with the forth coming DS style DNSSEC.
+1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible
+ with the forth coming DS style DNSSEC.
--- 9.2.2rc1 released ---
Any additional preprocessor symbols you want defined.
Defaults to empty string.
+ Possible settings:
+ -DISC_RFC2535
+ Enable support RFC 2535 style DNSSEC. This
+ is incompatable with the upcoming DS support
+ and SHOULD NOT be set unless you are currently
+ making use of it.
+
To build shared libraries, specify "--with-libtool" on the
configure command line.
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.139.2.1 2001/10/05 00:21:48 bwelling Exp $ */
+/* $Id: dnssec-signzone.c,v 1.139.2.1.6.1 2003/02/17 01:15:42 marka Exp $ */
#include <config.h>
fprintf(stderr, "Signing Keys: ");
fprintf(stderr, "(default: all zone keys that have private keys)\n");
fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");
+#ifndef ISC_RFC2535
+ fprintf(stderr,
+"WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n"
+"WARNING WARNING\n"
+"WARNING This version of dnssec-signzone produces zones that are WARNING\n"
+"WARNING incompatible with the forth coming DS based DNSSEC WARNING\n"
+"WARNING standard. WARNING\n"
+"WARNING WARNING\n"
+"WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
+#endif
exit(0);
}
}
}
+#ifndef ISC_RFC2535
+ fprintf(stderr,
+"WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n"
+"WARNING WARNING\n"
+"WARNING This version of dnssec-signzone produces zones that are WARNING\n"
+"WARNING incompatible with the forth coming DS based DNSSEC WARNING\n"
+"WARNING standard. WARNING\n"
+"WARNING WARNING\n"
+"WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
+#endif
+
setup_entropy(mctx, randomfile, &ectx);
eflags = ISC_ENTROPY_BLOCKING;
if (!pseudorandom)
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.176.2.11 2002/04/23 01:53:53 marka Exp $ */
+/* $Id: client.c,v 1.176.2.11.4.1 2003/02/17 01:15:42 marka Exp $ */
#include <config.h>
/*
* Set EXTENDED-RCODE, VERSION, and Z to 0.
*/
+#ifdef ISC_RFC2535
rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE);
+#else
+ rdatalist->ttl = 0;
+#endif
/*
* No ENDS options in the default case.
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.198.2.8 2002/08/02 04:17:21 marka Exp $ */
+/* $Id: query.c,v 1.198.2.8.4.1 2003/02/17 01:15:42 marka Exp $ */
#include <config.h>
if ((message->flags & DNS_MESSAGEFLAG_RD) != 0)
client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
+#ifdef ISC_RFC2535
if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0 ||
(message->flags & DNS_MESSAGEFLAG_AD) != 0)
client->query.attributes |= NS_QUERYATTR_WANTDNSSEC;
+#endif
if (client->view->minimalresponses)
client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.339.2.8 2002/07/10 04:27:23 marka Exp $ */
+/* $Id: server.c,v 1.339.2.8.4.1 2003/02/17 01:15:43 marka Exp $ */
#include <config.h>
CHECK(dns_keytable_create(mctx, &keytable));
+#ifdef ISC_RFC2535
if (vconfig != NULL)
voptions = cfg_tuple_get(vconfig, "options");
keytable, mctx));
}
}
-
+#endif
dns_keytable_detach(target);
*target = keytable; /* Transfer ownership. */
keytable = NULL;
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resolver.c,v 1.218.2.12 2002/07/15 02:28:07 marka Exp $ */
+/* $Id: resolver.c,v 1.218.2.12.4.1 2003/02/17 01:15:43 marka Exp $ */
#include <config.h>
/*
* Set EXTENDED-RCODE, VERSION, and Z to 0, and the DO bit to 1.
*/
+#ifdef ISC_RFC2535
rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO;
+#else
+ rdatalist->ttl = 0;
+#endif
/*
* No EDNS options.
*
* Only one set of NS RRs is allowed.
*/
- if (ns_name != NULL && name != ns_name)
- return (DNS_R_FORMERR);
- ns_name = name;
+ if (rdataset->type ==
+ dns_rdatatype_ns) {
+ if (ns_name != NULL &&
+ name != ns_name)
+ return (DNS_R_FORMERR);
+ ns_name = name;
+ }
name->attributes |=
DNS_NAMEATTR_CACHE;
rdataset->attributes |=
DNS_RDATASETATTR_CACHE;
rdataset->trust = dns_trust_glue;
ns_rdataset = rdataset;
- } else if (type == dns_rdatatype_soa ||
+ }
+ }
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ if (type == dns_rdatatype_soa ||
type == dns_rdatatype_nxt) {
/*
* SOA, SIG SOA, NXT, or SIG NXT.
return (DNS_R_FORMERR);
soa_name = name;
}
- negative_response = ISC_TRUE;
- name->attributes |=
- DNS_NAMEATTR_NCACHE;
- rdataset->attributes |=
- DNS_RDATASETATTR_NCACHE;
+ if (ns_name == NULL) {
+ negative_response = ISC_TRUE;
+ name->attributes |=
+ DNS_NAMEATTR_NCACHE;
+ rdataset->attributes |=
+ DNS_RDATASETATTR_NCACHE;
+ } else {
+ name->attributes |=
+ DNS_NAMEATTR_CACHE;
+ rdataset->attributes |=
+ DNS_RDATASETATTR_CACHE;
+ }
if (aa)
rdataset->trust =
dns_trust_authauthority;
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: parser.c,v 1.70.2.14 2002/02/08 03:57:47 marka Exp $ */
+/* $Id: parser.c,v 1.70.2.14.4.1 2003/02/17 01:15:44 marka Exp $ */
#include <config.h>
{ "key", &cfg_type_key, CFG_CLAUSEFLAG_MULTI },
{ "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI },
{ "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI },
+#ifdef ISC_RFC2535
{ "trusted-keys", &cfg_type_trustedkeys, CFG_CLAUSEFLAG_MULTI },
+#else
+ { "trusted-keys", &cfg_type_trustedkeys,
+ CFG_CLAUSEFLAG_MULTI|CFG_CLAUSEFLAG_OBSOLETE },
+#endif
{ NULL, NULL, 0 }
};
projects / thirdparty / bind9.git / commitdiff
