-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
151 lines (125 loc) · 4.94 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
v2.02
- Updates versions and CHANGES file
- Remove testing/ support (it's either production or user keys now)
v2.01
- Delete all of RIPE's keys. They are in DLV, and arpa is signed.
Though in-addr.arpa is not yet signed. But DLV will do for now.
- Removed all remaining TLD keys - If TLD's didn't want to be in the root,
let them.
v2.00
- Added root zone trust anchor
- Removed all trust anchors that have a DS record in the root
- Added biz. trust anchor
v1.29
- Removed 7.0.193.in-addr.arpa. as RIPE did not mean to publish that
trust anchor seperately (there is a DS in 193.in-addr-arpa)
- Added Kyrgyzstan (.kg) to Production
- Added Europe (.eu) to Production
- Updated keys of museum. Unsure why there are now 6 KSKs
- Added St. Pierre and Miquelon (.pm)
- Moved uk. from testing to production
- Added new key for Sweden (se. )
v1.28
- Added Sri Lanka key to testing
- Added RIPE keys
v1.27
- Check for bind 9.7.x as well
- nocheck patch from redhat
v1.26
- Updated .museum key
- Updates some xn-- testdomain keys
- Standarised comments in key file and layouy
- Added expiry information as comments from itar
v1.25
- Use full path of unbound-checkconf and named-checkconf in case we're
run as non-root user via sudo
- Updated RIPE trust anchors with their March 23 2010 versions
v1.24
- Fix typo in key file testing/xn--11b5bs3a9aj6g.conf
- Update various RIPE keys and existing TLD keys
- Use TCP per default, as UDP EDNS did not always work
- Added Namibia and Thailand
- Added Canada test bed
v1.23
- Added new TLDs: ch. li. na. nu. pt. th. tm. xn--zckzah
- Updated TLDs: bg. cz. gov.org. pr. se. xn--0zwm56d xn--11b5bs3a9aj6g
xn--80akhbyknj4f xn--9t4b11yi5a xn--deba0ad xn--g6w251d
xn--hgbk6aj7f53bba xn--hlcj6aya9esc7a xn--jxalpdlp
xn--kgbechtv
v1.22
- Use pyparsing to read/write named.conf. This fixes bug:
https://bugzilla.redhat.com/show_bug.cgi?id=505754
There are still some named.conf files that fail to parse.
- Use TCP 53 for DNSKEY queries
- Updated prepublish keys
- Moved Namibia and Thailand from testing to production
- Added testing key for Canada
v1.21
- Enable DLV per default on systems that support /etc/sysconfig/dnssec
(Fedora, RHEL, Centos)
- Fixes for Debian/Ubuntu by Ondřej Surý <[email protected]>
- Change default install to /usr/local
- Added key for .org.
v1.20
- dnssec-configure was not adding the reverse keys and DLV key to the
named.conf file when enabling DLV for bind.
- dnssec-configure was not removing the DLV key from named.conf when
disabling DLV.
- Bind did not properly support DLV's other then dlv.isc.org.
v1.19
- Added --nocheck option to be able to run dnssec-configure in %post of
specfile, while there are no unbound key/pem files yet, and therefor
unbound-checkconf would give an error. We cannot generate key files
in %post, as we might not have enough entropy and would block an rpm
process.
v1.18
- Fix for when Bind was installed, but Unbound was not [Adam Tkac]
- Added key for .th (Thailand) to testing
- Updated all reverse keys for RIPE's reverse zones
v1.17
- Added --norestart option to ease use of dnssec-configure in initscripts
- Added support for /etc/sysconfig/ dir when using Fedora/RHEL/CentOS
v1.16
- .gov went in production. Move key from testing to production
See http://dotgov.gov/dnssecinfo.aspx
- Removed dnsops.gov from testing, its chains from .gov now exists.
v1.15
- New zones with keys assigned to RIPE: 109.in-addr.arpa. and 178.in-addr.arpa.
- .bg added a key and is in rollover.
- .gov key added to testing. They will not publish their DNSKEY outside
DNS until they are considered production. Then the key should appear
at https://www.dotgov.gov/dnssecinfo.aspx
- Don't use GNU extensions for cp. [Chris Lee]
- Look for the configuration files in more then just the Fedora places.
- Added key id's to all in-addr.arpa keys
- Removed dnsx.xelerance.com key. It was not meant to be in the public package
v1.14
- Added proper exit status for dnkey-pull
v1.13
- Clarify license in source files
- Fix mixed use of $RPM_BUILD_ROOT and %{buildroot}
- Source tag fully qualified now
v1.12
- Work around for unbound parser bug where a space must follow a colon
- Added key id's to those keys that did not yet list them (created with
on older version of dnskey-pull)
- Minor updates on some keys in /etc/pki/dnssec-keys/testing/
v1.11 dud
v1.10
- Added --set, --query, and show options to dnssec-configure
- Removed testing key for gr. - it vanished again.
- Updated RIPE's keys
v1.09
- Added testing key for gr.
v1.08
- Fix Bind to generate and include the key files
- Rename package from dnssec-keys to dnssec-conf
- Fix wildcard processing for unbound-checkconf via unbound patches
- Fix wildcard processing for bind via generated named.dnssec.keys include
- Added new IANA keys from https://ns.iana.org/dnssec/status.html in
disabled state
v1.05
- Patched unbound, so we no longer need to create *.conf files
- Removed keepkeyconfs
v1.04
- Initial pre-release