From: Kees Monshouwer <mind04@monshouwer.org>
Date: Fri, 1 May 2015 05:47:36 +0000 (+0200)
Subject: change default for add-superfluous-nsec3-for-old-bind config option
X-Git-Tag: auth-3.3.2~2^2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3dec9c7e9c078f52cea53d6374952fc171d40ee;p=thirdparty%2Fpdns.git

change default for add-superfluous-nsec3-for-old-bind config option
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index c706752498..3b76f48411 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -139,7 +139,7 @@ void declareArguments()
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
   ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
-  ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="yes";
+  ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="no";
   ::arg().set("default-ksk-algorithms","Default KSK algorithms")="rsasha256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
   ::arg().set("default-zsk-algorithms","Default ZSK algorithms")="rsasha256";
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index 06b2fff27d..b4385e5d82 100644
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -2,7 +2,7 @@
 #################################
 # add-superfluous-nsec3-for-old-bind	Add superfluous NSEC3 record to positive wildcard response
 #
-# add-superfluous-nsec3-for-old-bind=yes
+# add-superfluous-nsec3-for-old-bind=no
 
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop
index 9d40ecb644..f9bc8a903c 100755
--- a/regression-tests/start-test-stop
+++ b/regression-tests/start-test-stop
@@ -148,6 +148,7 @@ case $context in
 				--no-shuffle --launch=bind --bind-config=./named.conf \
 				--bind-dnssec-db=./dnssec.sqlite3 \
 				--send-root-referral \
+				--add-superfluous-nsec3-for-old-bind \
 				--cache-ttl=0 --no-config &
 			bindwait
 			;;
@@ -268,6 +269,7 @@ __EOF__
 			$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
 				--no-shuffle --launch --launch+=random --launch+=gmysql --launch+=random --gmysql-dnssec \
 				--fancy-records --send-root-referral \
+				--add-superfluous-nsec3-for-old-bind \
 				--cache-ttl=0 --no-config \
 				--gmysql-dbname="$GMYSQLDB" \
 				--gmysql-user="$GMYSQLUSER" \
@@ -320,6 +322,7 @@ __EOF__
 			$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
 				--no-shuffle --launch=gpgsql --gpgsql-dnssec \
 				--fancy-records --send-root-referral \
+				--add-superfluous-nsec3-for-old-bind \
 				--cache-ttl=0 --no-config \
 				--gpgsql-dbname="$GPGSQLDB" \
 				--gpgsql-user="$GPGSQLUSER" &
@@ -433,6 +436,7 @@ __EOF__
 			$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
 				--no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
 				--fancy-records --send-root-referral \
+				--add-superfluous-nsec3-for-old-bind \
 				--cache-ttl=0 --no-config \
 				--gsqlite3-database=pdns.sqlite3 &
 			if [ $context = gsqlite3-nsec3 ]
@@ -522,6 +526,7 @@ EOF
 			$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
 				--no-shuffle --launch=remote \
 				--query-logging --loglevel=9 --cache-ttl=0 --no-config \
+				--add-superfluous-nsec3-for-old-bind \
 				--send-root-referral \
 				--remote-connection-string="$connstr" $remote_add_param &
                         
@@ -598,6 +603,7 @@ then
 		$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
 			--no-shuffle --launch=gmysql --gmysql-dnssec \
 			--fancy-records --send-root-referral \
+			--add-superfluous-nsec3-for-old-bind \
 			--cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
 			--gmysql-dbname="$GMYSQL2DB" \
 			--gmysql-user="$GMYSQL2USER" \
@@ -631,6 +637,7 @@ then
 		$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
 			--no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
 			--fancy-records --send-root-referral \
+			--add-superfluous-nsec3-for-old-bind \
 			--cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
 			--gsqlite3-database=pdns.sqlite31 --gsqlite3-pragma-synchronous=0 |& egrep -v "update records set ordername|insert into records" &
 		echo 'waiting for zones to be slaved'
@@ -665,6 +672,7 @@ then
 		$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
 			--no-shuffle --launch=bind --bind-config=./named-slave.conf --slave         \
 			--send-root-referral --retrieval-threads=1  --config-name=bind-slave \
+			--add-superfluous-nsec3-for-old-bind \
 			--cache-ttl=0 --no-config --bind-dnssec-db=./dnssec-slave.sqlite3 &
 		echo 'waiting for zones to be loaded'
 		bindwait bind-slave