1. 31 Oct, 2017 2 commits
  2. 24 Oct, 2017 1 commit
    • Evan Hunt's avatar
      [master] deprecate HMAC in dnssec-keygen, MD5 in rndc-confgen · 21761bfe
      Evan Hunt authored
      4785.	[func]		The hmac-md5 algorithm is no longer recommended for
      			use with RNDC keys. For compatibility reasons, it
      			it is still the default algorithm in rndc-confgen,
      			but this will be changed to hmac-sha256 in a future
      			release. [RT #42272]
      
      4784.	[func]		The use of dnssec-keygen to generate HMAC keys is
      			deprecated in favor of tsig-keygen.  dnssec-keygen
      			will print a warning when used for this purpose.
      			All HMAC algorithms will be removed from
      			dnssec-keygen in a future release. [RT #42272]
      21761bfe
  3. 28 Sep, 2017 1 commit
    • Evan Hunt's avatar
      [master] completed and corrected the crypto-random change · 24172bd2
      Evan Hunt authored
      4724.	[func]		By default, BIND now uses the random number
      			functions provided by the crypto library (i.e.,
      			OpenSSL or a PKCS#11 provider) as a source of
      			randomness rather than /dev/random.  This is
      			suitable for virtual machine environments
      			which have limited entropy pools and lack
      			hardware random number generators.
      
      			This can be overridden by specifying another
      			entropy source via the "random-device" option
      			in named.conf, or via the -r command line option;
      			however, for functions requiring full cryptographic
      			strength, such as DNSSEC key generation, this
      			cannot be overridden. In particular, the -r
      			command line option no longer has any effect on
      			dnssec-keygen.
      
      			This can be disabled by building with
      			"configure --disable-crypto-rand".
      			[RT #31459] [RT #46047]
      24172bd2
  4. 31 Aug, 2017 1 commit
    • Evan Hunt's avatar
      [master] remove default algorithm in dnssec-keygen · 45afdb26
      Evan Hunt authored
      4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
      			the signing algorithm must be specified on
      			the command line with the "-a" option.  Signing
      			scripts that rely on the existing default behavior
      			will break; use "dnssec-keygen -a RSASHA1" to
      			repair them. (The goal of this change is to make
      			it easier to find scripts using RSASHA1 so they
      			can be changed in the event of that algorithm
      			being deprecated in the future.) [RT #44755]
      45afdb26
  5. 31 Jul, 2017 1 commit
  6. 24 Apr, 2017 1 commit
  7. 21 Apr, 2017 1 commit
  8. 06 Dec, 2016 1 commit
  9. 21 Jul, 2016 3 commits
  10. 27 Jun, 2016 1 commit
  11. 01 Jun, 2016 2 commits
  12. 05 Nov, 2015 1 commit
  13. 22 Oct, 2015 1 commit
  14. 06 Oct, 2015 2 commits
  15. 13 Jan, 2015 2 commits
  16. 16 Oct, 2014 1 commit
  17. 16 Jun, 2014 1 commit
    • Mukund Sivaraman's avatar
      [10686] Add version printing option to various BIND utilites · 42782931
      Mukund Sivaraman authored
      Squashed commit of the following:
      
      commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
      Author: Evan Hunt <each@isc.org>
      Date:   Tue Jun 10 16:52:45 2014 -0700
      
          [rt10686] move version() to dnssectool.c
      
      commit df205b541d1572ea5306a5f671af8b54b9c5c770
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:38:31 2014 +0530
      
          Rearrange order of cases
      
      commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:38:08 2014 +0530
      
          Add version printer to dnssec-verify
      
      commit a625ea338c74ab5e21634033ef87f170ba37fdbe
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:32:19 2014 +0530
      
          Add version printer to dnssec-signzone
      
      commit d91e1c0f0697b3304ffa46fccc66af65591040d9
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:26:01 2014 +0530
      
          Add version printer to dnssec-settime
      
      commit 46fc8775da3e13725c31d13e090b406d69b8694f
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:25:48 2014 +0530
      
          Fix docbook
      
      commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:20:17 2014 +0530
      
          Add version printer to dnssec-revoke
      
      commit d0916420317d3e8c69cf1b37d2209ea2d072b913
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:17:54 2014 +0530
      
          Add version printer to dnssec-keygen
      
      commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:14:11 2014 +0530
      
          Add version printer to dnssec-keyfromlabel
      
      commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:13:39 2014 +0530
      
          Update usage help output, docbook
      
      commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:07:18 2014 +0530
      
          Add version printer to dnssec-importkey
      
      commit 9274fc61e38205aad561edf445940b4e73d788dc
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:01:53 2014 +0530
      
          Add version printer to dnssec-dsfromkey
      
      commit bf4605ea2d7282e751fd73489627cc8a99f45a90
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 20:49:22 2014 +0530
      
          Add -V to nsupdate usage output
      42782931
  18. 27 Feb, 2014 1 commit
  19. 06 Feb, 2014 1 commit
    • Evan Hunt's avatar
      [master] dnssec-keygen fixes · a165a17a
      Evan Hunt authored
      3730.	[cleanup]	Added "never" as a synonym for "none" when
      			configuring key event dates in the dnssec tools.
      			[RT #35277]
      
      3729.	[bug]		dnssec-kegeyn could set the publication date
      			incorrectly when only the activation date was
      			specified on the command line. [RT #35278]
      a165a17a
  20. 16 Jan, 2014 1 commit
  21. 14 Jan, 2014 1 commit
    • Evan Hunt's avatar
      [master] native PKCS#11 support · ba751492
      Evan Hunt authored
      3705.	[func]		"configure --enable-native-pkcs11" enables BIND
      			to use the PKCS#11 API for all cryptographic
      			functions, so that it can drive a hardware service
      			module directly without the need to use a modified
      			OpenSSL as intermediary (so long as the HSM's vendor
      			provides a complete-enough implementation of the
      			PKCS#11 interface). This has been tested successfully
      			with the Thales nShield HSM and with SoftHSMv2 from
      			the OpenDNSSEC project. [RT #29031]
      ba751492
  22. 14 Jun, 2012 1 commit
  23. 02 May, 2012 2 commits
  24. 17 Mar, 2011 2 commits
  25. 23 Dec, 2010 1 commit
  26. 16 Aug, 2010 2 commits
  27. 03 Nov, 2009 1 commit
  28. 28 Oct, 2009 1 commit
  29. 22 Oct, 2009 1 commit
  30. 16 Oct, 2009 1 commit
  31. 05 Oct, 2009 1 commit