upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-01 13:01:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25856 commits 18 branches 854 tags 440 MiB
Commit graph

80 commits

Author SHA1 Message Date
Tinderbox User
d2017ba188 update copyright notice / whitespace 2018-01-03 23:46:13 +00:00
Mark Andrews
adfe58e8e5 4856. [bug] 'rndc zonestatus' reported the wrong underlying type 
for a inline slave zone. [RT #46875]

(cherry picked from commit 0b27aa0712)
 2018-01-04 10:12:15 +11:00
Mark Andrews
0d6328ce5f 4840. [test] Add tests to cover fallback to using ZSK on inactive 
KSK. [RT #46787]

(cherry picked from commit 32d09cd7e0)
 2017-12-06 20:38:26 +11:00
Evan Hunt
95d40c1e9d [v9_11] fix test descriptions 2017-12-04 15:49:13 -08:00
Tinderbox User
8e13601a1b update copyright notice / whitespace 2017-12-03 23:46:15 +00:00
Mark Andrews
bf459d24a1 4837. [bug] dns_update_signatures{inc} (add_sigs) was not 
properly determining if there were active KSK and
                        ZSK keys for a algorithm when update-check-ksk is
                        true (default) leaving records unsigned. [RT #46743]

(cherry picked from commit 196e01da5f)
 2017-12-04 10:04:58 +11:00
Tinderbox User
acce4b333d update copyright notice / whitespace 2017-09-18 23:52:43 +00:00
Michał Kępień
62f2fefaec [v9_11] Prevent possible infinite signing loop after retransferring an inline-signed slave using NSEC3 
4727.	[bug]		Retransferring an inline-signed slave using NSEC3
			around the time its NSEC3 salt was changed could result
			in an infinite signing loop. [RT #45080]

(cherry picked from commit f665c724e4)
 2017-09-18 09:23:18 +02:00
Tinderbox User
bd911976d5 update copyright notice / whitespace 2017-09-13 23:52:25 +00:00
Mark Andrews
a27226b849 give more time for the initial signing of bits in the inline signing test to complete 
(cherry picked from commit e930487ce7)
 2017-09-13 12:19:42 +10:00
Witold Krecicki
3783f45e68 Fix merge error in bin/tests/system/conf.sh.in, add missing cleanups in tests 2016-07-26 20:33:06 +02:00
Evan Hunt
801707fe19 [v9_11] store "addzone" zone config in a NZD database 
4421.	[func]		When built with LMDB (Lightning Memory-mapped
			Database), named will now use a database to store
			the configuration for zones added by "rndc addzone"
			instead of using a flat NZF file. This improves
			performance of "rndc delzone" and "rndc modzone"
			significantly. Existing NZF files will
			automatically by converted to NZD databases.
			To view the contents of an NZD or to roll back to
			NZF format, use "named-nzd2nzf". To disable
                        this feature, use "configure --without-lmdb".
                        [RT #39837]
 2016-07-21 11:14:16 -07:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Tinderbox User
dce54b9b5c update copyright notice / whitespace 2016-06-14 23:45:25 +00:00
Mark Andrews
3635d8f910 do not overflow exit status. [RT #42643] 2016-06-14 13:48:39 +10:00
Jeremy C. Reed
ae6b7bcd92 add some more files to cleanup after successful system test runs 2015-04-21 08:42:09 -04:00
Tinderbox User
811acf52b8 update copyright notice / whitespace 2015-03-04 23:45:21 +00:00
Mark Andrews
1b05d22789 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]
 2015-03-05 09:59:29 +11:00
Mukund Sivaraman
47d837a499 Make named a singleton process [RT#37908] 
Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/win32/libdns.def.in
	lib/isc/win32/file.c

The merge also needed to update files in legacy and tcp system tests
(newly introduced in master after branch was created) to introduce use
of lockfile.
 2014-12-18 12:31:25 +05:30
Mark Andrews
d65fb496fb use perl not awk to do serial additions 2014-11-21 18:08:04 +11:00
Evan Hunt
0ada3802ea [master] awk portability fix 2014-11-17 12:22:18 -08:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Tinderbox User
2fb35a6d59 update copyright notice 2014-09-29 23:45:24 +00:00
Mark Andrews
1c5990c2f9 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]
 2014-09-29 12:10:10 +10:00
Mark Andrews
8aa098c633 update copyrights 2014-09-06 09:38:48 +10:00
Tinderbox User
948c80ffa8 update copyright notice 2014-09-04 23:45:24 +00:00
Evan Hunt
a878301981 [master] servfail cache 
3943.	[func]		SERVFAIL responses can now be cached for a
			limited time (configured by "servfail-ttl",
			default 10 seconds, limit 30). This can reduce
			the frequency of retries when an authoritative
			server is known to be failing, e.g., due to
			ongoing DNSSEC validation problems. [RT #21347]
 2014-09-03 23:28:14 -07:00
Mark Andrews
62275d5306 make test for nsec3param more robust 2014-06-27 15:50:51 +10:00
Evan Hunt
60988462e5 [master] use posix-compatible shell in system tests 
3839.	[test]		Use only posix-compatible shell in system tests.
			[RT #35625]
 2014-05-06 22:06:04 -07:00
Evan Hunt
92fe6db3e4 [master] use test -r in system tests 
3806.	[test]		Improved system test portability. [RT #35625]
 2014-04-09 20:29:52 -07:00
Evan Hunt
741dfd3ccd [master] tests directory cleanup 2014-03-06 11:11:27 -08:00
Tinderbox User
aa7b16ec2a update copyright notice 2014-01-21 23:46:16 +00:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests 
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
 2014-01-20 16:08:09 -08:00
Tinderbox User
dfd5f3b388 update copyright notice 2014-01-18 23:46:13 +00:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Curtis Blackburn
8009525601 3682. [bug] Correct the behavior of rndc retransfer to allow 
inline-signing slave zones to retain NSEC3 parameters instead of
			reverting to NSEC [RT #34745]
 2013-12-04 12:26:20 -06:00
Mark Andrews
6b0434299b 3671. [bug] Don't allow dnssec-importkey overwrite a existing 
non-imported private key.
 2013-11-13 12:01:09 +11:00
Tinderbox User
bcbb556868 update copyright notice 2013-09-19 23:46:20 +00:00
Mark Andrews
88a6dc33b7 only generate DSA/ECDSA signatures in named if we have a source of randomness and only on specific platforms 2013-09-19 10:40:38 +10:00
Mark Andrews
3d3aa9cde6 use -r rather then -f 2013-09-09 12:19:30 +10:00
Mark Andrews
23c73a1848 only test dsa if we have a random device 2013-09-09 11:42:58 +10:00
Evan Hunt
690bd6bf5d [master] fix inline test, add importkey to win32 build 2013-09-04 18:56:50 -07:00
Mark Andrews
5b9469c0db test for ECDSAP256SHA256 support 2013-09-04 22:33:31 +10:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Tinderbox User
377b774598 update copyright notice 2013-08-15 23:46:17 +00:00
Mark Andrews
d1e22676de 3635. [bug] Signatures were not being removed from a zone with 
only KSK keys for a algorithm. [RT #24439]
 2013-08-15 13:37:07 +10:00
Tinderbox User
77b1d950a6 update copyright notice 2013-07-10 23:46:10 +00:00
Evan Hunt
1d26c6b9b8 [master] count the test cases correctly 2013-07-09 22:52:43 -07:00