cc51cd2d2076e33117c60c9effcb8caccde4983b |
|
19-Oct-2016 |
Witold Krecicki <wpk@isc.org> |
4487. [test] Make system tests work on Windows. [RT #42931] |
0c27b3fe77ac1d5094ba3521e8142d9e7973133f |
|
27-Jun-2016 |
Mark Andrews <marka@isc.org> |
4401. [misc] Change LICENSE to MPL 2.0. |
3cd204c4a46f21bf2a38f35e79af45ac595be943 |
|
15-Apr-2016 |
Evan Hunt <each@isc.org> |
[master] fixed revoked key regression
4436. [bug] Fixed a regression introduced in change #4337 which
caused signed domains with revoked KSKs to fail
validation. [RT #42147] |
4a7004f3cec6958b8b20bccf07b9f6a44f0fd590 |
|
11-Mar-2016 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
7c525954642f8fb3698b555115edb09fe3bd3354 |
|
10-Mar-2016 |
Mark Andrews <marka@isc.org> |
4331. [func] When loading managed signed zones detect if the
RRSIG's inception time is in the future and regenerate
the RRSIG immediately. [RT #41808] |
29756974c585f616bb6e8233218cc385df9aeddb |
|
07-Feb-2015 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
591389c7d44e5ca20c357627dd179772cfefaacc |
|
06-Feb-2015 |
Evan Hunt <each@isc.org> |
[master] 5011 tests and fixes
4056. [bug] Expanded automatic testing of trust anchor
management and fixed several small bugs including
a memory leak and a possible loss of key state
information. [RT #38458]
4055. [func] "rndc managed-keys" can be used to check status
of trust anchors or to force keys to be refreshed,
Also, the managed keys data file has easier-to-read
comments. [RT #38458] |
a5c7cfbac4e401c41741c123347739ab87c80a52 |
|
30-Oct-2014 |
Mark Andrews <marka@isc.org> |
3990. [testing] Add tests for unknown DNSSEC algorithm handling.
[RT #37541] |
c83b91fb6345464807161cc36c5d9046a15d5866 |
|
30-Sep-2014 |
Mark Andrews <marka@isc.org> |
3960. [bug] 'dig +sigchase' could loop forever. [RT #37220] |
1c95f672323b7ac176af4225a36d33daa442542c |
|
24-Jun-2014 |
Mark Andrews <marka@isc.org> |
use $PERL |
b8a9632333a92d73a503afe1aaa7990016c8bee9 |
|
19-Jun-2014 |
Evan Hunt <each@isc.org> |
[master] complete NTA work
3882. [func] By default, negative trust anchors will be tested
periodically to see whether data below them can be
validated, and if so, they will be allowed to
expire early. The "rndc nta -force" option
overrides this behvaior. The default NTA lifetime
and the recheck frequency can be configured by the
"nta-lifetime" and "nta-recheck" options. [RT #36146] |
aa7b16ec2a5dacda1d65b64e0f7af434d02cbba4 |
|
22-Jan-2014 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
d58e33bfabfee19a035031dac633d36659738d56 |
|
21-Jan-2014 |
Evan Hunt <each@isc.org> |
[master] testcrypto.sh in system tests
3714. [test] System tests that need to test for cryptography
support before running can now use a common
"testcrypto.sh" script to do so. [RT #35213] |
b5f4cc132e91afb1217f4aa79424793c0e11c09a |
|
04-Sep-2013 |
Mark Andrews <marka@isc.org> |
3641. [bug] Handle changes to sig-validity-interval settings
better. [RT #34625] |
377b774598f3973c2b231fb88d39acca1ff5ebc4 |
|
16-Aug-2013 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
7ace3277956c49f7554b7130ef761bde3b35db30 |
|
15-Aug-2013 |
Mark Andrews <marka@isc.org> |
3632. [bug] Signature from newly inactive keys were not being
removed. [RT #32178] |
dbf693fdfd2bb495cf6d176ecebd173331c3d94a |
|
06-Oct-2012 |
Mark Andrews <marka@isc.org> |
3391. [bug] DNSKEY that encountered a CNAME failed. [RT #31262] |
8f6d6d72e80314bd36c50f1805e424b6f6332cae |
|
14-Aug-2012 |
Evan Hunt <each@isc.org> |
support '-' salt in rndc signing -nsec3param
3361. [bug] "rndc signing -nsec3param" didn't work correctly
when salt was set to '-' (no salt). [RT #30099] |
e7857b5ee05414961bb11f9e57f654163fae6acb |
|
26-Jul-2012 |
ckb <ckb@isc.org> |
3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
approaching their expiry, so they don't remain
in caches after expiry. [RT #26429] |
bf8267aa453e5d2a735ed732a043b77a0b355b20 |
|
29-Jun-2012 |
Mark Andrews <marka@isc.org> |
reverse bad copyright update |
247bf378605811d695e968dbe930a7fc45c0038e |
|
29-Jun-2012 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
9b6e76e5e77d85e355288be6e7b81d12fe37e0b7 |
|
21-May-2012 |
Mark Andrews <marka@isc.org> |
awk and toupper is not portable, use sed instead |
a847a4bcd665fb1cafc1b2a0a42be7a1ede82a89 |
|
18-May-2012 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
26833735d3d95e731a1cfb2a9b12c9bc10ba208a |
|
17-May-2012 |
Evan Hunt <each@isc.org> |
Handle RRSIG signer case consistently
3329. [bug] Handle RRSIG signer-name case consistently: We
generate RRSIG records with the signer-name in
lower case. We accept them with any case, but if
they fail to validate, we try again in lower case.
[RT #27451] |
25845da41a621f35e76dc8560ca40de6859e0a11 |
|
04-Nov-2011 |
Evan Hunt <each@isc.org> |
3203. [bug] Increase log level to 'info' for validation failures
from expired or not-yet-valid RRSIGs. [RT #21796] |
bfe32d08c51a606744bd0d6ea518eb95084d2eef |
|
23-May-2011 |
Evan Hunt <each@isc.org> |
3116. [func] New 'dnssec-update-mode' option controls updates
of DNSSEC records in signed dynamic zones. Set to
'no-resign' to disable automatic RRSIG regeneration
while retaining the ability to sign new or changed
data. [RT #24533] |
a50ce0f80bd665545389cfd91df31d3f4fe66b04 |
|
19-May-2011 |
Scott Mann <smann@isc.org> |
Fix for RT #23136 task 1. |
4e5fc672bc9267d2dd91d1621c282753c1156d05 |
|
31-Mar-2011 |
Evan Hunt <each@isc.org> |
Corrected a bug in the dnssec test introduced in change #3046. |
eff7f78bc65f30efd87a398e66084ddab72799d3 |
|
05-Mar-2011 |
Mark Andrews <marka@isc.org> |
3061. [func] New option "dnssec-signzone -D", only write out
generated DNSSEC records. [RT #22896] |
664917bedafa65dee4349c84324a31731aa1e228 |
|
28-Feb-2011 |
Francis Dupont <fdupont@isc.org> |
Use RRSIG original TTL in validated RRset TTL [RT #23332] |
4f07b2b00cf52582b2ee9b55aabe7eb5066e57e7 |
|
23-Feb-2011 |
Mark Andrews <marka@isc.org> |
3040. [bug] Named failed to validate insecure zones where a node
with a CNAME existed between the trust anchor and the
top of the zone. [RT #23338] |
b1b42b03b774d77ddfd38e5e0a5c0a3ed1944b89 |
|
15-Feb-2011 |
Mark Andrews <marka@isc.org> |
3020. [bug] auto-dnssec failed to correctly update the zone when changing the DNSKEY RRset. [RT #23232] |
c5fa3706950224af3f5ae6d22944b1b8298d4edd |
|
15-Feb-2011 |
Mark Andrews <marka@isc.org> |
3019. [func] Test: check apex NSEC3 records after adding DNSKEY
record via UPDATE. [RT #23229] |
56748bc3d1e6b088cd9dcc2aa63ebce4d4539fa2 |
|
09-Feb-2011 |
Automatic Updater <source@isc.org> |
update copyright notice |
37b017f2ca736c251b80d2db564ef274317da168 |
|
08-Feb-2011 |
Mark Andrews <marka@isc.org> |
Regression test for:
3018. [bug] Named failed to check for the "none;" acl when deciding
if a zone may need to be re-signed. [RT #23120] |
6bb1560124ce99fe50b9847ce29fcaed52564900 |
|
19-Jan-2010 |
Automatic Updater <source@isc.org> |
update copyright notice |
e11a0c114cdaf8f7e7832e9f1a011138248093a6 |
|
18-Jan-2010 |
Evan Hunt <each@isc.org> |
2841. [func] Added "smartsign" and improved "autosign" and
"dnssec" regression tests. [RT #20865] |
c6d2578fd67bc1a427d13fd0699b25a187feec8a |
|
28-Oct-2009 |
Mark Andrews <marka@isc.org> |
2741. [func] Allow the dnssec-keygen progress messages to be
suppressed (dnssec-keygen -q). Automatically
suppress the progress messages when stdin is not
a tty. [RT #20474] |
e09cdbac087b88524ac40e943d040e2a032c48f2 |
|
27-Oct-2009 |
Mark Andrews <marka@isc.org> |
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
test. [RT #20453] |
fb596cc9af28ab5bf71c6796ebd1809654307a08 |
|
25-Sep-2009 |
Evan Hunt <each@isc.org> |
2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
chain when re-signing a previously-signed zone.
Use -u to modify NSEC3 parameters or switch
between NSEC and NSEC3. [RT #20304] |
39844d471080b2de4f8bb9d81f7e136ef80f0ae2 |
|
04-Jun-2009 |
Automatic Updater <source@isc.org> |
update copyright notice |
2534a73a5914470f7ffe00663b6bbaff5e411e57 |
|
04-Jun-2009 |
Mark Andrews <marka@isc.org> |
2608. [func] Perform post signing verification checks in
dnssec-signzone. These can be disabled with -P.
The post sign verification test ensures that for each
algorithm in use there is at least one non revoked
self signed KSK key. That all revoked KSK keys are
self signed. That all records in the zone are signed
by the algorithm. [RT #19653] |
3398334b3acda24b086957286288ca9852662b12 |
|
25-Sep-2008 |
Automatic Updater <source@isc.org> |
update copyright notice |
6098d364b690cb9dabf96e9664c4689c8559bd2e |
|
24-Sep-2008 |
Mark Andrews <marka@isc.org> |
2448. [func] Add NSEC3 support. [RT #15452] |
70e5a7403f0e0a3bd292b8287c5fed5772c15270 |
|
20-Jun-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
ec5347e2c775f027573ce5648b910361aa926c01 |
|
19-Jun-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
59d84d1b077678cb77f6cbcc53d8cfa60ff69cb7 |
|
06-Mar-2006 |
Mark Andrews <marka@isc.org> |
2001. [func] Check the KSK flag when updating a secure dynamic zone.
New zone option "update-check-ksk yes;". [RT #15817] |
35da39a7f16d76d29ee295c4e4a0598649dfda9c |
|
04-Jan-2006 |
Mark Andrews <marka@isc.org> |
update copyright notice |
2a90390deeff6ba07125bfb2c81ab4b582eb2777 |
|
03-Jan-2006 |
Mark Andrews <marka@isc.org> |
1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended.
To generate a RSAMD5 key you must explictly request
RSAMD5. [RT #13780] |
dafcb997e390efa4423883dafd100c975c4095d6 |
|
05-Mar-2004 |
Mark Andrews <marka@isc.org> |
update copyright notice |
0b09763c354ec91fb352b6b4cea383bd0195b2d8 |
|
17-Jun-2002 |
Mark Andrews <marka@isc.org> |
1328. [func] DS (delegation signer) support. |
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5 |
|
20-Feb-2002 |
Mark Andrews <marka@isc.org> |
copyrights |
473ca0bf8c73e5fc3132df074b2d4e14be5eaa1e |
|
22-Jan-2002 |
Andreas Gustafsson <source@isc.org> |
Added RT #2399 regression test |
e4b5f088ca2dad7c81a9df0172fd534a3a880879 |
|
19-Sep-2001 |
Andreas Gustafsson <source@isc.org> |
Added RT #1763 regression test |
81b172466cbf05a8ca1408c3865294832b12a136 |
|
17-Sep-2001 |
Brian Wellington <source@isc.org> |
*** empty log message *** |
499b34cea04a46823d003d4c0520c8b03e8513cb |
|
09-Jan-2001 |
Brian Wellington <source@isc.org> |
copyright update |
2c46670fb483b712181d4974199619bf98e61593 |
|
22-Nov-2000 |
Brian Wellington <source@isc.org> |
ignore stdout from the dnssec tools |
40f53fa8d9c6a4fc38c0014495e7a42b08f52481 |
|
01-Aug-2000 |
David Lawrence <source@isc.org> |
Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your
own CVS tree will help minimize CVS conflicts. Maybe not.
Blame Graff for getting me to trim all trailing whitespace. |
15a44745412679c30a6d022733925af70a38b715 |
|
27-Jul-2000 |
David Lawrence <source@isc.org> |
word wrap copyright notice at column 70 |
9c3531d72aeaad6c5f01efe6a1c82023e1379e4d |
|
23-Jun-2000 |
David Lawrence <source@isc.org> |
add RCS id string |
e6e0dadd30fc794b4b75f36ab8d1edb074fd5bab |
|
12-Jun-2000 |
Michael Sawyer <source@isc.org> |
Match output format to what scripts expect |
d3498432822fb487e58f8f72bb5f880dd8307d7d |
|
20-May-2000 |
Michael Sawyer <source@isc.org> |
Add copyright entries |
78ad0763902bddf4b94bb2d7ce55fe439cb71c12 |
|
18-May-2000 |
Michael Sawyer <source@isc.org> |
Fix typo in ifconfig script and add dnssec clean script |
d98372394fd6253336e9c9d580f48bd6ff9710f7 |
|
18-May-2000 |
Michael Sawyer <source@isc.org> |
Addition of test suite. |
b04adaa78206cda6291437f92cd6cd63a56c4a1c |
|
16-May-2000 |
Andreas Gustafsson <source@isc.org> |
simplified |
02b4e9aef28c1e1d261f49f88a6cf389d117948b |
|
16-May-2000 |
Andreas Gustafsson <source@isc.org> |
be compatible with new dnssec tool command line argument
usage; bug fixes |
0e9dcd548051a8ec34744bfa18b4e09fea742a39 |
|
16-May-2000 |
Andreas Gustafsson <source@isc.org> |
added system tests |