mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

Remove remaining auto-dnssec bits

Browse Source 
Remove the remaining bits related to 'auto-dnssec'.
This commit is contained in:
Matthijs Mekking 2023-07-05 09:46:10 +02:00
parent c75ddc33aa
commit d7cc0a9f7b
3 changed files with 7 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bin/named/server.c
View File

@ -12330,8 +12330,7 @@ named_server_rekey(named_server_t *server, isc_lex_t *lex,
keyopts = dns_zone_getkeyopts(zone);
/*
* "rndc loadkeys" requires "auto-dnssec maintain"
* or a "dnssec-policy".
* "rndc loadkeys" requires a "dnssec-policy".
*/
if ((keyopts & DNS_ZONEKEY_ALLOW) == 0) {
result = ISC_R_NOPERM;

16
bin/named/zoneconf.c
View File

@ -1661,28 +1661,12 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
CHECK(dns_zone_setrefreshkeyinterval(zone,
cfg_obj_asuint32(obj)));
obj = NULL;
result = cfg_map_get(zoptions, "auto-dnssec", &obj);
if (kasp != NULL) {
bool s2i = (strcmp(dns_kasp_getname(kasp),
"insecure") != 0);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, true);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, !s2i);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, true);
} else if (result == ISC_R_SUCCESS) {
const char *arg = cfg_obj_asstring(obj);
if (strcasecmp(arg, "allow") == 0) {
allow = true;
} else if (strcasecmp(arg, "maintain") == 0) {
allow = maint = true;
} else if (strcasecmp(arg, "off") == 0) {
/* Default */
} else {
UNREACHABLE();
}
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, false);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint);
}
}

15
bin/rndc/rndc.rst
View File

@ -265,10 +265,9 @@ Currently supported commands are:
immediately re-signed by the new keys, but is allowed to
incrementally re-sign over time.
This command requires that the zone be configured with a ``dnssec-policy``, or
that the ``auto-dnssec`` zone option be set to ``maintain``, and also requires the
zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in
the Administrator Reference Manual for more details.)
This command requires that the zone be configured with a ``dnssec-policy``, and
also requires the zone to be configured to allow dynamic DNS. (See "Dynamic
Update Policies" in the Administrator Reference Manual for more details.)
.. option:: managed-keys (status | refresh | sync | destroy) [class [view]]
@ -504,11 +503,9 @@ Currently supported commands are:
the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the
zone is automatically re-signed with the new key set.
This command requires that the zone be configured with a ``dnssec-policy``, or
that the ``auto-dnssec`` zone option be set to ``allow`` or ``maintain``,
and also requires the zone to be configured to allow dynamic DNS. (See
"Dynamic Update Policies" in the BIND 9 Administrator Reference Manual for more
details.)
This command requires that the zone be configured with a ``dnssec-policy``, and
also requires the zone to be configured to allow dynamic DNS. (See "Dynamic
Update Policies" in the Administrator Reference Manual for more details.)
See also :option:`rndc loadkeys`.