upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/bin/tests/system/cds
History
Tony Finch eabf898b36 Suppress SHA-1 DS records in dnssec-cds 
Previously, when dnssec-cds copied CDS records to make DS records,
its -a algorithm option did not have any effect. This means that if
the child zone is signed with older software that generates SHA-1 CDS
records, dnssec-cds would (by default) create SHA-1 DS records in
violation of RFC 8624.

This change makes the dnssec-cds -a option apply to CDS records as
well as CDNSKEY records. In the CDS case, the -a algorithms are the
acceptable subset of possible CDS algorithms. If none of the CDS
records are acceptable, dnssec-cds tries to generate DS records from
CDNSKEY records.
2021-08-18 22:42:00 -07:00
..
.gitignore [master] dnssec-cds 2017-10-05 01:04:18 -07:00
checkmtime.pl update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
checktime.pl update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
clean.sh update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
mangle.pl update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
setup.sh Suppress SHA-1 DS records in dnssec-cds 2021-08-18 22:42:00 -07:00
tests.sh Suppress SHA-1 DS records in dnssec-cds 2021-08-18 22:42:00 -07:00