mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 18:19:42 +00:00
3e49223a67
These two configuration options worked in conjunction with 'auto-dnssec' to determine KSK usage, and thus are now obsoleted. However, in the code we keep KSK processing so that when a zone is reconfigured from using 'dnssec-policy' immediately to 'none' (without going through 'insecure'), the zone is not immediately made bogus. Add one more test case for going straight to none, now with a dynamic zone (no inline-signing).
50 lines
1.3 KiB
C
50 lines
1.3 KiB
C
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <stdbool.h>
|
|
|
|
/*! \file */
|
|
|
|
/*%
|
|
* Types and functions below not be used outside this module and its
|
|
* associated unit tests.
|
|
*/
|
|
|
|
ISC_LANG_BEGINDECLS
|
|
|
|
typedef struct {
|
|
dns_diff_t *diff;
|
|
bool offline;
|
|
} dns__zonediff_t;
|
|
|
|
isc_result_t
|
|
dns__zone_findkeys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
|
|
isc_stdtime_t now, isc_mem_t *mctx, unsigned int maxkeys,
|
|
dst_key_t **keys, unsigned int *nkeys);
|
|
|
|
isc_result_t
|
|
dns__zone_updatesigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
|
|
dst_key_t *zone_keys[], unsigned int nkeys,
|
|
dns_zone_t *zone, isc_stdtime_t inception,
|
|
isc_stdtime_t expire, isc_stdtime_t keyxpire,
|
|
isc_stdtime_t now, dns__zonediff_t *zonediff);
|
|
|
|
isc_result_t
|
|
dns__zone_lookup_nsec3param(dns_zone_t *zone, dns_rdata_nsec3param_t *lookup,
|
|
dns_rdata_nsec3param_t *param,
|
|
unsigned char saltbuf[255], bool resalt);
|
|
|
|
ISC_LANG_ENDDECLS
|