granicus.if.org Git

]> granicus.if.org Git - pdns/log

Bert Hubert [Wed, 12 Jan 2011 16:30:48 +0000 (16:30 +0000)]

don't interleave DNSBackend::lookup and ::getSOA!
Plus don't add NSEC to the RRSIG set for explicit RRSIG queries for NSEC3 zones.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1877 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 22:50:46 +0000 (22:50 +0000)]

add some logic to prevent us crashing on an nsec3 non-narrow zone with only 1 name in it. fix is probably wrong.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1876 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 22:00:50 +0000 (22:00 +0000)]

messed up the 'narrow' detection from the db

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1875 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:45:13 +0000 (21:45 +0000)]

keycache would only serve expired records, and never renew expired records..

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1874 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:42:56 +0000 (21:42 +0000)]

improve syntax checking for pdnssec

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1873 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:41:15 +0000 (21:41 +0000)]

make replacing_insert from syncres.hh useable for the rest of pdns

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1872 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 20:08:46 +0000 (20:08 +0000)]

restore NSEC generation & signatures for AXFR.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1871 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:59:06 +0000 (19:59 +0000)]

implement simplistic 60 dnssec key cache

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1870 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:56:07 +0000 (19:56 +0000)]

make packetcache dnssec aware (different answers based on do)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1869 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:52:55 +0000 (19:52 +0000)]

quiet query logging with log-dns-details, move query logging to place where cache hits are also seen, take first step for dnssec packet caching

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1868 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 14:39:04 +0000 (14:39 +0000)]

remainder of 3600-ectomy

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1867 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 14:14:38 +0000 (14:14 +0000)]

making the world safe for ttl!=3600 dnssec, one step at a time ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1866 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 13:44:43 +0000 (13:44 +0000)]

fix typo in bindbackend, add pdnssec hash-zone-record convenience function for manual hashing, plus document it

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1865 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:29:42 +0000 (09:29 +0000)]

oops - previous commit was uncompiled & thus broken

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1864 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:25:48 +0000 (09:25 +0000)]

silence a warning from the BIND backend, plus vamp up the auto-build script for rapidfire updates

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1863 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:15:52 +0000 (09:15 +0000)]

slim down our tar.gz, taking out a .svn directory + outdated sgml

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1862 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 08:43:57 +0000 (08:43 +0000)]

update our internal tar.gz builder

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1861 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 08:43:26 +0000 (08:43 +0000)]

bye bye sgml, plus some updates to the xml

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1860 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:48:17 +0000 (13:48 +0000)]

hypermodern bulk slave engine forward ported from 2.9.22.x. Does 5000 zones in 3 seconds or so.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1859 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:44:04 +0000 (13:44 +0000)]

remote master can now also have a :port number - forward port from 2.9.22.x

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1858 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:42:59 +0000 (13:42 +0000)]

add multiple master support to gsqlbackends - forward port from 2.9.22.x

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1857 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:41:16 +0000 (13:41 +0000)]

make sure geobackend sets auth=1, which should always be true

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1856 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:50:02 +0000 (11:50 +0000)]

make sure that DNSKEY requests can be delegated
don't do NSEC on non-DNSSEC zones for delegations

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1855 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:14:58 +0000 (11:14 +0000)]

no longer try to add NSEC/NSEC3 to unsigned zones
also don't add DNSSEC material to unsigned zones during AXFR
quiet some logging about unsigned zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1854 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:03:34 +0000 (11:03 +0000)]

more dnssec docs

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1853 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 08:39:47 +0000 (08:39 +0000)]

add support for unsalted nsec3 hashes ('1 0 1 -')

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1852 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 07:51:58 +0000 (07:51 +0000)]

show-zone output partially went to stderr
we can now roundtrip a zone via export-zone-key and import-zone-key and things remain identical!
reinstated the check-zone command

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1851 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 21:05:03 +0000 (21:05 +0000)]

fix giant memory leak, silence debugging, improve error message about unauth data with hint how to resolve (thanks Stefan Arentz)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1850 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 18:26:04 +0000 (18:26 +0000)]

index the signature cache on the hash of the public key instead of on the whole key!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1849 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 15:54:20 +0000 (15:54 +0000)]

move some non-'keeper' dnssec signing logic away to a separate file, dnssecsigner.cc

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1848 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:40:04 +0000 (10:40 +0000)]

3.0pre

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1847 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:31:14 +0000 (10:31 +0000)]

remove more of boost dependency, fix up debian compilation

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1846 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:27:31 +0000 (10:27 +0000)]

remove boost filesystem dependency

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1845 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 09:06:25 +0000 (09:06 +0000)]

always sign DS records - bit of an oddity, we normally assume that all records with the same name have the same 'auth' status, but they don't

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1844 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:58:55 +0000 (08:58 +0000)]

* Make everything aware of multiple simultaneous signing keys
        * Remove APIs that contravene this
* Rename SHA1-centric functioncalls: s/SHA1/Hash/g
* Diagnose the sillines of getSignerApexFor which rediscovers the right key
  to use..
        * no fix yet
* If no ZSKs, use active KSKs for signing (allowing single-key operation)
* Fix up signature caching which assumed keytag = key identity
* Only sign the DNSKEY RRSET with active KSKs from now on
* Make secure-zone run rectify-zone
* Remove --force from secure-zone (silly)
* Make RSASHA256 default for secure-zone

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1843 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:51:09 +0000 (08:51 +0000)]

silence some debugging output on ordering zone information

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1842 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:37:28 +0000 (08:37 +0000)]

fix up confusing message about starting up another distributor thread

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1841 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 06:13:09 +0000 (06:13 +0000)]

remove dependency on the boost_system libs, easing compilation on CentOS/RHEL

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1840 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 06:12:29 +0000 (06:12 +0000)]

move document generation structure fully over to xml docbook

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1839 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 13:22:04 +0000 (13:22 +0000)]

moving to prettier docbook xml output

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1838 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 00:54:30 +0000 (00:54 +0000)]

make rest of powerdns RSASHA256 aware. Works too.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1837 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 00:53:40 +0000 (00:53 +0000)]

unbase32hex speedup dereconversion broke everything, fixed now

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1836 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:57:48 +0000 (23:57 +0000)]

make dnsseckeeper & dnssecinfra code, plus pdnssec, aware of non-RSASHA1 algorithms, specifically RSASHA256. Rest of PowerDNSSEC has no clue yet.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1835 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:24:42 +0000 (23:24 +0000)]

also emit DS for digest type 2 (SHA256) in pdnssec output

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1834 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:13:49 +0000 (23:13 +0000)]

make sure pipe backend for now gets the 'auth' field *mostly* right

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1833 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 22:29:36 +0000 (22:29 +0000)]

make sure we don't send back an oversized packet after adding signatures

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1832 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 22:04:06 +0000 (22:04 +0000)]

<- idiot

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1831 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 20:33:04 +0000 (20:33 +0000)]

remove old 'guillotine' truncate functionality which should've been disabled a long time ago
tought the packetcache about EDNS response size
no longer cache TCP answers for UDP usage
closes ticket 200
silence some debugging

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1830 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 20:01:43 +0000 (20:01 +0000)]

remove one unneccessary layer of (un)base32hex transitions, spotted by Aki Tuomi

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1829 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 13:02:37 +0000 (13:02 +0000)]

don't truncate just before sending answer, plus improve logging a bit

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1828 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 10:32:18 +0000 (10:32 +0000)]

fix base32 padding issue as found by Aki Tuomi and solved by Michel Stol

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1827 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 22:00:05 +0000 (22:00 +0000)]

add some operational doctrine, plus link to the wiki

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1826 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 21:23:07 +0000 (21:23 +0000)]

more documentation, plus add importing as zsk, ksk, plus adding a zsk or ksk and specifying bitsize

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1825 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 21:14:41 +0000 (21:14 +0000)]

make importing keys a bit more resilient against whitespace, plus fix up setting the flag on import

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1824 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 21:10:51 +0000 (21:10 +0000)]

oops, the --config-name fix broke setups w/o a config-name
plus add ability to import a key as ksk or zsk

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1823 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 21:00:01 +0000 (21:00 +0000)]

report (fatal) errors better

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1822 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 20:41:19 +0000 (20:41 +0000)]

more docs

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1821 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 19:09:55 +0000 (19:09 +0000)]

suggested by Maik Zumstrull, pdnssec needs --config-name to access virtual configurations.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1820 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 18:57:57 +0000 (18:57 +0000)]

make sure that we dnssec-rectify dnssec enabled zones that are slaved from a remote master. Idea by Mathew Hennessy.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1819 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 15:58:57 +0000 (15:58 +0000)]

and like this?

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1818 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 15:56:43 +0000 (15:56 +0000)]

maybe this helps us build..

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1817 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 14:52:10 +0000 (14:52 +0000)]

make pdnssec output useful help
rename order-zone to rectify-zone and make it also set the 'auth' field
plus make it clear the order field for narrow nsec3 zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1816 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 14:41:29 +0000 (14:41 +0000)]

make sqlite3 schema case insensitive, thanks to Peter van Dijk for telling us how

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1815 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 13:23:43 +0000 (13:23 +0000)]

disable AXFR for NSEC3 zones for now - we can do it for non-narrow mode, but we can't right now, so best deny it. Previously we would serve NSEC records in an AXFR of an NSEC3 zone (sorry). Spotted by Marco Davids.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1814 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 13:03:50 +0000 (13:03 +0000)]

spotted by Wouter Wijngaards, turns out we were incrementing/decrementing already base32hex encoded hashes, which works only sometimes ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1813 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 12:44:49 +0000 (12:44 +0000)]

make sure 'pdnssec' can see the ultra-vital 'random' backend too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1812 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 12:38:31 +0000 (12:38 +0000)]

Thanks to Roy Arends, actually make nsec3-narrow work, enable with 'pdnssec set-nsec3 "1 0 1 ab" narrow'.
Another mode could be 'nsec3-narrow-empty-non-terminal', also appears to work

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1811 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 09:15:39 +0000 (09:15 +0000)]

implement 'narrow' NSEC3 generation w/o consulting the database ordering, based on an idea by Roy Arends & discussions with Dan Kaminsky.
This will probably have to be tuned further.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1810 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 09:13:45 +0000 (09:13 +0000)]

quiet some nsec3 debugging output

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1809 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 22:00:55 +0000 (22:00 +0000)]

don't synthesise an NSEC for NSEC3 zones when queried directly for NSEC

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1808 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 20:59:54 +0000 (20:59 +0000)]

On his birthday, José Arthur Benetasso Villanova gave us initial postgresql code for PowerDNSSEC! ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1807 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 19:57:22 +0000 (19:57 +0000)]

when explicitly asking for an NSEC, we should not do a 'relative' pointer to the next record but an absolute one. Spotted by Marco Davids.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1806 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 19:35:10 +0000 (19:35 +0000)]

our random may be random, but it is authoritative random!!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1805 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 15:09:51 +0000 (15:09 +0000)]

PAY ATTENTION! from this commit onwards, generic backends will NOT perform dnssec queries by default, you'll have to turn this on with: 'gmysql-dnssec' or 'gpgsql-dnssec' etc

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1804 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 12:19:09 +0000 (12:19 +0000)]

actually set the module-dir before we need it instead of after - spotted by Stefan Schmidt

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1803 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 10:12:39 +0000 (10:12 +0000)]

teach pdnssec about config-dir

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1802 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 09:20:08 +0000 (09:20 +0000)]

make pdnssec (hopefully) support dynamically loaded modules too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1801 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 09:03:47 +0000 (09:03 +0000)]

make dnssec queries configurable, patch by Stefan Schmidt. Will have to be expanded to all the generic backends.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1800 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 3 Jan 2011 20:59:25 +0000 (20:59 +0000)]

also include DNSKEY on a case-insensitive match.
Lowercase RRDATA properly for signing -> hopefully gets us 0x20 compliant

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1799 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 3 Jan 2011 20:11:40 +0000 (20:11 +0000)]

make sure we stuff in synthesised DNSKEYs for an ANY query - maybe this will make unbound happy?
next up, checking CaSiNg

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1798 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 3 Jan 2011 11:16:22 +0000 (11:16 +0000)]

used a non-existent database connection in tcp backend for signing (oops)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1797 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 3 Jan 2011 11:03:29 +0000 (11:03 +0000)]

enable hybrid gsqlite3/bind operation where sqlite hosts keying material
no longer create 25 database connections per packet (or so)
add dirty hack to allow launch of bind backend, because the bind backend needs a dnsseckeeper and the dnsseckeeper.. needs a bind backend
removed a lot of logging

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1796 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 21:50:21 +0000 (21:50 +0000)]

add some primitive locking to the rrsig cache, plus clarify some logging in the generic sql backend

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1795 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 21:49:31 +0000 (21:49 +0000)]

add the code to add the new fields to the sqlite3 sql schema

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1794 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 21:48:57 +0000 (21:48 +0000)]

make pdnssec read the right configuration file, plus make add-zone-key add zsks

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1793 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 21:32:48 +0000 (21:32 +0000)]

turns out that there is a tiny chance we crash on setting the 'programname' .. which nobody uses

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1792 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 19:40:46 +0000 (19:40 +0000)]

hook up activate-domain-key, deactivate-domain-key, remove-domain-key

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1791 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 18:34:10 +0000 (18:34 +0000)]

move around a lot of stuff to isolate dnssec db connectivity
fix up addDomainMetadata so it doesn't keep on adding
add import-zone-key functionality to dbdnsseckeeper
remove key-repository setting from loads of places

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1790 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 18:31:38 +0000 (18:31 +0000)]

move SOA serialization code away from dnspacket into generic dns.cc file, to break dependencies for zone2sql on database functionality

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1789 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 18:30:37 +0000 (18:30 +0000)]

add import-zone-key for interop, remove key-repository setting from pdnssec

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1788 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 2 Jan 2011 18:28:55 +0000 (18:28 +0000)]

pare down zone2sql/zone2ldap dependencies so they don't depend on a working database connection
remove key-repository setting from bind backend

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1787 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 1 Jan 2011 21:25:20 +0000 (21:25 +0000)]

some helpful migration sql statements - still quite brief

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1786 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 1 Jan 2011 21:23:18 +0000 (21:23 +0000)]

move some more stuff to the 'infra' and away from the 'keeper'

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1785 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 1 Jan 2011 21:22:17 +0000 (21:22 +0000)]

bye bye directory based dnssec key repo

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1784 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 1 Jan 2011 21:21:30 +0000 (21:21 +0000)]

don't crash if the dnsseckeeper returns unexpected results

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1783 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 1 Jan 2011 21:20:18 +0000 (21:20 +0000)]

actually compile the dbdnsseckeeper into the binaries

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1782 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 1 Jan 2011 21:19:02 +0000 (21:19 +0000)]

hook up the dbdnsseckeeper to everything, implement (most) methods in the generic backend

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1781 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 1 Jan 2011 20:26:46 +0000 (20:26 +0000)]

enable sqlite3 as a dnssec backend - especially useful as key storage for the BIND backend

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1780 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 31 Dec 2010 13:39:12 +0000 (13:39 +0000)]

in preparation for database storage of keys, move out some infrastructure code from the fsdnsseckeeper to dnssecinfra

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1779 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 31 Dec 2010 13:31:39 +0000 (13:31 +0000)]

repair some tabdamage

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1778 d19b8d6e-7fed-0310-83ef-9ca221ded41b

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom