mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Add purge-keys config option

Browse Source 
Add a new option 'purge-keys' to 'dnssec-policy' that will purge key
files for deleted keys. The option determines how long key files
should be retained prior to removing the corresponding files from
disk.

If set to 0, the option is disabled and 'named' will not remove key
files from disk.
This commit is contained in:
Matthijs Mekking
2021-02-08 12:02:19 +01:00
parent d4cb312555
commit 313de3a7e2
15 changed files with 75 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/dns/kasp.c
View File

@@ -53,6 +53,7 @@ dns_kasp_create(isc_mem_t *mctx, const char *name, dns_kasp_t **kaspp) {
kasp->dnskey_ttl = DNS_KASP_KEY_TTL;
kasp->publish_safety = DNS_KASP_PUBLISH_SAFETY;
kasp->retire_safety = DNS_KASP_RETIRE_SAFETY;
kasp->purge_keys = DNS_KASP_PURGE_KEYS;
kasp->zone_max_ttl = DNS_KASP_ZONE_MAXTTL;
kasp->zone_propagation_delay = DNS_KASP_ZONE_PROPDELAY;
@@ -203,6 +204,22 @@ dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
kasp->dnskey_ttl = ttl;
}
uint32_t
dns_kasp_purgekeys(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(kasp->frozen);
return (kasp->purge_keys);
}
void
dns_kasp_setpurgekeys(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->purge_keys = value;
}
uint32_t
dns_kasp_publishsafety(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));