1. 14 Nov, 2018 1 commit
  2. 06 Nov, 2018 1 commit
    • Tony Finch's avatar
      Fixes for `rndc nta` user interface · 1b1d63ac
      Tony Finch authored and Evan Hunt's avatar Evan Hunt committed
      Tell the user explicitly about their mistakes:
      
      * Unknown options, e.g. -list instead of -dump
        or -delete instead of -remove.
      
      * Unknown view names.
      
      * Excess arguments.
      
      Include the view name in `rndc nta -dump` output, for consistency with
      the NTA add and remove actions.
      
      When removing an NTA from all views, do not abort with an error if the
      NTA was not found in one of the views.
      1b1d63ac
  3. 28 Aug, 2018 3 commits
  4. 14 Aug, 2018 1 commit
    • Evan Hunt's avatar
      option to disable validation under specified names · eaac2057
      Evan Hunt authored
      - added new 'validate-except' option, which configures an NTA with
        expiry of 0xffffffff.  NTAs with that value in the expiry field do not
        expire, are are not written out when saving the NTA table and are not
        dumped by rndc secroots
      eaac2057
  5. 08 Aug, 2018 2 commits
  6. 09 Apr, 2018 1 commit
    • Michał Kępień's avatar
      Use dns_fixedname_initname() where possible · 4df4a8e7
      Michał Kępień authored and Ondřej Surý's avatar Ondřej Surý committed
      Replace dns_fixedname_init() calls followed by dns_fixedname_name()
      calls with calls to dns_fixedname_initname() where it is possible
      without affecting current behavior and/or performance.
      
      This patch was mostly prepared using Coccinelle and the following
      semantic patch:
      
          @@
          expression fixedname, name;
          @@
          -	dns_fixedname_init(&fixedname);
          	...
          -	name = dns_fixedname_name(&fixedname);
          +	name = dns_fixedname_initname(&fixedname);
      
      The resulting set of changes was then manually reviewed to exclude false
      positives and apply minor tweaks.
      
      It is likely that more occurrences of this pattern can be refactored in
      an identical way.  This commit only takes care of the low-hanging fruit.
      4df4a8e7
  7. 06 Apr, 2018 1 commit
  8. 23 Feb, 2018 1 commit
  9. 12 Jan, 2018 2 commits
  10. 23 Oct, 2017 1 commit
  11. 21 Jul, 2017 2 commits
  12. 30 Dec, 2016 1 commit
  13. 27 Jun, 2016 1 commit
  14. 10 Feb, 2015 1 commit
  15. 06 Feb, 2015 2 commits
    • Tinderbox User's avatar
      update copyright notice / whitespace · 29756974
      Tinderbox User authored
      29756974
    • Evan Hunt's avatar
      [master] 5011 tests and fixes · 591389c7
      Evan Hunt authored
      4056.	[bug]		Expanded automatic testing of trust anchor
      			management and fixed several small bugs including
      			a memory leak and a possible loss of key state
      			information. [RT #38458]
      
      4055.	[func]		"rndc managed-keys" can be used to check status
      			of trust anchors or to force keys to be refreshed,
      			Also, the managed keys data file has easier-to-read
      			comments.  [RT #38458]
      591389c7
  16. 12 Jan, 2015 2 commits
  17. 14 Nov, 2014 1 commit
    • Evan Hunt's avatar
      [master] allow arbitrary-size rndc output · e32d354f
      Evan Hunt authored
      4005.	[func]		The buffer used for returning text from rndc
      			commands is now dynamically resizable, allowing
      			arbitrarily large amounts of text to be sent back
      			to the client. (Prior to this change, it was
      			possible for the output of "rndc tsig-list" to be
      			truncated.) [RT #37731]
      e32d354f
  18. 17 Oct, 2014 1 commit
  19. 10 Jul, 2014 2 commits
  20. 02 Jul, 2014 1 commit
  21. 24 Jun, 2014 1 commit
  22. 19 Jun, 2014 1 commit
  23. 18 Jun, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete NTA work · b8a96323
      Evan Hunt authored
      3882.	[func]		By default, negative trust anchors will be tested
      			periodically to see whether data below them can be
      			validated, and if so, they will be allowed to
      			expire early. The "rndc nta -force" option
      			overrides this behvaior.  The default NTA lifetime
      			and the recheck frequency can be configured by the
      			"nta-lifetime" and "nta-recheck" options. [RT #36146]
      b8a96323
  24. 04 Jun, 2014 1 commit
  25. 30 May, 2014 2 commits
    • Tinderbox User's avatar
      update copyright notice · 803d8426
      Tinderbox User authored
      803d8426
    • Evan Hunt's avatar
      [master] rndc nta · 0cfb2473
      Evan Hunt authored
      3867.	[func]		"rndc nta" can now be used to set a temporary
      			negative trust anchor, which disables DNSSEC
      			validation below a specified name for a specified
      			period of time (not exceeding 24 hours).  This
      			can be used when validation for a domain is known
      			to be failing due to a configuration error on
      			the part of the domain owner rather than a
      			spoofing attack. [RT #29358]
      0cfb2473