]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 796a6c4) | patch
Deprecate SHA-1 in `dnssec-checkds`
authorTony Finch <dot@dotat.at>
Mon, 4 Feb 2019 13:46:51 +0000 (13:46 +0000)
committerEvan Hunt <each@isc.org>
Thu, 9 May 2019 01:17:55 +0000 (18:17 -0700)
commit129b731273bd9325abaaf760f6e37bb0b05f952a
tree022188f4769b4331f0f52b58e5f41ca1c7a59744tree | snapshot
parent796a6c4e4e5872a85289097ee1e7f5eaed16c8a6commit | diff
Deprecate SHA-1 in `dnssec-checkds`

This changes the behaviour so that it explicitly lists DS records that
are present in the parent but do not have keys in the child. Any
inconsistency is reported as an error, which is somewhat stricter than
before.

This is for conformance with the DS/CDS algorithm requirements in
https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update
bin/python/dnssec-checkds.docbook diff | blob | blame | history
bin/python/isc/checkds.py.in diff | blob | blame | history
bin/tests/system/checkds/tests.sh diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git