git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Matthijs Mekking <matthijs@isc.org>
	Tue, 13 Jul 2021 09:05:35 +0000 (11:05 +0200)
committer	Evan Hunt <each@isc.org>
	Wed, 14 Jul 2021 19:10:11 +0000 (12:10 -0700)
commit	577bf913b9431c29812b2c7413ecb0dfa1eb7526
tree	293f388fda0a01a37e4014491b04b84ff4f0e38f	tree \| snapshot
parent	6b79db1fdd7874d64be6d7dc55176200c24f5d15	commit \| diff

Relax zone_cdscheck function

If we have a CDS or CDNSKEY we at least need to have a DNSKEY with the
same algorithm published and signing the CDS RRset. Same for CDNSKEY
of course.

This relaxes the zone_cdscheck function, because before the CDS or
CDNSKEY had to match a DNSKEY, now only the algorithm has to match.

This allows a provider in a multisigner model to update the CDS/CDNSKEY
RRset in the zone that is served by the other provider.

lib/dns/zone.c

diff | blob | blame | history

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom