1. 14 Feb, 2020 1 commit
  2. 13 Feb, 2020 1 commit
    • Ondřej Surý's avatar
      Use clang-tidy to add curly braces around one-line statements · 056e133c
      Ondřej Surý authored
      The command used to reformat the files in this commit was:
      ./util/run-clang-tidy \
      	-clang-tidy-binary clang-tidy-11
      	-clang-apply-replacements-binary clang-apply-replacements-11 \
      	-checks=-*,readability-braces-around-statements \
      	-j 9 \
      	-fix \
      	-format \
      	-style=file \
      clang-format -i --style=format $(git ls-files '*.c' '*.h')
      uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h')
      clang-format -i --style=format $(git ls-files '*.c' '*.h')
  3. 12 Feb, 2020 1 commit
  4. 10 Nov, 2019 1 commit
    • Samuel Thibault's avatar
      hurd: Fix build · d10fbdec
      Samuel Thibault authored
      Move PATH_MAX, NAME_MAX, IOV_MAX default definitions to the common
  5. 06 Nov, 2019 1 commit
    • Matthijs Mekking's avatar
      dnssec-settime: Allow manipulating state files · 72042a06
      Matthijs Mekking authored
      Introduce a new option '-s' for dnssec-settime that when manipulating
      timing metadata, it also updates the key state file.
      For testing purposes, add options to dnssec-settime to set key
      states and when they last changed.
      The dst code adds ways to write and read the new key states and
      timing metadata. It updates the parsing code for private key files
      to not parse the newly introduced metadata (these are for state
      files only).
      Introduce key goal (the state the key wants to be in).
  6. 31 Jul, 2019 1 commit
    • Ondřej Surý's avatar
      Add -q (quiet) option to dnssec-signzone and dnssec-verify tool · fd00bac7
      Ondřej Surý authored
      With the move of the normal output to stdout, we need a way how to silence the
      extra output, so the signed file name can be captured in a simple way.  This
      commit adds `-q` command line option that will silence all the normal output
      that get's printed from both tools.
  7. 09 May, 2019 2 commits
  8. 08 Aug, 2018 2 commits
  9. 15 Jun, 2018 2 commits
    • Michał Kępień's avatar
      Move verifyzone() and its dependencies into lib/dns/zoneverify.c · 3a14450d
      Michał Kępień authored
      This commit only moves code around, with the following exceptions:
        - the check_dns_dbiterator_current() macro and functions
          is_delegation() and has_dname() were removed from
          bin/dnssec/dnssectool.{c,h} and duplicated in two locations:
          bin/dnssec/dnssec-signzone.c and lib/dns/zoneverify.c; these
          functions are used both by the code in bin/dnssec/dnssec-signzone.c
          and verifyzone(), but are not a good fit for being exported by a
          code module responsible for zone verification,
        - fatal() and check_result() were duplicated in lib/dns/zoneverify.c
          as static functions which do not use the "program" variable any more
          (as it is only set by the tools in bin/dnssec/); this is a temporary
          step which only aims to prevent compilation from breaking - these
          duplicate functions will be removed once lib/dns/zoneverify.c is
          refactored not to use them,
        - the list of header files included by lib/dns/zoneverify.c was
          expanded to encompass all header files that are actually used by the
          code in that file,
        - a description of the purpose of the commented out "fields" inside
          struct nsec3_chain_fixed was added.
    • Michał Kępień's avatar
      Replace type_format() and TYPE_FORMATSIZE with their libdns counterparts · ffe8ddd9
      Michał Kępień authored
      Rather than use custom functions and macros local to bin/dnssec/, use
      their counterparts provided by libdns.
  10. 13 Jun, 2018 1 commit
    • Michał Kępień's avatar
      Treat records below a DNAME as out-of-zone data · 75c0d85f
      Michał Kępień authored
      DNAME records indicate bottom of zone and thus no records below a DNAME
      should be DNSSEC-signed or included in NSEC(3) chains.  Add a helper
      function, has_dname(), for detecting DNAME records at a given node.
      Prevent signing DNAME-obscured records.  Check that DNAME-obscured
      records are not signed.
  11. 16 May, 2018 1 commit
    • Ondřej Surý's avatar
      Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. · 3a4f820d
      Ondřej Surý authored
      The three functions has been modeled after the arc4random family of
      functions, and they will always return random bytes.
      The isc_random family of functions internally use these CSPRNG (if available):
      1. getrandom() libc call (might be available on Linux and Solaris)
      2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
      3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
      4. crypto library function:
      4a. RAND_bytes in case OpenSSL
      4b. pkcs_C_GenerateRandom() in case PKCS#11 library
  12. 11 May, 2018 1 commit
  13. 23 Feb, 2018 1 commit
  14. 05 Oct, 2017 1 commit
    • Evan Hunt's avatar
      [master] dnssec-cds · ba37674d
      Evan Hunt authored
      4757.   [func]          New "dnssec-cds" command creates a new parent DS
                              RRset based on CDS or CDNSKEY RRsets found in
                              a child zone, and generates either a dsset file
                              or stream of nsupdate commands to update the
                              parent. Thanks to Tony Finch. [RT #46090]
  15. 09 Aug, 2017 2 commits
  16. 19 Oct, 2016 1 commit
  17. 27 Jun, 2016 1 commit
  18. 05 Nov, 2015 1 commit
  19. 20 Jan, 2015 2 commits
  20. 16 Jun, 2014 1 commit
    • Mukund Sivaraman's avatar
      [10686] Add version printing option to various BIND utilites · 42782931
      Mukund Sivaraman authored
      Squashed commit of the following:
      commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
      Author: Evan Hunt <each@isc.org>
      Date:   Tue Jun 10 16:52:45 2014 -0700
          [rt10686] move version() to dnssectool.c
      commit df205b541d1572ea5306a5f671af8b54b9c5c770
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:38:31 2014 +0530
          Rearrange order of cases
      commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:38:08 2014 +0530
          Add version printer to dnssec-verify
      commit a625ea338c74ab5e21634033ef87f170ba37fdbe
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:32:19 2014 +0530
          Add version printer to dnssec-signzone
      commit d91e1c0f0697b3304ffa46fccc66af65591040d9
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:26:01 2014 +0530
          Add version printer to dnssec-settime
      commit 46fc8775da3e13725c31d13e090b406d69b8694f
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:25:48 2014 +0530
          Fix docbook
      commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:20:17 2014 +0530
          Add version printer to dnssec-revoke
      commit d0916420317d3e8c69cf1b37d2209ea2d072b913
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:17:54 2014 +0530
          Add version printer to dnssec-keygen
      commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:14:11 2014 +0530
          Add version printer to dnssec-keyfromlabel
      commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:13:39 2014 +0530
          Update usage help output, docbook
      commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:07:18 2014 +0530
          Add version printer to dnssec-importkey
      commit 9274fc61e38205aad561edf445940b4e73d788dc
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:01:53 2014 +0530
          Add version printer to dnssec-dsfromkey
      commit bf4605ea2d7282e751fd73489627cc8a99f45a90
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 20:49:22 2014 +0530
          Add -V to nsupdate usage output
  21. 07 Feb, 2014 1 commit
  22. 06 Feb, 2014 1 commit
    • Evan Hunt's avatar
      [master] dnssec-keygen fixes · a165a17a
      Evan Hunt authored
      3730.	[cleanup]	Added "never" as a synonym for "none" when
      			configuring key event dates in the dnssec tools.
      			[RT #35277]
      3729.	[bug]		dnssec-kegeyn could set the publication date
      			incorrectly when only the activation date was
      			specified on the command line. [RT #35278]
  23. 26 Jun, 2012 1 commit
  24. 25 Jun, 2012 1 commit
  25. 20 Oct, 2011 2 commits
  26. 19 Jan, 2010 2 commits
  27. 26 Oct, 2009 1 commit
  28. 24 Oct, 2009 1 commit
  29. 12 Oct, 2009 1 commit
    • Evan Hunt's avatar
      2712. [func] New 'auto-dnssec' zone option allows zone signing · 77b8f88f
      Evan Hunt authored
      			to be fully automated in zones configured for
      			dynamic DNS.  'auto-dnssec allow;' permits a zone
      			to be signed by creating keys for it in the
      			key-directory and using 'rndc sign <zone>'.
      			'auto-dnssec maintain;' allows that too, plus it
      			also keeps the zone's DNSSEC keys up to date
      			according to their timing metadata. [RT #19943]
  30. 29 Sep, 2009 1 commit
  31. 04 Sep, 2009 1 commit
  32. 02 Sep, 2009 2 commits