git.ipfire.org Git - thirdparty/dnspython.git/commit

author	Jakob Schlyter <jakob@kirei.se>
	Tue, 21 Mar 2023 01:14:59 +0000 (02:14 +0100)
committer	GitHub <noreply@github.com>
	Tue, 21 Mar 2023 01:14:59 +0000 (18:14 -0700)
commit	454d21c232b1531a0a4565a66f6def25e5cfd95a
tree	601255b3c67e8d471239c868f05be34c36443284	tree \| snapshot
parent	8231eaabac049e74298856c957645dac6d196dc8	commit \| diff

Zone signer (#911)

* first cut at NSEC support

* use transactions, fix delegations

* rename to add_nsec_to_zone

* optimize NSEC generation

* split out function to get all secure names (could be useful for NSEC3 later)

* add `Bitmap.from_rdtypes()` and add missing typing

* more typing

* add missing import

* add more typing

* fix tok type

* remove _get_secure_names, optimize

* better zone testing (compare as text)
add test example with delegation below other delegation

* include NSEC itself in the bitmap

* lint

* Add names iteration to transactions via iterate_names().

Also make rdataset iteration more obvious by adding an
explicit iterate_rdatasets() API.

* use iterate_names()

* typo

* black

* use single iteration

* better type fix

* add optional transaction to add_nsec_to_zone

* idea for zone signer

* do not sign RRSIGs

* fix signer

* correctly sign DS

* simplify

* simplify by passing rrset to signer

* fix typing

* nit

* add DS

* add more test

* rewrite zone signer

* compact

* simplify

* make easier to read

* bring back rrset_signer

* move default RRset signer

* more

* more

* prettier context handling (mypy issue pending)

* make NSEC zone signer less complex

* update

* fix txn, sign as defined by SEP

* docs

* add back missing dnskey_include

* rename dnskey_include to add_dnskey

* check KSK/ZSK key tags in signed zone

---------

Co-authored-by: Bob Halley <halley@dnspython.org>

dns/dnssec.py		diff \| blob \| blame \| history
tests/test_dnssec.py		diff \| blob \| blame \| history