The option `update-check-ksk` will look if both KSK and ZSK are
available before signing records. It will make sure the keys are
active and available. However, for operational practices keys may
be offline. This commit relaxes the update-check-ksk check and will
mark a key that is offline to be available when adding signature
tasks.
(cherry picked from commit
3cb8c49c73906b28921012619a3bb87805613b81)
(cherry picked from commit
b508cffeee3bfb8bc7dcf39db59ec3782a5d9e4c)
recursion was requested by the client, not on
whether recursion was available. [GL #963]
+5209. [bug] When update-check-ksk is true, add_sigs was not
+ considering offline keys, leaving record sets signed
+ with the incorrect type key. [GL #763]
+
5208. [test] Run valid rdata wire encodings through totext+fromtext
and tofmttext+fromtext methods to check these methods.
[GL #899]
*/
if (!dst_key_isprivate(zone_keys[i]))
continue;
- /*
- * Should be redundant.
- */
if (dst_key_inactive(zone_keys[i]))
continue;
continue;
if (!dst_key_isprivate(zone_keys[j]))
continue;
- /*
- * Should be redundant.
+ /* Don't consider inactive keys, however
+ * the key may be temporary offline, so do
+ * consider keys which private key files are
+ * unavailable.
*/
- if (dst_key_inactive(zone_keys[j]))
- continue;
if (REVOKE(zone_keys[j]))
continue;
if (KSK(zone_keys[j]))
projects / thirdparty / bind9.git / commitdiff
