upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-03 20:40:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
30648 commits 18 branches 854 tags 440 MiB
Commit graph

53 commits

Author SHA1 Message Date
Evan Hunt
0b2b6b2ed1 remove DLV support from dnssec-checkds 2019-08-09 09:18:02 -07:00
Tony Finch
129b731273 Deprecate SHA-1 in dnssec-checkds 
This changes the behaviour so that it explicitly lists DS records that
are present in the parent but do not have keys in the child. Any
inconsistency is reported as an error, which is somewhat stricter than
before.

This is for conformance with the DS/CDS algorithm requirements in
https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update
 2019-05-08 18:17:55 -07:00
Tony Finch
796a6c4e4e Deprecate SHA-1 in dnssec-dsfromkey 
This makes the `-12a` options to `dnssec-dsfromkey` work more like
`dnssec-cds`, in that you can specify more than one digest and you
will get multiple records. (Previously you could only get one
non-default digest type at a time.)

The default is now `-2`. You can get the old behaviour with `-12`.

Tests and tools that use `dnssec-dsfromkey` have been updated to use
`-12` where necessary.

This is for conformance with the DS/CDS algorithm requirements in
https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update
 2019-05-08 18:17:55 -07:00
Mark Andrews
ec3d830bc5 explicitly convert byte to string 2019-03-06 14:17:45 -08:00
Petr Menšík
7bd544e795 Correct path in dnssec-checkds help 2019-02-14 15:23:26 +01:00
Evan Hunt
9949163936 adjust style, match test to other tests 2019-02-07 16:53:46 -08:00
Tony Finch
a159675f44 dnssec-coverage: fix handling of zones without trailing dots 
After change 5143, zones listed on the command line without trailing
dots were ignored.
 2019-02-07 16:43:21 -08:00
Mark Andrews
acf0292da4 add 300 seconds of fudge 2019-01-29 20:14:45 -08:00
Evan Hunt
1ccf4e6c16 improve handling of trailing dots in dnssec-keymgr and dnssec-coverage 
- mishandling of trailing dots caused bad behavior with the
  root zone or names like "example.com."
- fixing this exposed an error in dnssec-coverage caused the
  wrong return value if there were KSK errors but no ZSK errors
- incidentally silenced the dnssec-keygen output in the coverage
  system test
 2019-01-24 12:33:42 -08:00
Mark Andrews
083b730ec7 introducing keymgr need to preserve functionality 2019-01-22 09:52:47 -08:00
Ondřej Surý
e69dc0dbc7 Remove RSAMD5 support 2018-12-11 11:32:24 +01:00
Mark Andrews
6499bdfd8b use documented default key ttl 2018-11-29 07:50:02 +11:00
Ondřej Surý
fbb08b30b8 Remove traces of DST_ALG_ECC which is now just Reserved in IANA registry 2018-10-26 11:50:11 +02:00
Ondřej Surý
f207e0b52e Restore the algorithm names mapping in bin/python/isc/dnskey.py.in for DSA, NSEC3DSA, and ECCGOST 2018-10-05 11:16:13 +02:00
Ondřej Surý
3994b1f9c2 Remove support for obsoleted and insecure DSA and DSA-NSEC3-SHA1 algorithms 2018-10-05 09:21:43 +02:00
Ondřej Surý
27593e65dc Remove support for obsoleted ECC-GOST (GOST R 34.11-94) algorithm 2018-06-05 09:14:14 +02:00
Ondřej Surý
2b8fab6828 Remove genrandom command and all usage of specific random files throughout the system test suite 2018-05-16 09:54:35 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Tinderbox User
278b68ced5 update copyright notice / whitespace 2017-10-28 23:45:38 +00:00
Evan Hunt
3b4f23cdbf [master] dnssec-checkds -s 
4794.	[func]		"dnssec-checkds -s" specifies a file from which
			to read a DS set rather than querying the parent.
			[RT #44667]
 2017-10-26 21:05:11 -07:00
Tinderbox User
b74e1c3b50 update copyright notice / whitespace 2017-08-01 23:46:29 +00:00
Evan Hunt
681deaaa39 [master] parse numeric domain names correctly 
4666.	[bug]		dnssec-keymgr: Domain names beginning with digits (0-9)
			could cause a parser error when reading the policy
			file. This now works correctly so long as the domain
			name is quoted. [RT #45641]
 2017-07-31 10:43:57 -07:00
Francis Dupont
9b9182fe00 Added Ed25519 support (#44696) 2017-07-31 15:26:00 +02:00
Evan Hunt
6ce8a05f6c [master] update copyrights that had been missed recently 2017-04-23 17:06:00 -07:00
Mukund Sivaraman
dd7d1df874 Increase minimum RSA keygen size to 1024 bits (#36895) 2017-04-21 12:00:40 +05:30
Evan Hunt
6d19d975c6 [master] python 3 compatibility 
4591.	[port]		Addressed some python 3 compatibility issues.
			Thanks to Ville Skytta. [RT #44955] [RT #44956]
 2017-04-20 17:30:35 -07:00
Mark Andrews
e09f18e349 4452. [bug] The default key manager policy file is now 
<sysdir>/dnssec-policy.conf (usually
                        /etc/dnssec-policy.conf). [RT #43064]
 2016-08-25 09:41:50 +10:00
Evan Hunt
f7b5487474 [master] fix keymgr with low prepublication interval 
4417.	[bug]		dnssec-keymgr could fail to create successor keys
			if the prepublication interval was set to a value
			smaller than the default. [RT #42820]

Patch submitted by Nis Wechselberg (enbewe@enbewe.de).
 2016-07-20 15:12:56 -07:00
Evan Hunt
a870e4e773 [master] normalize domain names for trailing dots 
4416.	[bug]		dnssec-keymgr: Domain names in policy files could
			fail to match due to trailing dots. [RT #42807]

Patch submitted by Armin Pech (mail@arminpech.de).
 2016-07-20 14:35:10 -07:00
Evan Hunt
c4fa8b75c2 [master] deleted keys not correctly excluded 
4415.	[bug]		dnssec-keymgr: Expired/deleted keys were not always
			excluded. [RT #42884]

Patch submitted by Nis Wechselberg (enewe@enbewe.de).
 2016-07-20 14:28:15 -07:00
Mark Andrews
0dacb6efdf ignore configure generated files 2016-06-29 23:32:06 +10:00
Mark Andrews
cd734243d4 ignore configure generated files 2016-06-29 23:27:12 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
50a3eae6cf 4400. [bug] ttl policy was not being inherited in policy.py. 
[RT #42718]
 2016-06-27 13:07:45 +10:00
Mark Andrews
8d49a1a0d1 4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and 
'ECDSAP384SHA384' don't have settable keysize.
                        [RT #42718]
 2016-06-27 12:11:37 +10:00
Mark Andrews
97e13cc244 4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py. 
[RT #42718]
 2016-06-27 11:49:11 +10:00
Mark Andrews
8927a982bd update copyrights / whitespace 2016-06-24 16:23:26 +10:00
Mark Andrews
9f5443280f 4397. [bug] Update Windows python support. [RT #42538] 2016-06-24 16:04:10 +10:00
Mark Andrews
c1a72112b2 4396. [func] dnssec-keymgr now takes a '-r randomfile' option. 
[RT #42455]
 2016-06-24 14:12:24 +10:00
Mark Andrews
b709d84755 distclean cleanup 2016-06-24 13:52:01 +10:00
Mark Andrews
4840ef4581 4395 [bug] Improve out-of-tree installation of python modules. 
[RT #42586]
 2016-06-24 12:20:37 +10:00
Mark Andrews
32e1f3cda0 improve error message for missing dnssec-keygen/dnssec-settime. [RT #42456] 2016-05-26 15:46:10 +10:00
Mark Andrews
10f8dc8456 4370. [bug] Address python3 compatibility issues with RNDC module. 
[RT #42499] [RT #42506]
 2016-05-26 12:01:31 +10:00
Mark Andrews
9c6a57d7c7 address python2/python3 differences 2016-05-25 15:19:25 +10:00
Mark Andrews
e6d09e71d0 style 2016-05-25 13:41:48 +10:00
Mark Andrews
9dede25430 4370. [bug] Address python3 compatibility issues with RNDC module. 
[RT #42499]
 2016-05-25 11:48:52 +10:00
Mark Andrews
d3600bb89d 4369. [bug] Fix 'make' and 'make install' out-of-tree python 
support. [RT #42484]
 2016-05-24 09:50:23 +10:00
Witold Krecicki
dc2a4887c4 4357. [func] Add the python RNDC module. [RT #42093] 2016-05-05 11:33:47 +02:00
Evan Hunt
470af54b4e [master] more python2/3 compatibility fixes; use setup.py to install 2016-04-29 14:40:45 -07:00
Evan Hunt
304d16f08f [master] address some python2/3 incompatibilities 2016-04-29 10:38:35 -07:00