]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9aeadf3) | patch
Relax zone_cdscheck function
authorMatthijs Mekking <matthijs@isc.org>
Tue, 13 Jul 2021 09:05:35 +0000 (11:05 +0200)
committerMatthijs Mekking <matthijs@isc.org>
Thu, 15 Jul 2021 07:26:16 +0000 (09:26 +0200)
commit65f58d68f0803e3827e7b8eb3090d57687b37655
tree8102b33d64c920c3a53e758a8fc13f0a99bf6eb9tree | snapshot
parent9aeadf31f074a0697c6f41215911a569010c4b19commit | diff
Relax zone_cdscheck function

If we have a CDS or CDNSKEY we at least need to have a DNSKEY with the
same algorithm published and signing the CDS RRset. Same for CDNSKEY
of course.

This relaxes the zone_cdscheck function, because before the CDS or
CDNSKEY had to match a DNSKEY, now only the algorithm has to match.

This allows a provider in a multisigner model to update the CDS/CDNSKEY
RRset in the zone that is served by the other provider.

(cherry picked from commit 577bf913b9431c29812b2c7413ecb0dfa1eb7526)
lib/dns/zone.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git