upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch '3349-managed-keys' into 'main'

Browse source 
don't create managed-keys zone unless dnssec-validation is "auto"

Closes #3349

See merge request isc-projects/bind9!6306
This commit is contained in:
Evan Hunt 2022-05-31 18:18:13 +00:00
commit 728ea7cce5
7 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
5897. [bug] Views that weren't configured to use RFC 5011 key
management would still set up an empty managed-keys
zone. This has been fixed. [GL #3349]
5896. [func] Add some more dnssec-policy checks to detect weird
policies. [GL #1611]

4
bin/named/server.c
View file

@ -1200,7 +1200,9 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
}
}
CHECK(add_keydata_zone(view, directory, named_g_mctx));
if (auto_root) {
CHECK(add_keydata_zone(view, directory, named_g_mctx));
}
cleanup:
return (result);

2
bin/tests/system/journal/ns1/named.conf.in
View file

@ -20,7 +20,7 @@ options {
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
dnssec-validation yes;
dnssec-validation auto;
minimal-responses no;
recursion no;
notify yes;

2
bin/tests/system/journal/ns2/named.conf.in
View file

@ -20,7 +20,7 @@ options {
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
dnssec-validation yes;
dnssec-validation auto;
minimal-responses no;
recursion no;
notify yes;

2
bin/tests/system/mkeys/ns3/named.conf.in
View file

@ -23,7 +23,7 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-validation yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
trust-anchor-telemetry no;
};

2
bin/tests/system/mkeys/ns6/named.conf.in
View file

@ -23,7 +23,7 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-validation yes;
dnssec-validation auto;
trust-anchor-telemetry no;
};

2
bin/tests/system/rndc/tests.sh
View file

@ -429,7 +429,7 @@ n=$((n+1))
echo_i "testing automatic zones are reported ($n)"
ret=0
$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n || ret=1
grep "number of zones: 201 (198 automatic)" rndc.out.1.test$n > /dev/null || ret=1
grep "number of zones: 199 (198 automatic)" rndc.out.1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))