mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Remove remaining auto-dnssec bits

Browse Source 
Remove the remaining bits related to 'auto-dnssec'.
This commit is contained in:
Matthijs Mekking
2023-07-05 09:46:10 +02:00
parent c75ddc33aa
commit d7cc0a9f7b
3 changed files with 7 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/named/server.c
View File

@@ -12330,8 +12330,7 @@ named_server_rekey(named_server_t *server, isc_lex_t *lex,
keyopts = dns_zone_getkeyopts(zone); keyopts = dns_zone_getkeyopts(zone);
/* /*
* "rndc loadkeys" requires "auto-dnssec maintain" * "rndc loadkeys" requires a "dnssec-policy".
* or a "dnssec-policy".
*/ */
if ((keyopts & DNS_ZONEKEY_ALLOW) == 0) { if ((keyopts & DNS_ZONEKEY_ALLOW) == 0) {
result = ISC_R_NOPERM; result = ISC_R_NOPERM;

16
bin/named/zoneconf.c
View File

@@ -1661,28 +1661,12 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
CHECK(dns_zone_setrefreshkeyinterval(zone, CHECK(dns_zone_setrefreshkeyinterval(zone,
cfg_obj_asuint32(obj))); cfg_obj_asuint32(obj)));
obj = NULL;
result = cfg_map_get(zoptions, "auto-dnssec", &obj);
if (kasp != NULL) { if (kasp != NULL) {
bool s2i = (strcmp(dns_kasp_getname(kasp), bool s2i = (strcmp(dns_kasp_getname(kasp),
"insecure") != 0); "insecure") != 0);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, true); dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, true);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, !s2i); dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, !s2i);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, true); dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, true);
} else if (result == ISC_R_SUCCESS) {
const char *arg = cfg_obj_asstring(obj);
if (strcasecmp(arg, "allow") == 0) {
allow = true;
} else if (strcasecmp(arg, "maintain") == 0) {
allow = maint = true;
} else if (strcasecmp(arg, "off") == 0) {
/* Default */
} else {
UNREACHABLE();
}
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, false);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint);
} }
} }

15
bin/rndc/rndc.rst
View File

@@ -265,10 +265,9 @@ Currently supported commands are:
immediately re-signed by the new keys, but is allowed to immediately re-signed by the new keys, but is allowed to
incrementally re-sign over time. incrementally re-sign over time.
This command requires that the zone be configured with a ``dnssec-policy``, or This command requires that the zone be configured with a ``dnssec-policy``, and
that the ``auto-dnssec`` zone option be set to ``maintain``, and also requires the also requires the zone to be configured to allow dynamic DNS. (See "Dynamic
zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in Update Policies" in the Administrator Reference Manual for more details.)
the Administrator Reference Manual for more details.)
.. option:: managed-keys (status | refresh | sync | destroy) [class [view]] .. option:: managed-keys (status | refresh | sync | destroy) [class [view]]
@@ -504,11 +503,9 @@ Currently supported commands are:
the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the
zone is automatically re-signed with the new key set. zone is automatically re-signed with the new key set.
This command requires that the zone be configured with a ``dnssec-policy``, or This command requires that the zone be configured with a ``dnssec-policy``, and
that the ``auto-dnssec`` zone option be set to ``allow`` or ``maintain``, also requires the zone to be configured to allow dynamic DNS. (See "Dynamic
and also requires the zone to be configured to allow dynamic DNS. (See Update Policies" in the Administrator Reference Manual for more details.)
"Dynamic Update Policies" in the BIND 9 Administrator Reference Manual for more
details.)
See also :option:`rndc loadkeys`. See also :option:`rndc loadkeys`.