BIND merge requestshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests2023-02-27T14:58:40Zhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7566[9.18] Fix dns_kasp_attach / dns_kasp_detach usage2023-02-27T14:58:40ZMatthijs Mekkingmatthijs@isc.org[9.18] Fix dns_kasp_attach / dns_kasp_detach usageBackport of MR !7563
The kasp pointers in dns_zone_t should consistently be changed by
dns_kasp_attach and dns_kasp_detach so the usage is balanced.
(cherry picked from commit b41882cc75c9d820c5642c88a6cd90fec32b8397)Backport of MR !7563
The kasp pointers in dns_zone_t should consistently be changed by
dns_kasp_attach and dns_kasp_detach so the usage is balanced.
(cherry picked from commit b41882cc75c9d820c5642c88a6cd90fec32b8397)March 2023 (9.16.39, 9.16.39-S1, 9.18.13, 9.18.13-S1, 9.19.11)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7563Fix kasp attach detach usage2023-02-27T14:58:37ZMatthijs Mekkingmatthijs@isc.orgFix kasp attach detach usageThe kasp pointers in dns_zone_t should consistently be changed by dns_kasp_attach and dns_kasp_detach so the usage is balanced.The kasp pointers in dns_zone_t should consistently be changed by dns_kasp_attach and dns_kasp_detach so the usage is balanced.March 2023 (9.16.39, 9.16.39-S1, 9.18.13, 9.18.13-S1, 9.19.11)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7457Add cds-digest-type configuration option2023-06-06T13:13:59ZMatthijs Mekkingmatthijs@isc.orgAdd cds-digest-type configuration optionCloses #3837Closes #3837March 2023 (9.16.39, 9.16.39-S1, 9.18.13, 9.18.13-S1, 9.19.11)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7438[9.16] Force set DS state after 'rndc dnssec -checkds'2023-02-01T14:09:21ZMatthijs Mekkingmatthijs@isc.org[9.16] Force set DS state after 'rndc dnssec -checkds'Closes #3822Closes #3822February 2023 (9.16.38, 9.16.38-S1, 9.18.12, 9.18.12-S1, 9.19.10)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7437[9.18] Force set DS state after 'rndc dnssec -checkds'2023-02-01T14:09:20ZMatthijs Mekkingmatthijs@isc.org[9.18] Force set DS state after 'rndc dnssec -checkds'Closes #3822Closes #3822February 2023 (9.16.38, 9.16.38-S1, 9.18.12, 9.18.12-S1, 9.19.10)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7423Force set DS state after 'rndc dnssec -checkds'2023-02-01T14:09:19ZMatthijs Mekkingmatthijs@isc.orgForce set DS state after 'rndc dnssec -checkds'Set the DS state after issuing 'rndc dnssec -checkds'. If the DS
was published, it should go in RUMOURED state, regardless whether it
is already safe to do so according to the state machine.
Leaving it in HIDDEN (or if it was magically ...Set the DS state after issuing 'rndc dnssec -checkds'. If the DS
was published, it should go in RUMOURED state, regardless whether it
is already safe to do so according to the state machine.
Leaving it in HIDDEN (or if it was magically already in OMNIPRESENT or
UNRETENTIVE) would allow for easy shoot in the foot situations.
Similar, if the DS was withdrawn, the state should be set to
UNRETENTIVE. Leaving it in OMNIPRESENT (or RUMOURED/HIDDEN)
would also allow for easy shoot in the foot situations.
Closes #3822February 2023 (9.16.38, 9.16.38-S1, 9.18.12, 9.18.12-S1, 9.19.10)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7411[9.18] Set RD=1 on DS requests to parental-agents2023-01-19T15:57:37ZMatthijs Mekkingmatthijs@isc.org[9.18] Set RD=1 on DS requests to parental-agentsBackport of MR !7361
Closes #3783Backport of MR !7361
Closes #3783February 2023 (9.16.38, 9.16.38-S1, 9.18.12, 9.18.12-S1, 9.19.10)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7361Set RD=1 on DS requests to parental-agents2023-01-19T10:34:51ZMatthijs Mekkingmatthijs@isc.orgSet RD=1 on DS requests to parental-agentsCloses #3783Closes #3783February 2023 (9.16.38, 9.16.38-S1, 9.18.12, 9.18.12-S1, 9.19.10)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7306kasp: Add test case for migrating KSK/ZSK to CSK2023-05-05T11:13:47ZMatthijs Mekkingmatthijs@isc.orgkasp: Add test case for migrating KSK/ZSK to CSKAdd a test case to cover #3769 where a user migrates from a KSK/ZSK split using auto-dnssec maintain, to the default dnssec-policy (CSK).
The test actually does not use the default dnssec-policy, but it does use one that has the same ke...Add a test case to cover #3769 where a user migrates from a KSK/ZSK split using auto-dnssec maintain, to the default dnssec-policy (CSK).
The test actually does not use the default dnssec-policy, but it does use one that has the same keys clause. For testing convenience, we use the same propagation time values as other test cases that migrate to dnssec-policy with mismatching existing key set.May 2023 (9.16.41, 9.16.41-S1, 9.18.15, 9.18.15-S1, 9.19.13)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7204Add inline-signing to dnssec-policy2023-08-02T08:22:51ZMatthijs Mekkingmatthijs@isc.orgAdd inline-signing to dnssec-policyCloses #3677Closes #3677August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7095[v9_16] Tweak kasp system test script2022-11-17T12:07:15ZMatthijs Mekkingmatthijs@isc.org[v9_16] Tweak kasp system test scriptcherry picked from commit 6ef0417274e451340b27f66c31808e4f79c65bc8cherry picked from commit 6ef0417274e451340b27f66c31808e4f79c65bc8December 2022 (9.16.36, 9.16.36-S1, 9.18.10, 9.19.8)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7094[v9_18] Tweak kasp system test script2022-11-17T12:28:08ZMatthijs Mekkingmatthijs@isc.org[v9_18] Tweak kasp system test scriptcherry picked from commit 6ef0417274e451340b27f66c31808e4f79c65bc8cherry picked from commit 6ef0417274e451340b27f66c31808e4f79c65bc8December 2022 (9.16.36, 9.16.36-S1, 9.18.10, 9.19.8)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7064Tweak kasp system test script2022-11-17T11:28:27ZMatthijs Mekkingmatthijs@isc.orgTweak kasp system test scriptTweak the system test after investigating this test failure: https://gitlab.isc.org/isc-projects/bind9/-/jobs/2895019Tweak the system test after investigating this test failure: https://gitlab.isc.org/isc-projects/bind9/-/jobs/2895019December 2022 (9.16.36, 9.16.36-S1, 9.18.10, 9.19.8)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7021[v9_16] Fix crash where dnssec-policy zone with NSEC3 crashes when inline-sig...2022-11-07T10:03:48ZMatthijs Mekkingmatthijs@isc.org[v9_16] Fix crash where dnssec-policy zone with NSEC3 crashes when inline-signing is turned onBackport of !6905
Closes #3591Backport of !6905
Closes #3591November 2022 (9.16.35, 9.16.35-S1, 9.18.9, 9.19.7)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7020[v9_18] Fix crash where dnssec-policy zone with NSEC3 crashes when inline-sig...2022-11-07T10:03:42ZMatthijs Mekkingmatthijs@isc.org[v9_18] Fix crash where dnssec-policy zone with NSEC3 crashes when inline-signing is turned onBackport of !6905
Closes #3591Backport of !6905
Closes #3591November 2022 (9.16.35, 9.16.35-S1, 9.18.9, 9.19.7)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6940[v9_16] Change log level when doing rekey2022-10-26T08:01:59ZMatthijs Mekkingmatthijs@isc.org[v9_16] Change log level when doing rekeyBackport of !6913Backport of !6913November 2022 (9.16.35, 9.16.35-S1, 9.18.9, 9.19.7)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6939[v9_18] Change log level when doing rekey2022-10-26T08:01:56ZMatthijs Mekkingmatthijs@isc.org[v9_18] Change log level when doing rekeyBackport of !6913Backport of !6913November 2022 (9.16.35, 9.16.35-S1, 9.18.9, 9.19.7)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6913Change log level when doing rekey2022-10-26T08:01:37ZMatthijs Mekkingmatthijs@isc.orgChange log level when doing rekeyThis log happens when BIND want to check the `parental-agents` if the DS has been published. But if you don't have `parental-agents` set up, the list of keys to check will be empty and the result will be `ISC_R_NOTFOUND`. This is not an ...This log happens when BIND want to check the `parental-agents` if the DS has been published. But if you don't have `parental-agents` set up, the list of keys to check will be empty and the result will be `ISC_R_NOTFOUND`. This is not an error.November 2022 (9.16.35, 9.16.35-S1, 9.18.9, 9.19.7)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6905Fix crash where dnssec-policy zone with NSEC3 crashes when inline-signing is ...2022-11-07T10:03:43ZMatthijs Mekkingmatthijs@isc.orgFix crash where dnssec-policy zone with NSEC3 crashes when inline-signing is turned onCloses #3591Closes #3591November 2022 (9.16.35, 9.16.35-S1, 9.18.9, 9.19.7)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6897Change default NSEC3PARAM TTL2022-11-17T11:23:27ZMatthijs Mekkingmatthijs@isc.orgChange default NSEC3PARAM TTLThe TTL should be equal to the SOA MINIMUM by default.
Closes #3570The TTL should be equal to the SOA MINIMUM by default.
Closes #3570December 2022 (9.16.36, 9.16.36-S1, 9.18.10, 9.19.8)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.org