From d7cc0a9f7b8e456359cb304a519b3b74b243dbca Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Wed, 5 Jul 2023 09:46:10 +0200 Subject: [PATCH] Remove remaining auto-dnssec bits Remove the remaining bits related to 'auto-dnssec'. --- bin/named/server.c | 3 +-- bin/named/zoneconf.c | 16 ---------------- bin/rndc/rndc.rst | 15 ++++++--------- 3 files changed, 7 insertions(+), 27 deletions(-) diff --git a/bin/named/server.c b/bin/named/server.c index 130175bcff..c8e5b76f75 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -12330,8 +12330,7 @@ named_server_rekey(named_server_t *server, isc_lex_t *lex, keyopts = dns_zone_getkeyopts(zone); /* - * "rndc loadkeys" requires "auto-dnssec maintain" - * or a "dnssec-policy". + * "rndc loadkeys" requires a "dnssec-policy". */ if ((keyopts & DNS_ZONEKEY_ALLOW) == 0) { result = ISC_R_NOPERM; diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 867be2369c..ca29ebdc48 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1661,28 +1661,12 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, CHECK(dns_zone_setrefreshkeyinterval(zone, cfg_obj_asuint32(obj))); - obj = NULL; - result = cfg_map_get(zoptions, "auto-dnssec", &obj); if (kasp != NULL) { bool s2i = (strcmp(dns_kasp_getname(kasp), "insecure") != 0); dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, true); dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, !s2i); dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, true); - } else if (result == ISC_R_SUCCESS) { - const char *arg = cfg_obj_asstring(obj); - if (strcasecmp(arg, "allow") == 0) { - allow = true; - } else if (strcasecmp(arg, "maintain") == 0) { - allow = maint = true; - } else if (strcasecmp(arg, "off") == 0) { - /* Default */ - } else { - UNREACHABLE(); - } - dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow); - dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, false); - dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint); } } diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst index 97088579f7..db43974a4b 100644 --- a/bin/rndc/rndc.rst +++ b/bin/rndc/rndc.rst @@ -265,10 +265,9 @@ Currently supported commands are: immediately re-signed by the new keys, but is allowed to incrementally re-sign over time. - This command requires that the zone be configured with a ``dnssec-policy``, or - that the ``auto-dnssec`` zone option be set to ``maintain``, and also requires the - zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in - the Administrator Reference Manual for more details.) + This command requires that the zone be configured with a ``dnssec-policy``, and + also requires the zone to be configured to allow dynamic DNS. (See "Dynamic + Update Policies" in the Administrator Reference Manual for more details.) .. option:: managed-keys (status | refresh | sync | destroy) [class [view]] @@ -504,11 +503,9 @@ Currently supported commands are: the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the zone is automatically re-signed with the new key set. - This command requires that the zone be configured with a ``dnssec-policy``, or - that the ``auto-dnssec`` zone option be set to ``allow`` or ``maintain``, - and also requires the zone to be configured to allow dynamic DNS. (See - "Dynamic Update Policies" in the BIND 9 Administrator Reference Manual for more - details.) + This command requires that the zone be configured with a ``dnssec-policy``, and + also requires the zone to be configured to allow dynamic DNS. (See "Dynamic + Update Policies" in the Administrator Reference Manual for more details.) See also :option:`rndc loadkeys`.