if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
+n=`expr $n + 1`
+echo_i "check that using both max-zone-ttl and dnssec-policy generates a warning ($n)"
+ret=0
+$CHECKCONF warn-kasp-max-zone-ttl.conf > checkconf.out$n 2>/dev/null || ret=1
+grep "option 'max-zone-ttl' is ignored when used together with 'dnssec-policy'" < checkconf.out$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
+status=`expr $status + $ret`
+
rmdir keys
echo_i "exit status: $status"
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * The dnssec-policy is not defined. Should also be caught if it is inherited.
+ */
+
+options {
+ dnssec-policy default;
+};
+
+zone "example.net" {
+ type primary;
+ file "example.db";
+ max-zone-ttl 600;
+};
}
}
+ /*
+ * Warn about zones with both dnssec-policy and max-zone-ttl
+ */
+ if (has_dnssecpolicy) {
+ obj = NULL;
+ (void)cfg_map_get(zoptions, "max-zone-ttl", &obj);
+ if (obj == NULL && voptions != NULL) {
+ (void)cfg_map_get(voptions, "max-zone-ttl", &obj);
+ }
+ if (obj == NULL && goptions != NULL) {
+ (void)cfg_map_get(goptions, "max-zone-ttl", &obj);
+ }
+ if (obj != NULL) {
+ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+ "zone '%s': option 'max-zone-ttl' "
+ "is ignored when used together with "
+ "'dnssec-policy'",
+ znamestr);
+ }
+ }
+
/*
* Check validity of the zone options.
*/
projects / thirdparty / bind9.git / commitdiff
