From: Mark Andrews Date: Thu, 21 Oct 2021 05:30:35 +0000 (+1100) Subject: Restore 'synth-from-dnssec yes;' as the default X-Git-Tag: v9.17.21~5^2~23 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=90dbdb2cb5b350862504a3097ddc58d18d3b2c06;p=thirdparty%2Fbind9.git Restore 'synth-from-dnssec yes;' as the default --- diff --git a/bin/named/config.c b/bin/named/config.c index f023c48ce78..6a8fc599fb7 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -190,7 +190,7 @@ options {\n\ stale-answer-ttl 30; /* 30 seconds */\n\ stale-cache-enable false;\n\ stale-refresh-time 30; /* 30 seconds */\n\ - synth-from-dnssec no;\n\ + synth-from-dnssec yes;\n\ # topology \n\ transfer-format many-answers;\n\ v6-bias 50;\n\ diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh index badeeb14bb0..4b4ea83b56e 100644 --- a/bin/tests/system/synthfromdnssec/tests.sh +++ b/bin/tests/system/synthfromdnssec/tests.sh @@ -16,6 +16,7 @@ set -e status=0 n=1 +synth_default=yes rm -f dig.out.* @@ -217,7 +218,7 @@ sleep 1 for ns in 2 4 5 6 do case $ns in - 2) ad=yes synth=no description="";; + 2) ad=yes synth=${synth_default} description="";; 4) ad=yes synth=no description="no";; 5) ad=yes synth=yes description="yes";; 6) ad=no synth=no description="yes; dnssec-validation no";; @@ -412,7 +413,6 @@ n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) - echo_i "check DNAME handling (synth-from-dnssec yes;) ($n)" ret=0 dig_with_opts dnamed.example. ns @10.53.0.5 > dig.out.ns5.test$n || ret=1 diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 3db804154c7..d46ae8f4cb8 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -2240,8 +2240,7 @@ Boolean Options ``synth-from-dnssec`` This option synthesizes answers from cached NSEC, NSEC3, and other RRsets that have been - proved to be correct using DNSSEC. The default is ``no``, but it will become - ``yes`` again in future releases. + proved to be correct using DNSSEC. The default is ``yes``. .. note:: DNSSEC validation must be enabled for this option to be effective. This initial implementation only covers synthesis of answers from