mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-27 04:28:33 +00:00
Code Issues Releases Wiki Activity
36,567 Commits 661 Branches 820 Tags
Commit Graph

215 Commits

Author SHA1 Message Date
Witold Kręcicki
25cd3168a7 libdns refactoring: get rid of multiple versions of dns_dnssec_findmatchingkeys and dns_dnssec_findzonekeys 2018-04-06 08:04:41 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Tinderbox User
9ab5ec1d72 update copyright notice / whitespace 2017-07-21 23:46:06 +00:00
Mark Andrews
4bf32aa587 4654. [cleanup] Don't use C++ keywords delete, new and namespace. 
[RT #45538]
 2017-07-21 11:52:24 +10:00
Tinderbox User
b6a4f7937e update copyright notice / whitespace 2017-06-27 23:45:38 +00:00
Evan Hunt
581c1526ab [master] address TSIG bypass/forgery vulnerabilities 
4643.	[security]	An error in TSIG handling could permit unauthorized
			zone transfers or zone updates. (CVE-2017-3142)
			(CVE-2017-3143) [RT #45383]
 2017-06-27 11:39:19 -07:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
26f652d387 simplify 2016-05-18 10:40:20 +10:00
Mark Andrews
75167fb746 silence compiler warning 2016-05-17 17:33:59 +10:00
Tinderbox User
f89adb2c2a update copyright notice / whitespace 2016-05-05 23:45:48 +00:00
Mark Andrews
5ac427050f 4360. [bug] Silence spurious 'bad key type' message when there is 
a existing TSIG key. [RT #42195]
 2016-05-05 22:27:08 +10:00
Mark Andrews
e939674d53 4252. [func] Add support for automating the generation CDS and 
CDNSKEY rrsets to named and dnssec-signzone.
                        [RT #40424]
 2015-11-05 12:09:48 +11:00
Evan Hunt
a32b6291aa [master] address regression 
4126.	[bug]		Addressed a regression introduced in change #4121.
			[RT #39611]
 2015-05-26 19:11:08 -07:00
Mukund Sivaraman
f5a62d97e3 Fix -Wshadow warnings (#38762) 
These happen due to ntohs()/htons() macro expansion in glibc.
 2015-03-09 09:23:46 +05:30
Tinderbox User
811acf52b8 update copyright notice / whitespace 2015-03-04 23:45:21 +00:00
Mark Andrews
29d52c001f 4081. [cleanup] Use dns_rdatalist_init consistently. [RT #38759] 2015-03-03 16:43:42 +11:00
Evan Hunt
7c9d11b654 [master] add print.h, CHANGES note 2014-06-10 08:54:16 -07:00
Mukund Sivaraman
aa232396ee [24702] Include key filename in logged message 
Squashed commit of the following:

commit 593e6bc7e29938ff5c2f7508bde303fb069a97a9
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 19:17:40 2014 +0530

    Increase size of filename buffers

commit b8685678e026ba98b8833e26664193b6345eb00e
Author: Evan Hunt <each@isc.org>
Date:   Wed Jun 4 18:57:44 2014 -0700

    [rt24702] some tweaks during review

commit adfbc8f808716c63e9e097d92beef104527e5c6f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed Jun 4 18:18:35 2014 +0530

    [24702] Include key filename in logged message

commit f1eff77e7e3704b145c3d65101a735467dd81dc3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed Jun 4 18:12:43 2014 +0530

    Add dst_key_getfilename()
 2014-06-10 19:18:34 +05:30
Mukund Sivaraman
79d27f505a [35063] Don't publish an activated key automatically before its publish time 2014-06-04 14:31:42 +05:30
Mark Andrews
dd820d8fd2 3836. [bug] Address C++ keyword usage in header file. 2014-05-02 11:34:32 +10:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Evan Hunt
0bbe3273a2 [master] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]
 2013-12-11 13:25:21 -08:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Tinderbox User
377b774598 update copyright notice 2013-08-15 23:46:17 +00:00
Mark Andrews
7ace327795 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]
 2013-08-15 10:48:05 +10:00
Evan Hunt
086cb64a78 [master] remove unnecessary memcpy 2012-12-20 10:33:47 -08:00
Evan Hunt
0e37e9e3d7 [master] silence noisy OpenSSL logging 
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
 2012-10-24 12:58:16 -07:00
Mark Andrews
47c6d89485 3394. [bug] Adjust 'sucessfully validated after lower casing 
signer' log level and category. [RT #31414]
 2012-10-16 11:56:05 +11:00
Mark Andrews
b29e848220 3367. [bug] dns_dnsseckey_create() result was not being checked. 
[RT #30685]
 2012-08-21 12:04:09 +10:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Tinderbox User
a847a4bcd6 update copyright notice 2012-05-17 23:46:03 +00:00
Evan Hunt
26833735d3 Handle RRSIG signer case consistently 
3329.	[bug]		Handle RRSIG signer-name case consistently: We
			generate RRSIG records with the signer-name in
			lower case.  We accept them with any case, but if
			they fail to validate, we try again in lower case.
			[RT #27451]
 2012-05-17 10:44:16 -07:00
Mark Andrews
840659f1d7 3302. [bug] dns_dnssec_findmatchingkeys could fail to find 
keys if the zone name contained character that
                        required special mappings. [RT #28600]
 2012-03-30 12:05:13 +11:00
Tinderbox User
5fa46bc916 update copyright notice 2012-03-10 23:45:53 +00:00
Mark Andrews
4c1847ef47 set $Id$ 2012-03-07 22:17:19 +11:00
Mark Andrews
04281728d4 3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent 
timestamp. [RT #26883]
 2011-12-07 22:36:25 +00:00
Mark Andrews
069182809a remove unnecessary assignment to found_ttl 2011-08-26 05:29:48 +00:00
Evan Hunt
485522d7e1 3108. [cleanup] dnssec-signzone: Clarified some error and 
warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
			code (use -P instead). [RT #20852]

3107.	[bug]		dnssec-signzone: Report the correct number of ZSKs
			when using -x. [RT #20852]
 2011-05-06 21:08:33 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Mark Andrews
0e095727ff 3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant 
timestamp when determining which keys are active.
                        [RT #23642]
 2011-03-17 01:17:21 +00:00
Automatic Updater
c1aef54e14 update copyright notice 2011-03-12 04:59:49 +00:00
Mark Andrews
0874abad14 3069. [cleanup] Silence warnings messages from clang static analysis. 
[RT #20256]
 2011-03-11 06:11:27 +00:00
Automatic Updater
5bdf8cd3c2 update copyright notice 2010-01-13 23:48:59 +00:00
Francis Dupont
f77148e029 a KSK revoked by named could not be deleted. [RT #20881] 2010-01-13 08:35:24 +00:00
Automatic Updater
928e12ccdc update copyright notice 2009-12-18 23:49:03 +00:00
Evan Hunt
4e55893d30 2813. [bug] Better handling of unreadable DNSSEC key files. 
[RT #20710]

2812.	[bug]		Make sure updates can't result in a zone with
			NSEC-only keys and NSEC3 records. [RT 20748]
 2009-12-18 22:16:49 +00:00