]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ce1c163) | patch
dnssec-policy inheritance from options/view
authorMatthijs Mekking <matthijs@isc.org>
Tue, 5 Nov 2019 16:22:35 +0000 (17:22 +0100)
committerMatthijs Mekking <matthijs@isc.org>
Wed, 6 Nov 2019 21:36:21 +0000 (22:36 +0100)
commit5f464d15a0342dafa200957acf401daa97c4da3f
treed46d62ab9e275ad5bffa77dc8cb57d3f164484e2tree | snapshot
parentce1c1631b35794ff516789f01ec791e1f3162fe0commit | diff
dnssec-policy inheritance from options/view

'dnssec-policy' can now also be set on the options and view level and
a zone that does not set 'dnssec-policy' explicitly will inherit it
from the view or options level.

This requires a new keyword to be introduced: 'none'.  If set to
'none' the zone will not be DNSSEC maintained, in other words it will
stay unsigned.  You can use this to break the inheritance.  Of course
you can also break the inheritance by referring to a different
policy.

The keywords 'default' and 'none' are not allowed when configuring
your own dnssec-policy statement.

Add appropriate tests for checking the configuration (checkconf)
and add tests to the kasp system test to verify the inheritance
works.

Edit the kasp system test such that it can deal with unsigned zones
and views (so setting a TSIG on the query).
27 files changed:
bin/named/config.c diff | blob | blame | history
bin/named/server.c diff | blob | blame | history
bin/named/zoneconf.c diff | blob | blame | history
bin/tests/system/checkconf/bad-kasp1.conf diff | blob | blame | history
bin/tests/system/checkconf/bad-kasp5.conf [new file with mode: 0644] blob
bin/tests/system/checkconf/good-kasp.conf diff | blob | blame | history
bin/tests/system/checkconf/good.conf diff | blob | blame | history
bin/tests/system/checkconf/good.zonelist diff | blob | blame | history
bin/tests/system/kasp/README diff | blob | blame | history
bin/tests/system/kasp/clean.sh diff | blob | blame | history
bin/tests/system/kasp/ns2/named.conf.in diff | blob | blame | history
bin/tests/system/kasp/ns2/setup.sh diff | blob | blame | history
bin/tests/system/kasp/ns2/template.tld.db.in [new file with mode: 0644] blob
bin/tests/system/kasp/ns3/named.conf.in diff | blob | blame | history
bin/tests/system/kasp/ns3/setup.sh diff | blob | blame | history
bin/tests/system/kasp/ns4/named.conf.in [new file with mode: 0644] blob
bin/tests/system/kasp/ns4/setup.sh [new file with mode: 0644] blob
bin/tests/system/kasp/ns4/template.db.in [new file with mode: 0644] blob
bin/tests/system/kasp/ns5/named.conf.in [new file with mode: 0644] blob
bin/tests/system/kasp/ns5/setup.sh [new file with mode: 0644] blob
bin/tests/system/kasp/ns5/template.db.in [new file with mode: 0644] blob
bin/tests/system/kasp/setup.sh diff | blob | blame | history
bin/tests/system/kasp/tests.sh diff | blob | blame | history
lib/bind9/check.c diff | blob | blame | history
lib/isccfg/kaspconf.c diff | blob | blame | history
lib/isccfg/namedconf.c diff | blob | blame | history
util/copyrights diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git