Remove the remaining bits related to 'auto-dnssec'.
keyopts = dns_zone_getkeyopts(zone);
/*
- * "rndc loadkeys" requires "auto-dnssec maintain"
- * or a "dnssec-policy".
+ * "rndc loadkeys" requires a "dnssec-policy".
*/
if ((keyopts & DNS_ZONEKEY_ALLOW) == 0) {
result = ISC_R_NOPERM;
CHECK(dns_zone_setrefreshkeyinterval(zone,
cfg_obj_asuint32(obj)));
- obj = NULL;
- result = cfg_map_get(zoptions, "auto-dnssec", &obj);
if (kasp != NULL) {
bool s2i = (strcmp(dns_kasp_getname(kasp),
"insecure") != 0);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, true);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, !s2i);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, true);
- } else if (result == ISC_R_SUCCESS) {
- const char *arg = cfg_obj_asstring(obj);
- if (strcasecmp(arg, "allow") == 0) {
- allow = true;
- } else if (strcasecmp(arg, "maintain") == 0) {
- allow = maint = true;
- } else if (strcasecmp(arg, "off") == 0) {
- /* Default */
- } else {
- UNREACHABLE();
- }
- dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow);
- dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, false);
- dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint);
}
}
immediately re-signed by the new keys, but is allowed to
incrementally re-sign over time.
- This command requires that the zone be configured with a ``dnssec-policy``, or
- that the ``auto-dnssec`` zone option be set to ``maintain``, and also requires the
- zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in
- the Administrator Reference Manual for more details.)
+ This command requires that the zone be configured with a ``dnssec-policy``, and
+ also requires the zone to be configured to allow dynamic DNS. (See "Dynamic
+ Update Policies" in the Administrator Reference Manual for more details.)
.. option:: managed-keys (status | refresh | sync | destroy) [class [view]]
the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the
zone is automatically re-signed with the new key set.
- This command requires that the zone be configured with a ``dnssec-policy``, or
- that the ``auto-dnssec`` zone option be set to ``allow`` or ``maintain``,
- and also requires the zone to be configured to allow dynamic DNS. (See
- "Dynamic Update Policies" in the BIND 9 Administrator Reference Manual for more
- details.)
+ This command requires that the zone be configured with a ``dnssec-policy``, and
+ also requires the zone to be configured to allow dynamic DNS. (See "Dynamic
+ Update Policies" in the Administrator Reference Manual for more details.)
See also :option:`rndc loadkeys`.
projects / thirdparty / bind9.git / commitdiff
