GitLab

                        CDNSKEY rrsets to named and dnssec-signzone.
                        [RT #40424]

4237.	[doc]		Upgraded documentation toolchain to use DocBook 5
			and dblatex. [RT #40766]

- see RT #38268

This is to be consistent with our common usage of just using a
plural "s" without apostrophe.

This was brought up via discussion in ticket 37505.

I didn't have this reviewed.

Squashed commit of the following:

commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
Author: Evan Hunt <each@isc.org>
Date:   Tue Jun 10 16:52:45 2014 -0700

    [rt10686] move version() to dnssectool.c

commit df205b541d1572ea5306a5f671af8b54b9c5c770
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:31 2014 +0530

    Rearrange order of cases

commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:38:08 2014 +0530

    Add version printer to dnssec-verify

commit a625ea338c74ab5e21634033ef87f170ba37fdbe
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:32:19 2014 +0530

    Add version printer to dnssec-signzone

commit d91e1c0f0697b3304ffa46fccc66af65591040d9
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:26:01 2014 +0530

    Add version printer to dnssec-settime

commit 46fc8775da3e13725c31d13e090b406d69b8694f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:25:48 2014 +0530

    Fix docbook

commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:20:17 2014 +0530

    Add version printer to dnssec-revoke

commit d0916420317d3e8c69cf1b37d2209ea2d072b913
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:17:54 2014 +0530

    Add version printer to dnssec-keygen

commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:14:11 2014 +0530

    Add version printer to dnssec-keyfromlabel

commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:13:39 2014 +0530

    Update usage help output, docbook

commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:07:18 2014 +0530

    Add version printer to dnssec-importkey

commit 9274fc61e38205aad561edf445940b4e73d788dc
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 21:01:53 2014 +0530

    Add version printer to dnssec-dsfromkey

commit bf4605ea2d7282e751fd73489627cc8a99f45a90
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 20:49:22 2014 +0530

    Add -V to nsupdate usage output

3730.	[cleanup]	Added "never" as a synonym for "none" when
			configuring key event dates in the dnssec tools.
			[RT #35277]

3729.	[bug]		dnssec-kegeyn could set the publication date
			incorrectly when only the activation date was
			specified on the command line. [RT #35278]

3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]

3339.   [func]          Allow the maximum supported rsa exponent size to be                        specified: "max-rsa-exponent-size <value>;" [RT #29228]

			dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]

                        without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]

                        suppressed (dnssec-keygen -q).  Automatically
                        suppress the progress messages when stdin is not
                        a tty. [RT #20474]

			RSASHA256 and RSASHA512. [RT #20023]

This was seen in 9.7.0a3.
No CHANGES entry as is too minor.

			- Keys without "publish" or "active" dates set will
			  no longer be used for smart signing.  However,
			  those dates will be set to "now" by default when
			  a key is created; to generate a key but not use
			  it yet, use dnssec-keygen -G.
			- New "inactive" date (dnssec-keygen/settime -I)
			  sets the time when a key is no longer used for
			  signing but is still published.
			- The "unpublished" date (-U) is deprecated in
			  favor of "deleted" (-D).
			[rt20247]

			- dnssec-keygen and dnssec-settime can now set key
			  metadata fields 0 (to unset a value, use "none")
			- dnssec-revoke sets the revocation date in
			  addition to the revoke bit
			- dnssec-settime can now print individual metadata
			  fields instead of always printing all of them,
			  and can print them in unix epoch time format for
			  use by scripts
			[RT #19942]

			name for DNSSEC keys. [RT #19938]

			dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]

			dnssec-keygen.  Without arguments, it will now
			generate a 1024-bit RSASHA1 zone-signing key,
			or with the -f KSK option, a 2048-bit RSASHA1
			key-signing key. [RT #19300]

2611.	[func]		Add -l option to dnssec-dsfromkey to generate
			DLV records instead of DS records. [RT #19300]

(Also order these numerically.)