1. 14 May, 2018 1 commit
  2. 10 May, 2018 14 commits
  3. 03 May, 2018 2 commits
  4. 27 Apr, 2018 2 commits
  5. 25 Apr, 2018 4 commits
    • Evan Hunt's avatar
      Merge branch '159-improve-handling-of-inline-signed-zones-with-missing-signing-keys' into 'v9_10' · a0ed0e20
      Evan Hunt authored
      Improve handling of inline signed zones with missing signing keys
      
      Closes #159
      
      See merge request !133
      a0ed0e20
    • Michał Kępień's avatar
      Add CHANGES entries · 821c27bb
      Michał Kępień authored and Evan Hunt's avatar Evan Hunt committed
      4916.	[bug]		Not creating signing keys for an inline signed zone
      			prevented changes applied to the raw zone from being
      			reflected in the secure zone until signing keys were
      			made available. [GL #159]
      
      4915.	[bug]		Bumped signed serial of an inline signed zone was
      			logged even when an error occurred while updating
      			signatures. [GL #159]
      
      (cherry picked from commit 7d2c09c9)
      (cherry picked from commit e4995efe)
      821c27bb
    • Michał Kępień's avatar
      Apply raw zone deltas to yet unsigned secure zones · fcbdeed8
      Michał Kępień authored and Evan Hunt's avatar Evan Hunt committed
      When inline signing is enabled for a zone without creating signing keys
      for it, changes subsequently applied to the raw zone will not be
      reflected in the secure zone due to the dns_update_signaturesinc() call
      inside receive_secure_serial() failing.  Given that an inline zone will
      be served (without any signatures) even with no associated signing keys
      being present, keep applying raw zone deltas to the secure zone until
      keys become available in an attempt to follow the principle of least
      astonishment.
      
      (cherry picked from commit 6acf3269)
      (cherry picked from commit 8a58a607)
      fcbdeed8
    • Michał Kępień's avatar
      Only log bumped signed serial after a successful secure zone update · c042ec70
      Michał Kępień authored and Evan Hunt's avatar Evan Hunt committed
      If a raw zone is modified, but the dns_update_signaturesinc() call in
      receive_secure_serial() fails, the corresponding secure zone's database
      will not be modified, even though by that time a message containing the
      bumped signed serial will already have been logged.  This creates
      confusion, because a different secure zone version will be served than
      the one announced in the logs.  Move the relevant dns_zone_log() call so
      that it is only performed if the secure zone's database is modified.
      
      (cherry picked from commit cfbc8e26)
      (cherry picked from commit cdc7ab42)
      c042ec70
  6. 22 Apr, 2018 8 commits
  7. 11 Apr, 2018 3 commits
  8. 06 Apr, 2018 6 commits