mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-26 12:08:05 +00:00
Code Issues Releases Wiki Activity
bind/doc/design/cds-child
Ondřej Surý 58bd26b6cf Update the copyright information in all files in the repository 
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.
2022-01-11 09:05:02 +01:00

64 lines
2.4 KiB
Plaintext
Raw Blame History

<!--
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
SPDX-License-Identifier: MPL-2.0
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
-->
CDS / CDNSKEY Child side processing.
* We need a mechanism to say that key should have a cds publish
start/end dates.
* We need a mechanism to say that key should have a cdnskey publish
start/end dates
- update dnssec-settime, dnssec-keygen, dnssec-keyfromlabel
- update K* files
* dnssec-signzone should add cds and/or cdnskey to zone apex iff the
DNSKEY is published and is signing the DNSKEY RRset. CDS and CDNSKEY
records are only removed if there is a deletion date set (implicit on
matching DNSKEY going inactive / unpublished or explicit).
Non-matching CDS and CDNSKEY are removed.
* auto-dnssec maintain should cds and/or cdnskey to zone apex iff the
DNSKEY is published and is signing the DNSKEY RRset. CDS and CDNSKEY
records are only removed if there is a deletion date set (implicit on
matching DNSKEY going inactive / unpublished or explicit).
* UPDATE should check that CDS and CDNSKEY match a active DNSKEY that
is signing the DNSKEY RRset and ignore otherwise. This should be
done after all the update section records have been processed.
? how will this tie in with CDS/CDNSKEY sanity checks? Only on fail?
* UPDATE should remove CDS and CDNSKEY records that match a DNSKEY
that is being removed. This should be done after all the update
section records have been processed.
? how will this tie in with CDS/CDNSKEY sanity checks? Only on fail?
* Zone loading should perform sanity checks on CDS and CDNSKEY
records against the DNSKEY records. This will flow through into
dnssec-checkzone and "dnssec-checkconf -z". ignore/warn/fail
* rndc add the ability to say generate CDS / CDNSKEY along with a key list /
all / all SEP
* rndc add the ability to say remove CDS / CDNSKEY.
* inline zones need to check CDS and CDNSKEY records in the raw zone and
filter non matching.
* CDS and CDNSKEY must be signed by a DNSKEY which matches parent DS record.
This is is different to how non DNSKEY RRsets are usually signed
RFC 7344, 4.1.
Reference in New Issue View Git Blame Copy Permalink