2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00

151 Commits

Author SHA1 Message Date
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
2009-10-12 20:48:12 +00:00
Evan Hunt
d1f39121a6 2707. [func] dnssec-keyfromlabel no longer require engine name
to be specified in the label if there is a default
			engine or the -E option has been used.  Also, it
			now uses default algorithms as dnssec-keygen does
			(i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
			[RT #20371]
2009-10-06 22:58:45 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Evan Hunt
1210799345 Add /* NOTREACHED */ comments 2009-10-03 18:03:54 +00:00
Francis Dupont
debd489a44 noreturn RT #20257 2009-09-29 15:06:07 +00:00
Evan Hunt
53c22b8e0d 2685. [bug] Fixed dnssec-signzone -S handling of revoked keys.
Also, added warnings when revoking a ZSK, as this is
			not defined by protocol (but is legal).  [RT #19943]
2009-09-23 16:01:57 +00:00
Evan Hunt
b843f577bb 2677. [func] Changes to key metadata behavior:
- Keys without "publish" or "active" dates set will
			  no longer be used for smart signing.  However,
			  those dates will be set to "now" by default when
			  a key is created; to generate a key but not use
			  it yet, use dnssec-keygen -G.
			- New "inactive" date (dnssec-keygen/settime -I)
			  sets the time when a key is no longer used for
			  signing but is still published.
			- The "unpublished" date (-U) is deprecated in
			  favor of "deleted" (-D).
			[rt20247]
2009-09-14 18:45:45 +00:00
Francis Dupont
1f821c1058 merge rt19294 2009-09-07 12:58:33 +00:00
Evan Hunt
8d0a1ede2f RT #20213:
- correctly use -K option in dnssec-keygen
- fix an improper free() in dnssec-revoke
- fix grammar in dnssec-settime
2009-09-04 16:57:22 +00:00
Automatic Updater
d7201de09b update copyright notice 2009-09-02 23:48:03 +00:00
Evan Hunt
eab9975bcf 2668. [func] Several improvements to dnssec-* tools, including:
- dnssec-keygen and dnssec-settime can now set key
			  metadata fields 0 (to unset a value, use "none")
			- dnssec-revoke sets the revocation date in
			  addition to the revoke bit
			- dnssec-settime can now print individual metadata
			  fields instead of always printing all of them,
			  and can print them in unix epoch time format for
			  use by scripts
			[RT #19942]
2009-09-02 06:29:01 +00:00
Tatuya JINMEI 神明達哉
307d208450 2660. [func] Add a new set of DNS libraries for non-BIND9
applications.  See README.libdns. [RT #19369]
2009-09-01 00:22:28 +00:00
Automatic Updater
26d8ffe715 update copyright notice 2009-07-19 23:47:55 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
2009-07-19 04:18:05 +00:00
Automatic Updater
f66c8eed51 update copyright notice 2009-06-30 23:48:01 +00:00
Evan Hunt
cfb1587eb9 2619. [func] Add support for RFC 5011, automatic trust anchor
maintenance.  The new "managed-keys" statement can
			be used in place of "trusted-keys" for zones which
			support this protocol.  (Note: this syntax is
			expected to change prior to 9.7.0 final.) [RT #19248]
2009-06-30 02:53:46 +00:00
Automatic Updater
dde8659175 update copyright notice 2009-06-17 23:53:04 +00:00
Evan Hunt
b272d38cc5 2612. [func] Add default values for the arguments to
dnssec-keygen.  Without arguments, it will now
			generate a 1024-bit RSASHA1 zone-signing key,
			or with the -f KSK option, a 2048-bit RSASHA1
			key-signing key. [RT #19300]

2611.	[func]		Add -l option to dnssec-dsfromkey to generate
			DLV records instead of DS records. [RT #19300]
2009-06-17 06:51:44 +00:00
Automatic Updater
54cdd2b307 update copyright notice 2009-05-07 23:47:44 +00:00
Francis Dupont
ddac1a2b98 reserve -F 2009-05-07 09:33:52 +00:00
Automatic Updater
3398334b3a update copyright notice 2008-09-25 04:02:39 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
271c4c7ffa update copyright notice 2007-08-28 07:20:43 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
bf45f72ed3 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
when generating DNSKEYs. [RT #16954]
2007-06-18 01:03:13 +00:00
Mark Andrews
0f8c9b5eed 2191. [func] named-checkzone now allows dumping to stdout (-).
named-checkconf now has -h for help.
                        named-checkzone now has -h for help.
                        Better handling of '-?' for usage summaries.
                        [RT #16707]
2007-05-21 02:47:25 +00:00
Mark Andrews
f8574167b2 update copyright notice 2007-01-09 23:49:38 +00:00
Mark Andrews
92f56936fb update copyright notice 2007-01-09 03:11:16 +00:00
Mark Andrews
c6d4f78152 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
HMACSHA512 support. [RT #13606]
2006-01-27 02:35:15 +00:00
Mark Andrews
35da39a7f1 update copyright notice 2006-01-04 00:37:24 +00:00
Mark Andrews
2a90390dee 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended.
To generate a RSAMD5 key you must explictly request
                        RSAMD5. [RT #13780]
2006-01-03 06:06:04 +00:00
Mark Andrews
ed6ca94ad7 finetune isc_thread_key implementation [RT #15408] 2005-09-18 07:16:24 +00:00
Mark Andrews
69fe9aaafd update copyright notice 2005-04-29 00:24:12 +00:00
Rob Austein
ab023a6556 1851. [doc] Doxygen comment markup. [RT #11398] 2005-04-27 04:57:32 +00:00
Mark Andrews
cc3aafe737 1659. [cleanup] Cleanup some messages that were referring to KEY vs
DNSKEY, NXT vs NSEC and SIG vs RRSIG.

1658.   [func]          Update dnssec-keygen to default to KEY for HMAC-MD5
                        and DH.  Tighten which options apply to KEY and
                        DNSKEY records.
2004-06-11 01:12:40 +00:00
Mark Andrews
50105afc55 1589. [func] DNSSEC lookaside validation.
enable-dnssec -> dnssec-enable
2004-03-10 02:19:58 +00:00
Mark Andrews
af5073d032 update copyrights 2004-03-05 05:48:29 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
b0c15bd979 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
from SOA MINIMUM.

1414.   [func]          Support for KSK flag.
2003-01-18 02:40:59 +00:00
Mark Andrews
93e353425a 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
dnssec-signkey now report their version in the
                        usage message.
2002-12-03 05:01:34 +00:00
Mark Andrews
a7038d1a05 copyrights 2002-02-20 03:35:59 +00:00
Brian Wellington
2ca556300b 1180. [func] dnssec-keygen should always generate keys with
protocol 3 (DNSSEC), since it's less confusing
			that way.
2002-01-21 10:13:20 +00:00
Brian Wellington
d9af67ef70 add RSA to the secalgs list in rdata.c (as a synonym for RSAMD5), remove the
special case code in dnssec-keygen to parse RSA.
2001-11-15 19:44:52 +00:00
Andreas Gustafsson
d25365515e consistently begin error messages with a lower case letter 2001-10-11 22:53:46 +00:00
Brian Wellington
ce1d4c7aeb Print an error when creating a zone key with an algorithm that is not
allowed for a zone key.
2001-10-11 22:19:15 +00:00
Andreas Gustafsson
94ce9c52fb Improve error messages printed by dnssec tools when compiled
without crypto support (patch from Olafur)
2001-10-04 23:48:16 +00:00
Brian Wellington
f2d88ed98c clarify help text 2001-09-25 22:47:02 +00:00
Brian Wellington
39504d4517 remove dead code, consolidate dupliacted code. 2001-09-21 00:17:01 +00:00
Andreas Gustafsson
2f734e0a7e sizeof style 2001-09-19 23:08:24 +00:00
Brian Wellington
2dee13b8b8 rsasha1 stuff 2001-09-19 00:15:05 +00:00