Fallback to built in trust-anchors, managed-keys, or trusted-keys

if the bind.keys file cannot be parsed.

(cherry picked from commit d02a14c79580de1888e96f32617d8123be1be060)

diff --git a/CHANGES b/CHANGES
index ecd9359d2cc9cf933e0a02df994e9ed272aae917..b6bcc04ee5c90aa92b8c78bc88feb4dfb89417fa 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5465.  [func]          Fallback to built in trust-anchors, managed-keys, or
+                       trusted-keys if the bindkeys-file (bind.keys) cannot
+                       be parsed. [GL #1235]
+
 5464.  [bug]           Specifying saving more than 128 files when rolling
                        dnstap / log files would cause buffer overflow.
                        [GL #1989]

diff --git a/bin/named/server.c b/bin/named/server.c
index c0f9207a21bff6302cf723464ba543b7d1e54adc..43b1e78af710475e4a9cccd598294dfee4dbb7f0 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8379,7 +8379,14 @@ load_configuration(const char *filename, named_server_t *server,
 
                result = cfg_parse_file(bindkeys_parser, server->bindkeysfile,
                                        &cfg_type_bindkeys, &bindkeys);
-               CHECK(result);
+               if (result != ISC_R_SUCCESS) {
+                       isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+                                     NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
+                                     "unable to parse '%s' error '%s'; using "
+                                     "built-in keys instead",
+                                     server->bindkeysfile,
+                                     isc_result_totext(result));
+               }
        } else {
                isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
                              NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,