mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 21:47:59 +00:00
Code Issues Releases Wiki Activity
28,039 Commits 657 Branches 820 Tags
Commit Graph

130 Commits

Author SHA1 Message Date
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Mark Andrews
7ace327795 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]
 2013-08-15 10:48:05 +10:00
Evan Hunt
b99bfa184b [master] unify internal and export libraries 
3550.	[func]		Unified the internal and export versions of the
			BIND libraries, allowing external clients to use
			the same libraries as BIND. [RT #33131]
 2013-04-10 13:49:57 -07:00
Evan Hunt
df925e6c66 [master] add zone memory context pools 
3492.	[bug]		Fixed a regression in zone loading performance
			due to lock contention. [RT #30399]
 2013-02-20 21:39:05 -08:00
Tinderbox User
32dc577940 update copyright notice 2013-02-16 23:46:02 +00:00
Evan Hunt
0b8bd3a4ae [master] address TKEY bugs 
3486.	[bug]		named could crash when using TKEY-negotiated keys
			that had been deleted and then recreated. [RT #32506]

commit 6a48b9999766d26cddc7cef275cd984b7d53c014
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 14:59:46 2013 -0800

    [rt32506] don't dump key if dump is unimplemented

commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 14:42:25 2013 -0800

    [rt32506] make sure LRU needs adjusting before adjusting it

commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 12:28:28 2013 -0800

    [rt32506] demonstrate bugs in tkey test
 2013-02-15 10:19:50 -08:00
Mark Andrews
fcc04c160f 3440. [bug] Reorder get_key_struct to not trigger a assertion when 
cleaning up due to out of memory error. [RT #32131]
 2012-12-13 11:18:01 +11:00
Evan Hunt
0e37e9e3d7 [master] silence noisy OpenSSL logging 
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
 2012-10-24 12:58:16 -07:00
Evan Hunt
47c5b8af92 [master] silence coverity warnings 
3401.	[bug]		Addressed Coverity warnings. [RT #31484]
 2012-10-23 22:04:06 -07:00
Mark Andrews
058e44186b 3387. [func] Support for a DS digest can be disabled at 
runtime with disable-ds-digests. [RT #21581]
 2012-10-03 12:38:43 +10:00
ckb
c514f38c80 Conflicts: 
lib/dns/dst_parse.c
	lib/isc/win32/file.c
 2012-07-05 16:07:31 -05:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Tinderbox User
99d8f5a704 update copyright notice 2012-05-02 23:45:44 +00:00
Mark Andrews
89bbdd1f69 Use '==' not '=' in conditional test when not using openssl. 2012-05-03 09:29:32 +10:00
Mark Andrews
aaaf8d4f48 3317. [func] Add ECDSA support (RFC 6605). [RT #21918] 2012-05-02 23:20:17 +10:00
Mark Andrews
1946c596b4 3174. [bug] Always compute to revoked key tag from scratch. 
[RT #24711]
 2011-10-20 21:20:02 +00:00
Evan Hunt
76a7d4e152 3152. [cleanup] Some versions of gcc and clang failed due to 
incorrect use of __builtin_expect. [RT #25183]
 2011-09-05 18:00:22 +00:00
Automatic Updater
d5c0739351 update copyright notice 2011-08-18 23:46:35 +00:00
Mark Andrews
0226bd69cd cast to unsigned 2011-08-18 17:41:54 +00:00
Mark Andrews
ecf809f959 3143. [bug] Silence clang compiler warnings. [RT #25174] 2011-08-18 06:00:07 +00:00
Mark Andrews
3a63259484 3143. [bug] Silence clang compiler warnings. [RT #25174] 2011-08-18 04:52:35 +00:00
Evan Hunt
0994d3a21b 3087. [bug] DDNS updates using SIG(0) with update-policy match 
type "external" could cause a crash. [RT #23735]
 2011-03-21 19:54:03 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Automatic Updater
135bcc2e42 update copyright notice 2011-01-11 23:47:14 +00:00
Mark Andrews
433e06a25c 3006. [func] Allow dynamically generated TSIG keys to be preserved 
across restarts of named.  Initially this is for
                        TSIG keys generated using GSSAPI. [RT #22639]
 2011-01-10 05:32:04 +00:00
Mark Andrews
37dee1ff94 2999. [func] Add GOST support (RFC 5933). [RT #20639] 2010-12-23 04:08:00 +00:00
Evan Hunt
71bd858d8e 2989. [func] Added support for writable DLZ zones. (Contributed 
by Andrew Tridgell of the Samba project.) [RT #22629]

2988.	[experimental]	Added a "dlopen" DLZ driver, allowing the creation
			of external DLZ drivers that can be loaded as
			shared objects at runtime rather than linked with
			named.  Currently this is switched on via a
			compile-time option, "configure --with-dlz-dlopen".
			Note: the syntax for configuring DLZ zones
			is likely to be refined in future releases.
			(Contributed by Andrew Tridgell of the Samba
			project.) [RT #22629]

2987.	[func]		Improve ease of configuring TKEY/GSS updates by
			adding a "tkey-gssapi-keytab" option.  If set,
			updates will be allowed with any key matching
			a principal in the specified keytab file.
			"tkey-gssapi-credential" is no longer required
			and is expected to be deprecated.  (Contributed
			by Andrew Tridgell of the Samba project.)
			[RT #22629]
 2010-12-18 01:56:23 +00:00
Mark Andrews
9f9b7f0e8d 2982. [bug] Reference count dst keys. dst_key_attach() can be used 
increment the reference count.

                        Note: dns_tsigkey_createfromkey() callers should now
                        always call dst_key_free() rather than setting it
                        to NULL on success. [RT #22672]
 2010-12-09 00:54:34 +00:00
Mark Andrews
c87f15dac8 2976. [bug] named die on exit after negotiating a GSS-TSIG key. [RT #3415] 2010-12-02 23:22:42 +00:00
Mark Andrews
49560ac770 typo in threaded build, silence compiler warning 2010-05-13 03:08:30 +00:00
Mark Andrews
5c40acf215 2887. [bug] Report the keytag times in UTC in the .key file, 
local time is presented as a comment within the
                        comment.  [RT #21223]

2886.   [bug]           ctime() is not thread safe. [RT #21223]
 2010-05-12 23:49:40 +00:00
Automatic Updater
65d1486535 update copyright notice 2010-01-11 23:48:37 +00:00
Francis Dupont
a91029a00e Prevent Linux spurious warnings about fwrite(). [RT #20812] 2010-01-11 10:49:14 +00:00
Evan Hunt
5c6c5669ec #include <time.h> for the ctime() prototype. 2009-11-07 03:36:58 +00:00
Mark Andrews
5ccd971c72 UNUSED(engine) if !defined(OPENSSL) 2009-11-03 19:43:54 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Francis Dupont
775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Evan Hunt
cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512. [RT #20023]
 2009-10-22 02:21:31 +00:00
Mark Andrews
a01095a487 2721. [port] Have dst__entropy_status() prime the random number 
generator. [RT #20369]
 2009-10-20 04:39:48 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Mark Andrews
30bb4870da remove, not zero, extended flags 2009-10-12 09:03:06 +00:00
Mark Andrews
11804ca08f zero extended flags 2009-10-12 08:57:38 +00:00
Mark Andrews
515053881b remove extended flags before comparing if set 2009-10-12 06:05:29 +00:00
Mark Andrews
af20baa960 silence compiler warning/enforce const [RT #20390] 2009-10-12 05:50:52 +00:00
Mark Andrews
0d9fb986c5 silence comiler warning 2009-10-10 01:13:39 +00:00
Evan Hunt
315a1514a5 2709. [func] Added some data fields, currently unused, to the 
private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]
 2009-10-09 06:09:21 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Mark Andrews
11144f86dc silence signed/unsigned comparision warning 2009-09-25 01:42:09 +00:00
Mark Andrews
0f869e8d52 2689. [bug] Correctly handle snprintf result. [RT #20306] 2009-09-24 22:19:08 +00:00
Evan Hunt
53c22b8e0d 2685. [bug] Fixed dnssec-signzone -S handling of revoked keys. 
Also, added warnings when revoking a ZSK, as this is
			not defined by protocol (but is legal).  [RT #19943]
 2009-09-23 16:01:57 +00:00