Commits · 1d45ad8f39dcd66f7e664e5d05d4ac553fdcbc0b · ISC Open Source Projects / BIND

19 Mar, 2019 1 commit

Ignore trust anchors using disabled algorithm · 1d45ad8f

Matthijs Mekking authored Jan 15, 2019

More specifically: ignore configured trusted and managed keys that
match a disabled algorithm. The behavioral change is that
associated responses no longer SERVFAIL, but return insecure.

1d45ad8f

15 Mar, 2019 1 commit
- remove "dnssec-enable" from all system tests · 885a3d20
  Evan Hunt authored Mar 11, 2019
  
  885a3d20
25 Jan, 2019 1 commit

fix dnssec test · 8778f484

Evan Hunt authored Jan 23, 2019

- work around CR issues
- use UTC for time comparisons
- use $DIFF instead of cmp

8778f484

19 Dec, 2018 1 commit
- Add dnssec-signzone tests with unsupported alg · 6d976b37
  Matthijs Mekking authored Dec 18, 2018
```
dnssec-signzone should sign a zonefile that contains a DNSKEY record
with an unsupported algorithm.
```
  6d976b37
14 Dec, 2018 1 commit
- check that DNSKEY and other occluded data are excluded from the delegating bitmap · 7e4b8210
  Mark Andrews authored Dec 12, 2018
  
  7e4b8210
10 Dec, 2018 4 commits
- Run the dnssec system tests with `set -e` enabled · aeebcb4a
  Ondřej Surý authored Dec 06, 2018
  
  aeebcb4a
- dnssec system test: Remove RSAMD5 usage and make script shellcheck compliant · ca7cadfa
  Ondřej Surý authored Nov 21, 2018
  
  ca7cadfa
- Replace RSAMD5 keys with keys using DEFAULT_ALGORITHM variable from conf.sh · a160feca
  Ondřej Surý authored Oct 25, 2018
  
  a160feca
- verify that dnssec-signzone generates NSEC3 records with DNAME at the apex · 06e218c4
  Mark Andrews authored Nov 26, 2018
  
  06e218c4
05 Oct, 2018 1 commit
- Convert the system tests that were using DSA to use a default algorithm defined in conf.sh · 09fd5c44
  Ondřej Surý authored Jun 06, 2018
  
  09fd5c44
14 Aug, 2018 1 commit
- add a system test · 7ecd699e
  Evan Hunt authored Apr 30, 2018
  
  7ecd699e
16 May, 2018 1 commit
- Remove genrandom command and all usage of specific random files throughout the system test suite · 2b8fab68
  Ondřej Surý authored Apr 24, 2018
  
  2b8fab68
11 May, 2018 1 commit
- Remove $Id markers, Principal Author and Reviewed tags from the full source tree · 55a10b7a
  Ondřej Surý authored Apr 17, 2018
  
  55a10b7a
23 Feb, 2018 2 commits
- Update license headers to not include years in copyright in all applicable files · 843d3896
  Ondřej Surý authored Feb 23, 2018
  
  843d3896
- final cleanup · 0c559199
  Evan Hunt authored Feb 22, 2018
```
- add CHANGES note
- update copyrights and license headers
- add -j to the make commands in .gitlab-ci.yml to take
  advantage of parallelization in the gitlab CI process
```
  0c559199
22 Feb, 2018 1 commit
- parallelize most system tests · c032c54d
  Evan Hunt authored Feb 20, 2018
  
  c032c54d
13 Dec, 2017 2 commits
- update copyright notice / whitespace · a6e307c5
  Tinderbox User authored Dec 13, 2017
  
  a6e307c5
- 4847. [bug] dnssec-dnskey-kskonly was not being honoured for · 4d1bbe30
  Mark Andrews authored Dec 13, 2017
```
                        CDS and CDNSKEY. [RT #46755]
```
  4d1bbe30
13 Sep, 2017 1 commit

[master] allow CDS/CDNSKEY records to be signed with only KSK · 20502f35

Evan Hunt authored Sep 12, 2017

4721.	[func]		'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
			options now apply to CDNSKEY and DS records as well
			as DNSKEY. Thanks to Tony Finch. [RT #45689]

20502f35

24 Apr, 2017 1 commit
- [master] update copyrights that had been missed recently · 6ce8a05f
  Evan Hunt authored Apr 23, 2017
  
  6ce8a05f
22 Apr, 2017 2 commits
- update copyright notice / whitespace · 1f6505a4
  Tinderbox User authored Apr 22, 2017
  
  1f6505a4
- Improve performance for delegation heavy answers and also general query performance (#44029) · 03be5a6b
  Mukund Sivaraman authored Apr 22, 2017
  
  03be5a6b
21 Apr, 2017 1 commit
- Increase minimum RSA keygen size to 1024 bits (#36895) · dd7d1df8
  Mukund Sivaraman authored Apr 21, 2017
  
  dd7d1df8
19 Oct, 2016 1 commit
- 4487. [test] Make system tests work on Windows. [RT #42931] · 358dfaee
  Witold Krecicki authored Oct 19, 2016
  
  358dfaee
27 Jun, 2016 1 commit
- 4401. [misc] Change LICENSE to MPL 2.0. · 0c27b3fe
  Mark Andrews authored Jun 27, 2016
  
  0c27b3fe
15 Apr, 2016 1 commit

[master] fixed revoked key regression · 3cd204c4

Evan Hunt authored Apr 14, 2016

4436.	[bug]		Fixed a regression introduced in change #4337 which
			caused signed domains with revoked KSKs to fail
			validation. [RT #42147]

3cd204c4

10 Mar, 2016 2 commits
- update copyright notice / whitespace · 4a7004f3
  Tinderbox User authored Mar 10, 2016
  
  4a7004f3
- 4331. [func] When loading managed signed zones detect if the · 7c525954
  Mark Andrews authored Mar 10, 2016
```
                        RRSIG's inception time is in the future and regenerate
                        the RRSIG immediately. [RT #41808]
```
  7c525954
28 May, 2015 1 commit
- update copyright notice / whitespace · 431e5c81
  Tinderbox User authored May 28, 2015
  
  431e5c81
27 May, 2015 1 commit
- 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing · 598b5026
  Mark Andrews authored May 27, 2015
```
                        key as per RFC 7344, Section 4.1. [RT #37215]
```
  598b5026
30 Oct, 2014 1 commit
- 3990. [testing] Add tests for unknown DNSSEC algorithm handling. · a5c7cfba
  Mark Andrews authored Oct 30, 2014
```
                        [RT #37541]
```
  a5c7cfba
30 Sep, 2014 1 commit
- 3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] · c83b91fb
  Mark Andrews authored Oct 01, 2014
  
  c83b91fb
22 Aug, 2014 2 commits
- update copyright notice · fea81a5e
  Tinderbox User authored Aug 22, 2014
  
  fea81a5e
- 3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917 · 840d6a46
  Mark Andrews authored Aug 22, 2014
  
  840d6a46
19 Jun, 2014 1 commit
- update copyright notice · 5a31767b
  Tinderbox User authored Jun 19, 2014
  
  5a31767b
18 Jun, 2014 1 commit

[master] complete NTA work · b8a96323

Evan Hunt authored Jun 18, 2014

3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]

b8a96323

07 May, 2014 1 commit
- [master] use posix-compatible shell in system tests · 60988462
  Evan Hunt authored May 06, 2014
```
3839.	[test]		Use only posix-compatible shell in system tests.
			[RT #35625]
```
  60988462
21 Jan, 2014 2 commits
- update copyright notice · aa7b16ec
  Tinderbox User authored Jan 21, 2014
  
  aa7b16ec
- [master] testcrypto.sh in system tests · d58e33bf
  Evan Hunt authored Jan 20, 2014
```
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
```
  d58e33bf
13 Dec, 2013 1 commit
- update copyright notice · eade480b
  Tinderbox User authored Dec 13, 2013
  
  eade480b