set_key_states "KEY1" "hidden" "omnipresent" "omnipresent" "omnipresent" "omnipresent"
set_key_default_values "KEY2"
echo_i "check zone ${ZONE} after reconfig"
-
- ret=0
- wait_for_log 10 "zone $ZONE/IN (signed): wait building NSEC3 chain until NSEC only DNSKEYs are removed" ns3/named.run || ret=1
- test "$ret" -eq 0 || echo_i "failed"
- status=$((status+ret))
-
check_nsec
# Zone: nsec3-to-rsasha1.kasp.
use_kasp ? "yes" : "no");
/* Determine which type of chain to build */
- if (use_kasp) {
- build_nsec3 = dns_kasp_nsec3(kasp);
- if (!dns_zone_check_dnskey_nsec3(zone, db, version, NULL,
- (dst_key_t **)&zone_keys,
- nkeys))
- {
- dnssec_log(zone, ISC_LOG_INFO,
- "wait building NSEC3 chain until NSEC only "
- "DNSKEYs are removed");
- build_nsec3 = false;
- }
- build_nsec = !build_nsec3;
- } else {
- CHECK(dns_private_chains(db, version, zone->privatetype,
- &build_nsec, &build_nsec3));
- /* If neither chain is found, default to NSEC */
- if (!build_nsec && !build_nsec3) {
+ CHECK(dns_private_chains(db, version, zone->privatetype, &build_nsec,
+ &build_nsec3));
+ if (!build_nsec && !build_nsec3) {
+ if (use_kasp) {
+ build_nsec3 = dns_kasp_nsec3(kasp);
+ if (!dns_zone_check_dnskey_nsec3(
+ zone, db, version, NULL,
+ (dst_key_t **)&zone_keys, nkeys))
+ {
+ dnssec_log(zone, ISC_LOG_INFO,
+ "wait building NSEC3 chain until "
+ "NSEC only DNSKEYs are removed");
+ build_nsec3 = false;
+ }
+ build_nsec = !build_nsec3;
+ } else {
+ /* If neither chain is found, default to NSEC */
build_nsec = true;
}
}
projects / thirdparty / bind9.git / commitdiff
