]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e4f4977)
Add documentation and notes for [#1750]
authorMatthijs Mekking <matthijs@isc.org>
Tue, 8 Dec 2020 08:42:51 +0000 (09:42 +0100)
committerMatthijs Mekking <matthijs@isc.org>
Wed, 23 Dec 2020 11:06:09 +0000 (12:06 +0100)
(cherry picked from commit 7825d8f916bcfb0e725f0db5402035fd5c48a432)

CHANGES patch | blob | blame | history
doc/misc/rfc-compliance patch | blob | blame | history
doc/notes/notes-current.rst patch | blob | blame | history

diff --git a/CHANGES b/CHANGES
index 85aca0a12c453183794bf8b153640142ce5dc330..0d42eb72cdcb61732bc540ba78e85c579f5497be 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,12 @@
+5553.  [bug]           When reconfiguring named, removing "auto-dnssec"
+                       actually did not turn off DNSSEC maintenance.
+                       This has been fixed. [GL #2341]
+
+5552.  [func]          When switching to "dnssec-policy none;", named
+                       now permits a safe transition to insecure mode
+                       and publishes the CDS and CDNSKEY DELETE
+                       records, as described in RFC 8078. [GL #1750]
+
 5551.  [bug]           Only assign threads to CPUs in the CPU affinity set.
                        Thanks to Ole Bjørn Hessen. [GL #2245]
 
diff --git a/doc/misc/rfc-compliance b/doc/misc/rfc-compliance
index e7cada0257fb60eb5ce82050f2da0c991d324259..57d023dd2aa7a32766a17721daaa85f15775fadd 100644 (file)
--- a/doc/misc/rfc-compliance
+++ b/doc/misc/rfc-compliance
@@ -97,6 +97,7 @@ or Best Current Practice (BCP) documents.  The list is non exhaustive.
   RFC7793
   RFC7830 [15]
   RFC7929
+  RFC8078 [20]
   RFC8080
 
 No longer supported
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 3d336b7d993a783e6500e7b8bb26341b5c22e75b..7086eae2aeb79d0ad0a7fdedc4e80f068e486039 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -34,6 +34,12 @@ Removed Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
+- It is now possible to transition a zone from secure to insecure mode
+  without making it bogus in the process: changing to ``dnssec-policy
+  none;`` also causes CDS and CDNSKEY DELETE records to be published, to
+  signal that the entire DS RRset at the parent must be removed, as
+  described in RFC 8078. [GL #1750]
+
 - The new networking code introduced in BIND 9.16 (netmgr) was
   overhauled in order to make it more stable, testable, and
   maintainable. [GL #2321]
Mirror of https://gitlab.isc.org/isc-projects/bind9.git