git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Thu, 17 Oct 2019 09:51:58 +0000 (11:51 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Wed, 6 Nov 2019 21:36:21 +0000 (22:36 +0100)
commit	fcf14b2b47a95ca9b0ec33554a084c5c89912946
tree	0cb12c32483989015aa9908f9745b74cf5f207ee	tree \| snapshot
parent	09990672d9597bf7c8fa4e5d78b117944aad7cab	commit \| diff

DNSSEC hints use dst_key functions and key states

Update dns_dnssec_get_hints and dns_dnssec_keyactive to use dst_key
functions and thus if dnssec-policy/KASP is used the key states are
being considered.

Add a new variable to 'struct dns_dnsseckey' to signal whether this
key is a zone-signing key (it is no longer true that ksk == !zsk).

Also introduce a hint for revoke.

Update 'dns_dnssec_findzonekeys' and 'dns_dnssec_findmatchingkeys'
to also read the key state file, if available.

Remove 'allzsk' from 'dns_dnssec_updatekeys' as this was only a
hint for logging.

Also make get_hints() (now dns_dnssec_get_hints()) public so that
we can use it in the key manager.

bin/dnssec/dnssec-signzone.c		diff \| blob \| blame \| history
lib/dns/dnssec.c		diff \| blob \| blame \| history
lib/dns/include/dns/dnssec.h		diff \| blob \| blame \| history
lib/dns/win32/libdns.def.in		diff \| blob \| blame \| history
lib/dns/zone.c		diff \| blob \| blame \| history