]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ff49309) | patch
Don't roll offline keys
authorMatthijs Mekking <matthijs@isc.org>
Mon, 12 Apr 2021 12:40:46 +0000 (14:40 +0200)
committerMatthijs Mekking <matthijs@isc.org>
Wed, 5 May 2021 10:49:49 +0000 (12:49 +0200)
commit4e87664fef6f32df6f410a8276c4875570f4d8e5
treeba81ce698e2d4ffbd43fa5dcc2e4232d7681f417tree | snapshot
parentff4930951cd20426b41135406444487bd39989c6commit | diff
Don't roll offline keys

When checking the current DNSSEC state against the policy, consider
offline keys. If we didn't found an active key, check if the key is
offline by checking the public key list. If there is a match in the
public key list (the key data is retrieved from the .key and the
.state files), treat the key as offline and don't create a successor
key for it.

(cherry picked from commit 3e6fc49c165c203b3d2c3c58b93bcb18d18fcf40)
lib/dns/include/dns/keymgr.h diff | blob | blame | history
lib/dns/keymgr.c diff | blob | blame | history
lib/dns/zone.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git