From: Mark Andrews <marka@isc.org>
Date: Thu, 9 Jul 2020 03:35:37 +0000 (+1000)
Subject: Fallback to built in trust-anchors, managed-keys, or trusted-keys
X-Git-Tag: v9.16.6~36^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=0265bd17d5835f7d456dbe480af2ed0e157fe2af;p=thirdparty%2Fbind9.git

Fallback to built in trust-anchors, managed-keys, or trusted-keys

if the bind.keys file cannot be parsed.

(cherry picked from commit d02a14c79580de1888e96f32617d8123be1be060)
---

diff --git a/CHANGES b/CHANGES
index ecd9359d2cc..b6bcc04ee5c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5465.	[func]		Fallback to built in trust-anchors, managed-keys, or
+			trusted-keys if the bindkeys-file (bind.keys) cannot
+			be parsed. [GL #1235]
+
 5464.	[bug]		Specifying saving more than 128 files when rolling
 			dnstap / log files would cause buffer overflow.
 			[GL #1989]
diff --git a/bin/named/server.c b/bin/named/server.c
index c0f9207a21b..43b1e78af71 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8379,7 +8379,14 @@ load_configuration(const char *filename, named_server_t *server,
 
 		result = cfg_parse_file(bindkeys_parser, server->bindkeysfile,
 					&cfg_type_bindkeys, &bindkeys);
-		CHECK(result);
+		if (result != ISC_R_SUCCESS) {
+			isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+				      NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
+				      "unable to parse '%s' error '%s'; using "
+				      "built-in keys instead",
+				      server->bindkeysfile,
+				      isc_result_totext(result));
+		}
 	} else {
 		isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
 			      NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,