This seems to be the more common case.
const char *filename = NULL;
const char *kaspname = NULL;
const char *dupcheck;
- dns_checkdstype_t checkdstype = dns_checkdstype_explicit;
+ dns_checkdstype_t checkdstype = dns_checkdstype_yes;
dns_notifytype_t notifytype = dns_notifytype_yes;
uint32_t count;
unsigned int dbargc;
file "good.yes.dspublish.ns2.db";
inline-signing yes;
dnssec-policy "default";
- checkds yes;
};
/* Same as above, but with checkds disabled. */
file "no-ent.ns2.db";
inline-signing yes;
dnssec-policy "default";
- checkds yes;
};
/*
file "not-yet.yes.dspublish.ns5.db";
inline-signing yes;
dnssec-policy "default";
- checkds yes;
};
/*
file "bad.yes.dspublish.ns6.db";
inline-signing yes;
dnssec-policy "default";
- checkds yes;
};
/*
file "good.yes.dspublish.ns2-4.db";
inline-signing yes;
dnssec-policy "default";
- checkds yes;
};
zone "good.no.dspublish.ns2-4" {
file "incomplete.yes.dspublish.ns2-4-5.db";
inline-signing yes;
dnssec-policy "default";
- checkds yes;
};
/*
file "bad.yes.dspublish.ns2-4-6.db";
inline-signing yes;
dnssec-policy "default";
- checkds yes;
};
/*
file "good.yes.dsremoved.ns5.db";
inline-signing yes;
dnssec-policy "insecure";
- checkds yes;
};
zone "good.no.dsremoved.ns5" {
file "no-ent.ns5.db";
inline-signing yes;
dnssec-policy "default";
- checkds yes;
};
/*
file "still-there.yes.dsremoved.ns2.db";
inline-signing yes;
dnssec-policy "insecure";
- checkds yes;
};
/*
file "bad.yes.dsremoved.ns6.db";
inline-signing yes;
dnssec-policy "insecure";
- checkds yes;
};
/*
file "good.yes.dsremoved.ns5-7.db";
inline-signing yes;
dnssec-policy "insecure";
- checkds yes;
};
zone "good.no.dsremoved.ns5-7" {
file "incomplete.yes.dsremoved.ns2-5-7.db";
inline-signing yes;
dnssec-policy "insecure";
- checkds yes;
};
/*
file "bad.yes.dsremoved.ns5-6-7.db";
inline-signing yes;
dnssec-policy "insecure";
- checkds yes;
};
/*
If set to ``yes``, DS queries are sent when a KSK rollover is in progress.
The queries are sent to the servers listed in the parent zone's NS records.
+ This is the default.
If set to ``explicit``, DS queries are sent only to servers explicitly listed
- using :any:`parental-agents`. This is the default.
+ using :any:`parental-agents`.
If set to ``no``, no DS queries are sent. Users should manually run
:option:`rndc dnssec -checkds <rndc dnssec>` with the appropriate parameters
.minrefresh = DNS_ZONE_MINREFRESH,
.maxretry = DNS_ZONE_MAXRETRY,
.minretry = DNS_ZONE_MINRETRY,
- .checkdstype = dns_checkdstype_explicit,
+ .checkdstype = dns_checkdstype_yes,
.notifytype = dns_notifytype_yes,
.zero_no_soa_ttl = true,
.check_names = dns_severity_ignore,
projects / thirdparty / bind9.git / commitdiff
