- 04 Mar, 2014 1 commit
-
-
Evan Hunt authored
-
- 19 Feb, 2014 1 commit
-
-
Evan Hunt authored
3746. [func] New "max-zone-ttl" option enforces maximum TTLs for zones. If loading a zone containing a higher TTL, the load fails. DDNS updates with higher TTLs are accepted but the TTL is truncated. (Note: Currently supported for master zones only; inline-signing slaves will be added.) [RT #38405]
-
- 06 Feb, 2014 1 commit
-
-
Evan Hunt authored
3730. [cleanup] Added "never" as a synonym for "none" when configuring key event dates in the dnssec tools. [RT #35277] 3729. [bug] dnssec-kegeyn could set the publication date incorrectly when only the activation date was specified on the command line. [RT #35278]
-
- 14 Jan, 2014 1 commit
-
-
Evan Hunt authored
3705. [func] "configure --enable-native-pkcs11" enables BIND to use the PKCS#11 API for all cryptographic functions, so that it can drive a hardware service module directly without the need to use a modified OpenSSL as intermediary (so long as the HSM's vendor provides a complete-enough implementation of the PKCS#11 interface). This has been tested successfully with the Thales nShield HSM and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031]
-
- 09 Jan, 2014 2 commits
-
-
Tinderbox User authored
-
Evan Hunt authored
3698. [cleanup] Replaced all uses of memcpy() with memmove(). [RT #35120]
-
- 11 Dec, 2013 2 commits
-
-
Tinderbox User authored
-
Evan Hunt authored
3686. [func] "dnssec-signzone -Q" drops signatures from keys that are still published but no longer active. [RT #34990]
-
- 06 Dec, 2013 1 commit
-
-
Mark Andrews authored
-
- 04 Dec, 2013 1 commit
-
-
Mark Andrews authored
selection and WIN64 builds. This is a work in progress. [RT #34160]
-
- 04 Sep, 2013 1 commit
-
-
Mark Andrews authored
better. [RT #34625]
-
- 14 Jun, 2013 1 commit
-
-
Evan Hunt authored
3597. [bug] Ensure automatic-resigning heaps are reconstructed when loading zones in map format. [RT #33381]
-
- 24 Jan, 2013 1 commit
-
-
Evan Hunt authored
3475. [cleanup] Changed name of 'map' zone file format (previously 'fast'). [RT #32458]
-
- 23 Jan, 2013 2 commits
-
-
Tinderbox User authored
-
Evan Hunt authored
- check for NSEC3 in empty nodes when not due to optout delegations - fixed typo in output ("Bad record NSEC record") - incidentally fixed an error in signzone that caused an incorrect warning about missing DNSKEYs when using -S and -3 together 3473. [bug] dnssec-signzone/verify could incorrectly report an error condition due to an empty node above an opt-out delegation lacking an NSEC3. [RT #32072]
-
- 09 Dec, 2012 1 commit
-
-
Mark Andrews authored
-
- 24 Oct, 2012 1 commit
-
-
Evan Hunt authored
3404. [bug] dnssec-signzone: When re-signing a zone, remove RRSIG and NSEC records from nodes that used to be in-zone but are now below a zone cut. [RT #31556]
-
- 03 Oct, 2012 1 commit
-
-
Evan Hunt authored
3388. [bug] Fixed several Coverity warnings. [RT #30996]
-
- 12 Sep, 2012 1 commit
-
-
Mark Andrews authored
-
- 25 Jun, 2012 1 commit
-
-
Mark Andrews authored
to ensure correctness of signatures and of NSEC/NSEC3 chains. [RT #23673]
-
- 21 Jun, 2012 1 commit
-
-
Tinderbox User authored
-
- 20 Jun, 2012 1 commit
-
-
Curtis Blackburn authored
Conflicts: .gitignore bin/named/zoneconf.c bin/tests/.gitignore bin/tests/system/autosign/tests.sh bin/tests/system/masterformat/clean.sh bin/tests/system/masterformat/ns1/compile.sh bin/tests/system/masterformat/tests.sh configure lib/dns/db.c lib/dns/include/dns/db.h lib/dns/include/dns/types.h lib/dns/master.c lib/dns/masterdump.c lib/dns/rbt.c lib/dns/rbtdb.c lib/dns/sdb.c lib/dns/sdlz.c lib/dns/tests/.cvsignore lib/dns/tests/Makefile.in lib/dns/win32/libdns.def lib/dns/xfrin.c lib/dns/zone.c lib/export/dns/Makefile.in lib/isc/include/isc/file.h lib/isc/unix/file.c lib/isc/win32/file.c lib/isccfg/namedconf.c
-
- 22 Dec, 2011 1 commit
-
-
Evan Hunt authored
updated while the server was offline, the source zone could fall out of sync with the signed copy. They can now resynchronize. [RT #26676]
-
- 08 Dec, 2011 2 commits
-
-
Mark Andrews authored
-
Evan Hunt authored
include the serial number of the zone from which they were generated, if different (as in the case of inline-signing zones). This is to be used in inline-signing zones, to track changes between the unsigned and signed versions of the zone, which may have different serial numbers. (Note: raw zonefiles generated by this version of BIND are no longer compatble with prior versions. To generate a backward-compatible raw zonefile using dnssec-signzone or named-compilezone, specify output format "raw=0" instead of simply "raw".) [RT #26587]
-
- 07 Nov, 2011 2 commits
-
-
Automatic Updater authored
-
Evan Hunt authored
option prints in single-line-per-record format. [RT #20287]
-
- 11 Oct, 2011 1 commit
-
-
Evan Hunt authored
resigning, even when valid signatures were already present. [RT #26025]
-
- 19 Jul, 2011 2 commits
-
-
Automatic Updater authored
-
Mark Andrews authored
statistics. [RT #16030]
-
- 10 Jun, 2011 1 commit
-
-
Evan Hunt authored
auto-dnssec zone that has not been signed yet will cause it to be signed with the specified NSEC3 parameters when keys are activated. The NSEC3PARAM record will not appear in the zone until it is signed, but the parameters will be stored. [RT #23684]
-
- 07 May, 2011 1 commit
-
-
Evan Hunt authored
when attempting to sign with no KSK. [RT #24369]
-
- 06 May, 2011 1 commit
-
-
Evan Hunt authored
warning messages; removed #ifdef ALLOW_KSKLESS_ZONES code (use -P instead). [RT #20852] 3107. [bug] dnssec-signzone: Report the correct number of ZSKs when using -x. [RT #20852]
-
- 22 Mar, 2011 1 commit
-
-
Evan Hunt authored
-
- 21 Mar, 2011 2 commits
- 11 Mar, 2011 2 commits
-
-
Mark Andrews authored
[RT #20256]
-
Mark Andrews authored
[RT #20256]
-
- 10 Mar, 2011 1 commit
-
-
Francis Dupont authored
-
- 05 Mar, 2011 1 commit
-
-
Automatic Updater authored
-