mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 06:25:31 +00:00
Remove remaining auto-dnssec bits
Remove the remaining bits related to 'auto-dnssec'.
This commit is contained in:
@@ -12330,8 +12330,7 @@ named_server_rekey(named_server_t *server, isc_lex_t *lex,
|
|||||||
keyopts = dns_zone_getkeyopts(zone);
|
keyopts = dns_zone_getkeyopts(zone);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* "rndc loadkeys" requires "auto-dnssec maintain"
|
* "rndc loadkeys" requires a "dnssec-policy".
|
||||||
* or a "dnssec-policy".
|
|
||||||
*/
|
*/
|
||||||
if ((keyopts & DNS_ZONEKEY_ALLOW) == 0) {
|
if ((keyopts & DNS_ZONEKEY_ALLOW) == 0) {
|
||||||
result = ISC_R_NOPERM;
|
result = ISC_R_NOPERM;
|
||||||
|
@@ -1661,28 +1661,12 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
|||||||
CHECK(dns_zone_setrefreshkeyinterval(zone,
|
CHECK(dns_zone_setrefreshkeyinterval(zone,
|
||||||
cfg_obj_asuint32(obj)));
|
cfg_obj_asuint32(obj)));
|
||||||
|
|
||||||
obj = NULL;
|
|
||||||
result = cfg_map_get(zoptions, "auto-dnssec", &obj);
|
|
||||||
if (kasp != NULL) {
|
if (kasp != NULL) {
|
||||||
bool s2i = (strcmp(dns_kasp_getname(kasp),
|
bool s2i = (strcmp(dns_kasp_getname(kasp),
|
||||||
"insecure") != 0);
|
"insecure") != 0);
|
||||||
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, true);
|
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, true);
|
||||||
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, !s2i);
|
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, !s2i);
|
||||||
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, true);
|
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, true);
|
||||||
} else if (result == ISC_R_SUCCESS) {
|
|
||||||
const char *arg = cfg_obj_asstring(obj);
|
|
||||||
if (strcasecmp(arg, "allow") == 0) {
|
|
||||||
allow = true;
|
|
||||||
} else if (strcasecmp(arg, "maintain") == 0) {
|
|
||||||
allow = maint = true;
|
|
||||||
} else if (strcasecmp(arg, "off") == 0) {
|
|
||||||
/* Default */
|
|
||||||
} else {
|
|
||||||
UNREACHABLE();
|
|
||||||
}
|
|
||||||
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow);
|
|
||||||
dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, false);
|
|
||||||
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -265,10 +265,9 @@ Currently supported commands are:
|
|||||||
immediately re-signed by the new keys, but is allowed to
|
immediately re-signed by the new keys, but is allowed to
|
||||||
incrementally re-sign over time.
|
incrementally re-sign over time.
|
||||||
|
|
||||||
This command requires that the zone be configured with a ``dnssec-policy``, or
|
This command requires that the zone be configured with a ``dnssec-policy``, and
|
||||||
that the ``auto-dnssec`` zone option be set to ``maintain``, and also requires the
|
also requires the zone to be configured to allow dynamic DNS. (See "Dynamic
|
||||||
zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in
|
Update Policies" in the Administrator Reference Manual for more details.)
|
||||||
the Administrator Reference Manual for more details.)
|
|
||||||
|
|
||||||
.. option:: managed-keys (status | refresh | sync | destroy) [class [view]]
|
.. option:: managed-keys (status | refresh | sync | destroy) [class [view]]
|
||||||
|
|
||||||
@@ -504,11 +503,9 @@ Currently supported commands are:
|
|||||||
the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the
|
the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the
|
||||||
zone is automatically re-signed with the new key set.
|
zone is automatically re-signed with the new key set.
|
||||||
|
|
||||||
This command requires that the zone be configured with a ``dnssec-policy``, or
|
This command requires that the zone be configured with a ``dnssec-policy``, and
|
||||||
that the ``auto-dnssec`` zone option be set to ``allow`` or ``maintain``,
|
also requires the zone to be configured to allow dynamic DNS. (See "Dynamic
|
||||||
and also requires the zone to be configured to allow dynamic DNS. (See
|
Update Policies" in the Administrator Reference Manual for more details.)
|
||||||
"Dynamic Update Policies" in the BIND 9 Administrator Reference Manual for more
|
|
||||||
details.)
|
|
||||||
|
|
||||||
See also :option:`rndc loadkeys`.
|
See also :option:`rndc loadkeys`.
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user