The dnssec-* tools accepted negative and out-of-range values for TTL
flags such as dnssec-keygen -L, dnssec-signzone -t and
dnssec-settime -L, silently turning them into TTLs of around 136 years
in the resulting key or zone files. The flag values are now validated
and rejected with a clear "TTL must be non-negative" or "TTL out of
range" error.
Closes #5923
Merge branch '5923-dnssectool-strtottl-negative-ttl-accepted' into 'main'
See merge request isc-projects/bind9!11933
projects / thirdparty / bind9.git / commitdiff
