zone "example1" {
type primary;
file "xxx";
+ inline-signing no;
update-policy local;
max-ixfr-ratio 20%;
notify-source 10.10.10.10 port 53 dscp 55;
zone "example1" {
type primary;
file "zzz";
+ inline-signing no;
update-policy local;
zone-statistics yes;
};
zone "dnssec" {
type primary;
file "file";
+ inline-signing no;
allow-update {
"any";
};
fi
status=$((status + ret))
+n=$((n + 1))
+echo_i "check that using dnssec-policy generates a warning for dynamic zones wrt inline-signing ($n)"
+ret=0
+$CHECKCONF warn-kasp-ddns-inline-signing-no.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "'inline-signing' default changed to 'yes' in 9\.20\." <checkconf.out$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$((status + ret))
+
n=$((n + 1))
echo_i "check obsolete options generate warnings ($n)"
ret=0
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * The dnssec-policy is not defined. Should also be caught if it is inherited.
+ */
+
+options {
+ dnssec-policy default;
+};
+
+zone "example.net" {
+ type primary;
+ file "example.db";
+ allow-update { any; };
+};
: "");
result = ISC_R_FAILURE;
}
+ if (ddns && res1 != ISC_R_SUCCESS) {
+ cfg_obj_log(
+ zconfig, logctx, ISC_LOG_WARNING,
+ "'inline-signing' default changed "
+ "to 'yes' in 9.20. Before upgrading, "
+ "explicitly set 'inline-signing "
+ "no;' to your dnssec-policy or "
+ "zone configuration");
+ }
}
obj = NULL;
projects / thirdparty / bind9.git / commitdiff
