upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/dnssec
History
Tony Finch eabf898b36 Suppress SHA-1 DS records in dnssec-cds 
Previously, when dnssec-cds copied CDS records to make DS records,
its -a algorithm option did not have any effect. This means that if
the child zone is signed with older software that generates SHA-1 CDS
records, dnssec-cds would (by default) create SHA-1 DS records in
violation of RFC 8624.

This change makes the dnssec-cds -a option apply to CDS records as
well as CDNSKEY records. In the CDS case, the -a algorithms are the
acceptable subset of possible CDS algorithms. If none of the CDS
records are acceptable, dnssec-cds tries to generate DS records from
CDNSKEY records.
2021-08-18 22:42:00 -07:00
..
.gitignore [master] dnssec-cds 2017-10-05 01:04:18 -07:00
dnssec-cds.c Suppress SHA-1 DS records in dnssec-cds 2021-08-18 22:42:00 -07:00
dnssec-cds.rst Suppress SHA-1 DS records in dnssec-cds 2021-08-18 22:42:00 -07:00
dnssec-dsfromkey.c Move NAME_MAX and PATH_MAX from isc/platform.h to isc/dir.h 2021-07-06 05:33:48 +00:00
dnssec-dsfromkey.rst update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
dnssec-importkey.c rename dns_name_copynf() to dns_name_copy() 2021-05-22 00:37:27 -07:00
dnssec-importkey.rst Remove the .key from the beginning of the line in rst file 2020-09-30 21:12:15 +02:00
dnssec-keyfromlabel.c Teach cppcheck that fatal() does not return 2020-11-25 12:45:47 +01:00
dnssec-keyfromlabel.rst Update documentation on -E option 2021-01-19 09:05:28 +01:00
dnssec-keygen.c Remove ISC_MEM_DEBUGSIZE and ISC_MEM_DEBUGRECORD 2021-07-09 15:58:02 +02:00
dnssec-keygen.rst Update documentation on -E option 2021-01-19 09:05:28 +01:00
dnssec-revoke.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
dnssec-revoke.rst Update documentation on -E option 2021-01-19 09:05:28 +01:00
dnssec-settime.c update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
dnssec-settime.rst Update documentation on -E option 2021-01-19 09:05:28 +01:00
dnssec-signzone.c dnssec-signzone ZSK smooth rollover 2021-08-11 15:15:25 +02:00
dnssec-signzone.rst Update documentation on -E option 2021-01-19 09:05:28 +01:00
dnssec-verify.c Remove ISC_MEM_DEBUGSIZE and ISC_MEM_DEBUGRECORD 2021-07-09 15:58:02 +02:00
dnssec-verify.rst Update documentation on -E option 2021-01-19 09:05:28 +01:00
dnssectool.c Suppress SHA-1 DS records in dnssec-cds 2021-08-18 22:42:00 -07:00
dnssectool.h The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
Makefile.am Move the include Makefile.tests to the bottom of Makefile.am(s) 2021-06-24 15:33:52 +02:00