From: Kees Monshouwer Date: Mon, 8 Nov 2021 10:54:53 +0000 (+0100) Subject: auth: api, remove CDS and CDNSKEY for now, in favor of https://www.ietf.org/archive... X-Git-Tag: rec-4.6.0-beta1~3^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10959%2Fhead;p=thirdparty%2Fpdns.git auth: api, remove CDS and CDNSKEY for now, in favor of https://www.ietf.org/archive/id/draft-thomassen-dnsop-dnssec-bootstrapping-02.html --- diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index c63b0cf8b6..5c062b63a5 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -59,7 +59,7 @@ static const std::set onlyOneEntryTypes = { QType::CNAME, QType::DNAME // QTypes that MUST NOT be used with any other QType on the same name. static const std::set exclusiveEntryTypes = { QType::CNAME }; // QTypes that MUST be at apex. -static const std::set atApexTypes = {QType::SOA, QType::DNSKEY, QType::CDNSKEY, QType::CDS}; +static const std::set atApexTypes = {QType::SOA, QType::DNSKEY}; // QTypes that are NOT allowed at apex. static const std::set nonApexTypes = {QType::DS}; diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py index d163185f83..bd12e81bc8 100644 --- a/regression-tests.api/test_Zones.py +++ b/regression-tests.api/test_Zones.py @@ -1471,8 +1471,6 @@ $ORIGIN %NAME% @parameterized.expand([ ('SOA', 'ns1.example.org. test@example.org. 10 10800 3600 604800 1800'), ('DNSKEY', '257 3 8 AwEAAb/+pXOZWYQ8mv9WM5dFva8WU9jcIUdDuEjldbyfnkQ/xlrJC5zAEfhYhrea3SmIPmMTDimLqbh3/4SMTNPTUF+9+U1vpNfIRTFadqsmuU9Fddz3JqCcYwEpWbReg6DJOeyu+9oBoIQkPxFyLtIXEPGlQzrynKubn04Cx83I6NfzDTraJT3jLHKeW5PVc1ifqKzHz5TXdHHTA7NkJAa0sPcZCoNE1LpnJI/wcUpRUiuQhoLFeT1E432GuPuZ7y+agElGj0NnBxEgnHrhrnZWUbULpRa/il+Cr5Taj988HqX9Xdm6FjcP4Lbuds/44U7U8du224Q8jTrZ57Yvj4VDQKc='), - ('CDNSKEY', '0 3 0 AA=='), - ('CDS', '0 0 0 00'), ]) def test_only_at_apex(self, qtype, content): name, payload, zone = self.create_zone(soa_edit_api='')