1. 21 Jun, 2018 1 commit
  2. 19 Jun, 2018 1 commit
  3. 15 Jun, 2018 5 commits
    • Michał Kępień's avatar
      Propagate dns_zoneverify_dnssec() errors to callers · 24bca1c4
      Michał Kępień authored
      Since exit() is no longer called upon any dns_zoneverify_dnssec() error,
      verification failures should be signalled to callers.  Make
      dns_zoneverify_dnssec() return an isc_result_t and handle both success
      and error appropriately in bin/dnssec/dnssec-signzone.c and
      bin/dnssec/dnssec-verify.c.  This enables memory leak detection during
      shutdown of these tools and causes dnssec-signzone to print signing
      statistics even when zone verification fails.
      24bca1c4
    • Michał Kępień's avatar
      Implement zoneverify_log_error() and zoneverify_print() · d949a5d8
      Michał Kępień authored
      These functions will be used in the process of replacing fatal(),
      check_result(), and fprintf() calls throughout lib/dns/zoneverify.c with
      code that does not call exit().  They are intended for:
      
        - zoneverify_log_error(): logging problems encountered while
          performing zone verification,
      
        - zoneverify_print(): printing status messages and reports which are
          only useful in standalone tools.
      
      To make using dns_zone_logv() possible, add a new "zone" argument to
      dns_zoneverify_dnssec() that standalone tools are expected to set to
      NULL.
      d949a5d8
    • Michał Kępień's avatar
      Rename verifyzone() to dns_zoneverify_dnssec() · 7554e8d2
      Michał Kępień authored
      This makes the function's name match the naming convention used for
      libdns functions.
      7554e8d2
    • Michał Kępień's avatar
      Move verifyzone() and its dependencies into lib/dns/zoneverify.c · 3a14450d
      Michał Kępień authored
      This commit only moves code around, with the following exceptions:
      
        - the check_dns_dbiterator_current() macro and functions
          is_delegation() and has_dname() were removed from
          bin/dnssec/dnssectool.{c,h} and duplicated in two locations:
          bin/dnssec/dnssec-signzone.c and lib/dns/zoneverify.c; these
          functions are used both by the code in bin/dnssec/dnssec-signzone.c
          and verifyzone(), but are not a good fit for being exported by a
          code module responsible for zone verification,
      
        - fatal() and check_result() were duplicated in lib/dns/zoneverify.c
          as static functions which do not use the "program" variable any more
          (as it is only set by the tools in bin/dnssec/); this is a temporary
          step which only aims to prevent compilation from breaking - these
          duplicate functions will be removed once lib/dns/zoneverify.c is
          refactored not to use them,
      
        - the list of header files included by lib/dns/zoneverify.c was
          expanded to encompass all header files that are actually used by the
          code in that file,
      
        - a description of the purpose of the commented out "fields" inside
          struct nsec3_chain_fixed was added.
      3a14450d
    • Michał Kępień's avatar
      Replace type_format() and TYPE_FORMATSIZE with their libdns counterparts · ffe8ddd9
      Michał Kępień authored
      Rather than use custom functions and macros local to bin/dnssec/, use
      their counterparts provided by libdns.
      ffe8ddd9
  4. 14 Jun, 2018 3 commits
  5. 13 Jun, 2018 7 commits
  6. 12 Jun, 2018 8 commits
  7. 08 Jun, 2018 3 commits
  8. 06 Jun, 2018 6 commits
  9. 05 Jun, 2018 1 commit
  10. 04 Jun, 2018 1 commit
  11. 31 May, 2018 3 commits
    • Evan Hunt's avatar
      update system tests so validation won't fail when using IANA key · a7a2fa29
      Evan Hunt authored
      - all tests with "recursion yes" now also specify "dnssec-validation yes",
        and all tests with "recursion no" also specify "dnssec-validation no".
        this must be maintained in all new tests, or else validation will fail
        when we use local root zones for testing.
      - clean.sh has been modified where necessary to remove managed-keys.bind
        and viewname.mkeys files.
      a7a2fa29
    • Evan Hunt's avatar
      Set "dnssec-validation auto" by default · bef18eca
      Evan Hunt authored
      - the default setting for dnssec-validation is now "auto", which
        activates DNSSEC validation using the IANA root key.  The old behavior
        can be restored by explicitly setting "dnssec-validation yes", which
        "yes", which activates DNSSEC validation only if keys are explicitly
        configured in named.conf.
      - the ARM has been updated to describe the new behavior
      bef18eca
    • Ondřej Surý's avatar
  12. 30 May, 2018 1 commit