mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Do not flush the cache for rndc validation status

Browse Source 
And add a note to the man page that `rndc validation` flushes the
cache when the validation state is changed. (It is necessary to flush
the cache when turning on validation, to avoid continuing to use
cryptographically invalid data. It is probably wise to flush the cache
when turning off validation to recover from lameness problems.)
This commit is contained in:
Tony Finch
2019-10-15 15:12:29 +01:00
committed by Ondřej Surý
parent de368cdf1c
commit b612e38af1
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/named/server.c
View File

@@ -11081,9 +11081,9 @@ named_server_validation(named_server_t *server, isc_lex_t *lex,
if ((ptr != NULL && strcasecmp(ptr, view->name) != 0)
|| strcasecmp("_bind", view->name) == 0)
continue;
CHECK(dns_view_flushcache(view, false));
if (set) {
CHECK(dns_view_flushcache(view, false));
view->enablevalidation = enable;
changed = true;
} else {

2
bin/rndc/rndc.docbook
View File

@@ -1078,6 +1078,8 @@
<para>
Enable, disable, or check the current status of
DNSSEC validation. By default, validation is enabled.
The cache is flushed when validation is turned on or off
to avoid using data that might differ between states.
</para>
</listitem>
</varlistentry>