1. 05 May, 2018 1 commit
  2. 03 May, 2018 27 commits
  3. 02 May, 2018 1 commit
  4. 01 May, 2018 1 commit
  5. 27 Apr, 2018 4 commits
  6. 25 Apr, 2018 3 commits
    • Evan Hunt's avatar
      Merge branch '159-improve-handling-of-inline-signed-zones-with-missing-signing-keys' into 'master' · 6070c734
      Evan Hunt authored
      Improve handling of inline signed zones with missing signing keys
      
      Closes #159
      
      See merge request !133
      6070c734
    • Michał Kępień's avatar
      Add CHANGES entries · 7d2c09c9
      Michał Kępień authored
      4916.	[bug]		Not creating signing keys for an inline signed zone
      			prevented changes applied to the raw zone from being
      			reflected in the secure zone until signing keys were
      			made available. [GL #159]
      
      4915.	[bug]		Bumped signed serial of an inline signed zone was
      			logged even when an error occurred while updating
      			signatures. [GL #159]
      7d2c09c9
    • Michał Kępień's avatar
      Apply raw zone deltas to yet unsigned secure zones · 6acf3269
      Michał Kępień authored
      When inline signing is enabled for a zone without creating signing keys
      for it, changes subsequently applied to the raw zone will not be
      reflected in the secure zone due to the dns_update_signaturesinc() call
      inside receive_secure_serial() failing.  Given that an inline zone will
      be served (without any signatures) even with no associated signing keys
      being present, keep applying raw zone deltas to the secure zone until
      keys become available in an attempt to follow the principle of least
      astonishment.
      6acf3269
  7. 24 Apr, 2018 1 commit
    • Michał Kępień's avatar
      Only log bumped signed serial after a successful secure zone update · cfbc8e26
      Michał Kępień authored
      If a raw zone is modified, but the dns_update_signaturesinc() call in
      receive_secure_serial() fails, the corresponding secure zone's database
      will not be modified, even though by that time a message containing the
      bumped signed serial will already have been logged.  This creates
      confusion, because a different secure zone version will be served than
      the one announced in the logs.  Move the relevant dns_zone_log() call so
      that it is only performed if the secure zone's database is modified.
      cfbc8e26
  8. 21 Apr, 2018 1 commit
  9. 20 Apr, 2018 1 commit