mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

Don't sign the raw zone

Browse Source 
The raw zone is not supposed to be signed.  DNSKEY records in a raw zone
should not trigger zone signing.  The update code needs to be able to
identify when it is working on a raw zone.  Add dns_zone_israw() and
dns_zone_issecure() enable it to do this. Also, we need to check the
case for 'auto-dnssec maintain'.
This commit is contained in:
Mark Andrews
2022-10-12 17:01:57 +11:00
committed by Matthijs Mekking
parent 508c60ad90
commit d24297343f
3 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/dns/zone.c
View File

@@ -22189,6 +22189,26 @@ dns_zone_getraw(dns_zone_t *zone, dns_zone_t **raw) {
UNLOCK(&zone->lock);
}
bool
dns_zone_israw(dns_zone_t *zone) {
bool israw;
REQUIRE(DNS_ZONE_VALID(zone));
LOCK(&zone->lock);
israw = zone->secure != NULL;
UNLOCK(&zone->lock);
return (israw);
}
bool
dns_zone_issecure(dns_zone_t *zone) {
bool issecure;
REQUIRE(DNS_ZONE_VALID(zone));
LOCK(&zone->lock);
issecure = zone->raw != NULL;
UNLOCK(&zone->lock);
return (issecure);
}
struct keydone {
bool all;
unsigned char data[5];