1. 07 Aug, 2020 1 commit
    • Matthijs Mekking's avatar
      Implement 'rndc dnssec -checkds' · 04d8fc01
      Matthijs Mekking authored
      Add a new 'rndc' command 'dnssec -checkds' that allows the user to
      signal named that a new DS record has been seen published in the
      parent, or that an existing DS record has been withdrawn from the
      parent.
      
      Upon the 'checkds' request, 'named' will write out the new state for
      the key, updating the 'DSPublish' or 'DSRemoved' timing metadata.
      
      This replaces the "parent-registration-delay" configuration option,
      this was unreliable because it was purely time based (if the user
      did not actually submit the new DS to the parent for example, this
      could result in an invalid DNSSEC state).
      
      Because we cannot rely on the parent registration delay for state
      transition, we need to replace it with a different guard. Instead,
      if a key wants its DS state to be moved to RUMOURED, the "DSPublish"
      time must be set and must not be in the future. If a key wants its
      DS state to be moved to UNRETENTIVE, the "DSRemoved" time must be set
      and must not be in the future.
      
      By default, with '-checkds' you set the time that the DS has been
      published or withdrawn to now, but you can set a different time with
      '-when'. If there is only one KSK for the zone, that key has its
      DS state moved to RUMOURED. If there are multiple keys for the zone,
      specify the right key with '-key'.
      04d8fc01
  2. 04 Aug, 2020 2 commits
  3. 03 Aug, 2020 1 commit
  4. 31 Jul, 2020 5 commits
  5. 30 Jul, 2020 1 commit
  6. 29 Jul, 2020 1 commit
  7. 24 Jul, 2020 2 commits
  8. 21 Jul, 2020 1 commit
  9. 16 Jul, 2020 1 commit
  10. 15 Jul, 2020 2 commits
  11. 14 Jul, 2020 1 commit
  12. 13 Jul, 2020 8 commits
  13. 10 Jul, 2020 1 commit
  14. 08 Jul, 2020 1 commit
  15. 06 Jul, 2020 2 commits
  16. 02 Jul, 2020 2 commits
  17. 01 Jul, 2020 5 commits
  18. 30 Jun, 2020 1 commit
  19. 29 Jun, 2020 1 commit
  20. 26 Jun, 2020 1 commit