mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Remove auto-dnssec check

Browse Source 
Remove the check configuration parts related to 'auto-dnssec'.
This commit is contained in:
Matthijs Mekking
2023-07-05 09:42:24 +02:00
parent 10bb8f92a1
commit c75ddc33aa
1 changed files with 1 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
lib/isccfg/check.c
View File

@@ -1503,23 +1503,6 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
} }
} }
/*
* Check auto-dnssec at the view/options level
*/
obj = NULL;
(void)cfg_map_get(options, "auto-dnssec", &obj);
if (obj != NULL) {
const char *arg = cfg_obj_asstring(obj);
if (optlevel != optlevel_zone && strcasecmp(arg, "off") != 0) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"auto-dnssec may only be activated at the "
"zone level");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
}
/* /*
* Check dnssec-must-be-secure. * Check dnssec-must-be-secure.
*/ */
@@ -3404,7 +3387,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
bool signing = false; bool signing = false;
isc_result_t res1, res2, res3; isc_result_t res1, res2, res3;
const cfg_obj_t *au = NULL; const cfg_obj_t *au = NULL;
const char *arg;
obj = NULL; obj = NULL;
res1 = cfg_map_get(zoptions, "allow-update", &au); res1 = cfg_map_get(zoptions, "allow-update", &au);
@@ -3424,7 +3406,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
} }
/* /*
* To determine whether auto-dnssec is allowed, * To determine whether dnssec-policy is allowed,
* we should also check for allow-update at the * we should also check for allow-update at the
* view and options levels. * view and options levels.
*/ */
@@ -3478,39 +3460,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
} }
} }
obj = NULL;
arg = "off";
res3 = cfg_map_get(zoptions, "auto-dnssec", &obj);
if (res3 == ISC_R_SUCCESS) {
arg = cfg_obj_asstring(obj);
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"'auto-dnssec' option is deprecated and "
"will be removed in BIND 9.19. Please "
"migrate to dnssec-policy");
}
if (strcasecmp(arg, "off") != 0) {
if (!ddns && !signing && !has_dnssecpolicy) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'auto-dnssec %s;' requires%s "
"inline-signing to be configured "
"for the zone",
arg,
(ztype == CFG_ZONE_PRIMARY)
? " dynamic DNS or"
: "");
result = ISC_R_FAILURE;
}
if (has_dnssecpolicy) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'auto-dnssec %s;' cannot be "
"configured if dnssec-policy is "
"also set",
arg);
result = ISC_R_FAILURE;
}
}
obj = NULL; obj = NULL;
res1 = cfg_map_get(zoptions, "sig-signing-type", &obj); res1 = cfg_map_get(zoptions, "sig-signing-type", &obj);
if (res1 == ISC_R_SUCCESS) { if (res1 == ISC_R_SUCCESS) {