args->err_str = "'dnssec-validation' is not compatible with 'dnssec-signing'";
return KNOT_EINVAL;
}
+
+ conf_val_t zonemd_verify = conf_get_wrap(args, C_ZONEMD_VERIFY);
+ if (conf_bool(&zonemd_verify)) {
+ CONF_LOG(LOG_WARNING, "'zonemd-verify' not compatible with 'dnssec-signing' as incremental changes to the zone will always fail");
+ }
} else {
conf_val_t ddnsmaster = conf_get_wrap(args, C_DDNS_MASTER);
if (ddnsmaster.code == KNOT_EOK && *conf_str(&ddnsmaster) == '\0') {
{ C_DNSSEC_SIGNING, YP_TBOOL, YP_VNONE }, \
{ C_DNSSEC_VALIDATION, YP_TBOOL, YP_VNONE }, \
{ C_SERIAL_MODULO, YP_TSTR, YP_VSTR = { "0/1" } }, \
+ { C_ZONEMD_VERIFY, YP_TBOOL, YP_VNONE }, \
{ C_CATALOG_ROLE, YP_TOPT, YP_VOPT = { opts, 0 } }, \
{ C_CATALOG_TPL, YP_TREF, YP_VREF = { C_RMT } }, \
{ C_COMMENT, YP_TSTR, YP_VNONE },
projects / thirdparty / knot-dns.git / commitdiff
