granicus.if.org Git

]> granicus.if.org Git - pdns/log

Bert Hubert [Mon, 31 Jan 2011 07:48:19 +0000 (07:48 +0000)]

disable the broken 'storing unknown records' code for now

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1942 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 31 Jan 2011 07:27:19 +0000 (07:27 +0000)]

actually report the DLV record type for production too, lack spotted by Jan-Piet 'I have a Dutch name, but don't let that fool you' Mens

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1941 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 21:27:50 +0000 (21:27 +0000)]

even if we do opt-out, the NSEC3PARAM flags field should be 0

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1940 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 21:19:03 +0000 (21:19 +0000)]

if I understand things correctly, powerdns does 'opt-out' NSEC3, but we did not say that in the NSEC3/NSEC3PARAM.
I hope I got it right ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1939 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 21:17:40 +0000 (21:17 +0000)]

fix everyone's favorite 'succesful' typo

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1938 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 20:43:58 +0000 (20:43 +0000)]

when operating in front-signing mode, make sure we set the auth & hash fields correctly on the first load too.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1937 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 19:52:05 +0000 (19:52 +0000)]

the wonderful #powerdns channel on irc.oftc.net discovered that powerdns could not deal with record types > 2^15
Fixed that. Plus fixed what caused the issue, the DLV record type, which is now supported too (at least for storage). Closes ticket 337.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1936 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 13:12:36 +0000 (13:12 +0000)]

make sure we don't try to print digest type 3 if we don't have GOST on board

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1935 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 12:59:00 +0000 (12:59 +0000)]

make sure we sign our DNSKEYs when serving an AXFR. Plus remove some whitespace.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1934 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 12:58:06 +0000 (12:58 +0000)]

don't try to store an AXFRd OPT record - would ignore it anyhow, but this is better

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1933 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 30 Jan 2011 12:49:13 +0000 (12:49 +0000)]

silence a lot of debugging output at loglevel 9 (you did not see it, but it did slow things down)
fix up pre-signed zones in hybrid installations (bind + generic). Because the BIND Backend needs the DBDnssecKeeper,
while the dbdnsseckeeper needs the bindbackend to function, getting presignatures from the dbdnsseckeeper failed.
We now pass an explicit database connection for this purpose. Spotted by Christof Meerwaald.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1932 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 29 Jan 2011 12:34:21 +0000 (12:34 +0000)]

if no dnssec schema is loaded, auth==1 - Leen Besselink discovered oddities

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1931 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 29 Jan 2011 12:33:21 +0000 (12:33 +0000)]

Christoph Meerwald discovered we would sign out-of-zone additional data, fixed.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1930 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 21:44:52 +0000 (21:44 +0000)]

make sure we can insert huuuuge records

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1929 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 20:57:35 +0000 (20:57 +0000)]

reinstate 'recursor' handoff in auth server, issue spotted by Detlef Peeters

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1928 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 20:40:46 +0000 (20:40 +0000)]

update pdnssec error message & documentation based on feedback by Leen Besselink.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1927 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 11:09:22 +0000 (11:09 +0000)]

Jan-Piet Mens discovered that we did not correctly fill out the 'auth' field on incoming zonetransfers for non-secured zones, even though
this is necessary for *all* zones.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1926 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 07:58:58 +0000 (07:58 +0000)]

silence zone2sql debugging output, fix up sqlite3 typo

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1925 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 07:50:01 +0000 (07:50 +0000)]

fix up 'too-big-for-udp' testcase. Protipp: increase the percentage of succeeding regression tests by adding extra tests that DO succeed!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1924 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 07:45:07 +0000 (07:45 +0000)]

this is a directory rename, and it does not look good

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1923 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 23:19:51 +0000 (23:19 +0000)]

the all new non-generic Oracle Backend, with full DNSSEC support!
Contributed by Maik Zumstrull <maik@zumstrull.net>, then at the Steinbuch
Centre for Computing <http://www.scc.kit.edu/> at the Karlsruhe Institute of
Technology <http://www.kit.edu/>.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1922 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 22:20:36 +0000 (22:20 +0000)]

release notes for 3.0

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1921 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 15:37:11 +0000 (15:37 +0000)]

with this patch, PowerDNS works around a bug in the Botan GOST code. Post Botan 1.9.12,
the bugfix will automatically disable itself, so let's hope they have it fixed by then ;-) See http://bit.ly/gTytUf

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1920 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 12:59:01 +0000 (12:59 +0000)]

further spiff up verify-crypto, now correctly processes samples from draft-ietf-dnsext-ecdsa

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1919 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 12:58:26 +0000 (12:58 +0000)]

teach ECDSA keys to import a public key from the binary DNSKEY value, plus add working verification from the public key

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1918 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 12:57:00 +0000 (12:57 +0000)]

add supported algorithms & digest types

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1917 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 12:55:39 +0000 (12:55 +0000)]

add support for digest provisional codepoint 4, SHA384

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1916 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 10:31:27 +0000 (10:31 +0000)]

add signature verification infrastructure for RSA & GOST, test with 'pdnssec verify-crypto fname' where fname contains a zone with a key, something to be signed, and an RRSIG

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1915 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 09:35:58 +0000 (09:35 +0000)]

remove vestiges of RSA-centrism from the DNSKEY code - at assumed every key was an RSA key!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1914 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 26 Jan 2011 21:01:22 +0000 (21:01 +0000)]

finish up support for GOST, including DS with digest type=3, plus abstract out relevant hashes to the signer objects.
Plus update the formatting of the Russian anthem in botan19signers.cc ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1913 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 26 Jan 2011 16:04:37 +0000 (16:04 +0000)]

First part of the GOST support: R 34.10-2001, GOST R 34.11-94 will follow. As a special bonus, this code has a song in it!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1912 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 26 Jan 2011 00:12:50 +0000 (00:12 +0000)]

work in progress, but needed to complete the tar.gz build

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1911 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 26 Jan 2011 00:08:25 +0000 (00:08 +0000)]

add Botan to our static builds

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1910 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 23:27:29 +0000 (23:27 +0000)]

this huge commit adds support for RSASHA512 & draft-ietf-dnsext-ecdsa using the provisional codepoints, which may still change.
ECDSAP256SHA256 and ECDSAP384SHA384 are supported.. iff you have Botan 1.9.x. Enable with ./configure --enable-botan19
GOST is just around the corner.
Btw: don't run this commit in production pls - normal service will return tomorrow

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1909 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 19:14:30 +0000 (19:14 +0000)]

massively speed up nsec/nsec3 rectification by wrapping the update statements in a transaction

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1908 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 19:13:06 +0000 (19:13 +0000)]

and generic sql too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1907 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 19:08:54 +0000 (19:08 +0000)]

teach backends not to delete a zone if a negative zone-id is passed to startTransaction, but only to start a transaction in that case

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1906 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 07:51:55 +0000 (07:51 +0000)]

'multi-algorithm support' - for now we still only do RSA, but the whole signer stuff has been abstracted out, and we could in theory add KnapsackCRC32 code!
Or of course ECDSA or GOST ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1905 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 22 Jan 2011 18:21:23 +0000 (18:21 +0000)]

oops, missed this in the previous commit

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1904 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 22 Jan 2011 18:21:01 +0000 (18:21 +0000)]

move code around in preparation for non-RSA keys & signatures

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1903 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 21 Jan 2011 12:49:09 +0000 (12:49 +0000)]

further fix up parsing hex strings with spaces in odd places (it rhymes!)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1902 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 20 Jan 2011 21:26:45 +0000 (21:26 +0000)]

mutate nsecxcache into metacache, simplify cache handling while we are at it. make sure we cache
isPresigned()

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1901 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:28:05 +0000 (19:28 +0000)]

work around apparent bug in 'dig' output of DS records. Dig likes to include spaces in type 2 digests of DS records, which confuse PowerDNS when input. People like to cut & paste dig output. Again spotted by Marco Davids of SIDN.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1900 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:26:27 +0000 (19:26 +0000)]

fix up us putting the RRSIG in the wrong place for DS records. Spotted by Marco Davids of SIDN.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1899 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:21:22 +0000 (19:21 +0000)]

fix up some tabdamage

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1898 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:15:49 +0000 (19:15 +0000)]

sync the docs with pre-signing mode

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1897 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 19:01:56 +0000 (19:01 +0000)]

Jose Arthur Benetasso Villanova fixed a very old comment typo ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1896 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 19:01:21 +0000 (19:01 +0000)]

Jose Arthur Benetasso Villanova contributed the postgresql schema update for dnssec

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1895 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 15:33:31 +0000 (15:33 +0000)]

document (un)set-presigned

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1894 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 14:55:39 +0000 (14:55 +0000)]

implement 'pdnssec set-presigned', allowing PowerDNSSEC to serve pre-signed zones. Rather experimental, but does appear to work

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1893 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:43:56 +0000 (08:43 +0000)]

remove the signing code from dnspacket, where it was cute but wrong.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1892 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:37:13 +0000 (08:37 +0000)]

add tools to compare pdns output to that of other servers

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1891 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:21:36 +0000 (08:21 +0000)]

move clone-zone into the pdnssec era

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1890 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 17 Jan 2011 20:04:37 +0000 (20:04 +0000)]

alternate rdtsc() implementation

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1889 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 20:41:46 +0000 (20:41 +0000)]

massively speed up our NSEC3 AXFR code

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1888 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:26:53 +0000 (11:26 +0000)]

add support for NSEC3 zonetransfers!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1887 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:24:55 +0000 (11:24 +0000)]

emitNSEC3 and getNSEC3Hashes are useful outside of the packethandler class too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1886 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:23:52 +0000 (11:23 +0000)]

teach bindbackend about the possibility of empty nsec3 salts

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1885 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 22:12:31 +0000 (22:12 +0000)]

implement 'pdnssec import-zone-key-pem' which is compatible with the default output of openssl genrsa.
This should aid interoperability with non-DNSSEC RSA key generators. Thanks to Martin van Hensbergen for helping us navigate the jungle of PEM/BER/DER/PKCS standards.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1884 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 12:12:14 +0000 (12:12 +0000)]

fix up nsec3 hunt in BIND backend, problems spotted by Christoph Meerwald

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1883 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 12:10:47 +0000 (12:10 +0000)]

properly invalidate keycache on adding a new key - this removes the 'should not happen' error on pdnssec-secure

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1882 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 20:19:18 +0000 (20:19 +0000)]

repeat after me.. no more rushed coding

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1881 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 19:27:43 +0000 (19:27 +0000)]

make packetcache further aware of difference between tcp and udp, so we don't serve truncated packets over tcp

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1880 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 18:26:05 +0000 (18:26 +0000)]

refuse to make keys of unknown algorithm instead of just complaining
allow us to process ginormous keys - both issues spotted by Stefan Schmidt

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1879 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 16:35:31 +0000 (16:35 +0000)]

oops, put the NSEC3NARROW item in the NSEC3PARAM cache

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1878 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 16:30:48 +0000 (16:30 +0000)]

don't interleave DNSBackend::lookup and ::getSOA!
Plus don't add NSEC to the RRSIG set for explicit RRSIG queries for NSEC3 zones.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1877 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 22:50:46 +0000 (22:50 +0000)]

add some logic to prevent us crashing on an nsec3 non-narrow zone with only 1 name in it. fix is probably wrong.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1876 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 22:00:50 +0000 (22:00 +0000)]

messed up the 'narrow' detection from the db

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1875 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:45:13 +0000 (21:45 +0000)]

keycache would only serve expired records, and never renew expired records..

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1874 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:42:56 +0000 (21:42 +0000)]

improve syntax checking for pdnssec

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1873 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:41:15 +0000 (21:41 +0000)]

make replacing_insert from syncres.hh useable for the rest of pdns

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1872 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 20:08:46 +0000 (20:08 +0000)]

restore NSEC generation & signatures for AXFR.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1871 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:59:06 +0000 (19:59 +0000)]

implement simplistic 60 dnssec key cache

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1870 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:56:07 +0000 (19:56 +0000)]

make packetcache dnssec aware (different answers based on do)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1869 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:52:55 +0000 (19:52 +0000)]

quiet query logging with log-dns-details, move query logging to place where cache hits are also seen, take first step for dnssec packet caching

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1868 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 14:39:04 +0000 (14:39 +0000)]

remainder of 3600-ectomy

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1867 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 14:14:38 +0000 (14:14 +0000)]

making the world safe for ttl!=3600 dnssec, one step at a time ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1866 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 13:44:43 +0000 (13:44 +0000)]

fix typo in bindbackend, add pdnssec hash-zone-record convenience function for manual hashing, plus document it

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1865 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:29:42 +0000 (09:29 +0000)]

oops - previous commit was uncompiled & thus broken

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1864 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:25:48 +0000 (09:25 +0000)]

silence a warning from the BIND backend, plus vamp up the auto-build script for rapidfire updates

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1863 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:15:52 +0000 (09:15 +0000)]

slim down our tar.gz, taking out a .svn directory + outdated sgml

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1862 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 08:43:57 +0000 (08:43 +0000)]

update our internal tar.gz builder

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1861 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 08:43:26 +0000 (08:43 +0000)]

bye bye sgml, plus some updates to the xml

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1860 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:48:17 +0000 (13:48 +0000)]

hypermodern bulk slave engine forward ported from 2.9.22.x. Does 5000 zones in 3 seconds or so.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1859 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:44:04 +0000 (13:44 +0000)]

remote master can now also have a :port number - forward port from 2.9.22.x

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1858 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:42:59 +0000 (13:42 +0000)]

add multiple master support to gsqlbackends - forward port from 2.9.22.x

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1857 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:41:16 +0000 (13:41 +0000)]

make sure geobackend sets auth=1, which should always be true

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1856 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:50:02 +0000 (11:50 +0000)]

make sure that DNSKEY requests can be delegated
don't do NSEC on non-DNSSEC zones for delegations

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1855 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:14:58 +0000 (11:14 +0000)]

no longer try to add NSEC/NSEC3 to unsigned zones
also don't add DNSSEC material to unsigned zones during AXFR
quiet some logging about unsigned zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1854 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:03:34 +0000 (11:03 +0000)]

more dnssec docs

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1853 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 08:39:47 +0000 (08:39 +0000)]

add support for unsalted nsec3 hashes ('1 0 1 -')

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1852 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 07:51:58 +0000 (07:51 +0000)]

show-zone output partially went to stderr
we can now roundtrip a zone via export-zone-key and import-zone-key and things remain identical!
reinstated the check-zone command

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1851 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 21:05:03 +0000 (21:05 +0000)]

fix giant memory leak, silence debugging, improve error message about unauth data with hint how to resolve (thanks Stefan Arentz)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1850 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 18:26:04 +0000 (18:26 +0000)]

index the signature cache on the hash of the public key instead of on the whole key!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1849 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 15:54:20 +0000 (15:54 +0000)]

move some non-'keeper' dnssec signing logic away to a separate file, dnssecsigner.cc

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1848 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:40:04 +0000 (10:40 +0000)]

3.0pre

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1847 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:31:14 +0000 (10:31 +0000)]

remove more of boost dependency, fix up debian compilation

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1846 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:27:31 +0000 (10:27 +0000)]

remove boost filesystem dependency

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1845 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 09:06:25 +0000 (09:06 +0000)]

always sign DS records - bit of an oddity, we normally assume that all records with the same name have the same 'auth' status, but they don't

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1844 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:58:55 +0000 (08:58 +0000)]

* Make everything aware of multiple simultaneous signing keys
        * Remove APIs that contravene this
* Rename SHA1-centric functioncalls: s/SHA1/Hash/g
* Diagnose the sillines of getSignerApexFor which rediscovers the right key
  to use..
        * no fix yet
* If no ZSKs, use active KSKs for signing (allowing single-key operation)
* Fix up signature caching which assumed keytag = key identity
* Only sign the DNSKEY RRSET with active KSKs from now on
* Make secure-zone run rectify-zone
* Remove --force from secure-zone (silly)
* Make RSASHA256 default for secure-zone

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1843 d19b8d6e-7fed-0310-83ef-9ca221ded41b

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom