From: Peter van Dijk Date: Thu, 21 Jan 2021 09:01:35 +0000 (+0100) Subject: rename allow-unsigned-supermaster X-Git-Tag: dnsdist-1.6.0-rc1~32^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb3760b0f14a68f0edf53335a6277df1caccf2dd;p=thirdparty%2Fpdns.git rename allow-unsigned-supermaster --- diff --git a/docs/settings.rst b/docs/settings.rst index 2a452cb744..b1090562e6 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -61,6 +61,20 @@ Allow DNS updates from these IP ranges. Set to empty string to honour ``ALLOW-DN Allow AXFR NOTIFY from these IP ranges. Setting this to an empty string will drop all incoming notifies. +.. _setting-allow-unsigned-autoprimary: + +``allow-unsigned-autoprimary`` +------------------------------ + +.. versionchanged:: 4.5.0 + This was called :ref:`setting-allow-unsigned-supermaster` before 4.5.0. + +- Boolean +- Default: yes + +Turning this off requires all autoprimary notifications to be signed by +valid TSIG signature. It will accept any existing key on slave. + .. _setting-allow-unsigned-notify: ``allow-unsigned-notify`` @@ -77,11 +91,8 @@ signed by valid TSIG signature for the zone. ``allow-unsigned-supermaster`` ------------------------------ -- Boolean -- Default: yes - -Turning this off requires all supermaster notifications to be signed by -valid TSIG signature. It will accept any existing key on slave. +.. deprecated:: 4.5.0 + Renamed to :ref:`setting-allow-unsigned-autoprimary`. .. _setting-also-notify: diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 35d3866024..5f42649e74 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -94,6 +94,7 @@ void declareArguments() ::arg().setSwitch("send-signed-notify","Send TSIG secured NOTIFY if TSIG key is configured for a domain")="yes"; ::arg().set("allow-unsigned-notify","Allow unsigned notifications for TSIG secured domains")="yes"; //FIXME: change to 'no' later ::arg().set("allow-unsigned-supermaster", "Allow supermasters to create zones without TSIG signed NOTIFY")="yes"; + ::arg().set("allow-unsigned-autoprimary", "Allow autoprimaries to create zones without TSIG signed NOTIFY")="yes"; ::arg().setSwitch("forward-dnsupdate","A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.")="yes"; ::arg().setSwitch("log-dns-details","If PDNS should log DNS non-erroneous details")="no"; ::arg().setSwitch("log-dns-queries","If PDNS should log all incoming DNS queries")="no"; diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index f7fa4eb030..463799d991 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -920,7 +920,7 @@ int PacketHandler::trySuperMasterSynchronous(const DNSPacket& p, const DNSName& string nameserver, account; DNSBackend *db; - if (!::arg().mustDo("allow-unsigned-supermaster") && tsigkeyname.empty()) { + if (!::arg().mustDo("allow-unsigned-autoprimary") && tsigkeyname.empty()) { g_log<