change default for add-superfluous-nsec3-for-old-bind config option

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index c7067524983ed204c634eb54671466be4096b96f..3b76f484112ed4125ac211f40c513a3843821831 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -139,7 +139,7 @@ void declareArguments()
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
   ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
-  ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="yes";
+  ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="no";
   ::arg().set("default-ksk-algorithms","Default KSK algorithms")="rsasha256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
   ::arg().set("default-zsk-algorithms","Default ZSK algorithms")="rsasha256";

diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index 06b2fff27d79163371001359c0517cbd501c9a3a..b4385e5d8214acfea9e5fd03242c8128553234b1 100644 (file)
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -2,7 +2,7 @@
 #################################
 # add-superfluous-nsec3-for-old-bind   Add superfluous NSEC3 record to positive wildcard response
 #
-# add-superfluous-nsec3-for-old-bind=yes
+# add-superfluous-nsec3-for-old-bind=no
 
 #################################
 # allow-axfr-ips       Allow zonetransfers only to these subnets

diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop
index 9d40ecb6440bbe690f17495ac3f35aae66b125a7..f9bc8a903c225253d8dc12bd3ee9ced056beeddc 100755 (executable)
--- a/regression-tests/start-test-stop
+++ b/regression-tests/start-test-stop
@@ -148,6 +148,7 @@ case $context in
                                --no-shuffle --launch=bind --bind-config=./named.conf \
                                --bind-dnssec-db=./dnssec.sqlite3 \
                                --send-root-referral \
+                               --add-superfluous-nsec3-for-old-bind \
                                --cache-ttl=0 --no-config &
                        bindwait
                        ;;
@@ -268,6 +269,7 @@ __EOF__
                        $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch --launch+=random --launch+=gmysql --launch+=random --gmysql-dnssec \
                                --fancy-records --send-root-referral \
+                               --add-superfluous-nsec3-for-old-bind \
                                --cache-ttl=0 --no-config \
                                --gmysql-dbname="$GMYSQLDB" \
                                --gmysql-user="$GMYSQLUSER" \
@@ -320,6 +322,7 @@ __EOF__
                        $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gpgsql --gpgsql-dnssec \
                                --fancy-records --send-root-referral \
+                               --add-superfluous-nsec3-for-old-bind \
                                --cache-ttl=0 --no-config \
                                --gpgsql-dbname="$GPGSQLDB" \
                                --gpgsql-user="$GPGSQLUSER" &
@@ -433,6 +436,7 @@ __EOF__
                        $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
                                --fancy-records --send-root-referral \
+                               --add-superfluous-nsec3-for-old-bind \
                                --cache-ttl=0 --no-config \
                                --gsqlite3-database=pdns.sqlite3 &
                        if [ $context = gsqlite3-nsec3 ]
@@ -522,6 +526,7 @@ EOF
                        $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
                                --no-shuffle --launch=remote \
                                --query-logging --loglevel=9 --cache-ttl=0 --no-config \
+                               --add-superfluous-nsec3-for-old-bind \
                                --send-root-referral \
                                --remote-connection-string="$connstr" $remote_add_param &
                         
@@ -598,6 +603,7 @@ then
                $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
                        --no-shuffle --launch=gmysql --gmysql-dnssec \
                        --fancy-records --send-root-referral \
+                       --add-superfluous-nsec3-for-old-bind \
                        --cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
                        --gmysql-dbname="$GMYSQL2DB" \
                        --gmysql-user="$GMYSQL2USER" \
@@ -631,6 +637,7 @@ then
                $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
                        --no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
                        --fancy-records --send-root-referral \
+                       --add-superfluous-nsec3-for-old-bind \
                        --cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
                        --gsqlite3-database=pdns.sqlite31 --gsqlite3-pragma-synchronous=0 |& egrep -v "update records set ordername|insert into records" &
                echo 'waiting for zones to be slaved'
@@ -665,6 +672,7 @@ then
                $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
                        --no-shuffle --launch=bind --bind-config=./named-slave.conf --slave         \
                        --send-root-referral --retrieval-threads=1  --config-name=bind-slave \
+                       --add-superfluous-nsec3-for-old-bind \
                        --cache-ttl=0 --no-config --bind-dnssec-db=./dnssec-slave.sqlite3 &
                echo 'waiting for zones to be loaded'
                bindwait bind-slave