granicus.if.org Git

]> granicus.if.org Git - pdns/log

Bert Hubert [Fri, 28 Jan 2011 20:57:35 +0000 (20:57 +0000)]

reinstate 'recursor' handoff in auth server, issue spotted by Detlef Peeters

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1928 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 20:40:46 +0000 (20:40 +0000)]

update pdnssec error message & documentation based on feedback by Leen Besselink.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1927 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 11:09:22 +0000 (11:09 +0000)]

Jan-Piet Mens discovered that we did not correctly fill out the 'auth' field on incoming zonetransfers for non-secured zones, even though
this is necessary for *all* zones.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1926 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 07:58:58 +0000 (07:58 +0000)]

silence zone2sql debugging output, fix up sqlite3 typo

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1925 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 07:50:01 +0000 (07:50 +0000)]

fix up 'too-big-for-udp' testcase. Protipp: increase the percentage of succeeding regression tests by adding extra tests that DO succeed!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1924 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 28 Jan 2011 07:45:07 +0000 (07:45 +0000)]

this is a directory rename, and it does not look good

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1923 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 23:19:51 +0000 (23:19 +0000)]

the all new non-generic Oracle Backend, with full DNSSEC support!
Contributed by Maik Zumstrull <maik@zumstrull.net>, then at the Steinbuch
Centre for Computing <http://www.scc.kit.edu/> at the Karlsruhe Institute of
Technology <http://www.kit.edu/>.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1922 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 22:20:36 +0000 (22:20 +0000)]

release notes for 3.0

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1921 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 15:37:11 +0000 (15:37 +0000)]

with this patch, PowerDNS works around a bug in the Botan GOST code. Post Botan 1.9.12,
the bugfix will automatically disable itself, so let's hope they have it fixed by then ;-) See http://bit.ly/gTytUf

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1920 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 12:59:01 +0000 (12:59 +0000)]

further spiff up verify-crypto, now correctly processes samples from draft-ietf-dnsext-ecdsa

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1919 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 12:58:26 +0000 (12:58 +0000)]

teach ECDSA keys to import a public key from the binary DNSKEY value, plus add working verification from the public key

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1918 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 12:57:00 +0000 (12:57 +0000)]

add supported algorithms & digest types

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1917 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 12:55:39 +0000 (12:55 +0000)]

add support for digest provisional codepoint 4, SHA384

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1916 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 10:31:27 +0000 (10:31 +0000)]

add signature verification infrastructure for RSA & GOST, test with 'pdnssec verify-crypto fname' where fname contains a zone with a key, something to be signed, and an RRSIG

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1915 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 27 Jan 2011 09:35:58 +0000 (09:35 +0000)]

remove vestiges of RSA-centrism from the DNSKEY code - at assumed every key was an RSA key!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1914 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 26 Jan 2011 21:01:22 +0000 (21:01 +0000)]

finish up support for GOST, including DS with digest type=3, plus abstract out relevant hashes to the signer objects.
Plus update the formatting of the Russian anthem in botan19signers.cc ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1913 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 26 Jan 2011 16:04:37 +0000 (16:04 +0000)]

First part of the GOST support: R 34.10-2001, GOST R 34.11-94 will follow. As a special bonus, this code has a song in it!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1912 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 26 Jan 2011 00:12:50 +0000 (00:12 +0000)]

work in progress, but needed to complete the tar.gz build

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1911 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 26 Jan 2011 00:08:25 +0000 (00:08 +0000)]

add Botan to our static builds

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1910 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 23:27:29 +0000 (23:27 +0000)]

this huge commit adds support for RSASHA512 & draft-ietf-dnsext-ecdsa using the provisional codepoints, which may still change.
ECDSAP256SHA256 and ECDSAP384SHA384 are supported.. iff you have Botan 1.9.x. Enable with ./configure --enable-botan19
GOST is just around the corner.
Btw: don't run this commit in production pls - normal service will return tomorrow

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1909 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 19:14:30 +0000 (19:14 +0000)]

massively speed up nsec/nsec3 rectification by wrapping the update statements in a transaction

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1908 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 19:13:06 +0000 (19:13 +0000)]

and generic sql too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1907 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 19:08:54 +0000 (19:08 +0000)]

teach backends not to delete a zone if a negative zone-id is passed to startTransaction, but only to start a transaction in that case

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1906 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 25 Jan 2011 07:51:55 +0000 (07:51 +0000)]

'multi-algorithm support' - for now we still only do RSA, but the whole signer stuff has been abstracted out, and we could in theory add KnapsackCRC32 code!
Or of course ECDSA or GOST ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1905 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 22 Jan 2011 18:21:23 +0000 (18:21 +0000)]

oops, missed this in the previous commit

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1904 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 22 Jan 2011 18:21:01 +0000 (18:21 +0000)]

move code around in preparation for non-RSA keys & signatures

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1903 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 21 Jan 2011 12:49:09 +0000 (12:49 +0000)]

further fix up parsing hex strings with spaces in odd places (it rhymes!)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1902 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 20 Jan 2011 21:26:45 +0000 (21:26 +0000)]

mutate nsecxcache into metacache, simplify cache handling while we are at it. make sure we cache
isPresigned()

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1901 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:28:05 +0000 (19:28 +0000)]

work around apparent bug in 'dig' output of DS records. Dig likes to include spaces in type 2 digests of DS records, which confuse PowerDNS when input. People like to cut & paste dig output. Again spotted by Marco Davids of SIDN.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1900 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:26:27 +0000 (19:26 +0000)]

fix up us putting the RRSIG in the wrong place for DS records. Spotted by Marco Davids of SIDN.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1899 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:21:22 +0000 (19:21 +0000)]

fix up some tabdamage

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1898 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:15:49 +0000 (19:15 +0000)]

sync the docs with pre-signing mode

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1897 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 19:01:56 +0000 (19:01 +0000)]

Jose Arthur Benetasso Villanova fixed a very old comment typo ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1896 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 19:01:21 +0000 (19:01 +0000)]

Jose Arthur Benetasso Villanova contributed the postgresql schema update for dnssec

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1895 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 15:33:31 +0000 (15:33 +0000)]

document (un)set-presigned

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1894 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 14:55:39 +0000 (14:55 +0000)]

implement 'pdnssec set-presigned', allowing PowerDNSSEC to serve pre-signed zones. Rather experimental, but does appear to work

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1893 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:43:56 +0000 (08:43 +0000)]

remove the signing code from dnspacket, where it was cute but wrong.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1892 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:37:13 +0000 (08:37 +0000)]

add tools to compare pdns output to that of other servers

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1891 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:21:36 +0000 (08:21 +0000)]

move clone-zone into the pdnssec era

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1890 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 17 Jan 2011 20:04:37 +0000 (20:04 +0000)]

alternate rdtsc() implementation

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1889 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 20:41:46 +0000 (20:41 +0000)]

massively speed up our NSEC3 AXFR code

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1888 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:26:53 +0000 (11:26 +0000)]

add support for NSEC3 zonetransfers!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1887 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:24:55 +0000 (11:24 +0000)]

emitNSEC3 and getNSEC3Hashes are useful outside of the packethandler class too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1886 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:23:52 +0000 (11:23 +0000)]

teach bindbackend about the possibility of empty nsec3 salts

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1885 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 22:12:31 +0000 (22:12 +0000)]

implement 'pdnssec import-zone-key-pem' which is compatible with the default output of openssl genrsa.
This should aid interoperability with non-DNSSEC RSA key generators. Thanks to Martin van Hensbergen for helping us navigate the jungle of PEM/BER/DER/PKCS standards.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1884 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 12:12:14 +0000 (12:12 +0000)]

fix up nsec3 hunt in BIND backend, problems spotted by Christoph Meerwald

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1883 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 12:10:47 +0000 (12:10 +0000)]

properly invalidate keycache on adding a new key - this removes the 'should not happen' error on pdnssec-secure

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1882 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 20:19:18 +0000 (20:19 +0000)]

repeat after me.. no more rushed coding

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1881 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 19:27:43 +0000 (19:27 +0000)]

make packetcache further aware of difference between tcp and udp, so we don't serve truncated packets over tcp

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1880 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 18:26:05 +0000 (18:26 +0000)]

refuse to make keys of unknown algorithm instead of just complaining
allow us to process ginormous keys - both issues spotted by Stefan Schmidt

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1879 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 16:35:31 +0000 (16:35 +0000)]

oops, put the NSEC3NARROW item in the NSEC3PARAM cache

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1878 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 16:30:48 +0000 (16:30 +0000)]

don't interleave DNSBackend::lookup and ::getSOA!
Plus don't add NSEC to the RRSIG set for explicit RRSIG queries for NSEC3 zones.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1877 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 22:50:46 +0000 (22:50 +0000)]

add some logic to prevent us crashing on an nsec3 non-narrow zone with only 1 name in it. fix is probably wrong.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1876 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 22:00:50 +0000 (22:00 +0000)]

messed up the 'narrow' detection from the db

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1875 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:45:13 +0000 (21:45 +0000)]

keycache would only serve expired records, and never renew expired records..

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1874 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:42:56 +0000 (21:42 +0000)]

improve syntax checking for pdnssec

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1873 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:41:15 +0000 (21:41 +0000)]

make replacing_insert from syncres.hh useable for the rest of pdns

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1872 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 20:08:46 +0000 (20:08 +0000)]

restore NSEC generation & signatures for AXFR.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1871 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:59:06 +0000 (19:59 +0000)]

implement simplistic 60 dnssec key cache

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1870 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:56:07 +0000 (19:56 +0000)]

make packetcache dnssec aware (different answers based on do)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1869 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:52:55 +0000 (19:52 +0000)]

quiet query logging with log-dns-details, move query logging to place where cache hits are also seen, take first step for dnssec packet caching

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1868 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 14:39:04 +0000 (14:39 +0000)]

remainder of 3600-ectomy

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1867 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 14:14:38 +0000 (14:14 +0000)]

making the world safe for ttl!=3600 dnssec, one step at a time ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1866 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 13:44:43 +0000 (13:44 +0000)]

fix typo in bindbackend, add pdnssec hash-zone-record convenience function for manual hashing, plus document it

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1865 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:29:42 +0000 (09:29 +0000)]

oops - previous commit was uncompiled & thus broken

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1864 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:25:48 +0000 (09:25 +0000)]

silence a warning from the BIND backend, plus vamp up the auto-build script for rapidfire updates

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1863 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:15:52 +0000 (09:15 +0000)]

slim down our tar.gz, taking out a .svn directory + outdated sgml

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1862 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 08:43:57 +0000 (08:43 +0000)]

update our internal tar.gz builder

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1861 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 08:43:26 +0000 (08:43 +0000)]

bye bye sgml, plus some updates to the xml

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1860 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:48:17 +0000 (13:48 +0000)]

hypermodern bulk slave engine forward ported from 2.9.22.x. Does 5000 zones in 3 seconds or so.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1859 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:44:04 +0000 (13:44 +0000)]

remote master can now also have a :port number - forward port from 2.9.22.x

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1858 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:42:59 +0000 (13:42 +0000)]

add multiple master support to gsqlbackends - forward port from 2.9.22.x

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1857 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:41:16 +0000 (13:41 +0000)]

make sure geobackend sets auth=1, which should always be true

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1856 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:50:02 +0000 (11:50 +0000)]

make sure that DNSKEY requests can be delegated
don't do NSEC on non-DNSSEC zones for delegations

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1855 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:14:58 +0000 (11:14 +0000)]

no longer try to add NSEC/NSEC3 to unsigned zones
also don't add DNSSEC material to unsigned zones during AXFR
quiet some logging about unsigned zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1854 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:03:34 +0000 (11:03 +0000)]

more dnssec docs

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1853 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 08:39:47 +0000 (08:39 +0000)]

add support for unsalted nsec3 hashes ('1 0 1 -')

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1852 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 07:51:58 +0000 (07:51 +0000)]

show-zone output partially went to stderr
we can now roundtrip a zone via export-zone-key and import-zone-key and things remain identical!
reinstated the check-zone command

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1851 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 21:05:03 +0000 (21:05 +0000)]

fix giant memory leak, silence debugging, improve error message about unauth data with hint how to resolve (thanks Stefan Arentz)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1850 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 18:26:04 +0000 (18:26 +0000)]

index the signature cache on the hash of the public key instead of on the whole key!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1849 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 15:54:20 +0000 (15:54 +0000)]

move some non-'keeper' dnssec signing logic away to a separate file, dnssecsigner.cc

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1848 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:40:04 +0000 (10:40 +0000)]

3.0pre

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1847 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:31:14 +0000 (10:31 +0000)]

remove more of boost dependency, fix up debian compilation

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1846 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:27:31 +0000 (10:27 +0000)]

remove boost filesystem dependency

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1845 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 09:06:25 +0000 (09:06 +0000)]

always sign DS records - bit of an oddity, we normally assume that all records with the same name have the same 'auth' status, but they don't

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1844 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:58:55 +0000 (08:58 +0000)]

* Make everything aware of multiple simultaneous signing keys
        * Remove APIs that contravene this
* Rename SHA1-centric functioncalls: s/SHA1/Hash/g
* Diagnose the sillines of getSignerApexFor which rediscovers the right key
  to use..
        * no fix yet
* If no ZSKs, use active KSKs for signing (allowing single-key operation)
* Fix up signature caching which assumed keytag = key identity
* Only sign the DNSKEY RRSET with active KSKs from now on
* Make secure-zone run rectify-zone
* Remove --force from secure-zone (silly)
* Make RSASHA256 default for secure-zone

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1843 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:51:09 +0000 (08:51 +0000)]

silence some debugging output on ordering zone information

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1842 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:37:28 +0000 (08:37 +0000)]

fix up confusing message about starting up another distributor thread

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1841 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 06:13:09 +0000 (06:13 +0000)]

remove dependency on the boost_system libs, easing compilation on CentOS/RHEL

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1840 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 06:12:29 +0000 (06:12 +0000)]

move document generation structure fully over to xml docbook

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1839 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 13:22:04 +0000 (13:22 +0000)]

moving to prettier docbook xml output

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1838 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 00:54:30 +0000 (00:54 +0000)]

make rest of powerdns RSASHA256 aware. Works too.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1837 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 00:53:40 +0000 (00:53 +0000)]

unbase32hex speedup dereconversion broke everything, fixed now

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1836 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:57:48 +0000 (23:57 +0000)]

make dnsseckeeper & dnssecinfra code, plus pdnssec, aware of non-RSASHA1 algorithms, specifically RSASHA256. Rest of PowerDNSSEC has no clue yet.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1835 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:24:42 +0000 (23:24 +0000)]

also emit DS for digest type 2 (SHA256) in pdnssec output

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1834 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:13:49 +0000 (23:13 +0000)]

make sure pipe backend for now gets the 'auth' field *mostly* right

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1833 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 22:29:36 +0000 (22:29 +0000)]

make sure we don't send back an oversized packet after adding signatures

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1832 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 22:04:06 +0000 (22:04 +0000)]

<- idiot

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1831 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 20:33:04 +0000 (20:33 +0000)]

remove old 'guillotine' truncate functionality which should've been disabled a long time ago
tought the packetcache about EDNS response size
no longer cache TCP answers for UDP usage
closes ticket 200
silence some debugging

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1830 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 20:01:43 +0000 (20:01 +0000)]

remove one unneccessary layer of (un)base32hex transitions, spotted by Aki Tuomi

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1829 d19b8d6e-7fed-0310-83ef-9ca221ded41b

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom