- 03 Oct, 2017 11 commits
-
-
Tinderbox User authored
-
Evan Hunt authored
-
Mark Andrews authored
-
Evan Hunt authored
-
Evan Hunt authored
-
Evan Hunt authored
4751. [func] "dnssec-signzone -S" can now automatically add parent synchronization records (CDS and CDNSKEY) according to key metadata set using the -Psync and -Dsync options to dnssec-keygen and dnssec-settime. [RT #46149]
-
Evan Hunt authored
4750. [func] "rndc managed-keys destroy" shuts down RFC 5011 key maintenance and deletes the managed-keys database. If followed by "rndc reconfig" or a server restart, key maintenance is reinitialized from scratch. This is primarily intended for testing. [RT #32456]
-
Evan Hunt authored
4749. [func] The ISC DLV service has been shut down, and all DLV records have been removed from dlv.isc.org. - Removed references to ISC DLV in documentation - Removed DLV key from bind.keys - No longer use ISC DLV by default in delv [RT #46155]
-
Mark Andrews authored
-
Tinderbox User authored
-
Mark Andrews authored
Stage 3 - synthesize NODATA responses. [RT #40138]
-
- 01 Oct, 2017 1 commit
-
-
Tinderbox User authored
-
- 30 Sep, 2017 1 commit
-
-
Evan Hunt authored
4746. [cleanup] Add configured prefixes to configure summary output. [RT #46153]
-
- 29 Sep, 2017 4 commits
-
-
Tinderbox User authored
-
Tinderbox User authored
-
Evan Hunt authored
4745. [test] Add color-coded pass/fail messages to system tests when running on terminals that support them. [RT #45977]
-
Tinderbox User authored
-
- 28 Sep, 2017 8 commits
-
-
Tinderbox User authored
-
Mark Andrews authored
validation is disabled. [RT #46131]
-
Tinderbox User authored
-
Evan Hunt authored
4724. [func] By default, BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. This is suitable for virtual machine environments which have limited entropy pools and lack hardware random number generators. This can be overridden by specifying another entropy source via the "random-device" option in named.conf, or via the -r command line option; however, for functions requiring full cryptographic strength, such as DNSSEC key generation, this cannot be overridden. In particular, the -r command line option no longer has any effect on dnssec-keygen. This can be disabled by building with "configure --disable-crypto-rand". [RT #31459] [RT #46047]
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
synth-from-dnssec processing. [RT #46123]
-
Mark Andrews authored
Stage 2 - synthesis of records from wildcard data. If the dns64 or filter-aaaa* is configured then the involved lookups are currently excluded. [RT #40138]
-
- 27 Sep, 2017 9 commits
-
-
Tinderbox User authored
-
Tinderbox User authored
-
Mark Andrews authored
-
Mukund Sivaraman authored
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
-
- 26 Sep, 2017 4 commits
-
-
Mark Andrews authored
-
Mark Andrews authored
-
Michał Kępień authored
4736. [cleanup] (a) Added comments to NSEC3-related functions in lib/dns/zone.c. (b) Refactored NSEC3 salt formatting code. (c) Minor tweaks to lock and result handling. [RT #46053]
-
Mukund Sivaraman authored
Reviewed on Jabber by Evan.
-
- 23 Sep, 2017 1 commit
-
-
Mark Andrews authored
-
- 22 Sep, 2017 1 commit
-
-
Evan Hunt authored
4734. [contrib] Added sample configuration for DNS-over-TLS in contrib/dnspriv.
-