1. 12 Feb, 2020 1 commit
  2. 07 Feb, 2020 2 commits
  3. 06 Feb, 2020 2 commits
    • Matthijs Mekking's avatar
      Fix kasp bug new KSK on restart [#1593] · b378d037
      Matthijs Mekking authored
      When you do a restart or reconfig of named, or rndc loadkeys, this
      triggers the key manager to run.  The key manager will check if new
      keys need to be created. If there is an active key, and key rollover
      is scheduled far enough away, no new key needs to be created.
      
      However, there was a bug that when you just start to sign your zone,
      it takes a while before the KSK becomes an active key. An active KSK
      has its DS submitted or published, but before the key manager allows
      that, the DNSKEY needs to be omnipresent. If you restart named
      or rndc loadkeys in quick succession when you just started to sign
      your zone, new keys will be created because the KSK is not yet
      considered active.
      
      Fix is to check for introducing as well as active keys. These keys
      all have in common that their goal is to become omnipresent.
      b378d037
    • Matthijs Mekking's avatar
      be3a1102
  4. 04 Feb, 2020 1 commit
  5. 30 Jan, 2020 1 commit
  6. 22 Jan, 2020 1 commit
  7. 21 Jan, 2020 2 commits
  8. 16 Jan, 2020 2 commits
  9. 15 Jan, 2020 2 commits
  10. 14 Jan, 2020 2 commits
  11. 13 Jan, 2020 4 commits
    • Evan Hunt's avatar
      CHANGES · c3ed086c
      Evan Hunt authored
      c3ed086c
    • Witold Krecicki's avatar
      CHANGES note · 7a7b09fe
      Witold Krecicki authored
      7a7b09fe
    • Michał Kępień's avatar
      Add CHANGES entry · aa96ec25
      Michał Kępień authored
      5339.	[bug]		With some libmaxminddb versions, named could erroneously
      			match an IP address not belonging to any subnet defined
      			in a given GeoIP2 database to one of the existing
      			entries in that database. [GL #1552]
      aa96ec25
    • Tony Finch's avatar
      Fix line spacing in `rndc secroots` · 5b600c2c
      Tony Finch authored
      Before this change, there was a missing blank line between the
      negative trust anchors for one view, and the heading line for the next
      view. This is because dns_ntatable_totext() omits the last newline.
      There is an example of the incorrect output below; the fixed output
      has a blank line before "Start view auth".
      
      secure roots as of 21-Oct-2019 12:03:23.500:
      
       Start view rec
         Secure roots:
      
      ./RSASHA256/20326 ; managed
      
         Negative trust anchors:
      
      example.com: expiry 21-Oct-2019 13:03:15.000
       Start view auth
         Secure roots:
      
      ./RSASHA256/20326 ; managed
      
         Negative trust anchors:
      
      example.com: expiry 21-Oct-2019 13:03:07.000
      5b600c2c
  12. 03 Jan, 2020 1 commit
  13. 17 Dec, 2019 1 commit
  14. 12 Dec, 2019 2 commits
  15. 09 Dec, 2019 2 commits
  16. 06 Dec, 2019 1 commit
  17. 05 Dec, 2019 1 commit
  18. 04 Dec, 2019 1 commit
  19. 03 Dec, 2019 1 commit
  20. 02 Dec, 2019 1 commit
  21. 28 Nov, 2019 1 commit
  22. 26 Nov, 2019 1 commit
  23. 25 Nov, 2019 1 commit
  24. 23 Nov, 2019 1 commit
  25. 22 Nov, 2019 1 commit
  26. 21 Nov, 2019 1 commit
  27. 20 Nov, 2019 1 commit
  28. 19 Nov, 2019 2 commits