Commit Diff
Diff:
130999a4e858ef84289b60edb67c2e31aa152ab1
28aad59d7ab1759621133e2413a32b5fb5e3f552
Commit:
28aad59d7ab1759621133e2413a32b5fb5e3f552
Tree:
33253e1d7d6aee39680be4aa69b62f93eaedcf0a
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Fri Nov 1 14:58:08 2019 UTC
Message:
update / prepare for version 1.4.0, still not the entire changes but most.
blob - f8c68494ae6625ba03341f5f82970c9de1a2e5a4
blob + 552b4ee6f82efdb9eaae9ed78a18266bb0e8f86b
--- README
+++ README
@@ -1,6 +1,7 @@
-$Id: README,v 1.34 2019/09/20 09:51:43 pjp Exp $
+$Id: README,v 1.35 2019/11/01 14:58:08 pjp Exp $
1. README
+ 1.1 AUTHOR(S)
2. WHY DELPHINUSDNS?
3. INSTALL HINTS
3.1 Linux
@@ -27,6 +28,14 @@ search. This program is written to a BSD Style Licens
Red Black btree macros are used for the main in-memory database. A project
website exists at http://delphinusdns.org.
+1.1 AUTHOR
+----------
+
+So far it's just me, Peter J. Philipp <petphi@delphinusdns.org>. I have
+had some patches from other people from the east and some people from the
+west. Sound advice came from people in #dns at irc.freenode.net.
+
+
2. WHY DELPHINUSDNS?
-------------------
@@ -153,7 +162,7 @@ FreeBSD 11.2 | yes | yes
------------------+--------------------+---------------------+
NetBSD 8.1 | yes | yes |
------------------+--------------------+---------------------+
-OpenBSD 6.4 | yes | yes |
+OpenBSD 6.6 | yes | yes |
------------------+--------------------+---------------------+
Linux* | yes | yes |
------------------+--------------------+---------------------+
@@ -233,28 +242,26 @@ registrar and from there to your parent zone.
6.4 How can I sub-delegate a zone with DNSSEC
---------------------------------------------
-At version 1.1.0 i have never tested this. In theory you should be able to
-sign a zone containing a DS resource record. Since I haven't tested this I
-cannot say if this will work.
+A delegation from zone that is DNSSEC signed should be possible only if
+the sub-zone is not signed. This has to do with it not answering a DS
+RR with the NS RR in a referral yet. A delegation from a non-signed zone
+to a non-signed sub-zone should work as well. A delegation from a
+non-signed zone to a signed sub-zone is not working yet either.
6.5 What algorithms are supported with dddctl sign
--------------------------------------------------
-Currently only 3 algorithms are supported. There is RSASHA1-NSEC3-SHA1
+Currently only 4 algorithms are supported. There is RSASHA1-NSEC3-SHA1
which has algorithm 7, there is RSASHA256 which has algorithm 8 (the default),
-and there is RSASHA512 which has algorithm 10.
+and there is RSASHA512 which has algorithm 10. Finally the ECDSAP256SHA256
+algorithm (alg 13), is supported.
6.6 What happened to dd-convert
-------------------------------
The BIND-reliant dd-convert.rb has been replaced with a native C program called
-dd-convert.c starting from version 1.1.0. Then in version 1.3.0 a broader
-control tool called dddctl came, the dddctl sign subcommand has all the
-functionality of dd-convert.c and more. If you must have the .rb utility you
-can always get it from the 1.0.2 download which should never go away as long
-as I live. There is obvious benefits in using dddctl sign to replace all
-versions of dd-convert, for one it's up to date.
+dddctl.c. It is what's being used now.
7. WHAT IT CAN'T DO
@@ -263,5 +270,4 @@ versions of dd-convert, for one it's up to date.
* Solaris. Unless you port some functions to solaris it won't compile on
there.
-* DNSSEC key rollover - a ZSK key can be rolled over, this was tested on a
-live zone. However a KSK key still can't be rolled over. Maybe next year.
+* DNSSEC algorithm rollover. Maybe for version 1.5.0 or higher.
repomaster@centroid.eu