upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
26645 commits 18 branches 854 tags 440 MiB
Commit graph

58 commits

Author SHA1 Message Date
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Evan Hunt
586e65ea5c [rt31459d] rebased rt31459c 2017-09-12 19:05:46 -07:00
Michał Kępień
330365566d [master] Prevent dnssec-settime from printing a bogus warning 
4686.	[bug]		dnssec-settime -p could print a bogus warning about
			key deletion scheduled before its inactivation when a
			key had an inactivation date set but no deletion date
			set. [RT #45807]
 2017-08-21 10:20:10 +02:00
Michał Kępień
5201b96d03 [master] Fix calculation of dates for a successor key 
4685.	[bug]		dnssec-settime incorrectly calculated publication and
			activation dates for a successor key. [RT #45806]
 2017-08-21 09:55:36 +02:00
Tinderbox User
f4eb664ce3 update copyright notice / whitespace 2017-08-09 23:47:50 +00:00
Evan Hunt
cdacec1dcb [master] silence gcc 7 warnings 
4673.	[port]		Silence GCC 7 warnings. [RT #45592]
 2017-08-09 00:17:44 -07:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Evan Hunt
f6096b958c [master] dnssec-keymgr 
4349.   [contrib]       kasp2policy: A python script to create a DNSSEC
                        policy file from an OpenDNSSEC KASP XML file.

4348.	[func]		dnssec-keymgr: A new python-based DNSSEC key
			management utility, which reads a policy definition
			file and can create or update DNSSEC keys as needed
			to ensure that a zone's keys match policy, roll over
			correctly on schedule, etc.  Thanks to Sebastian
			Castro for assistance in development. [RT #39211]
 2016-04-28 00:16:01 -07:00
Tinderbox User
4df65ccfec update copyright notice / whitespace 2016-01-25 23:45:24 +00:00
Mark Andrews
f8432e3f24 4301. [bug] dnssec-settime -p [DP]sync was not working. [RT #41534] 2016-01-26 00:09:03 +11:00
Mark Andrews
5b1c7ef35b 4264. [bug] Check const of strchr/strrchr assignments match 
argument's const status. [RT #41150]
 2015-11-20 18:38:24 +11:00
Mark Andrews
e939674d53 4252. [func] Add support for automating the generation CDS and 
CDNSKEY rrsets to named and dnssec-signzone.
                        [RT #40424]
 2015-11-05 12:09:48 +11:00
Mark Andrews
bc8f82492d 4098. [bug] Address use-after-free issue when using a 
predecessor key with dnssec-settime. [RT #39272]
 2015-04-15 12:33:21 +10:00
Mark Andrews
af669cb4fd 4074. [cleanup] Cleaned up more warnings from gcc -Wshadow. [RT #38708] 2015-02-27 10:55:55 +11:00
Tinderbox User
c110d61b17 update copyright notice / whitespace 2015-01-20 23:45:26 +00:00
Evan Hunt
11463c0ac2 [master] clean up gcc -Wshadow warnings 
4039.	[cleanup]	Cleaned up warnings from gcc -Wshadow. [RT #37381]
 2015-01-20 13:29:18 -08:00
Mukund Sivaraman
4278293107 [10686] Add version printing option to various BIND utilites 
Squashed commit of the following:

commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
Author: Evan Hunt <each@isc.org>
Date:   Tue Jun 10 16:52:45 2014 -0700

    [rt10686] move version() to dnssectool.c

commit df205b541d1572ea5306a5f671af8b54b9c5c770
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:31 2014 +0530

    Rearrange order of cases

commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:08 2014 +0530

    Add version printer to dnssec-verify

commit a625ea338c74ab5e21634033ef87f170ba37fdbe
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:32:19 2014 +0530

    Add version printer to dnssec-signzone

commit d91e1c0f0697b3304ffa46fccc66af65591040d9
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:26:01 2014 +0530

    Add version printer to dnssec-settime

commit 46fc8775da3e13725c31d13e090b406d69b8694f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:25:48 2014 +0530

    Fix docbook

commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:20:17 2014 +0530

    Add version printer to dnssec-revoke

commit d0916420317d3e8c69cf1b37d2209ea2d072b913
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:17:54 2014 +0530

    Add version printer to dnssec-keygen

commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:14:11 2014 +0530

    Add version printer to dnssec-keyfromlabel

commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:13:39 2014 +0530

    Update usage help output, docbook

commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:07:18 2014 +0530

    Add version printer to dnssec-importkey

commit 9274fc61e38205aad561edf445940b4e73d788dc
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:01:53 2014 +0530

    Add version printer to dnssec-dsfromkey

commit bf4605ea2d7282e751fd73489627cc8a99f45a90
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 20:49:22 2014 +0530

    Add -V to nsupdate usage output
 2014-06-16 12:10:38 +05:30
Evan Hunt
acbb301e64 [master] better error output when initializing pkcs11 
3786.	[func]		Provide more detailed error codes when using
			native PKCS#11. "pkcs11-tokens" now fails robustly
			rather than asserting when run against an HSM with
			an incomplete PCKS#11 API implementation. [RT #35479]
 2014-03-12 20:52:01 -07:00
Evan Hunt
a165a17a81 [master] dnssec-keygen fixes 
3730.	[cleanup]	Added "never" as a synonym for "none" when
			configuring key event dates in the dnssec tools.
			[RT #35277]

3729.	[bug]		dnssec-kegeyn could set the publication date
			incorrectly when only the activation date was
			specified on the command line. [RT #35278]
 2014-02-06 15:59:14 -08:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Tinderbox User
5ac5300fdf update copyright notice 2013-01-17 23:46:25 +00:00
Curtis Blackburn
c8803902d6 [bug] Added checks in dnssec-keygen and dnssec-settime to check for 
delete date < inactive date. [RT #31719]
 2013-01-17 10:59:16 -06:00
Evan Hunt
a1dbf90381 [master] remove libgen.h from dnssec tools 
we no longer use basename() or dirname()
 2012-11-27 19:45:51 -08:00
Tinderbox User
291a670d12 update copyright notice 2012-07-05 23:45:48 +00:00
ckb
c514f38c80 Conflicts: 
lib/dns/dst_parse.c
	lib/isc/win32/file.c
 2012-07-05 16:07:31 -05:00
Evan Hunt
6b95b91c61 3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664] 2011-06-02 20:24:45 +00:00
Evan Hunt
10a759cee6 3086. [bug] Running dnssec-settime -f on an old-style key will 
now force an update to the new key format even if no
			other change has been specified, using "-P now -A now"
			as default values.  [RT #22474]
 2011-03-21 15:56:35 +00:00
Automatic Updater
207cee019e update copyright notice 2011-03-17 23:47:30 +00:00
Evan Hunt
61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and 
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
 2011-03-17 01:40:40 +00:00
Evan Hunt
584ad7dedd 2990. [bug] 'dnssec-settime -S' no longer tests prepublication 
interval validity when the interval is set to 0.
			[RT #22761]
 2010-12-19 07:29:36 +00:00
Automatic Updater
f428e385a4 update copyright notice 2010-08-16 23:46:52 +00:00
Mark Andrews
c6f4972c74 2943. [func] Add support to load new keys into managed zones 
without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]
 2010-08-16 22:21:07 +00:00
Evan Hunt
dcfca6f18d 2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921] 2010-02-03 01:02:37 +00:00
Evan Hunt
8ebf67b7f0 2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime. 
[RT #20851]
 2010-01-07 19:13:59 +00:00
Automatic Updater
247f299fb0 update copyright notice 2010-01-06 23:48:47 +00:00
Evan Hunt
b1fbf2a4db fix spacing 2010-01-06 00:53:45 +00:00
Automatic Updater
928e12ccdc update copyright notice 2009-12-18 23:49:03 +00:00
Evan Hunt
9de98fbbbe 2809. [cleanup] Restored accidentally-deleted text in usage output 
in dnssec-settime and dnssec-revoke [RT #20739]
 2009-12-18 07:49:42 +00:00
Evan Hunt
e3b59e4af7 Minor cleanup in dnssec-* tools 2009-10-27 18:56:49 +00:00
Evan Hunt
c021499604 2731. [func] Additional work on change 2709. The key parser 
will now ignore unrecognized fields when the
			minor version number of the private key format
			has been increased.  It will reject any key with
			the major version number increased. [RT #20310]
 2009-10-26 21:18:24 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Evan Hunt
315a1514a5 2709. [func] Added some data fields, currently unused, to the 
private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]
 2009-10-09 06:09:21 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Francis Dupont
debd489a44 noreturn RT #20257 2009-09-29 15:06:07 +00:00
Evan Hunt
53c22b8e0d 2685. [bug] Fixed dnssec-signzone -S handling of revoked keys. 
Also, added warnings when revoking a ZSK, as this is
			not defined by protocol (but is legal).  [RT #19943]
 2009-09-23 16:01:57 +00:00
Evan Hunt
b843f577bb 2677. [func] Changes to key metadata behavior: 
- Keys without "publish" or "active" dates set will
			  no longer be used for smart signing.  However,
			  those dates will be set to "now" by default when
			  a key is created; to generate a key but not use
			  it yet, use dnssec-keygen -G.
			- New "inactive" date (dnssec-keygen/settime -I)
			  sets the time when a key is no longer used for
			  signing but is still published.
			- The "unpublished" date (-U) is deprecated in
			  favor of "deleted" (-D).
			[rt20247]
 2009-09-14 18:45:45 +00:00
Evan Hunt
8d0a1ede2f RT #20213: 
- correctly use -K option in dnssec-keygen
- fix an improper free() in dnssec-revoke
- fix grammar in dnssec-settime
 2009-09-04 16:57:22 +00:00
Automatic Updater
d7201de09b update copyright notice 2009-09-02 23:48:03 +00:00