- Do not copy SOA with RRSIG, it will be dropped anyway.
 - Small code improvements, assertion added.

Refs #4

refs #4, #169

- Signing function now store the oldest signature expiration time, this time is
later used to plan zone resigning.
- Added new info strings to the 'zonestatus' command - gives information about w
hen the zone will be resigned

Refs #4

Lubos Slovak authored 11 years ago and Jan Včelák committed 11 years ago

refs #4

Refs #4

refs #4

Refs #4

 - Changeset signing function needed for DDNS and post-diff signing

Refs #4

refs #4

Key algorithm and used NSEC type must match:

RFC 5155 states, that for compatibility with old resolvers, NSEC3
must be used only with NSEC3 algorithms.

It makes no sense to sign NSEC with NSEC3 keys, because it will make
the validation impossible on NSEC3-unaware resolvers. This is stricter
than what dnssec-signzone from ISC does.

refs #4

refs #4

- Added new field to dnssec policy structure (SOA serial increment
  policy)
- Removed debug code
- Added some info messages after succcesful signing

Refs #4

- First store merge changesets, then apply signatures
- Added pretty print function to dump changesets, HAS TO BE REMOVED!!!
- some fixes, mainly in signature checking
- fails to save to journal for same reason
- deliberate leaks - malformed changesets, needs custom freeing function

Refs #4

- Zones are now automatically (re)signed when server starts/reloads
- Signature validity check now calculates the signature as well - this is used to detect changes to RRs themselves
- 'knotc signzone' issues a force signing of zone - all RRSIGs are dropped and recreated
- Some leaks and bugs still present, but the code is commitable now

Refs #4

- Refactored node walking a bit (API instead of hard-coded trie walk)
- Double free fix (wrong merge probably)

Refs #4

refs #103, #4

- Quite a lot of changes had to be done, because some variables were only accesible locally.
- Some includes might not be needed, needs a second look.

Refs #4

refs #4