Add comment on DNSSEC signing zone configuration

author Matthijs Mekking <matthijs@isc.org>

Fri, 17 Jun 2022 08:29:51 +0000 (10:29 +0200)

committer Matthijs Mekking <matthijs@isc.org>

Mon, 20 Jun 2022 09:18:46 +0000 (11:18 +0200)
author Matthijs Mekking <matthijs@isc.org>
Fri, 17 Jun 2022 08:29:51 +0000 (10:29 +0200)
committer Matthijs Mekking <matthijs@isc.org>
Mon, 20 Jun 2022 09:18:46 +0000 (11:18 +0200)
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c

index 349face0bcaac020f78800604be42f811153f473..f3a721dacaf1f9f6c527b5bcc19ffc93b2e9f1d5 100644 (file)
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -1554,6 +1554,10 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
                 RETERR(configure_zone_ssutable(zoptions, mayberaw, zname));
         }
  
+       /*
+        * Configure DNSSEC signing. These apply to primary zones or zones that
+        * use inline-signing (raw != NULL).
+        */
         if (ztype == dns_zone_primary || raw != NULL) {
                 const cfg_obj_t *validity, *resign;
                 bool allow = false, maint = false;
author	Matthijs Mekking <matthijs@isc.org>
	Fri, 17 Jun 2022 08:29:51 +0000 (10:29 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Mon, 20 Jun 2022 09:18:46 +0000 (11:18 +0200)