\n\
dnssec-policy \"insecure\" {\n\
keys { };\n\
-\n\
- dnskey-ttl " DNS_KASP_KEY_TTL "; \n\
- publish-safety " DNS_KASP_PUBLISH_SAFETY "; \n\
- retire-safety " DNS_KASP_RETIRE_SAFETY "; \n\
- purge-keys " DNS_KASP_PURGE_KEYS "; \n\
- signatures-refresh " DNS_KASP_SIG_REFRESH "; \n\
- signatures-validity " DNS_KASP_SIG_VALIDITY "; \n\
- signatures-validity-dnskey " DNS_KASP_SIG_VALIDITY_DNSKEY "; \n\
- max-zone-ttl " DNS_KASP_ZONE_MAXTTL "; \n\
- zone-propagation-delay " DNS_KASP_ZONE_PROPDELAY "; \n\
- parent-ds-ttl " DNS_KASP_DS_TTL "; \n\
- parent-propagation-delay " DNS_KASP_PARENT_PROPDELAY "; \n\
};\n\
\n\
"
element = cfg_list_next(element))
{
cfg_obj_t *kconfig = cfg_listelt_value(element);
+
kasp = NULL;
- CHECK(cfg_kasp_fromconfig(kconfig, NULL, named_g_mctx,
+ CHECK(cfg_kasp_fromconfig(kconfig, default_kasp, named_g_mctx,
named_g_lctx, &kasplist, &kasp));
INSIST(kasp != NULL);
dns_kasp_freeze(kasp);
- if (strcmp(dns_kasp_getname(kasp), "default") == 0) {
+
+ /* Insist that the first built-in policy is the default one. */
+ if (default_kasp == NULL) {
+ INSIST(strcmp(dns_kasp_getname(kasp), "default") == 0);
dns_kasp_attach(kasp, &default_kasp);
}
+
dns_kasp_detach(&kasp);
}
INSIST(default_kasp != NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
- } else if (default_kasp && strcmp(kaspname, "insecure") != 0) {
+ } else if (default_kasp) {
dns_kasp_key_t *key, *new_key;
-
/*
* If there are no specific keys configured in the policy,
* inherit from the default policy (except for the built-in
projects / thirdparty / bind9.git / commitdiff
