1.6.12
- * Canonicalize the signers name rdata field in RRSIGs when signing
* bugfix #413: Fix manpage source for srcdir != builddir
+ * Canonicalize the signers name rdata field in RRSIGs when signing
+ * Ignore minor version of Private-key-format (so v1.3 may be used)
+ * Allow a check_time to be given in stead of always checking against
+ the current time. With ldns-verify-zone the check_time can be set
+ with the -t option.
+ * Added functions for updating and manipulating SOA serial numbers.
+ ldns-read-zone has an option -S for updating and manipulating the
+ serial numbers.
+ * The library Makefile is now GNU and BSD make compatible.
* bugfix #419: NSEC3 validation of a name covered by a wildcard with
no data.
+ * Two new options (--with-drill and --with-examples) to the main
+ configure script (in the root of the source tree) to build drill
+ and examples too.
+ * Fix days_since_epoch to year_yday calculation on 32bits systems.
1.6.11 2011-09-29
* bugfix #394: Fix socket leak on errors
- * bugfix #392: Apex only and percentage checks for ldns-verify-zone
+ * bugfix #392: Apex only and percentage checks for ldns-verify-zone
(thanks Miek Gieben)
* bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
* Fix python site package path from sitelib to sitearch for pyldns.
* Fix python api to support python2 and python3 (thanks Karel Slany).
- * bugfix #401: Correction of date/time functions algorithm and
+ * bugfix #401: Correction of date/time functions algorithm and
prevention of an infinite loop therein
* bugfix #402: Correct the minimum and maximum number of rdata fields
in TSIG. (thanks David Keeler)
* bugfix #404: Make parsing APL strings more robust
(thanks David Keeler)
* bugfix #391: Complete library assessment to prevent assertion errors
- through ldns_rdf_size usage.
+ through ldns_rdf_size usage.
* Slightly more specific error messaging on wrong number of rdata
fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and
LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes.
* bugfix #406: More rigorous openssl result code handling to prevent
future crashes within openssl.
* Fix ldns_fetch_valid_domain_keys to search deeper than just one level
- for a DNSKEY that signed a DS RR. (this function was used in the
+ for a DNSKEY that signed a DS RR. (this function was used in the
check_dnssec_trace nagios module)
* bugfix #407: Canonicalize TSIG dnames and algorithm fields
* A new output specifier to accommodate configuration of what to show
in comment texts when converting host and/or wire-format data to
string. All conversion to string and printing functions have a new
version that have such a format specifier as an extra argument.
- The default is changed so that only DNSKEY RR's are annotated with
+ The default is changed so that only DNSKEY RR's are annotated with
an comment show the Key Tag of the DNSKEY.
* Fixed the ldns resolver to not mark a nameserver unreachable when
edns0 is tried unsuccessfully with size 4096 (no return packet came),
- but to still try TCP. A big UDP packet might have been corrupted by
+ but to still try TCP. A big UDP packet might have been corrupted by
fragments dropping firewalls.
* Update of libdns.vim (thanks Miek Gieben)
* Added the ldnsx Python module to our contrib section, which adds even
- more pythonisticism to the usage of ldns with Python. (Many thanks
+ more pythonisticism to the usage of ldns with Python. (Many thanks
to Christpher Olah and Paul Wouters)
The ldnsx module is automatically installed when --with-pyldns is
used with configuring, but may explicitly be excluded with the
* bugfix #364: Slight performance increase of ldns-verifyzone.
* bugfix #367: Fix to allow glue records with the same name as the
delegation.
- * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
+ * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
glue when the zone is opt-out.
- * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
+ * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
* pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
performance)
1.6.8 2011-01-24
* Fix ldns zone, so that $TTL definition match RFC 2308.
- * Fix lots of missing checks on allocation failures and parse of
+ * Fix lots of missing checks on allocation failures and parse of
NSEC with many types and max parse length in hosts_frm_fp routine
and off by one in read_anchor_file routine (thanks Dan Kaminsky and
Justin Ferguson).
* Catch \X where X is a digit as an error.
* Fix segfault when ip6 ldns resolver only has ip4 servers.
* Fix NSEC record after DNSKEY at zone apex not properly signed.
- * Fix syntax error if last label too long and no dot at end of domain.
+ * Fix syntax error if last label too long and no dot at end of domain.
* Fix parse of \# syntax with space for type LOC.
* Fix ldns_dname_absolute for escape sequences, fixes some parse errs.
* bugfix #297: linking ssl, bug due to patch submitted as #296.
the SEP flag
* ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
the first non-default DNSKEY TTL value it sees)
-
+
1.5.1
Example tools:
* ldns-signzone was broken in 1.5.0 for multiple keys, this
- has been repaired
+ has been repaired
Build system:
- * Removed a small erroneous output warning in
- examples/configure and drill/configure
+ * Removed a small erroneous output warning in
+ examples/configure and drill/configure
1.5.0
Bug fixes:
* ldns_key now has support for 'external' data, in which
case the OpenSSL EVP structures are not used;
ldns_key_set_external_key() and ldns_key_external_key()
- * added ldns_key_get_file_base_name() which creates a
+ * added ldns_key_get_file_base_name() which creates a
'default' filename base string for key storage, of the
form "K<zone>+<algorithm>+<keytag>"
* the ldns_dnssec_* family of structures now have deep_free()
* added new example tool: ldns-nsec3-hash
* ldns-dpa can now filter on specific query name and types
* ldnsd has fixes for the zone name, a fix for the return
- value of recvfrom(), and an memory initialization fix
- (Thanks to Colm MacCárthaigh for the patch)
- * Fixed memory leaks in ldnsd
+ value of recvfrom(), and an memory initialization fix
+ (Thanks to Colm MacCárthaigh for the patch)
+ * Fixed memory leaks in ldnsd
* NSEC3 optout flag now correctly printed in string output
* inttypes.h moved to configured inclusion
* fixed NSEC3 type bitmaps for empty nonterminals and unsigned
- delegations
+ delegations
API addition:
* for that last fix, we added a new function
ldns_dname_add_from() that can clone parts of a dname
-
+
1.4.0
Bug fixes:
* sig chase return code fix (patch from Rafael Justo, bug id 189)
* Fixed a bug concerning whitespace in zone data (with patch from Ondrej
Sury, bug 213)
* Fixed a small fallback problem in axfr client code
-
+
API CHANGES:
* added 2str convenience functions:
- ldns_rr_type2str
* TCP fallback system has been improved
* HMAC-SHA256 TSIG support has been added.
* TTLS are now correcly set in NSEC(3) records when signing zones
-
+
EXAMPLE TOOLS:
* New example: ldns-revoke to revoke DNSKEYs according to RFC5011
* ldns-testpkts has been fixed and updated
Contrib:
* new contrib/ dir with user contributions
* added compilation script for solaris (thanks to Jakob Schlyter)
-
+
28 Nov 2007 1.2.2:
* Added support for HMAC-MD5 keys in generator
* Added a new example tool (written by Ondrej Sury): ldns-compare-zones
11 Apr 2007 1.2.0:
* canonicalization of rdata in DNSSEC functions now adheres to the
- rr type list in rfc3597, not rfc4035, which will be updated
+ rr type list in rfc3597, not rfc4035, which will be updated
(see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html)
* ldns-walk now support dnames with maximum label length
* ldnsd now takes an extra argument containing the address to listen on
platform; some gnuism were identified and fixed.
* The ldns_zone structure was stress tested. The current setup
(ie. just a list of rrs) can scale to zone file in order of
- megabytes. Sorting such zone is still difficult.
+ megabytes. Sorting such zone is still difficult.
* Reading multiline b64 encoded rdata works.
* OpenSSL was made optional, configure --without-ssl.
Ofcourse all dnssec/tsig related functions are disabled
* Building of examples and drill now happens with the same
defines as the building of ldns itself.
* Preliminary sha-256 support was added. Currently is your
- OpenSSL supports it, it is supported in the DS creation.
+ OpenSSL supports it, it is supported in the DS creation.
* ldns_resolver_search was implemented
* Fixed a lot of bugs
Drill:
- * -r was killed in favor of -o <header bit mnemonic> which
+ * -r was killed in favor of -o <header bit mnemonic> which
allows for a header bits setting (and maybe more in the
future)
* DNSSEC is never automaticaly set, even when you query
for DNSKEY/RRSIG or DS.
* Implement a crude RTT check, it now distinguishes between
reachable and unreachable.
- * A form of secure tracing was added
- * Secure Chasing has been improved
+ * A form of secure tracing was added
+ * Secure Chasing has been improved
* -x does a reverse lookup for the given IP address
-
+
Examples:
* ldns-dpa was added to the examples - this is the Dns Packet
Analyzer tool.
* ldnsd - as very, very simple nameserver impl.
* ldns-zsplit - split zones for parrallel signing
* ldns-zcat - cat split zones back together
- * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
+ * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
non-DNSSEC) anti-spoofing techniques.
* ldns-walk - 'Walks' a DNSSEC signed zone
* Added an all-static target to the makefile so you can use examples
Code:
* All networking code was moved to net.c
* rdata.c: added asserts to the rdf set/get functions
- * const keyword was added to pointer arguments that
+ * const keyword was added to pointer arguments that
aren't changed
API:
* renamed ldns/dns.h to ldns/ldns.h
* ldns_rr_new_frm_str() is extented with an extra variable which
in common use may be NULL. This trickles through to:
- o ldns_rr_new_frm_fp
+ o ldns_rr_new_frm_fp
o ldns_rr_new_frm_fp_l
Which also get an extra variable
Also the function has been changed to return a status message.
The compiled RR is returned in the first argument.
* ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are
- changed to return a status msg.
+ changed to return a status msg.
* ldns_key_new_frm_fp is changed to return ldns_status and
the actual key list in the first argument
* ldns_rdata_new_frm_fp[_l]() are changed to return a status.
the rdf is return in the first argument
- * ldns_resolver_new_frm_fp: same treatment: return status and
+ * ldns_resolver_new_frm_fp: same treatment: return status and
the new resolver in the first argument
* ldns_pkt_query_new_frm_str(): same: return status and the
packet in the first arg
* ldns_pkt_empty(): check is a packet is empty
* ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list
* ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list
- * ldns_rr_list_compare(): compare 2 ldns_rr_lists
+ * ldns_rr_list_compare(): compare 2 ldns_rr_lists
* ldns_pkt_push_rr_list: rr_list equiv for rr
* ldns_pkt_safe_push_rr_list: rr_list equiv for rr
Removed:
* Usual fixes in documentation and code
13 Jun 2005: 0.65: ldns-team
- * Repository is online at:
+ * Repository is online at:
http://www.nlnetlabs.nl/ldns/svn/
- * Apply reference copying throuhgout ldns, except in 2
+ * Apply reference copying throuhgout ldns, except in 2
places in the ldns_resolver structure (._domain and
._nameservers)
* Usual array of bugfixes
(you're not supposed to include that in a libary)
* Further tweaking
- DNSSEC signing/verification works
- - Assorted bug fixes and tweaks (memory management)
+ - Assorted bug fixes and tweaks (memory management)
May 2005: 0.50: ldns-team
* First usable release
*/
size_t ldns_rr_dnskey_key_size(const ldns_rr *key);
+/**
+ * The type of function to be passed to ldns_rr_soa_increment_func,
+ * ldns_rr_soa_increment_func_data or ldns_rr_soa_increment_int.
+ * The function will be called with as the first argument the current serial
+ * number of the SOA RR to be updated, and as the second argument a value
+ * given when calling ldns_rr_soa_increment_func_data or
+ * ldns_rr_soa_increment_int.
+ */
typedef uint32_t (*ldns_soa_serial_increment_func_t)(uint32_t, void*);
+/**
+ * Function to be used with dns_rr_soa_increment_func_int, to set the soa
+ * serial number.
+ * \param[in] _ the (unused) current serial number.
+ * \param[in] data the serial number to be set (when casted to uint32_t).
+ */
uint32_t ldns_soa_serial_identity(uint32_t _, void *data);
+
+/**
+ * Function to be used with dns_rr_soa_increment_func, to increment the soa
+ * serial number with one.
+ * \param[in] s the current serial number.
+ * \param[in] _ unused.
+ */
uint32_t ldns_soa_serial_increment(uint32_t s, void *_);
+
+/**
+ * Function to be used with dns_rr_soa_increment_func_int, to increment the soa
+ * serial number with a certain amount.
+ * \param[in] s the current serial number.
+ * \param[in] data (casted to intptr_t) the amount to add to the
+ * current serial number.
+ */
uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data);
+
+/**
+ * Function to be used with ldns_rr_soa_increment_func or
+ * ldns_rr_soa_increment_func_int to set the soa serial to the number of
+ * seconds since unix epoch (1-1-1970 00:00).
+ * When data is given (i.e. the function is called via
+ * ldns_rr_soa_increment_func_int), it is used as the current time.
+ * When the resulting serial number is smaller than the current serial number,
+ * the current serial number is increased by one.
+ * \param[in] s the current serial number.
+ * \param[in] data the time in seconds since 1-1-1970 00:00
+ */
uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data);
+
+/**
+ * Function to be used with ldns_rr_soa_increment_func or
+ * ldns_rr_soa_increment_func_int to set the soa serial to the current date
+ * succeeded by a two digit iteration.
+ * When data is given (i.e. the function is called via
+ * ldns_rr_soa_increment_func_int), it is used as the current time.
+ * When the resulting serial number is smaller than the current serial number,
+ * the current serial number is increased by one.
+ * \param[in] s the current serial number.
+ * \param[in] data the time in seconds since 1-1-1970 00:00
+ */
uint32_t ldns_soa_serial_YYYYMMDDxx(uint32_t s, void *data);
+/**
+ * Increment the serial number of the given SOA by one.
+ * \param[in] soa The soa rr to be incremented
+ */
void ldns_rr_soa_increment(
ldns_rr *soa);
+/**
+ * Increment the serial number of the given SOA with the given function.
+ * Included functions to be used here are: ldns_rr_soa_increment,
+ * ldns_soa_serial_unixtime and ldns_soa_serial_YYYYMMDDxx.
+ * \param[in] soa The soa rr to be incremented
+ * \param[in] f the function to use to increment the soa rr.
+ */
void ldns_rr_soa_increment_func(
ldns_rr *soa, ldns_soa_serial_increment_func_t f);
+/**
+ * Increment the serial number of the given SOA with the given function
+ * passing it the given data argument.
+ * \param[in] soa The soa rr to be incremented
+ * \param[in] f the function to use to increment the soa rr.
+ * \param[in] data this argument will be passed to f as the second argument.
+ */
void ldns_rr_soa_increment_func_data(
ldns_rr *soa, ldns_soa_serial_increment_func_t f, void *data);
+/**
+ * Increment the serial number of the given SOA with the given function
+ * using data as an argument for the function.
+ * Included functions to be used here are: ldns_soa_serial_identity,
+ * ldns_rr_soa_increment_by, ldns_soa_serial_unixtime and
+ * ldns_soa_serial_YYYYMMDDxx.
+ * \param[in] soa The soa rr to be incremented
+ * \param[in] f the function to use to increment the soa rr.
+ * \param[in] data this argument will be passed to f as the second argument.
+ */
void ldns_rr_soa_increment_func_int(
ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data);
projects / thirdparty / ldns.git / commitdiff
