granicus.if.org Git

]> granicus.if.org Git - pdns/log

Bert Hubert [Sat, 22 Jan 2011 18:21:23 +0000 (18:21 +0000)]

oops, missed this in the previous commit

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1904 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 22 Jan 2011 18:21:01 +0000 (18:21 +0000)]

move code around in preparation for non-RSA keys & signatures

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1903 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 21 Jan 2011 12:49:09 +0000 (12:49 +0000)]

further fix up parsing hex strings with spaces in odd places (it rhymes!)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1902 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 20 Jan 2011 21:26:45 +0000 (21:26 +0000)]

mutate nsecxcache into metacache, simplify cache handling while we are at it. make sure we cache
isPresigned()

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1901 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:28:05 +0000 (19:28 +0000)]

work around apparent bug in 'dig' output of DS records. Dig likes to include spaces in type 2 digests of DS records, which confuse PowerDNS when input. People like to cut & paste dig output. Again spotted by Marco Davids of SIDN.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1900 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:26:27 +0000 (19:26 +0000)]

fix up us putting the RRSIG in the wrong place for DS records. Spotted by Marco Davids of SIDN.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1899 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:21:22 +0000 (19:21 +0000)]

fix up some tabdamage

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1898 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 19 Jan 2011 19:15:49 +0000 (19:15 +0000)]

sync the docs with pre-signing mode

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1897 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 19:01:56 +0000 (19:01 +0000)]

Jose Arthur Benetasso Villanova fixed a very old comment typo ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1896 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 19:01:21 +0000 (19:01 +0000)]

Jose Arthur Benetasso Villanova contributed the postgresql schema update for dnssec

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1895 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 15:33:31 +0000 (15:33 +0000)]

document (un)set-presigned

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1894 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 14:55:39 +0000 (14:55 +0000)]

implement 'pdnssec set-presigned', allowing PowerDNSSEC to serve pre-signed zones. Rather experimental, but does appear to work

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1893 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:43:56 +0000 (08:43 +0000)]

remove the signing code from dnspacket, where it was cute but wrong.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1892 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:37:13 +0000 (08:37 +0000)]

add tools to compare pdns output to that of other servers

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1891 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 18 Jan 2011 08:21:36 +0000 (08:21 +0000)]

move clone-zone into the pdnssec era

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1890 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 17 Jan 2011 20:04:37 +0000 (20:04 +0000)]

alternate rdtsc() implementation

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1889 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 20:41:46 +0000 (20:41 +0000)]

massively speed up our NSEC3 AXFR code

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1888 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:26:53 +0000 (11:26 +0000)]

add support for NSEC3 zonetransfers!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1887 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:24:55 +0000 (11:24 +0000)]

emitNSEC3 and getNSEC3Hashes are useful outside of the packethandler class too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1886 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 15 Jan 2011 11:23:52 +0000 (11:23 +0000)]

teach bindbackend about the possibility of empty nsec3 salts

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1885 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 22:12:31 +0000 (22:12 +0000)]

implement 'pdnssec import-zone-key-pem' which is compatible with the default output of openssl genrsa.
This should aid interoperability with non-DNSSEC RSA key generators. Thanks to Martin van Hensbergen for helping us navigate the jungle of PEM/BER/DER/PKCS standards.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1884 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 12:12:14 +0000 (12:12 +0000)]

fix up nsec3 hunt in BIND backend, problems spotted by Christoph Meerwald

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1883 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 14 Jan 2011 12:10:47 +0000 (12:10 +0000)]

properly invalidate keycache on adding a new key - this removes the 'should not happen' error on pdnssec-secure

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1882 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 20:19:18 +0000 (20:19 +0000)]

repeat after me.. no more rushed coding

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1881 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 19:27:43 +0000 (19:27 +0000)]

make packetcache further aware of difference between tcp and udp, so we don't serve truncated packets over tcp

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1880 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 18:26:05 +0000 (18:26 +0000)]

refuse to make keys of unknown algorithm instead of just complaining
allow us to process ginormous keys - both issues spotted by Stefan Schmidt

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1879 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 16:35:31 +0000 (16:35 +0000)]

oops, put the NSEC3NARROW item in the NSEC3PARAM cache

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1878 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 12 Jan 2011 16:30:48 +0000 (16:30 +0000)]

don't interleave DNSBackend::lookup and ::getSOA!
Plus don't add NSEC to the RRSIG set for explicit RRSIG queries for NSEC3 zones.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1877 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 22:50:46 +0000 (22:50 +0000)]

add some logic to prevent us crashing on an nsec3 non-narrow zone with only 1 name in it. fix is probably wrong.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1876 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 22:00:50 +0000 (22:00 +0000)]

messed up the 'narrow' detection from the db

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1875 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:45:13 +0000 (21:45 +0000)]

keycache would only serve expired records, and never renew expired records..

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1874 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:42:56 +0000 (21:42 +0000)]

improve syntax checking for pdnssec

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1873 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 21:41:15 +0000 (21:41 +0000)]

make replacing_insert from syncres.hh useable for the rest of pdns

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1872 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 20:08:46 +0000 (20:08 +0000)]

restore NSEC generation & signatures for AXFR.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1871 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:59:06 +0000 (19:59 +0000)]

implement simplistic 60 dnssec key cache

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1870 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:56:07 +0000 (19:56 +0000)]

make packetcache dnssec aware (different answers based on do)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1869 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 19:52:55 +0000 (19:52 +0000)]

quiet query logging with log-dns-details, move query logging to place where cache hits are also seen, take first step for dnssec packet caching

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1868 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 14:39:04 +0000 (14:39 +0000)]

remainder of 3600-ectomy

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1867 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 14:14:38 +0000 (14:14 +0000)]

making the world safe for ttl!=3600 dnssec, one step at a time ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1866 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 13:44:43 +0000 (13:44 +0000)]

fix typo in bindbackend, add pdnssec hash-zone-record convenience function for manual hashing, plus document it

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1865 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:29:42 +0000 (09:29 +0000)]

oops - previous commit was uncompiled & thus broken

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1864 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:25:48 +0000 (09:25 +0000)]

silence a warning from the BIND backend, plus vamp up the auto-build script for rapidfire updates

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1863 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 09:15:52 +0000 (09:15 +0000)]

slim down our tar.gz, taking out a .svn directory + outdated sgml

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1862 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 08:43:57 +0000 (08:43 +0000)]

update our internal tar.gz builder

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1861 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 11 Jan 2011 08:43:26 +0000 (08:43 +0000)]

bye bye sgml, plus some updates to the xml

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1860 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:48:17 +0000 (13:48 +0000)]

hypermodern bulk slave engine forward ported from 2.9.22.x. Does 5000 zones in 3 seconds or so.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1859 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:44:04 +0000 (13:44 +0000)]

remote master can now also have a :port number - forward port from 2.9.22.x

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1858 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:42:59 +0000 (13:42 +0000)]

add multiple master support to gsqlbackends - forward port from 2.9.22.x

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1857 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 13:41:16 +0000 (13:41 +0000)]

make sure geobackend sets auth=1, which should always be true

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1856 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:50:02 +0000 (11:50 +0000)]

make sure that DNSKEY requests can be delegated
don't do NSEC on non-DNSSEC zones for delegations

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1855 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:14:58 +0000 (11:14 +0000)]

no longer try to add NSEC/NSEC3 to unsigned zones
also don't add DNSSEC material to unsigned zones during AXFR
quiet some logging about unsigned zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1854 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 11:03:34 +0000 (11:03 +0000)]

more dnssec docs

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1853 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 08:39:47 +0000 (08:39 +0000)]

add support for unsalted nsec3 hashes ('1 0 1 -')

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1852 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 10 Jan 2011 07:51:58 +0000 (07:51 +0000)]

show-zone output partially went to stderr
we can now roundtrip a zone via export-zone-key and import-zone-key and things remain identical!
reinstated the check-zone command

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1851 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 21:05:03 +0000 (21:05 +0000)]

fix giant memory leak, silence debugging, improve error message about unauth data with hint how to resolve (thanks Stefan Arentz)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1850 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 18:26:04 +0000 (18:26 +0000)]

index the signature cache on the hash of the public key instead of on the whole key!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1849 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 15:54:20 +0000 (15:54 +0000)]

move some non-'keeper' dnssec signing logic away to a separate file, dnssecsigner.cc

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1848 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:40:04 +0000 (10:40 +0000)]

3.0pre

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1847 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:31:14 +0000 (10:31 +0000)]

remove more of boost dependency, fix up debian compilation

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1846 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 10:27:31 +0000 (10:27 +0000)]

remove boost filesystem dependency

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1845 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 09:06:25 +0000 (09:06 +0000)]

always sign DS records - bit of an oddity, we normally assume that all records with the same name have the same 'auth' status, but they don't

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1844 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:58:55 +0000 (08:58 +0000)]

* Make everything aware of multiple simultaneous signing keys
        * Remove APIs that contravene this
* Rename SHA1-centric functioncalls: s/SHA1/Hash/g
* Diagnose the sillines of getSignerApexFor which rediscovers the right key
  to use..
        * no fix yet
* If no ZSKs, use active KSKs for signing (allowing single-key operation)
* Fix up signature caching which assumed keytag = key identity
* Only sign the DNSKEY RRSET with active KSKs from now on
* Make secure-zone run rectify-zone
* Remove --force from secure-zone (silly)
* Make RSASHA256 default for secure-zone

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1843 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:51:09 +0000 (08:51 +0000)]

silence some debugging output on ordering zone information

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1842 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 08:37:28 +0000 (08:37 +0000)]

fix up confusing message about starting up another distributor thread

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1841 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 06:13:09 +0000 (06:13 +0000)]

remove dependency on the boost_system libs, easing compilation on CentOS/RHEL

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1840 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 9 Jan 2011 06:12:29 +0000 (06:12 +0000)]

move document generation structure fully over to xml docbook

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1839 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 13:22:04 +0000 (13:22 +0000)]

moving to prettier docbook xml output

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1838 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 00:54:30 +0000 (00:54 +0000)]

make rest of powerdns RSASHA256 aware. Works too.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1837 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 8 Jan 2011 00:53:40 +0000 (00:53 +0000)]

unbase32hex speedup dereconversion broke everything, fixed now

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1836 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:57:48 +0000 (23:57 +0000)]

make dnsseckeeper & dnssecinfra code, plus pdnssec, aware of non-RSASHA1 algorithms, specifically RSASHA256. Rest of PowerDNSSEC has no clue yet.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1835 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:24:42 +0000 (23:24 +0000)]

also emit DS for digest type 2 (SHA256) in pdnssec output

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1834 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 23:13:49 +0000 (23:13 +0000)]

make sure pipe backend for now gets the 'auth' field *mostly* right

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1833 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 22:29:36 +0000 (22:29 +0000)]

make sure we don't send back an oversized packet after adding signatures

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1832 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 22:04:06 +0000 (22:04 +0000)]

<- idiot

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1831 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 20:33:04 +0000 (20:33 +0000)]

remove old 'guillotine' truncate functionality which should've been disabled a long time ago
tought the packetcache about EDNS response size
no longer cache TCP answers for UDP usage
closes ticket 200
silence some debugging

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1830 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 20:01:43 +0000 (20:01 +0000)]

remove one unneccessary layer of (un)base32hex transitions, spotted by Aki Tuomi

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1829 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 13:02:37 +0000 (13:02 +0000)]

don't truncate just before sending answer, plus improve logging a bit

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1828 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 7 Jan 2011 10:32:18 +0000 (10:32 +0000)]

fix base32 padding issue as found by Aki Tuomi and solved by Michel Stol

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1827 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 22:00:05 +0000 (22:00 +0000)]

add some operational doctrine, plus link to the wiki

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1826 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 21:23:07 +0000 (21:23 +0000)]

more documentation, plus add importing as zsk, ksk, plus adding a zsk or ksk and specifying bitsize

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1825 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 21:14:41 +0000 (21:14 +0000)]

make importing keys a bit more resilient against whitespace, plus fix up setting the flag on import

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1824 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 21:10:51 +0000 (21:10 +0000)]

oops, the --config-name fix broke setups w/o a config-name
plus add ability to import a key as ksk or zsk

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1823 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 21:00:01 +0000 (21:00 +0000)]

report (fatal) errors better

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1822 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 20:41:19 +0000 (20:41 +0000)]

more docs

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1821 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 19:09:55 +0000 (19:09 +0000)]

suggested by Maik Zumstrull, pdnssec needs --config-name to access virtual configurations.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1820 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 18:57:57 +0000 (18:57 +0000)]

make sure that we dnssec-rectify dnssec enabled zones that are slaved from a remote master. Idea by Mathew Hennessy.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1819 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 15:58:57 +0000 (15:58 +0000)]

and like this?

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1818 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 15:56:43 +0000 (15:56 +0000)]

maybe this helps us build..

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1817 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 14:52:10 +0000 (14:52 +0000)]

make pdnssec output useful help
rename order-zone to rectify-zone and make it also set the 'auth' field
plus make it clear the order field for narrow nsec3 zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1816 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 14:41:29 +0000 (14:41 +0000)]

make sqlite3 schema case insensitive, thanks to Peter van Dijk for telling us how

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1815 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 13:23:43 +0000 (13:23 +0000)]

disable AXFR for NSEC3 zones for now - we can do it for non-narrow mode, but we can't right now, so best deny it. Previously we would serve NSEC records in an AXFR of an NSEC3 zone (sorry). Spotted by Marco Davids.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1814 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 13:03:50 +0000 (13:03 +0000)]

spotted by Wouter Wijngaards, turns out we were incrementing/decrementing already base32hex encoded hashes, which works only sometimes ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1813 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 12:44:49 +0000 (12:44 +0000)]

make sure 'pdnssec' can see the ultra-vital 'random' backend too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1812 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 12:38:31 +0000 (12:38 +0000)]

Thanks to Roy Arends, actually make nsec3-narrow work, enable with 'pdnssec set-nsec3 "1 0 1 ab" narrow'.
Another mode could be 'nsec3-narrow-empty-non-terminal', also appears to work

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1811 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 09:15:39 +0000 (09:15 +0000)]

implement 'narrow' NSEC3 generation w/o consulting the database ordering, based on an idea by Roy Arends & discussions with Dan Kaminsky.
This will probably have to be tuned further.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1810 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 6 Jan 2011 09:13:45 +0000 (09:13 +0000)]

quiet some nsec3 debugging output

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1809 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 22:00:55 +0000 (22:00 +0000)]

don't synthesise an NSEC for NSEC3 zones when queried directly for NSEC

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1808 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 20:59:54 +0000 (20:59 +0000)]

On his birthday, José Arthur Benetasso Villanova gave us initial postgresql code for PowerDNSSEC! ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1807 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 19:57:22 +0000 (19:57 +0000)]

when explicitly asking for an NSEC, we should not do a 'relative' pointer to the next record but an absolute one. Spotted by Marco Davids.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1806 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 4 Jan 2011 19:35:10 +0000 (19:35 +0000)]

our random may be random, but it is authoritative random!!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1805 d19b8d6e-7fed-0310-83ef-9ca221ded41b

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom