Fallback to built in trust-anchors, managed-keys, or trusted-keys

if the bind.keys file cannot be parsed.

(cherry picked from commit d02a14c79580de1888e96f32617d8123be1be060)

diff --git a/CHANGES b/CHANGES
index 8a4def9270c57747fb7c94c5e0c9c7d07cc46080..9159872198730ec3c33de3c85b9416485b2fe00d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5465.  [func]          Fallback to built in trust-anchors, managed-keys, or
+                       trusted-keys if the bindkeys-file (bind.keys) cannot
+                       be parsed. [GL #1235]
+
 5463.  [bug]           Address potential NULL pointer dereference on out of
                        memory in dnstap.c. [GL #2010]
 

diff --git a/bin/named/server.c b/bin/named/server.c
index 5fd9fc1176bb4bb0beba63a0d15e4bcb7488dd0f..4df714e527b145c0b7bfc40a13b840c9aaa7d0dd 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -7583,7 +7583,14 @@ load_configuration(const char *filename, ns_server_t *server,
 
                result = cfg_parse_file(bindkeys_parser, server->bindkeysfile,
                                        &cfg_type_bindkeys, &bindkeys);
-               CHECK(result);
+               if (result != ISC_R_SUCCESS) {
+                       isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+                                     NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+                                     "unable to parse '%s' error '%s'; using "
+                                     "built-in keys instead",
+                                     server->bindkeysfile,
+                                     isc_result_totext(result));
+               }
        } else {
                isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
                              NS_LOGMODULE_SERVER, ISC_LOG_INFO,