From: Evan Hunt <each@isc.org>
Date: Tue, 25 Mar 2025 07:34:26 +0000 (+0000)
Subject: [9.18] fix: usr: Don't enforce NOAUTH/NOCONF flags in DNSKEYs
X-Git-Tag: v9.18.36~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ddbea0b94b13242d669e97ee4e1f62f6ba147f34;p=thirdparty%2Fbind9.git

[9.18] fix: usr: Don't enforce NOAUTH/NOCONF flags in DNSKEYs

All DNSKEY keys are able to authenticate. The `DNS_KEYTYPE_NOAUTH` (and `DNS_KEYTYPE_NOCONF`) flags were defined for the KEY rdata type, and are not applicable to DNSKEY. Previously, however, because the DNSKEY implementation was built on top of KEY, the `_NOAUTH` flag prevented authentication in DNSKEYs as well. This has been corrected.

Closes #5240

Backport of MR !10261

Merge branch 'backport-5240-ignore-noauth-flag-9.18' into 'bind-9.18'

See merge request isc-projects/bind9!10316
---

ddbea0b94b13242d669e97ee4e1f62f6ba147f34