1. 30 Jul, 2019 1 commit
    • Michał Kępień's avatar
      Fix awk invocation in the "verify" system test · 5159597d
      Michał Kępień authored
      Appending output of a command to the same file as the one that command
      is reading from is a dangerous practice.  It seems to have accidentally
      worked with all the awk implementations we have tested against so far,
      but for BusyBox awk, doing this may result in the input/output file
      being written to in an infinite loop.  Prevent this from happening by
      redirect awk output to a temporary file and appending its contents to
      the original file in a separate shell pipeline.
      (cherry picked from commit bb9c1654)
  2. 16 Nov, 2018 1 commit
  3. 02 Aug, 2018 1 commit
  4. 13 Jun, 2018 1 commit
    • Michał Kępień's avatar
      Treat records below a DNAME as out-of-zone data · 75c0d85f
      Michał Kępień authored
      DNAME records indicate bottom of zone and thus no records below a DNAME
      should be DNSSEC-signed or included in NSEC(3) chains.  Add a helper
      function, has_dname(), for detecting DNAME records at a given node.
      Prevent signing DNAME-obscured records.  Check that DNAME-obscured
      records are not signed.
  5. 16 May, 2018 1 commit
  6. 27 Feb, 2018 1 commit
    • Evan Hunt's avatar
      clean up test output · 0e52fbd0
      Evan Hunt authored
      - removed a few remaing places where output wasn't being passed
        through echo_i or cat_i
      - added a "digcomp" function to conf.sh.in to send digcomp.pl output
        through cat_i and return the correct exit value
      - set SYSTESTDIR when calling echo_i from nsX directories, so that
        the test name will always be printed correctly
      - fixed a test name typo in conf.sh.in
  7. 23 Feb, 2018 2 commits
  8. 22 Feb, 2018 1 commit
  9. 01 Sep, 2017 1 commit
  10. 31 Aug, 2017 1 commit
    • Evan Hunt's avatar
      [master] remove default algorithm in dnssec-keygen · 45afdb26
      Evan Hunt authored
      4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
      			the signing algorithm must be specified on
      			the command line with the "-a" option.  Signing
      			scripts that rely on the existing default behavior
      			will break; use "dnssec-keygen -a RSASHA1" to
      			repair them. (The goal of this change is to make
      			it easier to find scripts using RSASHA1 so they
      			can be changed in the event of that algorithm
      			being deprecated in the future.) [RT #44755]
  11. 27 Jun, 2016 1 commit
  12. 21 Jan, 2014 2 commits
  13. 23 Jan, 2013 2 commits
    • Tinderbox User's avatar
      update copyright notice · 3aaa526a
      Tinderbox User authored
    • Evan Hunt's avatar
      [master] fix incorrect nsec3 check · 9a0dd99a
      Evan Hunt authored
          - check for NSEC3 in empty nodes when not due to optout delegations
          - fixed typo in output ("Bad record NSEC record")
          - incidentally fixed an error in signzone that caused an
            incorrect warning about missing DNSKEYs when using -S
            and -3 together
      3473.	[bug]		dnssec-signzone/verify could incorrectly report
      			an error condition due to an empty node above an
      			opt-out delegation lacking an NSEC3. [RT #32072]
  14. 25 Jul, 2012 1 commit
  15. 29 Jun, 2012 2 commits
  16. 26 Jun, 2012 1 commit
  17. 25 Jun, 2012 1 commit