mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 13:08:06 +00:00
Code Issues Releases Wiki Activity
23,469 Commits 660 Branches 820 Tags
Commit Graph

151 Commits

Author SHA1 Message Date
Evan Hunt
f267b27f0e 2675. [bug] dnssec-signzone could crash if the key directory 
did not exist. [RT #20232]
 2009-09-10 05:09:31 +00:00
Automatic Updater
d7201de09b update copyright notice 2009-09-02 23:48:03 +00:00
Evan Hunt
eab9975bcf 2668. [func] Several improvements to dnssec-* tools, including: 
- dnssec-keygen and dnssec-settime can now set key
			  metadata fields 0 (to unset a value, use "none")
			- dnssec-revoke sets the revocation date in
			  addition to the revoke bit
			- dnssec-settime can now print individual metadata
			  fields instead of always printing all of them,
			  and can print them in unix epoch time format for
			  use by scripts
			[RT #19942]
 2009-09-02 06:29:01 +00:00
Automatic Updater
26d8ffe715 update copyright notice 2009-07-19 23:47:55 +00:00
Evan Hunt
b1fa84a099 win32 build fixes 2009-07-19 04:50:15 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Automatic Updater
39844d4710 update copyright notice 2009-06-04 02:56:47 +00:00
Mark Andrews
2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
 2009-06-04 02:13:37 +00:00
Automatic Updater
49960a74b5 update copyright notice 2008-11-14 23:47:33 +00:00
Mark Andrews
50df1ec60a 2495. [bug] Tighten RRSIG checks. [RT #18795] 2008-11-14 22:53:46 +00:00
Mark Andrews
23450c23fd 2235. [bug] dnssec-signzone failed to preserve the case of 
of wildcard owner named. [RT #17085]
 2007-09-14 04:32:50 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Automatic Updater
1415fce15f update copyright notice 2007-05-18 23:46:58 +00:00
Mark Andrews
9860862ced 2183. [bug] dnssec-signzone didn't handle offline private keys 
well.  [RT #16832]
 2007-05-18 05:50:35 +00:00
Mark Andrews
e1fd585739 update copyright notice 2006-03-07 00:34:55 +00:00
Mark Andrews
59d84d1b07 2001. [func] Check the KSK flag when updating a secure dynamic zone. 
New zone option "update-check-ksk yes;".  [RT #15817]
 2006-03-06 01:27:52 +00:00
Mark Andrews
2674e1a455 1940. [bug] Fixed a number of error conditions reported by 
Coverity.
 2005-11-30 03:33:49 +00:00
Mark Andrews
69fe9aaafd update copyright notice 2005-04-29 00:24:12 +00:00
Rob Austein
ab023a6556 1851. [doc] Doxygen comment markup. [RT #11398] 2005-04-27 04:57:32 +00:00
Mark Andrews
23fdb6a5a3 1654. [bug] isc_result_totext() contained array bounds read 
error.

1653.   [func]          Add key type checking to dst_key_fromfilename(),
                        DST_TYPE_KEY should be used to read TSIG, TKEY and
                        SIG(0) keys.

1652.   [bug]           TKEY still uses KEY.
 2004-06-11 00:27:06 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
d249a25043 sig0 uses sig not rrsig 2004-03-04 02:44:54 +00:00
Mark Andrews
35541328a8 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.
 2004-01-14 02:06:51 +00:00
Tatuya JINMEI 神明達哉
e407562a75 1528. [cleanup] Simplify some dns_name_ functions based on the 
deprecation of bitstring labels.
 2003-10-25 00:31:12 +00:00
Mark Andrews
93d6dfaf66 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. 2003-09-30 06:00:40 +00:00
Mark Andrews
c972e36de6 reversed timestamp sanity test on SIG 2002-11-15 21:25:21 +00:00
Mark Andrews
90295f915c 1399. [bug] Use serial number arithmetic when testing SIG 
timestamps. [RT #4268]
developer: marka
reviewer: ogud
 2002-11-12 19:50:51 +00:00
Mark Andrews
9db3d9d14e 1254. [bug] When signing/verifying rdatasets, duplicate rdatas 
need to be suppressed.
 2002-07-22 02:49:14 +00:00
Mark Andrews
a7038d1a05 copyrights 2002-02-20 03:35:59 +00:00
Brian Wellington
2ca2e1a1ce 1188. [bug] Dynamic updates of a signed zone would fail if 
some of the zone private keys were unavailable.
 2002-01-22 13:04:45 +00:00
Brian Wellington
a5c077e40c 1181. [func] Add the "key-directory" configuration statement, 
which allows the server to look for online signing
			keys in alternate directories.
 2002-01-21 11:00:25 +00:00
Andreas Gustafsson
1f1d36a87b Check return values or cast them to (void), as required by the coding 
standards; add exceptions to the coding standards for cases where this is
not desirable
 2001-11-30 01:59:49 +00:00
Brian Wellington
ba9e9a88c8 The last change didn't compile due to faulty cut&paste. 2001-06-08 22:48:28 +00:00
Brian Wellington
3b6bcedffe 891. [bug] Return an error when a SIG(0) signed response to 
an unsigned query is seen.  This should actually
			do the verification, but it's not currently
			possible. [RT #1391]
 2001-06-08 19:37:29 +00:00
Brian Wellington
cbb781f277 uninitialized variable 2001-05-29 22:54:07 +00:00
Brian Wellington
a62b21afd3 DST_TYPE_PUBLIC|DST_TYPE_PRIVATE 2001-05-10 06:05:54 +00:00
Brian Wellington
3840dba289 Comment a particularly subtle bit of code. 2001-05-02 00:03:12 +00:00
Brian Wellington
05183bbc4f Signing with a large key didn't work since the static output buffer was too 
small; use a dynamic buffer instead.  Also, comment a section
 2001-05-02 00:02:28 +00:00
Brian Wellington
8c3989000a 810. [bug] The signer name in SIG records was not properly 
downcased when signing/verifying records. [RT #1186]
 2001-04-17 17:20:27 +00:00
Brian Wellington
b8a85202af 786. [bug] When signing/verifying data, names were not properly 
downcased.
 2001-03-23 03:51:04 +00:00
Brian Wellington
d03fd76636 add a cast [RT #1013] 2001-03-12 22:39:36 +00:00
Brian Wellington
18d110413c Move dns_dnssec_iszonekey to dns_zonekey_iszonekey, to make the rbtdb not 
require all of dst to be linked in.
 2001-01-17 01:22:20 +00:00
Brian Wellington
499b34cea0 copyright update 2001-01-09 22:01:04 +00:00
Brian Wellington
abfbf760f3 650. [bug] SIG(0) records were being generated and verified 
incorrectly. [RT #606]
 2001-01-04 00:10:13 +00:00
Brian Wellington
8d6fe3f388 Pointers to regions are silly. Use regions instead. This removes 1 small 
allocation per query.
 2001-01-03 20:42:10 +00:00
Brian Wellington
78838d3e0c 8 space -> tab conversion 2000-12-11 19:24:30 +00:00
Mark Andrews
368b37b616 dns_rdata_invalidate -> dns_rdata_reset 2000-10-31 03:22:05 +00:00
Mark Andrews
c03bb27f06 532. [func] Implement DNS UPDATE pseudo records using 
DNS_RDATA_UPDATE flag.

 531.   [func]          Rdata really should be initalized before being
                        assigned to (dns_rdata_fromwire(), dns_rdata_fromtext(),
                        dns_rdata_clone(), dns_rdata_fromregion()),
                        check that it is.
 2000-10-25 04:26:57 +00:00
Brian Wellington
d1cbf71409 clean up suspicious looking and incorrect uses of dns_name_fromregion 2000-10-07 00:09:28 +00:00
Brian Wellington
cc8a68d56f minor cleanup 2000-09-25 23:18:54 +00:00