Inherit dnssec-policy in check for inline-signing

author Matthijs Mekking <matthijs@isc.org>

Mon, 11 Jul 2022 08:30:44 +0000 (10:30 +0200)

committer Matthijs Mekking <matthijs@isc.org>

Tue, 12 Jul 2022 09:29:03 +0000 (11:29 +0200)
author Matthijs Mekking <matthijs@isc.org>
Mon, 11 Jul 2022 08:30:44 +0000 (10:30 +0200)
committer Matthijs Mekking <matthijs@isc.org>
Tue, 12 Jul 2022 09:29:03 +0000 (11:29 +0200)
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c

index f3a721dacaf1f9f6c527b5bcc19ffc93b2e9f1d5..9bc94ee59726712283ecf1a8170524ae6961bf03 100644 (file)
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -2132,6 +2132,7 @@ named_zone_inlinesigning(dns_zone_t *zone, const cfg_obj_t *zconfig,
         const cfg_obj_t *updatepolicy = NULL;
         bool zone_is_dynamic = false;
         bool inline_signing = false;
+       bool dnssec_policy = false;
  
         (void)cfg_map_get(config, "options", &options);
  
@@ -2183,16 +2184,23 @@ named_zone_inlinesigning(dns_zone_t *zone, const cfg_obj_t *zconfig,
          * inline-signing.
          */
         signing = NULL;
-       if (!inline_signing && !zone_is_dynamic &&
-           cfg_map_get(zoptions, "dnssec-policy", &signing) == ISC_R_SUCCESS &&
-           signing != NULL)
-       {
-               if (strcmp(cfg_obj_asstring(signing), "none") != 0) {
-                       inline_signing = true;
-                       dns_zone_log(zone, ISC_LOG_DEBUG(1),
-                                    "inline-signing: "
-                                    "implicitly through dnssec-policy");
-               }
+       res = cfg_map_get(zoptions, "dnssec-policy", &signing);
+       if (res != ISC_R_SUCCESS && voptions != NULL) {
+               res = cfg_map_get(voptions, "dnssec-policy", &signing);
+       }
+       if (res != ISC_R_SUCCESS && options != NULL) {
+               res = cfg_map_get(options, "dnssec-policy", &signing);
+       }
+       if (res == ISC_R_SUCCESS) {
+               dnssec_policy = (strcmp(cfg_obj_asstring(signing), "none") !=
+                                0);
+       }
+
+       if (!inline_signing && !zone_is_dynamic && dnssec_policy) {
+               inline_signing = true;
+               dns_zone_log(zone, ISC_LOG_DEBUG(1),
+                            "inline-signing: "
+                            "implicitly through dnssec-policy");
         }
  
         return (inline_signing);
author	Matthijs Mekking <matthijs@isc.org>
	Mon, 11 Jul 2022 08:30:44 +0000 (10:30 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Tue, 12 Jul 2022 09:29:03 +0000 (11:29 +0200)