mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity
26,614 Commits 659 Branches 820 Tags
Commit Graph

338 Commits

Author SHA1 Message Date
Francis Dupont
debd489a44 noreturn RT #20257 2009-09-29 15:06:07 +00:00
Automatic Updater
627f3e0805 update copyright notice 2009-09-25 23:48:13 +00:00
Evan Hunt
1e3c9961bb Move dns_rdataset_init() call earlier so "goto cleanup" won't trigger 
an assert in dns_rdataset_isassociated().  (This is trivial, I'm going
to commit without review.)
 2009-09-25 14:30:10 +00:00
Evan Hunt
fb596cc9af 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3 
chain when re-signing a previously-signed zone.
			Use -u to modify NSEC3 parameters or switch
			between NSEC and NSEC3. [RT #20304]
 2009-09-25 06:47:50 +00:00
Evan Hunt
63a1800105 Fix several problems introduced by rt19943 2009-09-24 04:36:28 +00:00
Automatic Updater
d48690af7a update copyright notice 2009-09-23 23:47:56 +00:00
Evan Hunt
53c22b8e0d 2685. [bug] Fixed dnssec-signzone -S handling of revoked keys. 
Also, added warnings when revoking a ZSK, as this is
			not defined by protocol (but is legal).  [RT #19943]
 2009-09-23 16:01:57 +00:00
Mark Andrews
4d0e2cf9b9 2684. [bug] dnssec-signzone should clean the old NSEC chain when 
signing with NSEC3 and vica versa. [RT #20301]
 2009-09-23 14:05:11 +00:00
Mark Andrews
011d0b7dc8 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when 
the NSEC3 parameters used to sign the zone change.
                        [RT #20246]
 2009-09-23 04:30:16 +00:00
Evan Hunt
eab9975bcf 2668. [func] Several improvements to dnssec-* tools, including: 
- dnssec-keygen and dnssec-settime can now set key
			  metadata fields 0 (to unset a value, use "none")
			- dnssec-revoke sets the revocation date in
			  addition to the revoke bit
			- dnssec-settime can now print individual metadata
			  fields instead of always printing all of them,
			  and can print them in unix epoch time format for
			  use by scripts
			[RT #19942]
 2009-09-02 06:29:01 +00:00
Tatuya JINMEI 神明達哉
307d208450 2660. [func] Add a new set of DNS libraries for non-BIND9 
applications.  See README.libdns. [RT #19369]
 2009-09-01 00:22:28 +00:00
Evan Hunt
813b34ebec 2650. [bug] Assertion failure in dnssec-signzone when trying 
to read keyset-* files. [RT #20075]
 2009-08-14 01:07:00 +00:00
Mark Andrews
50eab6c2aa silence compiler warnings 2009-08-13 04:13:58 +00:00
Mark Andrews
99a0cd0236 fix comment 2009-07-21 03:27:38 +00:00
Mark Andrews
520cea04a2 2627. [func] Rationalize dnssec-signzone's signwithkey() calling. 
[RT #19959]
 2009-07-21 01:22:27 +00:00
Francis Dupont
938dfe6dcd re-indent (to be finished) 2009-07-20 12:11:58 +00:00
Evan Hunt
9edd523c22 more win32 build fixes 2009-07-19 05:06:48 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Mark Andrews
ce773a54f9 missing unsigned 2009-06-24 01:27:06 +00:00
Mark Andrews
996b4d8982 fix bad test to determine if both ksk's and zsk's are present. [RT #19802] 2009-06-09 22:54:21 +00:00
Mark Andrews
988023d8bc missing unsigned 2009-06-05 06:59:03 +00:00
Automatic Updater
9f4702d025 update copyright notice 2009-06-04 23:47:53 +00:00
Mark Andrews
97573334cb fix up bad merge 2009-06-04 04:33:11 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Francis Dupont
ddac1a2b98 reserve -F 2009-05-07 09:33:52 +00:00
Francis Dupont
86e018c2bc spelling 2009-01-17 10:26:17 +00:00
Automatic Updater
0cfbb9285a update copyright notice 2009-01-06 23:47:57 +00:00
Francis Dupont
1879dbe0d9 dnssec-signzone needs strtoul() - 19129 2009-01-06 09:14:03 +00:00
Mark Andrews
50df1ec60a 2495. [bug] Tighten RRSIG checks. [RT #18795] 2008-11-14 22:53:46 +00:00
Mark Andrews
dd14c953a8 unsigned constants 2008-09-26 01:27:08 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
177bcb466b update copyright notice 2008-06-02 23:47:04 +00:00
Mark Andrews
d87ad693fc 2377. [bug] Address race condition in dnssec-signzone. [RT #18142] 2008-06-02 00:17:39 +00:00
Automatic Updater
271c4c7ffa update copyright notice 2007-08-28 07:20:43 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
0f8c9b5eed 2191. [func] named-checkzone now allows dumping to stdout (-). 
named-checkconf now has -h for help.
                        named-checkzone now has -h for help.
                        Better handling of '-?' for usage summaries.
                        [RT #16707]
 2007-05-21 02:47:25 +00:00
Automatic Updater
1415fce15f update copyright notice 2007-05-18 23:46:58 +00:00
Mark Andrews
9860862ced 2183. [bug] dnssec-signzone didn't handle offline private keys 
well.  [RT #16832]
 2007-05-18 05:50:35 +00:00
Mark Andrews
2dafa707cc 2078. [bug] dnssec-checkzone output style "default" was badly 
named.  It is now called "relative". [RT #16326]

2077.   [bug]           'dnssec-signzone -O raw' wasn't outputing the
                        complete signed zone. [RT #16326]
 2006-08-30 22:57:16 +00:00
David Hankins
6ed53e5949 2011. [func] dnssec-signzone can now update the SOA record of 
the signed zone, either as an increment or as the
                        system time(). [RT #15633]
 2006-04-13 18:09:56 +00:00
Mark Andrews
c5387e6942 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608] 2006-02-21 23:49:51 +00:00
Mark Andrews
9d3acb28cd Fix a signal race condition with the following change. 
1980.   [func]          dnssec-signzone: output the SOA record as the
                        first record in the signed zone. [RT #15758]
 2006-02-07 21:53:36 +00:00
Mark Andrews
e0fe05b5ae update copyright notice 2006-02-03 23:51:39 +00:00
Mark Andrews
2a35dc09d6 1980. [func] dnssec-signzone: output the SOA record as the 
first record in the signed zone. [RT #15758]
 2006-02-03 00:13:57 +00:00
Mark Andrews
2674e1a455 1940. [bug] Fixed a number of error conditions reported by 
Coverity.
 2005-11-30 03:33:49 +00:00
Mark Andrews
16ee4fe11b 1930. [port] HPUX: ia64 support. [RT #15473] 
1929.   [port]          FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
 2005-10-14 01:14:08 +00:00
Mark Andrews
ed6ca94ad7 finetune isc_thread_key implementation [RT #15408] 2005-09-18 07:16:24 +00:00
Mark Andrews
fb827ed6df 9.4/HEAD sync 2005-07-18 06:03:01 +00:00
Mark Andrews
e174044290 1817. [func] Add support for additional zone file formats for 
improving loading performance.  The masterfile-format
                        option in named.conf can be used to specify a
                        non-default format.  A separate command
                        named-compilezone was provided to generate zone files
                        in the new format.  Additionally, the -I and -O options
                        for dnssec-signzone specify the input and output
                        formats.
 2005-06-28 02:55:09 +00:00