1. 16 May, 2018 1 commit
    • Ondřej Surý's avatar
      Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. · 3a4f820d
      Ondřej Surý authored
      The three functions has been modeled after the arc4random family of
      functions, and they will always return random bytes.
      
      The isc_random family of functions internally use these CSPRNG (if available):
      
      1. getrandom() libc call (might be available on Linux and Solaris)
      2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
      3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
      4. crypto library function:
      4a. RAND_bytes in case OpenSSL
      4b. pkcs_C_GenerateRandom() in case PKCS#11 library
      3a4f820d
  2. 03 May, 2018 1 commit
  3. 09 Apr, 2018 1 commit
    • Michał Kępień's avatar
      Use dns_fixedname_initname() where possible · 4df4a8e7
      Michał Kępień authored
      Replace dns_fixedname_init() calls followed by dns_fixedname_name()
      calls with calls to dns_fixedname_initname() where it is possible
      without affecting current behavior and/or performance.
      
      This patch was mostly prepared using Coccinelle and the following
      semantic patch:
      
          @@
          expression fixedname, name;
          @@
          -	dns_fixedname_init(&fixedname);
          	...
          -	name = dns_fixedname_name(&fixedname);
          +	name = dns_fixedname_initname(&fixedname);
      
      The resulting set of changes was then manually reviewed to exclude false
      positives and apply minor tweaks.
      
      It is likely that more occurrences of this pattern can be refactored in
      an identical way.  This commit only takes care of the low-hanging fruit.
      4df4a8e7
  4. 06 Apr, 2018 1 commit
  5. 23 Feb, 2018 1 commit
  6. 15 Feb, 2018 1 commit
  7. 19 Jan, 2018 2 commits
  8. 05 Oct, 2017 1 commit
    • Evan Hunt's avatar
      [master] dnssec-cds · ba37674d
      Evan Hunt authored
      4757.   [func]          New "dnssec-cds" command creates a new parent DS
                              RRset based on CDS or CDNSKEY RRsets found in
                              a child zone, and generates either a dsset file
                              or stream of nsupdate commands to update the
                              parent. Thanks to Tony Finch. [RT #46090]
      ba37674d
  9. 28 Sep, 2017 1 commit
    • Evan Hunt's avatar
      [master] completed and corrected the crypto-random change · 24172bd2
      Evan Hunt authored
      4724.	[func]		By default, BIND now uses the random number
      			functions provided by the crypto library (i.e.,
      			OpenSSL or a PKCS#11 provider) as a source of
      			randomness rather than /dev/random.  This is
      			suitable for virtual machine environments
      			which have limited entropy pools and lack
      			hardware random number generators.
      
      			This can be overridden by specifying another
      			entropy source via the "random-device" option
      			in named.conf, or via the -r command line option;
      			however, for functions requiring full cryptographic
      			strength, such as DNSSEC key generation, this
      			cannot be overridden. In particular, the -r
      			command line option no longer has any effect on
      			dnssec-keygen.
      
      			This can be disabled by building with
      			"configure --disable-crypto-rand".
      			[RT #31459] [RT #46047]
      24172bd2
  10. 13 Sep, 2017 2 commits
  11. 12 Sep, 2017 1 commit
  12. 19 Oct, 2016 1 commit
  13. 27 Jun, 2016 1 commit
  14. 05 May, 2016 2 commits
  15. 05 Nov, 2015 1 commit
  16. 20 Jan, 2015 2 commits
  17. 16 Jun, 2014 1 commit
    • Mukund Sivaraman's avatar
      [10686] Add version printing option to various BIND utilites · 42782931
      Mukund Sivaraman authored
      Squashed commit of the following:
      
      commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
      Author: Evan Hunt <each@isc.org>
      Date:   Tue Jun 10 16:52:45 2014 -0700
      
          [rt10686] move version() to dnssectool.c
      
      commit df205b541d1572ea5306a5f671af8b54b9c5c770
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:38:31 2014 +0530
      
          Rearrange order of cases
      
      commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:38:08 2014 +0530
      
          Add version printer to dnssec-verify
      
      commit a625ea338c74ab5e21634033ef87f170ba37fdbe
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:32:19 2014 +0530
      
          Add version printer to dnssec-signzone
      
      commit d91e1c0f0697b3304ffa46fccc66af65591040d9
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:26:01 2014 +0530
      
          Add version printer to dnssec-settime
      
      commit 46fc8775da3e13725c31d13e090b406d69b8694f
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:25:48 2014 +0530
      
          Fix docbook
      
      commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:20:17 2014 +0530
      
          Add version printer to dnssec-revoke
      
      commit d0916420317d3e8c69cf1b37d2209ea2d072b913
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:17:54 2014 +0530
      
          Add version printer to dnssec-keygen
      
      commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:14:11 2014 +0530
      
          Add version printer to dnssec-keyfromlabel
      
      commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:13:39 2014 +0530
      
          Update usage help output, docbook
      
      commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:07:18 2014 +0530
      
          Add version printer to dnssec-importkey
      
      commit 9274fc61e38205aad561edf445940b4e73d788dc
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:01:53 2014 +0530
      
          Add version printer to dnssec-dsfromkey
      
      commit bf4605ea2d7282e751fd73489627cc8a99f45a90
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 20:49:22 2014 +0530
      
          Add -V to nsupdate usage output
      42782931
  18. 12 Feb, 2014 2 commits
  19. 06 Feb, 2014 1 commit
    • Evan Hunt's avatar
      [master] dnssec-keygen fixes · a165a17a
      Evan Hunt authored
      3730.	[cleanup]	Added "never" as a synonym for "none" when
      			configuring key event dates in the dnssec tools.
      			[RT #35277]
      
      3729.	[bug]		dnssec-kegeyn could set the publication date
      			incorrectly when only the activation date was
      			specified on the command line. [RT #35278]
      a165a17a
  20. 09 Jan, 2014 2 commits
  21. 15 Aug, 2013 2 commits
  22. 23 Jan, 2013 2 commits
    • Tinderbox User's avatar
      update copyright notice · 3aaa526a
      Tinderbox User authored
      3aaa526a
    • Evan Hunt's avatar
      [master] fix incorrect nsec3 check · 9a0dd99a
      Evan Hunt authored
          - check for NSEC3 in empty nodes when not due to optout delegations
          - fixed typo in output ("Bad record NSEC record")
          - incidentally fixed an error in signzone that caused an
            incorrect warning about missing DNSKEYs when using -S
            and -3 together
      
      3473.	[bug]		dnssec-signzone/verify could incorrectly report
      			an error condition due to an empty node above an
      			opt-out delegation lacking an NSEC3. [RT #32072]
      9a0dd99a
  23. 06 Oct, 2012 1 commit
  24. 26 Jun, 2012 1 commit
  25. 25 Jun, 2012 1 commit
  26. 21 Oct, 2011 1 commit
  27. 20 Oct, 2011 2 commits
  28. 19 Jan, 2010 2 commits
  29. 26 Oct, 2009 2 commits