1. 07 Jan, 2010 1 commit
    • Evan Hunt's avatar
      2834. [bug] HMAC-SHA* keys that were longer than the algorithm · 0f66aced
      Evan Hunt authored
      			digest length were used incorrectly, leading to
      			interoperability problems with other DNS
      			implementations.  This has been corrected.
      			(Note: If an oversize key is in use, and
      			compatibility is needed with an older release of
      			BIND, the new tool "isc-hmac-fixup" can convert
      			the key secret to a form that will work with all
      			versions.) [RT #20751]
      0f66aced
  2. 18 Dec, 2009 1 commit
  3. 04 Dec, 2009 2 commits
  4. 03 Dec, 2009 1 commit
  5. 28 Nov, 2009 1 commit
  6. 26 Nov, 2009 1 commit
  7. 10 Nov, 2009 1 commit
  8. 06 Nov, 2009 1 commit
  9. 05 Nov, 2009 1 commit
  10. 04 Nov, 2009 1 commit
  11. 03 Nov, 2009 1 commit
  12. 26 Oct, 2009 1 commit
  13. 22 Oct, 2009 2 commits
  14. 16 Oct, 2009 1 commit
  15. 14 Oct, 2009 1 commit
  16. 12 Oct, 2009 3 commits
  17. 10 Oct, 2009 1 commit
  18. 08 Oct, 2009 1 commit
    • Mark Andrews's avatar
      2708. [func] Insecure to secure and NSEC3 parameter changes via · 28479307
      Mark Andrews authored
                              update are now fully supported and no longer require
                              defines to enable.  We now no longer overload the
                              NSEC3PARAM flag field, nor the NSEC OPT bit at the
                              apex.  Secure to insecure changes are controlled by
                              by the named.conf option 'secure-to-insecure'.
      
                              Warning: If you had previously enabled support by
                              adding defines at compile time to BIND 9.6 you should
                              ensure that all changes that are in progress have
                              completed prior to upgrading to BIND 9.7.  BIND 9.7
                              is not backwards compatible.
      28479307
  19. 05 Oct, 2009 1 commit
  20. 03 Oct, 2009 1 commit
  21. 02 Sep, 2009 2 commits
  22. 01 Sep, 2009 1 commit
  23. 25 Aug, 2009 1 commit
  24. 27 Jul, 2009 1 commit
  25. 19 Jul, 2009 1 commit
    • Evan Hunt's avatar
      2636. [func] Simplify zone signing and key maintenance with the · 553ead32
      Evan Hunt authored
      			dnssec-* tools.  Major changes:
      			- all dnssec-* tools now take a -K option to
      			  specify a directory in which key files will be
      			  stored
      			- DNSSEC can now store metadata indicating when
      			  they are scheduled to be published, acttivated,
      			  revoked or removed; these values can be set by
      			  dnssec-keygen or overwritten by the new
      			  dnssec-settime command
      			- dnssec-signzone -S (for "smart") option reads key
      			  metadata and uses it to determine automatically
      			  which keys to publish to the zone, use for
      			  signing, revoke, or remove from the zone
      			[RT #19816]
      553ead32
  26. 14 Jul, 2009 2 commits
  27. 10 Jul, 2009 1 commit
    • Jeremy Reed's avatar
      State the default for zone-statistics (no). · e5af5f24
      Jeremy Reed authored
      Evi asked me:
      > what is the default value of the zone-statistics
      > option? its not listed in the ARM anywhere that i can find.
      
      Not adding a CHANGES entry number for this minor one sentence
      addition.
      e5af5f24
  28. 03 Jul, 2009 2 commits
  29. 02 Jul, 2009 1 commit
  30. 29 Jun, 2009 1 commit
  31. 26 Jun, 2009 1 commit
  32. 17 Jun, 2009 1 commit
  33. 12 Jun, 2009 1 commit