
c8803902d6 [bug] Added checks in dnssec-keygen and dnssec-settime to check for 
delete date < inactive date. [RT #31719]
 2013-01-17 10:59:16 -06:00
Mark Andrews
040dc29236 throw fatal error on realloc failure 2012-12-10 10:16:28 +11:00
Tinderbox User
d9eb3dcfa1 update copyright notice 2012-11-28 23:45:44 +00:00
Evan Hunt
a1dbf90381 [master] remove libgen.h from dnssec tools 
we no longer use basename() or dirname()
 2012-11-27 19:45:51 -08:00
Mark Andrews
b13b452020 3424. [func] dnssec-dsfromkey now emits the hash without spaces. 
[RT #31951]

Squashed commit of the following:

commit 7369da0369e1de1fe6c5b5f84df8848b9a0984eb
Author: Mark Andrews <marka@isc.org>
Date:   Fri Nov 23 17:24:04 2012 +1100

    dupped/created reversed in log message

commit 0cef5faaf3ac22b00ed0f95b6bb7a146cf4cac15
Author: Mark Andrews <marka@isc.org>
Date:   Fri Nov 23 13:40:14 2012 +1100

    remove space from DS hash
 2012-11-27 14:22:28 +11:00
Evan Hunt
4b3d727d96 [master] remove spurious signatures from glue 
3404.	[bug]		dnssec-signzone: When re-signing a zone, remove
			RRSIG and NSEC records from nodes that used to be
			in-zone but are now below a zone cut. [RT #31556]
 2012-10-24 15:46:59 -07:00
Mark Andrews
611dc88768 3390. [bug] Silence clang compiler warnings. [RT #30417] 2012-10-06 14:20:45 +10:00
Evan Hunt
41bbb34bc2 fix coverity issues 
3388.	[bug]		Fixed several Coverity warnings. [RT #30996]
 2012-10-02 23:44:03 -07:00
Mark Andrews
82f37b2665 use binary mode for raw/fast 2012-09-12 17:24:45 +10:00
Tinderbox User
9b20c5d7ff regen master 2012-08-24 01:06:01 +00:00
Tinderbox User
291a670d12 update copyright notice 2012-07-05 23:45:48 +00:00
ckb
c514f38c80 Conflicts: 
lib/dns/dst_parse.c
	lib/isc/win32/file.c
 2012-07-05 16:07:31 -05:00
Mark Andrews
bf8267aa45 reverse bad copyright update 2012-06-29 11:39:47 +10:00
Tinderbox User
247bf37860 update copyright notice 2012-06-29 01:22:18 +00:00
Tinderbox User
da5d53fb14 update copyright notice 2012-06-26 23:45:56 +00:00
Mark Andrews
ad127d839d 3341. [func] New "dnssec-verify" command checks a signed zone 
to ensure correctness of signatures and of NSEC/NSEC3
                        chains. [RT #23673]
 2012-06-25 13:57:32 +10:00
Tinderbox User
dba3c818ae regen master 2012-06-23 01:04:31 +00:00
Tinderbox User
3b398443f0 update copyright notice 2012-06-21 23:46:36 +00:00
Evan Hunt
6844e3f010 Add documentation for 'fast' format 2012-06-21 15:39:56 -07:00
ckb
7829fad409 merging fast format zone files 
Conflicts:
	.gitignore
	bin/named/zoneconf.c
	bin/tests/.gitignore
	bin/tests/system/autosign/tests.sh
	bin/tests/system/masterformat/clean.sh
	bin/tests/system/masterformat/ns1/compile.sh
	bin/tests/system/masterformat/tests.sh
	configure
	lib/dns/db.c
	lib/dns/include/dns/db.h
	lib/dns/include/dns/types.h
	lib/dns/master.c
	lib/dns/masterdump.c
	lib/dns/rbt.c
	lib/dns/rbtdb.c
	lib/dns/sdb.c
	lib/dns/sdlz.c
	lib/dns/tests/.cvsignore
	lib/dns/tests/Makefile.in
	lib/dns/win32/libdns.def
	lib/dns/xfrin.c
	lib/dns/zone.c
	lib/export/dns/Makefile.in
	lib/isc/include/isc/file.h
	lib/isc/unix/file.c
	lib/isc/win32/file.c
	lib/isccfg/namedconf.c
 2012-06-20 14:13:12 -05:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Tinderbox User
cd791043c8 regen master 2012-05-03 01:04:16 +00:00
Tinderbox User
99d8f5a704 update copyright notice 2012-05-02 23:45:44 +00:00
Mark Andrews
aaaf8d4f48 3317. [func] Add ECDSA support (RFC 6605). [RT #21918] 2012-05-02 23:20:17 +10:00
Tinderbox User
ea94d37012 regen master 2012-03-07 01:41:11 +00:00
Evan Hunt
e41d5a00bc added gitignore, removed cvsignore 2012-03-03 23:10:05 -08:00
Automatic Updater
97e74139b1 regen HEAD 2011-12-22 18:10:11 +00:00
Evan Hunt
f30785f506 3252. [bug] When master zones using inline-signing were 
updated while the server was offline, the source
			zone could fall out of sync with the signed
			copy. They can now resynchronize. [RT #26676]
 2011-12-22 07:32:41 +00:00
Automatic Updater
72938578c9 regen HEAD 2011-12-10 01:14:53 +00:00
Mark Andrews
b11fd36119 move declaration to start of block 2011-12-08 23:45:02 +00:00
Evan Hunt
b4d8192d21 3241. [func] Extended the header of raw-format master files to 
include the serial number of the zone from which
			they were generated, if different (as in the case
			of inline-signing zones).  This is to be used in
			inline-signing zones, to track changes between the
			unsigned and signed versions of the zone, which may
			have different serial numbers.

			(Note: raw zonefiles generated by this version of
			BIND are no longer compatble with prior versions.
			To generate a backward-compatible raw zonefile
			using dnssec-signzone or named-compilezone, specify
			output format "raw=0" instead of simply "raw".)
			[RT #26587]
 2011-12-08 16:07:22 +00:00
Mark Andrews
411d2914ad 3226. [bug] Address minor resource leakages. [RT #26624] 2011-11-30 00:48:51 +00:00
Automatic Updater
2628293c6e regen HEAD 2011-11-08 01:14:50 +00:00
Automatic Updater
0237221b8a update copyright notice 2011-11-07 23:46:50 +00:00
Evan Hunt
d9eebc0849 3211. [func] dnssec-signzone: "-f -" prints to stdout; "-O full" 
option prints in single-line-per-record format.
			[RT #20287]
 2011-11-07 23:16:31 +00:00
Automatic Updater
77dccf2a5d regen HEAD 2011-11-05 01:14:51 +00:00
Evan Hunt
d7be2b79ed 3198. [doc] Clarified that dnssec-settime can alter keyfile 
permissions. [RT #24866]
 2011-11-03 20:21:37 +00:00
Automatic Updater
e839bf134f regen HEAD 2011-10-26 01:14:53 +00:00
Mark Andrews
b1c6de5456 3177. [func] 'rndc keydone', remove the indicator record that 
named has finished signing the zone with the
                        corresponding key.  [RT #26206]
 2011-10-25 01:54:22 +00:00
Mark Andrews
f49d12edf8 remove redundant assignment and variable 2011-10-21 03:55:33 +00:00
Automatic Updater
12bfbed87c regen HEAD 2011-10-21 01:14:51 +00:00
Automatic Updater
dfc015bc7e update copyright notice 2011-10-20 23:46:51 +00:00
Mark Andrews
1946c596b4 3174. [bug] Always compute to revoked key tag from scratch. 
[RT #24711]
 2011-10-20 21:20:02 +00:00
Evan Hunt
653a78de95 3165. [bug] dnssec-signzone could generate new signatures when 
resigning, even when valid signatures were already
			present. [RT #26025]
 2011-10-11 19:26:06 +00:00
Evan Hunt
ab6c20f978 fix whitespace 2011-09-03 05:51:29 +00:00
Mark Andrews
3a63259484 3143. [bug] Silence clang compiler warnings. [RT #25174] 2011-08-18 04:52:35 +00:00
Automatic Updater
3d73f493d0 update copyright notice 2011-07-19 23:47:48 +00:00
Mark Andrews
96ade2bc52 3134. [bug] Improve the accuracy of dnssec-signzone's signing 
statistics. [RT #16030]
 2011-07-19 04:09:27 +00:00
Evan Hunt
79ce3a9e82 3128. [func] Inserting an NSEC3PARAM via dynamic update in an 
auto-dnssec zone that has not been signed yet
			will cause it to be signed with the specified NSEC3
			parameters when keys are activated.  The
			NSEC3PARAM record will not appear in the zone until
			it is signed, but the parameters will be stored.
			[RT #23684]
 2011-06-10 01:51:09 +00:00