upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
34574 commits 18 branches 854 tags 440 MiB
Commit graph

6413 commits

Author SHA1 Message Date
Michal Nowak
87dc26e494
Add FreeBSD 13.1 
(cherry picked from commit bc425be55e1736d4f2ffada5e8d76f96b08c8351)
 2022-08-18 17:34:08 +02:00
Michal Nowak
16458122a8 BIND 9.16.32 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmLsQt8PHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFQZwQAKcgEyE1zTzfX1g1XNeTgScVX/Dl4Ypat53i
 uvlLXPArgy3cq6EOaXaQ6HZhAGjvxdOo706vQnpRSkcqvC+ekoiBabNUedyyh+B5
 cdArlHJ7vaoWlj0PLolphApe1nTKM/68U5QEhM02GpF0NpmxXfGiTDDQNrTnyXiU
 nnCZevyqjqpEinQ8BfWWtuypUicf74J+hgydU4qYUYpYtyNEnR7xIpMQtPvnujFb
 /8Vfg9fZUaXiuIyAxDLtkXwuV5cEzcApWUnjJegx3QLcHUaYadGkUX5Ks7pV9Ivp
 36o9GY7Q0AQkyvanp7ajSUBEtCNLDcGL5Qh2NiTUY0NUr2uPqlEbLbaAqqhYWiBy
 uj0PQhdY9OV66wZPaOySFcMGVGyoNJYtD3J3so+fb2mwvDJmcOiJPxxRUOkMHE29
 TOwz1WoUrfHxxdGHgenXZE/jWcTW8kgC8208Hbfpdcpu4PPU6/7Giur8Ouo3gd+D
 +oI7H4WKwKpHXbqHoV9XbYAasQsHC7jPH/VgTEUEP+UoaE9mJG8Y59mWD+aTP7fz
 1QQmFpjNRMX4CEM2uQPnGNEwAx9tIR0hzBc/pqAQCC5fLG7X012V+odKO1gQUkGw
 ko4qOGugbvjzJP8u4N3acKcYvTH+ATNaBPG4lNe1RGUV+6Fwki4BqeqYxJOKcHm2
 hsNyWFBz
 =sS9Q
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEIz+ZTe/bbr1Q+/5RJKPoRjruXlYFAmL+DLcACgkQJKPoRjru
 XlaQyxAAkhFMdOjRuu/zaoWzRGlwnD77yyChEFh9IhC/h/qYhEnrg+ddKrofcprA
 dciI3ZMeiZq7pzmhdL1zvGomk6HWm6H6DwrTlpIGnFlTgs9hqEGvv3diron1nGjD
 FE3qjVFPfKJza8Lqzdpz1KZF5TKd3pwID77qN50ZmQSMorUpu/NZSIvbnl0KZLHH
 GjWfAlGc7/L1HaFpRFRgFCpSBNXNoKVvhFF5E1E3ky/qdAZ8YqzsQE9sgHSVag/W
 iUjfzqKUwhgY5obbpalO1+U8y5C/BfE/QcUPF+zGcJy54ue2o9P7M6iwN8+DSwGj
 MunmAMUzzLJHjK7wPnPasxQk9obBShuhQBbEiGL4hD0XUnlNTawzsChCGARk39yU
 qOjFnP3fDxhRdMZiaRNSWl6ZkzvomaAGVupPSh+i0xSUJCGjXw+b5dLC0ImXVuID
 ZaZfqgXNJHoRY6Q5Ixkj2s53gNeuwzoSUCxi082d3909lf+ABYMm+jo03YYHINvm
 hgnAKonkrpV2BqAF7Fyokf9PRRyt6L7hcrj+dAwfO8osKpfU881zrluxJeL8a2Wb
 lSBw8Y9+rnYN9auUioD+VusfORyM13hC6YXpnq3NTKsPv2zRy6UWVGCXHuWCAH2c
 x/U6hy85tSnYFvtMrJ0gzIRx0v+J1RQDKDT3RSkCyl6oQtvxSiI=
 =uwFk
 -----END PGP SIGNATURE-----

Merge tag 'v9_16_32' into v9_16

BIND 9.16.32
 2022-08-18 11:55:55 +02:00
Michal Nowak
591d58be6e
Add OpenBSD 7.1 
(cherry picked from commit 7edf8ab47cfd0cc3a633e941b2880ee11d75d6cd)
 2022-08-16 17:17:34 +02:00
Matthijs Mekking
294431b8f8 Add release note and change entry for #2982 
News worthy.

(cherry picked from commit 2bd448676604f6b9e1a01c5b0615f45c3b35ffed)
 2022-08-09 09:38:23 +02:00
Michał Kępień
571a5b7cca Set up release notes for BIND 9.16.33 2022-08-05 06:58:17 +02:00
Michał Kępień
c2ca99b710 Tweak and reword release notes 2022-08-04 23:59:36 +02:00
Michał Kępień
814d9f7bc8 Prepare release notes for BIND 9.16.32 2022-08-04 23:59:36 +02:00
Aram Sargsyan
23bf8afbcb Add CHANGES and release notes for [GL #3461] 
(cherry picked from commit 0d64f55f5dee7ffee76ddc1e4df15514ab7882c9)
 2022-08-01 14:01:37 +00:00
Matthijs Mekking
3c2f517415 Add change entry and release note for #3462 
News worthy.

(cherry picked from commit 44bbc0175c5cd0df5c45b726464bcb82604d34ab)
 2022-07-26 10:02:26 +02:00
Mark Andrews
8be8257914 Add release note for [GL #3469] 
(cherry picked from commit 16b133af407e7659f6c46a81aa58e1d7891249d4)
 2022-07-25 11:37:49 -04:00
Evan Hunt
a20584dcf8 CHANGES and release note for [GL #2918] 2022-07-22 15:24:34 -07:00
Evan Hunt
1ed5eb38e4 clarify "max-zone-ttl" documentation 
The "max-zone-ttl" option should now be configured as part of
dnssec-policy. Use of this option in zone/view/options will be ignored
in any zone that also has dnssec-policy configured.
 2022-07-22 15:24:29 -07:00
Petr Špaček
a94c063c19
Avoid opt-out flag in dnssec-signzone examples 
Since !6413 we discourage opt-out, so we should not be advertising it in
the examples. Even worse, it was just thrown into the command line
without even mentioning its meaning in the surrounding text.

Related: !6413
(cherry picked from commit beae857288b52ee555bdf41491c5aa2eec390c10)
 2022-07-21 15:19:38 +02:00
Petr Špaček
445863c9fd
Remove errorneous shell output redirection from dnssec-signzone example 
The > looked like shell output redirection. It was present since we
imported DNSSEC Guide into the ARM.

(cherry picked from commit 1ab564d605450cb2c473ded28ff5e8891a4df83b)
 2022-07-21 15:19:38 +02:00
Michal Nowak
a0e7b05aba BIND 9.16.31 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmLLrYAPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFWQMP/A9YkC4Fw3K0mjtUF27Hv+QgEBEZa61QoWVN
 eb5jRhGCbnjvDy/iO+OK1NiIwRjGuBMG07iZImtoibZba0FuqsWFn0ZbXbN9GCVo
 5zdvV2zBnq7vUpPUOB2vAcu1OjNzXOh3UipZMxnTdjFCHlSCTbDfItkv4bEtkizm
 We00jpqR8Z5vGr0APjAm09LVcuCWhP1+cl8uh1vnpj10s0peLo8Qu1cDThlGQlBv
 elHbJPqAFkS7IOr5zHwmFBakmwr58wzVBT0FcDwfzf4uvSsx5R0yTYhNrBN9skx7
 LsmYM7sFLbKyePM7UcO9wLfsAMX95efmoTW80//cuP63P52GSTdnyuhOIJbALyWl
 eQLXFejue7dsFO9a7HOnkOIc/raWE7BKdzWrrS3faqqugiqgneaNijT5shkhLKJD
 CfN7izd7VkhU5j95Co7uMzrBaueUp3KcBvBCcr2zG49Ijegc/YG4yHkH9Jeds/ih
 JSgsk0z7rnrwKD8GyDREfONcbzqnnt1qs0r6YwOPM+zYmXeN1jkkrQu3tXEtoiHN
 LmZQtl+9Zh4iCymPgvCx+kCRtRH8klYHuMOoxNYIEzsGzYpIa9BXX4ZYLSg84Bjg
 73pkx6k8xWl+JjoIOXtstS6hDTHoPypeeWbaQq2IMT8wB2rPkOljDd0Ha9jSJeZS
 +OTYnMgC
 =xkeC
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEIz+ZTe/bbr1Q+/5RJKPoRjruXlYFAmLZSLsACgkQJKPoRjru
 XlbNwRAAkieyST9LCNLT41DigJ3vIBoOad6uFCMbe+KCEq2lg9J9CNZg6iE5UWOD
 EA19pcXuSXlnNpyUeeVV11bv7YBJ7yw7Y7mYA/T6V9r8ivbAJJjYBWakZ5swaDY/
 X9iIqI8erwLomrmCC5EO2E3MIe7CpS0Y7Ei2OimLLMgCcBChUDfPB3n+Zy5a1CNu
 d0LVNldigqLwbBsllNFYyaXl2AcvGBIAXzgnUI+GzjD0AnXCPB1HF7aQnxvR+eVG
 docclHze39JTY5qtPaVM6HjjxR3dJPTdjInhFdyiZyn5iUe3NfZ64LOOZeZYozqk
 3Z/O4sfZZbFtxQETcSlQl3bL8RVTnhhNDy+nBRBgNSTNXB4ZQcwCmqtgwdcvtVwu
 ERh52PjgSIgriVw7O66MtLpfCedU7lRTad21tv4ocE4ye/4IpQ56tKKiEgXWVhc4
 9YHAwFk5daeEzxpIMmsj89bwPMa5z9nMr3kn0MApPNK66+vkKFFs3iiFN0N9I1tQ
 sYZ+Ga+UqJ/wZg2YGpyyYU8w3ZztXk6d3+TONsBIROJFLNdGxyOEYOuf4zPUEYY8
 Ex0ZcWEuuFqOxXY1IJLsxHRimz3Cog3qo4MGPCbMo6DTeUxwxCvTriLKKCqOriVB
 0GnnUP4TgJyOY+1BHjVpDd9LQurpEUNOL1I0uz2oersN+wRn4Sw=
 =lMz1
 -----END PGP SIGNATURE-----

Merge tag 'v9_16_31' into v9_16

BIND 9.16.31
 2022-07-21 14:37:36 +02:00
Michał Kępień
31012c1c0d Update documentation for named's -M option 
Add "internal" to the list of legal values for the -M command-line
option (commit 1f7d2d53f0 added that
flag).

Make the style of the relevant paragraph more in line with the next one
and split its contents up into an unordered list of options for improved
readability.

(cherry picked from commit f0c31ceb3ba7364aa0478adf17c43ef700270a76)
 2022-07-15 10:45:34 +02:00
Michal Nowak
0043999f54
Add Alpine Linux 3.16 
(cherry picked from commit 0d0ab3db10)
 2022-07-12 13:59:30 +02:00
Matthijs Mekking
60c297d717 Add release note and change entry for #3438 
Bug worth mentioning.

(cherry picked from commit 689215a675)
 2022-07-12 12:48:57 +02:00
Michał Kępień
c660730ea3 Set up release notes for BIND 9.16.32 2022-07-11 08:52:51 +02:00
Michał Kępień
5cbf8d3c18 Tweak and reword release notes 2022-07-11 06:32:55 +02:00
Michał Kępień
59da803e86 Prepare release notes for BIND 9.16.31 2022-07-11 06:32:55 +02:00
Petr Špaček
4caaff0afa
Deduplicate Manual Signing between DNSSEC chapter and DNSSEC Guide 
The two procedures were essentially the same, but each instance was
missing some details from the other. They are now combined into one text
in the DNSSEC Guide and linked from DNSSEC chapter.

(cherry picked from commit 7d25027898)
 2022-07-07 12:04:39 +02:00
Suzanne Goldlust
71f3d521cb
Minor grammar improvements in the Signing chapter of the DNSSEC Guide 
(cherry picked from commit 6b1ad4dcfb)
 2022-07-07 11:48:33 +02:00
Petr Špaček
dd46af7f59
Deduplicate key filename description in the DNSSEC Guide 
Third time ...

(cherry picked from commit 7e96801841)
 2022-07-07 11:40:45 +02:00
Petr Špaček
6c1b34e9b5
Use ECDSAP256SHA256 in DNSSEC signing examples 
(cherry picked from commit 3eb6898a14)
 2022-07-07 11:39:32 +02:00
Matthijs Mekking
0a13a85dff
Add a section about key rollover 
Describe how to do key rollovers with dnssec-policy. Update the
revert to unsigned recipe in the DNSSEC guide.

(cherry picked from commit f721986589)
 2022-07-07 11:37:25 +02:00
Petr Špaček
75854c5e6b
Rewrite DNSSEC Validation subchapter in the ARM 
Mostly deduplicating and linking information across the ARM.
Generally people should not touch it unless they what they are doing, so
let's try to discourage them a bit.

(cherry picked from commit bffa3063f0)
 2022-07-07 11:07:32 +02:00
Petr Špaček
c9e52437ca
Resynchronize DNSSEC chapter with the main branch 
This is essentially a backport of !6296.

Replace DNSSEC chapter with version from the main branch, commit
901b6425d2.

There were structural changes to the ARM in the main branch, and
replacing the whole file with a new version is an order of magniture
easier than attempting to cherry-pick individual changes which should, in
the end, produce the same file under a different name.

File names in the main branch and v9_16 are now in sync (for the DNSSEC
chapter).

Fixes: #3320
 2022-07-07 10:34:06 +02:00
Evan Hunt
4897f3ccc0 Improve $GENERATE documentation 
Clarify the documentation of $GENERATE modifiers and add an example.

(cherry picked from commit 13fb2faf7a)
 2022-07-06 11:35:16 +10:00
Aram Sargsyan
d31223d477 Add CHANGES and release note for [GL #3398] 2022-07-01 08:42:28 +00:00
Petr Špaček
561f2a3930
Declare Debian 9 (Stretch) community-maintained 
(cherry picked from commit 4ce1f25210)
 2022-06-28 17:59:21 +02:00
Matthijs Mekking
68105e66cf Add some clarifications wrt dynamic zones 
These were suggested by GitLab user @elmaimbo.

(cherry picked from commit fb517eb52a)
 2022-06-27 11:56:59 +02:00
Michal Nowak
009c7871ec
Add Ubuntu 22.04 LTS (Jammy Jellyfish) 
(cherry picked from commit 4c2af3bdfa)
 2022-06-22 12:04:13 +02:00
Matthijs Mekking
e1f0acc3e7 Document where updates and DNSSEC records are stored 
Make clear that inline-signing stores DNSSEC records in a signed
version of the zone, using the zone's filename plus ".signed" extension.

Tell that dynamic zones store updates in the zone's filename.

DNSSEC records for dynamic zones also go in the zone's filename, unless
inline-signing is enabled.

Then, dnssec-policy assumes inline-signing, but only if the zone is
not dynamic.

(cherry picked from commit 8860f6b4ff)
 2022-06-20 16:50:42 +02:00
Petr Špaček
3eae58207a
Update NSEC3 guidance to match draft-ietf-dnsop-nsec3-guidance-10 
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10
is on it's way to become RFC, so let's update our recommendations in the
docs to be in line with it.

The default values for dnssec-policy and dnssec-signzone were adapted to
match v9_16 branch.

(cherry picked from commit 2ee3f4e6c8)
 2022-06-15 18:10:50 +02:00
Michał Kępień
68fadd52c1 BIND 9.16.30 
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmKZEiYPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFtsgP/iTyAYIAZ+MCV7hg2NaCPZ8bjsdP/puGxeL7
 1skmEn5zWACKSN0LpeagW2B8mK3TzzZ8jjt2RfIquJxo0BNgAdq8zXfRqVECeei+
 T9hCYRkYhEEV1N+Epr2j9Q8D1x3v6fyn+Rmv/yNWeI3ZtYtNhQ6M1v+X5HTeSA5C
 3vBPFdkcEcHMNI6hSWEaekQDth1ea6POY0RfODfnZffxj6QWSAeLlNoCkw293Xaa
 AIBuh+RKdURcEHd0BS49kaRBemF2k/IKLWimuOlgU522dN3H9BKTmCqPTBq+rksG
 OUtt4Gw+sLEPeUmq4jreJHnMhByuqgw3z2Cfod6dLlJV7rWhUyULbAsbSx8H1r/s
 G2BhDRRrMC1awxhDhz6MbyMT0rl3yZIMfc4LPScRLkJwTFVRqQJHhlKQn/qM6UYX
 Y+gefbEhRnqeYiQr0m/wRSs4lW7GfXpPHc9oKIikRZNVtLeRZNx29uVjvTTnsfIX
 UKKA+S5lCX+rXxSZx7FIRY//hNkFzXUXKbMDM1+2a4dIG6vrwXnTPbbj9bPTf29Q
 uLJlZVCBh6GnPK/YM+KXDiYAvXyiISrCxO7ySoMEUe4063xeZ8gChfeV7bEdxhHz
 zoVZ693V/BUH6XgzyiD/BMMIG5pKLWxtZCX21CIeo2PCO/aa/aj8kRwPvtdj4at0
 RN1Foczw
 =V0gX
 -----END PGP SIGNATURE-----

Merge tag 'v9_16_30' into v9_16

BIND 9.16.30
 2022-06-15 16:02:06 +02:00
Petr Špaček
b14b29b969
Update FAQ in the DNSSEC Guide 
Mention DoT/DoH, update stats, remove mentions of early stages of
deployment.

(cherry picked from commit fd3a2c7854)
 2022-06-14 18:18:54 +02:00
Petr Špaček
308c7f7c5c
Update Authoritative Server Hardware requirements in DNSSEC Guide 
Based on measurements done on BIND v9_19_2 using bank. TLD and a
synthetitc fullly signed zone, using RSASHA256 and ECDSAP256SHA256
algorithms with NSEC and NSEC3 without opt-out.

(cherry picked from commit 635885afe6)
 2022-06-14 18:18:36 +02:00
Petr Špaček
0efc93ce1a
Update DNSSEC validation deployment stats in DNSSEC Guide 
(cherry picked from commit 832c172985)
 2022-06-14 18:18:36 +02:00
Petr Špaček
b64c8459f7
Rewrite Recursive Server Hardware requirements in DNSSEC Guide 
This section was completely out of date. Current measurements on dataset
Telco EU 2022-02 and BIND 9.19.1 indicate absolutely different results
than described in the old version of the text.

(cherry picked from commit 6cf8066b9c)
 2022-06-14 18:18:36 +02:00
Petr Špaček
4319b776f8
Remove outdated software requirements from DNSSEC Guide 
Guide in this repo is tied to latest version anyway, so let's not even
mention ancient versions of BIND.

This also solves the OpenSSL question because it is now mandatory for
build, which subsequently removes the entropy problem - so let's not
mention it either.

(cherry picked from commit 6e79877759)
 2022-06-14 18:18:35 +02:00
Ondřej Surý
5cd2acb374 Add CHANGES and release note for [GL #3400] 
(cherry picked from commit 646df5cbbc)
 2022-06-14 11:55:03 +02:00
Petr Špaček
f01f316268
Clarify dnssec-keyfromlabel -a in man page 
(cherry picked from commit 5f53003dae)
 2022-06-10 08:02:33 +02:00
Tom Krizek
b3c7bd1c04
Auto-format Python files with black 
This patch is strictly the result of:
$ black $(git ls-files '*.py' '*.py.in')

There have been no manual changes.
 2022-06-08 13:34:19 +02:00
Tom Krizek
cf92d05908
Enforce Python codestyle with black 
Black is an opinionated tool for auto-formatting Python code so we no
longer have to worry about the codestyle.

For the codestyle decisions and discussion, refer to the upstream
documentation [1].

[1] https://black.readthedocs.io/en/stable/the_black_code_style/current_style.html
 2022-06-08 13:29:01 +02:00
Tom Krizek
8668c8c061
Remove trailing whitespace 
My editor doesn't like that!

(cherry picked from commit 5d64d05be9)
 2022-06-08 13:24:30 +02:00
Michał Kępień
913c0b833c Set up release notes for BIND 9.16.31 2022-06-03 11:05:47 +02:00
Michał Kępień
e012953aea Add release note for GL #3327 2022-06-02 20:57:12 +02:00
Michał Kępień
35aaf41516 Reorder release notes 2022-06-02 20:57:12 +02:00
Michał Kępień
ee8b00bdf2 Tweak and reword release notes 2022-06-02 20:57:12 +02:00