git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Thu, 5 Nov 2020 10:12:24 +0000 (11:12 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Thu, 26 Nov 2020 14:15:05 +0000 (14:15 +0000)
commit	6db879160f8784f050ae92420344190f2822bdec
tree	6fd8ad6994481afd6afbb47166f53ea7fc92150c	tree \| snapshot
parent	734865e1102d08bc7e5d446e23fcdc7e00990fea	commit \| diff

Detect NSEC3 salt collisions

When generating a new salt, compare it with the previous NSEC3
paremeters to ensure the new parameters are different from the
previous ones.

This moves the salt generation call from 'bin/named/*.s' to
'lib/dns/zone.c'. When setting new NSEC3 parameters, you can set a new
function parameter 'resalt' to enforce a new salt to be generated. A
new salt will also be generated if 'salt' is set to NULL.

Logging salt with zone context can now be done with 'dnssec_log',
removing the need for 'dns_nsec3_log_salt'.

(cherry picked from commit 6b5d7357dfb9d695f02dabb510dbe2ea404ba241)

CHANGES		diff \| blob \| blame \| history
bin/named/server.c		diff \| blob \| blame \| history
bin/named/zoneconf.c		diff \| blob \| blame \| history
doc/notes/notes-current.rst		diff \| blob \| blame \| history
lib/dns/include/dns/nsec3.h		diff \| blob \| blame \| history
lib/dns/include/dns/zone.h		diff \| blob \| blame \| history
lib/dns/nsec3.c		diff \| blob \| blame \| history
lib/dns/win32/libdns.def.in		diff \| blob \| blame \| history
lib/dns/zone.c		diff \| blob \| blame \| history