upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 04:09:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

don't create managed-keys zone unless dnssec-validation is "auto"

Browse source 
previously, a managed-keys zone was created for every view
regardless of whether rfc5011 was in use; when it was not in
use, the zone would be left empty. this made for some confusing
log messages.

we now only set up the managed-keys zone if dnssec-validation is
set to the default value of "auto".

certain system test servers have had their dnssec-validation settings
changed to auto because the tests depended on the existence of the
zone.
This commit is contained in:
Evan Hunt 2022-05-13 20:55:23 -07:00
parent 9a13884aaf
commit 3e0d9bd6d2
6 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bin/named/server.c
View file

@ -1200,7 +1200,9 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
}
}
CHECK(add_keydata_zone(view, directory, named_g_mctx));
if (auto_root) {
CHECK(add_keydata_zone(view, directory, named_g_mctx));
}
cleanup:
return (result);

2
bin/tests/system/journal/ns1/named.conf.in
View file

@ -20,7 +20,7 @@ options {
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
dnssec-validation yes;
dnssec-validation auto;
minimal-responses no;
recursion no;
notify yes;

2
bin/tests/system/journal/ns2/named.conf.in
View file

@ -20,7 +20,7 @@ options {
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
dnssec-validation yes;
dnssec-validation auto;
minimal-responses no;
recursion no;
notify yes;

2
bin/tests/system/mkeys/ns3/named.conf.in
View file

@ -23,7 +23,7 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-validation yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
trust-anchor-telemetry no;
};

2
bin/tests/system/mkeys/ns6/named.conf.in
View file

@ -23,7 +23,7 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-validation yes;
dnssec-validation auto;
trust-anchor-telemetry no;
};

2
bin/tests/system/rndc/tests.sh
View file

@ -429,7 +429,7 @@ n=$((n+1))
echo_i "testing automatic zones are reported ($n)"
ret=0
$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n || ret=1
grep "number of zones: 201 (198 automatic)" rndc.out.1.test$n > /dev/null || ret=1
grep "number of zones: 199 (198 automatic)" rndc.out.1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))