1. 29 May, 2017 2 commits
  2. 02 Jun, 2016 1 commit
  3. 20 Jan, 2015 1 commit
  4. 14 Jan, 2015 1 commit
  5. 05 Jan, 2015 1 commit
  6. 30 May, 2014 1 commit
  7. 05 May, 2014 1 commit
  8. 16 Apr, 2014 1 commit
  9. 12 Apr, 2014 1 commit
    • Jan Včelák's avatar
      switch Knot to use libdnssec · 79419e77
      Jan Včelák authored
      + private keys are not loaded at the moment
      + SIG(0) was temporarily removed
      + TSIG key files cannot be loaded
      + TSIG signing is disabled
      79419e77
  10. 26 Mar, 2014 1 commit
  11. 05 Mar, 2014 2 commits
    • Jan Kadlec's avatar
      Removed chain fix code for both NSEC and NSEC3. · 8dcef6ca
      Jan Kadlec authored
      - A lot of bugs were uncovered with new tests and fixes got out of hand - the code was no longer readable (not that it was readable before)
      - Totally unfeasible to fix before new zone API is done. I've fixed the code, but the result was too complex, unmaintable.
      8dcef6ca
    • Lubos Slovak's avatar
      Fixed changeset signing after UPDATE. · 7d6f73df
      Lubos Slovak authored
      Was ignoring RRSIGs related to a RRSet that was completely removed.
      This was a relict of old code when RRSIGs were connected to their
      RRSets.
      
      Also simplified the function
      (and function sign_rr_should_be_signed()) and did some minor
      refactoring and polishing.
      7d6f73df
  12. 11 Feb, 2014 1 commit
  13. 05 Feb, 2014 1 commit
  14. 03 Feb, 2014 1 commit
  15. 28 Jan, 2014 3 commits
  16. 24 Jan, 2014 1 commit
    • Jan Včelák's avatar
      DNSSEC: refresh signatures earlier · 704e2bff
      Jan Včelák authored
      The signatures are now refreshed (signature_lifetime / 10) seconds
      before their expiration. The default signature lifetime is 30 days,
      therefore the signatures are refreshed 3 days before their expiration.
      
      The parameter 'expires_at' in signing functions was renamed to 'refresh_at',
      as the name was misleading.
      
      The signing policy structure was cleaned and helper functions were added.
      
      DNSSEC event logging was changed from relative to absolute value, because
      the intervals are much longer now.
      704e2bff
  17. 20 Jan, 2014 1 commit
  18. 17 Dec, 2013 1 commit
  19. 09 Dec, 2013 1 commit
  20. 29 Oct, 2013 1 commit
  21. 23 Oct, 2013 1 commit
  22. 21 Oct, 2013 1 commit
  23. 16 Oct, 2013 1 commit
  24. 26 Sep, 2013 1 commit
    • Jan Kadlec's avatar
      SEC: zone resign planning · 81b7bbc7
      Jan Kadlec authored
      - Signing function now store the oldest signature expiration time, this time is
      later used to plan zone resigning.
      - Added new info strings to the 'zonestatus' command - gives information about w
      hen the zone will be resigned
      
      Refs #4
      81b7bbc7
  25. 24 Sep, 2013 1 commit
  26. 23 Sep, 2013 1 commit
  27. 20 Sep, 2013 1 commit
  28. 19 Sep, 2013 1 commit
    • Jan Kadlec's avatar
      DNSSEC: changeset signing + helper functions · 30809c10
      Jan Kadlec authored
       - added function that checks whether RRSet should be signed
       - lookup table can be optionally passed to the function, so that we do not double sign (for changeset signing)
       - currently add/remove lists are used to sign the changeset, new/old rrset lists would be more suitable, but those might be removed in the new release
       - untested + functions to fix NSEC(3) chain missing (something similar was already written, will ressurect from git)
      
      refs #4
      30809c10
  29. 27 Aug, 2013 1 commit
    • Jan Kadlec's avatar
      DNSSEC: signature checking, forced signing, merged diff's and DNSSEC's changesets · 8ab216e1
      Jan Kadlec authored
      - Zones are now automatically (re)signed when server starts/reloads
      - Signature validity check now calculates the signature as well - this is used to detect changes to RRs themselves
      - 'knotc signzone' issues a force signing of zone - all RRSIGs are dropped and recreated
      - Some leaks and bugs still present, but the code is commitable now
      
      Refs #4
      8ab216e1
  30. 13 Aug, 2013 1 commit
  31. 12 Aug, 2013 1 commit
    • Jan Kadlec's avatar
      DNSSEC: Handling of SOA RRSIGs. · 54e06c83
      Jan Kadlec authored
      - Quite a lot of changes had to be done, because some variables were only accesible locally.
      - Some includes might not be needed, needs a second look.
      
      Refs #4
      54e06c83
  32. 30 Jul, 2013 5 commits