mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity
24,488 Commits 657 Branches 820 Tags
Commit Graph

44 Commits

Author SHA1 Message Date
Mark Andrews
d65fb496fb use perl not awk to do serial additions 2014-11-21 18:08:04 +11:00
Evan Hunt
0ada3802ea [master] awk portability fix 2014-11-17 12:22:18 -08:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Evan Hunt
a878301981 [master] servfail cache 
3943.	[func]		SERVFAIL responses can now be cached for a
			limited time (configured by "servfail-ttl",
			default 10 seconds, limit 30). This can reduce
			the frequency of retries when an authoritative
			server is known to be failing, e.g., due to
			ongoing DNSSEC validation problems. [RT #21347]
 2014-09-03 23:28:14 -07:00
Mark Andrews
62275d5306 make test for nsec3param more robust 2014-06-27 15:50:51 +10:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests 
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
 2014-01-20 16:08:09 -08:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Curtis Blackburn
8009525601 3682. [bug] Correct the behavior of rndc retransfer to allow 
inline-signing slave zones to retain NSEC3 parameters instead of
			reverting to NSEC [RT #34745]
 2013-12-04 12:26:20 -06:00
Mark Andrews
6b0434299b 3671. [bug] Don't allow dnssec-importkey overwrite a existing 
non-imported private key.
 2013-11-13 12:01:09 +11:00
Mark Andrews
88a6dc33b7 only generate DSA/ECDSA signatures in named if we have a source of randomness and only on specific platforms 2013-09-19 10:40:38 +10:00
Mark Andrews
3d3aa9cde6 use -r rather then -f 2013-09-09 12:19:30 +10:00
Mark Andrews
23c73a1848 only test dsa if we have a random device 2013-09-09 11:42:58 +10:00
Evan Hunt
690bd6bf5d [master] fix inline test, add importkey to win32 build 2013-09-04 18:56:50 -07:00
Mark Andrews
5b9469c0db test for ECDSAP256SHA256 support 2013-09-04 22:33:31 +10:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Mark Andrews
d1e22676de 3635. [bug] Signatures were not being removed from a zone with 
only KSK keys for a algorithm. [RT #24439]
 2013-08-15 13:37:07 +10:00
Evan Hunt
1d26c6b9b8 [master] count the test cases correctly 2013-07-09 22:52:43 -07:00
Evan Hunt
927e4c9fec [master] address race conditions with removing inline zones 
3513.	[bug]		named could crash when deleting inline-signing
			zones with "rndc delzone". [RT #34066]
 2013-07-09 17:39:21 -07:00
Tinderbox User
6d4487398e update copyright notice 2013-05-29 23:46:19 +00:00
Mark Andrews
5f238c3c64 3577. [bug] Handle zero TTL values better. [RT #33411] 2013-05-29 18:10:11 +10:00
Mark Andrews
c3c30fc43c force integer output 2012-11-17 23:58:50 +11:00
Mark Andrews
de0fd68097 3398. [bug] SOA parameters were not being updated with inline 
signed zones if the zone was modified while the
                        server was offline. [RT #29272]
 2012-10-19 10:25:06 +11:00
Mark Andrews
bf8267aa45 reverse bad copyright update 2012-06-29 11:39:47 +10:00
Tinderbox User
247bf37860 update copyright notice 2012-06-29 01:22:18 +00:00
Mark Andrews
1864400107 3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036] 2012-02-23 06:53:15 +00:00
Evan Hunt
c54dadd853 3270. [bug] "rndc reload" didn't reuse existing zones correctly 
when inline-signing was in use. [RT #27650]
 2012-01-31 01:13:10 +00:00
Mark Andrews
bfe720adb5 reverse accidental commit 2012-01-17 08:26:03 +00:00
Mark Andrews
00164c8db2 fetches in progress/buckets 2012-01-16 08:35:09 +00:00
Evan Hunt
a06e0a14cc use test -f; solaris doesn't support test -e 2012-01-12 00:37:18 +00:00
Automatic Updater
edb4393ef5 update copyright notice 2012-01-10 23:46:58 +00:00
Evan Hunt
9a02019889 3264. [bug] Automatic regeneration of signatures in an 
inline-signing zone could stall when the server
			was restarted. [RT #27344]

3263.	[bug]		"rndc sync" did not affect the unsigned side of an
			inline-signing zone. [RT #27337]
 2012-01-10 18:13:37 +00:00
Evan Hunt
f30785f506 3252. [bug] When master zones using inline-signing were 
updated while the server was offline, the source
			zone could fall out of sync with the signed
			copy. They can now resynchronize. [RT #26676]
 2011-12-22 07:32:41 +00:00
Mark Andrews
b290d10fc4 3245. [bug] Don't report a error unchanged serials unless there 
were other changes when thawing a zone with
                        ixfr-fromdifferences. [RT #26845]
 2011-12-19 23:46:13 +00:00
Mark Andrews
e238ebd9b3 Backout accident commit to head 2011-12-09 22:09:26 +00:00
Mark Andrews
5ccf5eac0f ixfr-from-differences backup file 2011-12-09 13:32:42 +00:00
Mark Andrews
56dc4c6730 3233. [bug] 'rndc freeze/thaw' didn't work for inline zones. 
[RT #26632]
 2011-12-02 02:44:01 +00:00
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Mark Andrews
24ef32426d 3181. [func] Inline-signing is now supported for master zones. 
[RT #26224]
 2011-10-26 20:56:45 +00:00
Mark Andrews
b1c6de5456 3177. [func] 'rndc keydone', remove the indicator record that 
named has finished signing the zone with the
                        corresponding key.  [RT #26206]
 2011-10-25 01:54:22 +00:00
Mark Andrews
02286522fb 3166. [bug] Upgrading a zone to support inline-signing failed. [RT #26014] 2011-10-12 00:10:20 +00:00
Automatic Updater
4e68c7c87c update copyright notice 2011-08-30 23:46:53 +00:00
Mark Andrews
9198ab377b 3147. [func] Initial inline signing support. [RT #23657] 2011-08-30 05:16:15 +00:00