upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-13 22:22:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
25223 commits 18 branches 854 tags 440 MiB
Commit graph

69 commits

Author SHA1 Message Date
Tinderbox User
0df4e44735 update copyright notice / whitespace 2018-01-04 23:46:47 +00:00
Mark Andrews
c975f0cc5c 4856. [bug] 'rndc zonestatus' reported the wrong underlying type 
for a inline slave zone. [RT #46875]
 2018-01-04 10:53:11 +11:00
Mark Andrews
51f13bcd2f 4840. [test] Add tests to cover fallback to using ZSK on inactive 
KSK. [RT #46787]

(cherry picked from commit 32d09cd7e0)
(cherry picked from commit 0d6328ce5f)
 2017-12-06 20:50:38 +11:00
Evan Hunt
78fb0699c1 [v9_10] fix test descriptions 2017-12-04 15:48:03 -08:00
Tinderbox User
3c8235a46a update copyright notice / whitespace 2017-12-03 23:46:48 +00:00
Mark Andrews
5623f65cc4 4837. [bug] dns_update_signatures{inc} (add_sigs) was not 
properly determining if there were active KSK and
                        ZSK keys for a algorithm when update-check-ksk is
                        true (default) leaving records unsigned. [RT #46743]

(cherry picked from commit 196e01da5f)
(cherry picked from commit bf459d24a1)
 2017-12-04 10:09:29 +11:00
Tinderbox User
3ea46cae3e update copyright notice / whitespace 2017-09-18 23:55:11 +00:00
Michał Kępień
4ceebc8874 [v9_10] Prevent possible infinite signing loop after retransferring an inline-signed slave using NSEC3 
4727.	[bug]		Retransferring an inline-signed slave using NSEC3
			around the time its NSEC3 salt was changed could result
			in an infinite signing loop. [RT #45080]

(cherry picked from commit 62f2fefaec)
 2017-09-18 09:28:34 +02:00
Tinderbox User
9b39cb394a update copyright notice / whitespace 2017-09-13 23:54:53 +00:00
Mark Andrews
9caa3cec56 give more time for the initial signing of bits in the inline signing test to complete 
(cherry picked from commit e930487ce7)
 2017-09-13 12:19:49 +10:00
Tinderbox User
9724fd91cb update copyright notice / whitespace 2016-06-14 23:45:50 +00:00
Mark Andrews
0d3fba1448 do not overflow exit status. [RT #42643] 
(cherry picked from commit 3635d8f910)
 2016-06-14 14:22:51 +10:00
Tinderbox User
84a8cba55a update copyright notice / whitespace 2015-03-04 23:45:48 +00:00
Mark Andrews
b07543b521 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]

(cherry picked from commit 1b05d22789)
 2015-03-05 10:05:39 +11:00
Tinderbox User
c16cf64ba5 update copyright notice 2014-09-29 23:45:52 +00:00
Mark Andrews
eeafb33f52 3958. [bug] Detect when writeable files have multiple references 
in named.conf. [RT #37172]

(cherry picked from commit 386d6c08167bc048dfd20e3bba051a5f9d3cc545)
 2014-09-29 10:51:14 +10:00
Mark Andrews
28efa89818 make test for nsec3param more robust 
(cherry picked from commit 62275d5306)
 2014-06-27 15:51:29 +10:00
Evan Hunt
812cf443bb [v9_10] use posix-compatible shell in system tests 
3839.	[test]		Use only posix-compatible shell in system tests.
			[RT #35625]

(cherry picked from commit 60988462e5)
 2014-05-06 22:06:28 -07:00
Evan Hunt
92fe6db3e4 [master] use test -r in system tests 
3806.	[test]		Improved system test portability. [RT #35625]
 2014-04-09 20:29:52 -07:00
Evan Hunt
741dfd3ccd [master] tests directory cleanup 2014-03-06 11:11:27 -08:00
Tinderbox User
aa7b16ec2a update copyright notice 2014-01-21 23:46:16 +00:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests 
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
 2014-01-20 16:08:09 -08:00
Tinderbox User
dfd5f3b388 update copyright notice 2014-01-18 23:46:13 +00:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Curtis Blackburn
8009525601 3682. [bug] Correct the behavior of rndc retransfer to allow 
inline-signing slave zones to retain NSEC3 parameters instead of
			reverting to NSEC [RT #34745]
 2013-12-04 12:26:20 -06:00
Mark Andrews
6b0434299b 3671. [bug] Don't allow dnssec-importkey overwrite a existing 
non-imported private key.
 2013-11-13 12:01:09 +11:00
Tinderbox User
bcbb556868 update copyright notice 2013-09-19 23:46:20 +00:00
Mark Andrews
88a6dc33b7 only generate DSA/ECDSA signatures in named if we have a source of randomness and only on specific platforms 2013-09-19 10:40:38 +10:00
Mark Andrews
3d3aa9cde6 use -r rather then -f 2013-09-09 12:19:30 +10:00
Mark Andrews
23c73a1848 only test dsa if we have a random device 2013-09-09 11:42:58 +10:00
Evan Hunt
690bd6bf5d [master] fix inline test, add importkey to win32 build 2013-09-04 18:56:50 -07:00
Mark Andrews
5b9469c0db test for ECDSAP256SHA256 support 2013-09-04 22:33:31 +10:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Tinderbox User
377b774598 update copyright notice 2013-08-15 23:46:17 +00:00
Mark Andrews
d1e22676de 3635. [bug] Signatures were not being removed from a zone with 
only KSK keys for a algorithm. [RT #24439]
 2013-08-15 13:37:07 +10:00
Tinderbox User
77b1d950a6 update copyright notice 2013-07-10 23:46:10 +00:00
Evan Hunt
1d26c6b9b8 [master] count the test cases correctly 2013-07-09 22:52:43 -07:00
Evan Hunt
927e4c9fec [master] address race conditions with removing inline zones 
3513.	[bug]		named could crash when deleting inline-signing
			zones with "rndc delzone". [RT #34066]
 2013-07-09 17:39:21 -07:00
Tinderbox User
6d4487398e update copyright notice 2013-05-29 23:46:19 +00:00
Mark Andrews
5f238c3c64 3577. [bug] Handle zero TTL values better. [RT #33411] 2013-05-29 18:10:11 +10:00
Mark Andrews
c3c30fc43c force integer output 2012-11-17 23:58:50 +11:00
Mark Andrews
de0fd68097 3398. [bug] SOA parameters were not being updated with inline 
signed zones if the zone was modified while the
                        server was offline. [RT #29272]
 2012-10-19 10:25:06 +11:00
Mark Andrews
bf8267aa45 reverse bad copyright update 2012-06-29 11:39:47 +10:00
Tinderbox User
247bf37860 update copyright notice 2012-06-29 01:22:18 +00:00
Automatic Updater
3484552b1b update copyright notice 2012-02-23 07:09:29 +00:00
Mark Andrews
1864400107 3289. [bug] 'rndc retransfer' failed for inline zones. [RT #28036] 2012-02-23 06:53:15 +00:00
Automatic Updater
41f1164438 update copyright notice 2012-01-31 23:47:33 +00:00
Evan Hunt
c54dadd853 3270. [bug] "rndc reload" didn't reuse existing zones correctly 
when inline-signing was in use. [RT #27650]
 2012-01-31 01:13:10 +00:00