upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-03 20:40:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
29234 commits 18 branches 854 tags 440 MiB
Commit graph

51 commits

Author SHA1 Message Date
Tony Finch
796a6c4e4e Deprecate SHA-1 in dnssec-dsfromkey 
This makes the `-12a` options to `dnssec-dsfromkey` work more like
`dnssec-cds`, in that you can specify more than one digest and you
will get multiple records. (Previously you could only get one
non-default digest type at a time.)

The default is now `-2`. You can get the old behaviour with `-12`.

Tests and tools that use `dnssec-dsfromkey` have been updated to use
`-12` where necessary.

This is for conformance with the DS/CDS algorithm requirements in
https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update
 2019-05-08 18:17:55 -07:00
Mark Andrews
ec3d830bc5 explicitly convert byte to string 2019-03-06 14:17:45 -08:00
Petr Menšík
7bd544e795 Correct path in dnssec-checkds help 2019-02-14 15:23:26 +01:00
Evan Hunt
9949163936 adjust style, match test to other tests 2019-02-07 16:53:46 -08:00
Tony Finch
a159675f44 dnssec-coverage: fix handling of zones without trailing dots 
After change 5143, zones listed on the command line without trailing
dots were ignored.
 2019-02-07 16:43:21 -08:00
Mark Andrews
acf0292da4 add 300 seconds of fudge 2019-01-29 20:14:45 -08:00
Evan Hunt
1ccf4e6c16 improve handling of trailing dots in dnssec-keymgr and dnssec-coverage 
- mishandling of trailing dots caused bad behavior with the
  root zone or names like "example.com."
- fixing this exposed an error in dnssec-coverage caused the
  wrong return value if there were KSK errors but no ZSK errors
- incidentally silenced the dnssec-keygen output in the coverage
  system test
 2019-01-24 12:33:42 -08:00
Mark Andrews
083b730ec7 introducing keymgr need to preserve functionality 2019-01-22 09:52:47 -08:00
Ondřej Surý
e69dc0dbc7 Remove RSAMD5 support 2018-12-11 11:32:24 +01:00
Mark Andrews
6499bdfd8b use documented default key ttl 2018-11-29 07:50:02 +11:00
Ondřej Surý
fbb08b30b8 Remove traces of DST_ALG_ECC which is now just Reserved in IANA registry 2018-10-26 11:50:11 +02:00
Ondřej Surý
f207e0b52e Restore the algorithm names mapping in bin/python/isc/dnskey.py.in for DSA, NSEC3DSA, and ECCGOST 2018-10-05 11:16:13 +02:00
Ondřej Surý
3994b1f9c2 Remove support for obsoleted and insecure DSA and DSA-NSEC3-SHA1 algorithms 2018-10-05 09:21:43 +02:00
Ondřej Surý
27593e65dc Remove support for obsoleted ECC-GOST (GOST R 34.11-94) algorithm 2018-06-05 09:14:14 +02:00
Ondřej Surý
2b8fab6828 Remove genrandom command and all usage of specific random files throughout the system test suite 2018-05-16 09:54:35 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Tinderbox User
278b68ced5 update copyright notice / whitespace 2017-10-28 23:45:38 +00:00
Evan Hunt
3b4f23cdbf [master] dnssec-checkds -s 
4794.	[func]		"dnssec-checkds -s" specifies a file from which
			to read a DS set rather than querying the parent.
			[RT #44667]
 2017-10-26 21:05:11 -07:00
Tinderbox User
b74e1c3b50 update copyright notice / whitespace 2017-08-01 23:46:29 +00:00
Evan Hunt
681deaaa39 [master] parse numeric domain names correctly 
4666.	[bug]		dnssec-keymgr: Domain names beginning with digits (0-9)
			could cause a parser error when reading the policy
			file. This now works correctly so long as the domain
			name is quoted. [RT #45641]
 2017-07-31 10:43:57 -07:00
Francis Dupont
9b9182fe00 Added Ed25519 support (#44696) 2017-07-31 15:26:00 +02:00
Evan Hunt
6ce8a05f6c [master] update copyrights that had been missed recently 2017-04-23 17:06:00 -07:00
Mukund Sivaraman
dd7d1df874 Increase minimum RSA keygen size to 1024 bits (#36895) 2017-04-21 12:00:40 +05:30
Evan Hunt
6d19d975c6 [master] python 3 compatibility 
4591.	[port]		Addressed some python 3 compatibility issues.
			Thanks to Ville Skytta. [RT #44955] [RT #44956]
 2017-04-20 17:30:35 -07:00
Mark Andrews
e09f18e349 4452. [bug] The default key manager policy file is now 
<sysdir>/dnssec-policy.conf (usually
                        /etc/dnssec-policy.conf). [RT #43064]
 2016-08-25 09:41:50 +10:00
Evan Hunt
f7b5487474 [master] fix keymgr with low prepublication interval 
4417.	[bug]		dnssec-keymgr could fail to create successor keys
			if the prepublication interval was set to a value
			smaller than the default. [RT #42820]

Patch submitted by Nis Wechselberg (enbewe@enbewe.de).
 2016-07-20 15:12:56 -07:00
Evan Hunt
a870e4e773 [master] normalize domain names for trailing dots 
4416.	[bug]		dnssec-keymgr: Domain names in policy files could
			fail to match due to trailing dots. [RT #42807]

Patch submitted by Armin Pech (mail@arminpech.de).
 2016-07-20 14:35:10 -07:00
Evan Hunt
c4fa8b75c2 [master] deleted keys not correctly excluded 
4415.	[bug]		dnssec-keymgr: Expired/deleted keys were not always
			excluded. [RT #42884]

Patch submitted by Nis Wechselberg (enewe@enbewe.de).
 2016-07-20 14:28:15 -07:00
Mark Andrews
0dacb6efdf ignore configure generated files 2016-06-29 23:32:06 +10:00
Mark Andrews
cd734243d4 ignore configure generated files 2016-06-29 23:27:12 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
50a3eae6cf 4400. [bug] ttl policy was not being inherited in policy.py. 
[RT #42718]
 2016-06-27 13:07:45 +10:00
Mark Andrews
8d49a1a0d1 4399. [bug] policy.py 'ECCGOST', 'ECDSAP256SHA256', and 
'ECDSAP384SHA384' don't have settable keysize.
                        [RT #42718]
 2016-06-27 12:11:37 +10:00
Mark Andrews
97e13cc244 4398. [bug] Correct spelling of ECDSAP256SHA256 in policy.py. 
[RT #42718]
 2016-06-27 11:49:11 +10:00
Mark Andrews
8927a982bd update copyrights / whitespace 2016-06-24 16:23:26 +10:00
Mark Andrews
9f5443280f 4397. [bug] Update Windows python support. [RT #42538] 2016-06-24 16:04:10 +10:00
Mark Andrews
c1a72112b2 4396. [func] dnssec-keymgr now takes a '-r randomfile' option. 
[RT #42455]
 2016-06-24 14:12:24 +10:00
Mark Andrews
b709d84755 distclean cleanup 2016-06-24 13:52:01 +10:00
Mark Andrews
4840ef4581 4395 [bug] Improve out-of-tree installation of python modules. 
[RT #42586]
 2016-06-24 12:20:37 +10:00
Mark Andrews
32e1f3cda0 improve error message for missing dnssec-keygen/dnssec-settime. [RT #42456] 2016-05-26 15:46:10 +10:00
Mark Andrews
10f8dc8456 4370. [bug] Address python3 compatibility issues with RNDC module. 
[RT #42499] [RT #42506]
 2016-05-26 12:01:31 +10:00
Mark Andrews
9c6a57d7c7 address python2/python3 differences 2016-05-25 15:19:25 +10:00
Mark Andrews
e6d09e71d0 style 2016-05-25 13:41:48 +10:00
Mark Andrews
9dede25430 4370. [bug] Address python3 compatibility issues with RNDC module. 
[RT #42499]
 2016-05-25 11:48:52 +10:00
Mark Andrews
d3600bb89d 4369. [bug] Fix 'make' and 'make install' out-of-tree python 
support. [RT #42484]
 2016-05-24 09:50:23 +10:00
Witold Krecicki
dc2a4887c4 4357. [func] Add the python RNDC module. [RT #42093] 2016-05-05 11:33:47 +02:00
Evan Hunt
470af54b4e [master] more python2/3 compatibility fixes; use setup.py to install 2016-04-29 14:40:45 -07:00
Evan Hunt
304d16f08f [master] address some python2/3 incompatibilities 2016-04-29 10:38:35 -07:00
Evan Hunt
90c7806bb6 [master] remove gnu make dependency 2016-04-29 09:36:36 -07:00
Evan Hunt
a27dc50157 [master] copyrights 2016-04-28 22:30:53 -07:00