1. 04 Mar, 2014 1 commit
  2. 19 Feb, 2014 1 commit
    • Evan Hunt's avatar
      [master] max-zone-ttl · 35f6a21f
      Evan Hunt authored
      3746.	[func]		New "max-zone-ttl" option enforces maximum
      			TTLs for zones. If loading a zone containing a
      			higher TTL, the load fails. DDNS updates with
      			higher TTLs are accepted but the TTL is truncated.
      			(Note: Currently supported for master zones only;
      			inline-signing slaves will be added.) [RT #38405]
      35f6a21f
  3. 06 Feb, 2014 1 commit
    • Evan Hunt's avatar
      [master] dnssec-keygen fixes · a165a17a
      Evan Hunt authored
      3730.	[cleanup]	Added "never" as a synonym for "none" when
      			configuring key event dates in the dnssec tools.
      			[RT #35277]
      
      3729.	[bug]		dnssec-kegeyn could set the publication date
      			incorrectly when only the activation date was
      			specified on the command line. [RT #35278]
      a165a17a
  4. 14 Jan, 2014 1 commit
    • Evan Hunt's avatar
      [master] native PKCS#11 support · ba751492
      Evan Hunt authored
      3705.	[func]		"configure --enable-native-pkcs11" enables BIND
      			to use the PKCS#11 API for all cryptographic
      			functions, so that it can drive a hardware service
      			module directly without the need to use a modified
      			OpenSSL as intermediary (so long as the HSM's vendor
      			provides a complete-enough implementation of the
      			PKCS#11 interface). This has been tested successfully
      			with the Thales nShield HSM and with SoftHSMv2 from
      			the OpenDNSSEC project. [RT #29031]
      ba751492
  5. 09 Jan, 2014 2 commits
  6. 11 Dec, 2013 2 commits
  7. 06 Dec, 2013 1 commit
  8. 04 Dec, 2013 1 commit
  9. 04 Sep, 2013 1 commit
  10. 14 Jun, 2013 1 commit
  11. 24 Jan, 2013 1 commit
  12. 23 Jan, 2013 2 commits
    • Tinderbox User's avatar
      update copyright notice · 3aaa526a
      Tinderbox User authored
      3aaa526a
    • Evan Hunt's avatar
      [master] fix incorrect nsec3 check · 9a0dd99a
      Evan Hunt authored
          - check for NSEC3 in empty nodes when not due to optout delegations
          - fixed typo in output ("Bad record NSEC record")
          - incidentally fixed an error in signzone that caused an
            incorrect warning about missing DNSKEYs when using -S
            and -3 together
      
      3473.	[bug]		dnssec-signzone/verify could incorrectly report
      			an error condition due to an empty node above an
      			opt-out delegation lacking an NSEC3. [RT #32072]
      9a0dd99a
  13. 09 Dec, 2012 1 commit
  14. 24 Oct, 2012 1 commit
  15. 03 Oct, 2012 1 commit
  16. 12 Sep, 2012 1 commit
  17. 25 Jun, 2012 1 commit
  18. 21 Jun, 2012 1 commit
  19. 20 Jun, 2012 1 commit
    • Curtis Blackburn's avatar
      merging fast format zone files · 7829fad4
      Curtis Blackburn authored
      Conflicts:
      	.gitignore
      	bin/named/zoneconf.c
      	bin/tests/.gitignore
      	bin/tests/system/autosign/tests.sh
      	bin/tests/system/masterformat/clean.sh
      	bin/tests/system/masterformat/ns1/compile.sh
      	bin/tests/system/masterformat/tests.sh
      	configure
      	lib/dns/db.c
      	lib/dns/include/dns/db.h
      	lib/dns/include/dns/types.h
      	lib/dns/master.c
      	lib/dns/masterdump.c
      	lib/dns/rbt.c
      	lib/dns/rbtdb.c
      	lib/dns/sdb.c
      	lib/dns/sdlz.c
      	lib/dns/tests/.cvsignore
      	lib/dns/tests/Makefile.in
      	lib/dns/win32/libdns.def
      	lib/dns/xfrin.c
      	lib/dns/zone.c
      	lib/export/dns/Makefile.in
      	lib/isc/include/isc/file.h
      	lib/isc/unix/file.c
      	lib/isc/win32/file.c
      	lib/isccfg/namedconf.c
      7829fad4
  20. 22 Dec, 2011 1 commit
  21. 08 Dec, 2011 2 commits
    • Mark Andrews's avatar
      move declaration to start of block · b11fd361
      Mark Andrews authored
      b11fd361
    • Evan Hunt's avatar
      3241. [func] Extended the header of raw-format master files to · b4d8192d
      Evan Hunt authored
      			include the serial number of the zone from which
      			they were generated, if different (as in the case
      			of inline-signing zones).  This is to be used in
      			inline-signing zones, to track changes between the
      			unsigned and signed versions of the zone, which may
      			have different serial numbers.
      
      			(Note: raw zonefiles generated by this version of
      			BIND are no longer compatble with prior versions.
      			To generate a backward-compatible raw zonefile
      			using dnssec-signzone or named-compilezone, specify
      			output format "raw=0" instead of simply "raw".)
      			[RT #26587]
      b4d8192d
  22. 07 Nov, 2011 2 commits
  23. 11 Oct, 2011 1 commit
  24. 19 Jul, 2011 2 commits
  25. 10 Jun, 2011 1 commit
    • Evan Hunt's avatar
      3128. [func] Inserting an NSEC3PARAM via dynamic update in an · 79ce3a9e
      Evan Hunt authored
      			auto-dnssec zone that has not been signed yet
      			will cause it to be signed with the specified NSEC3
      			parameters when keys are activated.  The
      			NSEC3PARAM record will not appear in the zone until
      			it is signed, but the parameters will be stored.
      			[RT #23684]
      79ce3a9e
  26. 07 May, 2011 1 commit
  27. 06 May, 2011 1 commit
  28. 22 Mar, 2011 1 commit
  29. 21 Mar, 2011 2 commits
  30. 11 Mar, 2011 2 commits
  31. 10 Mar, 2011 1 commit
  32. 05 Mar, 2011 1 commit