mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 11:19:59 -04:00
Obsolete sig-validity-interval dnskey-sig-validity
These two configuration options worked in conjunction with 'auto-dnssec' to set the signature validity, and thus are now obsoleted.
This commit is contained in:
Matthijs Mekking
parent
d7cc0a9f7b
commit
88a687106f
17 changed files with 23 additions and 237 deletions
|
|
@ -240,8 +240,6 @@ options {\n\
|
|||
sig-signing-nodes 100;\n\
|
||||
sig-signing-signatures 10;\n\
|
||||
sig-signing-type 65534;\n\
|
||||
sig-validity-interval 30; /* days */\n\
|
||||
dnskey-sig-validity 0; /* default: sig-validity-interval */\n\
|
||||
transfer-source *;\n\
|
||||
transfer-source-v6 *;\n\
|
||||
try-tcp-refresh yes; /* BIND 8 compat */\n\
|
||||
|
|
|
|||
|
|
@ -905,7 +905,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
|||
dns_stats_t *rcvquerystats;
|
||||
dns_stats_t *dnssecsignstats;
|
||||
dns_zonestat_level_t statlevel = dns_zonestat_none;
|
||||
int seconds;
|
||||
dns_ttl_t maxttl = 0; /* unlimited */
|
||||
dns_zone_t *mayberaw = (raw != NULL) ? raw : zone;
|
||||
bool transferinsecs = ns_server_getoption(named_g_server->sctx,
|
||||
|
|
@ -1547,11 +1546,9 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
|||
* use inline-signing (raw != NULL).
|
||||
*/
|
||||
if (ztype == dns_zone_primary || raw != NULL) {
|
||||
const cfg_obj_t *validity, *resign;
|
||||
bool allow = false, maint = false;
|
||||
bool sigvalinsecs;
|
||||
|
||||
if (use_kasp) {
|
||||
int seconds;
|
||||
|
||||
if (dns_kasp_nsec3(kasp)) {
|
||||
result = dns_zone_setnsec3param(
|
||||
zone, 1, dns_kasp_nsec3flags(kasp),
|
||||
|
|
@ -1563,53 +1560,15 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
|||
zone, 0, 0, 0, 0, NULL, true, false);
|
||||
}
|
||||
INSIST(result == ISC_R_SUCCESS);
|
||||
}
|
||||
|
||||
if (use_kasp) {
|
||||
seconds = (uint32_t)dns_kasp_sigvalidity_dnskey(kasp);
|
||||
} else {
|
||||
obj = NULL;
|
||||
result = named_config_get(maps, "dnskey-sig-validity",
|
||||
&obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
seconds = cfg_obj_asuint32(obj) * 86400;
|
||||
}
|
||||
dns_zone_setkeyvalidityinterval(zone, seconds);
|
||||
dns_zone_setkeyvalidityinterval(zone, seconds);
|
||||
|
||||
if (use_kasp) {
|
||||
seconds = (uint32_t)dns_kasp_sigvalidity(kasp);
|
||||
dns_zone_setsigvalidityinterval(zone, seconds);
|
||||
|
||||
seconds = (uint32_t)dns_kasp_sigrefresh(kasp);
|
||||
dns_zone_setsigresigninginterval(zone, seconds);
|
||||
} else {
|
||||
obj = NULL;
|
||||
result = named_config_get(maps, "sig-validity-interval",
|
||||
&obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
|
||||
sigvalinsecs = ns_server_getoption(
|
||||
named_g_server->sctx, NS_SERVER_SIGVALINSECS);
|
||||
validity = cfg_tuple_get(obj, "validity");
|
||||
seconds = cfg_obj_asuint32(validity);
|
||||
if (!sigvalinsecs) {
|
||||
seconds *= 86400;
|
||||
}
|
||||
dns_zone_setsigvalidityinterval(zone, seconds);
|
||||
|
||||
resign = cfg_tuple_get(obj, "re-sign");
|
||||
if (cfg_obj_isvoid(resign)) {
|
||||
seconds /= 4;
|
||||
} else if (!sigvalinsecs) {
|
||||
uint32_t r = cfg_obj_asuint32(resign);
|
||||
if (seconds > 7 * 86400) {
|
||||
seconds = r * 86400;
|
||||
} else {
|
||||
seconds = r * 3600;
|
||||
}
|
||||
} else {
|
||||
seconds = cfg_obj_asuint32(resign);
|
||||
}
|
||||
dns_zone_setsigresigninginterval(zone, seconds);
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ checkjitter () {
|
|||
|
||||
_count=0
|
||||
# Check if we have at least 4 days
|
||||
# This number has been tuned for `sig-validity-interval 10 2`, as
|
||||
# This number has been tuned for `signatures-validity 10d; signatures-refresh 2d`, as
|
||||
# 1 signature expiration dates should be spread out across at most 8 (10-2) days
|
||||
# 2. we remove first and last day to remove frequency outlier, we are left with 6 (8-2) days
|
||||
# 3. we subtract two more days to allow test pass on day boundaries, etc. leaving us with 4 (6-2)
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
dnskey-sig-validity 5000; /* maximum value 10 years, this is 14 */
|
||||
};
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
sig-validity-interval 5000;
|
||||
};
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
dnskey-sig-validity 3660; /* maximum value 10 years */
|
||||
};
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
dnskey-sig-validity 0; /* 0 is disabled */
|
||||
};
|
||||
|
|
@ -17,10 +17,8 @@ zone "nsec3.net" {
|
|||
type primary;
|
||||
file "nsec3.db";
|
||||
dnssec-policy "test";
|
||||
dnskey-sig-validity 3600;
|
||||
dnssec-dnskey-kskonly yes;
|
||||
dnssec-update-mode maintain;
|
||||
inline-signing no;
|
||||
sig-validity-interval 3600;
|
||||
update-check-ksk yes;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -490,11 +490,10 @@ echo_i "checking named-checkconf kasp errors ($n)"
|
|||
ret=0
|
||||
$CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1
|
||||
grep "'inline-signing yes;' must also be configured explicitly for zones using dnssec-policy without a configured 'allow-update' or 'update-policy'" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "dnskey-sig-validity: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "dnssec-dnskey-kskonly: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "sig-validity-interval: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "update-check-ksk: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
if [ $ret -ne 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
|
|
|
|||
|
|
@ -570,7 +570,7 @@ kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone"
|
|||
zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
|
||||
#
|
||||
# A zone which will change its sig-validity-interval
|
||||
# A zone which will change its signatures-validity
|
||||
#
|
||||
zone=siginterval.example
|
||||
infile=siginterval.example.db.in
|
||||
|
|
|
|||
|
|
@ -4345,9 +4345,9 @@ n=$((n+1))
|
|||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
echo_i "checking sig-validity-interval second field hours vs days ($n)"
|
||||
echo_i "checking signatures-validity second field hours vs days ($n)"
|
||||
ret=0
|
||||
# zone configured with 'sig-validity-interval 500 499;'
|
||||
# zone configured with 'signatures-validity 500 499;'
|
||||
# 499 days in the future w/ a 20 minute runtime to now allowance
|
||||
min=$(TZ=UTC $PERL -e '@lt=localtime(time() + 499*3600*24 - 20*60); printf "%.4d%0.2d%0.2d%0.2d%0.2d%0.2d\n",$lt[5]+1900,$lt[4]+1,$lt[3],$lt[2],$lt[1],$lt[0];')
|
||||
dig_with_opts @10.53.0.2 hours-vs-days AXFR > dig.out.ns2.test$n
|
||||
|
|
|
|||
|
|
@ -4165,47 +4165,14 @@ Tuning
|
|||
This sets the base retry interval in milliseconds. The default is ``800``.
|
||||
|
||||
.. namedconf:statement:: sig-validity-interval
|
||||
:tags: dnssec
|
||||
:short: Specifies the maximum number of days that RRSIGs generated by :iscman:`named` are valid.
|
||||
:tags: obsolete
|
||||
|
||||
This specifies the upper bound of the number of days that RRSIGs
|
||||
generated by :iscman:`named` are valid; the default is ``30`` days,
|
||||
with a maximum of 3660 days (10 years). The optional second value
|
||||
specifies the minimum bound on those RRSIGs and also determines
|
||||
how long before expiry :iscman:`named` starts regenerating those RRSIGs.
|
||||
The default value for the lower bound is 1/4 of the upper bound;
|
||||
it is expressed in days if the upper bound is greater than 7,
|
||||
and hours if it is less than or equal to 7 days.
|
||||
|
||||
When new RRSIGs are generated, the length of time is randomly
|
||||
chosen between these two limits, to spread out the re-signing
|
||||
load. When RRSIGs are re-generated, the upper bound is used, with
|
||||
a small amount of jitter added. New RRSIGs are generated by a
|
||||
number of processes, including the processing of UPDATE requests
|
||||
(ref:`dynamic_update`), the addition and removal of records via
|
||||
in-line signing, and the initial signing of a zone.
|
||||
|
||||
The signature inception time is unconditionally set to one hour
|
||||
before the current time, to allow for a limited amount of clock skew.
|
||||
|
||||
The :any:`sig-validity-interval` can be overridden for DNSKEY records by
|
||||
setting :any:`dnskey-sig-validity`.
|
||||
|
||||
The :any:`sig-validity-interval` should be at least several multiples
|
||||
of the SOA expire interval, to allow for reasonable interaction
|
||||
between the various timer and expiry dates.
|
||||
This option no longer has any effect.
|
||||
|
||||
.. namedconf:statement:: dnskey-sig-validity
|
||||
:tags: dnssec
|
||||
:short: Specifies the number of days in the future when automatically generated DNSSEC signatures expire.
|
||||
:tags: obsolete
|
||||
|
||||
This specifies the number of days into the future when DNSSEC signatures
|
||||
that are automatically generated for DNSKEY RRsets as a result of
|
||||
dynamic updates (:ref:`dynamic_update`) will expire.
|
||||
If set to a non-zero value, this overrides the value set by
|
||||
:any:`sig-validity-interval`. The default is zero, meaning
|
||||
:any:`sig-validity-interval` is used. The maximum value is 3660 days (10
|
||||
years), and higher values are rejected.
|
||||
This option no longer has any effect.
|
||||
|
||||
.. namedconf:statement:: sig-signing-nodes
|
||||
:tags: dnssec
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@ options {
|
|||
}; // may occur multiple times
|
||||
dns64-contact <string>;
|
||||
dns64-server <string>;
|
||||
dnskey-sig-validity <integer>;
|
||||
dnskey-sig-validity <integer>; // obsolete
|
||||
dnsrps-enable <boolean>; // not configured
|
||||
dnsrps-library <quoted_string>; // not configured
|
||||
dnsrps-options { <unspecified-text> }; // not configured
|
||||
|
|
@ -265,7 +265,7 @@ options {
|
|||
sig-signing-nodes <integer>;
|
||||
sig-signing-signatures <integer>;
|
||||
sig-signing-type <integer>;
|
||||
sig-validity-interval <integer> [ <integer> ];
|
||||
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
||||
sortlist { <address_match_element>; ... };
|
||||
stale-answer-client-timeout ( disabled | off | <integer> );
|
||||
stale-answer-enable <boolean>;
|
||||
|
|
@ -409,7 +409,7 @@ view <string> [ <class> ] {
|
|||
}; // may occur multiple times
|
||||
dns64-contact <string>;
|
||||
dns64-server <string>;
|
||||
dnskey-sig-validity <integer>;
|
||||
dnskey-sig-validity <integer>; // obsolete
|
||||
dnsrps-enable <boolean>; // not configured
|
||||
dnsrps-options { <unspecified-text> }; // not configured
|
||||
dnssec-accept-expired <boolean>;
|
||||
|
|
@ -556,7 +556,7 @@ view <string> [ <class> ] {
|
|||
sig-signing-nodes <integer>;
|
||||
sig-signing-signatures <integer>;
|
||||
sig-signing-type <integer>;
|
||||
sig-validity-interval <integer> [ <integer> ];
|
||||
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
||||
sortlist { <address_match_element>; ... };
|
||||
stale-answer-client-timeout ( disabled | off | <integer> );
|
||||
stale-answer-enable <boolean>;
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ zone <string> [ <class> ] {
|
|||
database <string>;
|
||||
dialup ( notify | notify-passive | passive | refresh | <boolean> );
|
||||
dlz <string>;
|
||||
dnskey-sig-validity <integer>;
|
||||
dnskey-sig-validity <integer>; // obsolete
|
||||
dnssec-dnskey-kskonly <boolean>;
|
||||
dnssec-loadkeys-interval <integer>;
|
||||
dnssec-policy <string>;
|
||||
|
|
@ -53,7 +53,7 @@ zone <string> [ <class> ] {
|
|||
sig-signing-nodes <integer>;
|
||||
sig-signing-signatures <integer>;
|
||||
sig-signing-type <integer>;
|
||||
sig-validity-interval <integer> [ <integer> ];
|
||||
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
||||
update-check-ksk <boolean>;
|
||||
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } );
|
||||
zero-no-soa-ttl <boolean>;
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ zone <string> [ <class> ] {
|
|||
database <string>;
|
||||
dialup ( notify | notify-passive | passive | refresh | <boolean> );
|
||||
dlz <string>;
|
||||
dnskey-sig-validity <integer>;
|
||||
dnskey-sig-validity <integer>; // obsolete
|
||||
dnssec-dnskey-kskonly <boolean>;
|
||||
dnssec-loadkeys-interval <integer>;
|
||||
dnssec-policy <string>;
|
||||
|
|
@ -52,7 +52,7 @@ zone <string> [ <class> ] {
|
|||
sig-signing-nodes <integer>;
|
||||
sig-signing-signatures <integer>;
|
||||
sig-signing-type <integer>;
|
||||
sig-validity-interval <integer> [ <integer> ];
|
||||
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
||||
transfer-source ( <ipv4_address> | * );
|
||||
transfer-source-v6 ( <ipv6_address> | * );
|
||||
try-tcp-refresh <boolean>;
|
||||
|
|
|
|||
|
|
@ -1158,13 +1158,11 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
|
|||
isc_result_t tresult;
|
||||
unsigned int i;
|
||||
const cfg_obj_t *obj = NULL;
|
||||
const cfg_obj_t *resignobj = NULL;
|
||||
const cfg_listelt_t *element;
|
||||
isc_symtab_t *symtab = NULL;
|
||||
const char *str;
|
||||
isc_buffer_t b;
|
||||
uint32_t lifetime = 3600;
|
||||
bool has_dnssecpolicy = false;
|
||||
const char *ccalg = "siphash24";
|
||||
cfg_aclconfctx_t *actx = NULL;
|
||||
static const char *sources[] = {
|
||||
|
|
@ -1369,8 +1367,6 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
|
|||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
} else {
|
||||
has_dnssecpolicy = true;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1389,73 +1385,6 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
|
|||
}
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
cfg_map_get(options, "sig-validity-interval", &obj);
|
||||
if (obj != NULL) {
|
||||
uint32_t validity, resign = 0;
|
||||
|
||||
validity = cfg_obj_asuint32(cfg_tuple_get(obj, "validity"));
|
||||
resignobj = cfg_tuple_get(obj, "re-sign");
|
||||
if (!cfg_obj_isvoid(resignobj)) {
|
||||
resign = cfg_obj_asuint32(resignobj);
|
||||
}
|
||||
|
||||
if (validity > 3660 || validity == 0) { /* 10 years */
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"%s '%u' is out of range (1..3660)",
|
||||
"sig-validity-interval", validity);
|
||||
result = ISC_R_RANGE;
|
||||
}
|
||||
|
||||
if (!cfg_obj_isvoid(resignobj)) {
|
||||
if (resign > 3660 || resign == 0) { /* 10 years */
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"%s '%u' is out of range (1..3660)",
|
||||
"sig-validity-interval (re-sign)",
|
||||
validity);
|
||||
result = ISC_R_RANGE;
|
||||
} else if ((validity > 7 && validity < resign) ||
|
||||
(validity <= 7 && validity * 24 < resign))
|
||||
{
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"validity interval (%u days) "
|
||||
"less than re-signing interval "
|
||||
"(%u %s)",
|
||||
validity, resign,
|
||||
(validity > 7) ? "days" : "hours");
|
||||
result = ISC_R_RANGE;
|
||||
}
|
||||
}
|
||||
|
||||
if (has_dnssecpolicy) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"sig-validity-interval: cannot be "
|
||||
"configured if dnssec-policy is also set");
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
cfg_map_get(options, "dnskey-sig-validity", &obj);
|
||||
if (obj != NULL) {
|
||||
uint32_t keyvalidity;
|
||||
|
||||
keyvalidity = cfg_obj_asuint32(obj);
|
||||
if (keyvalidity > 3660) { /* 10 years */
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"%s '%u' is out of range (0..3660)",
|
||||
"dnskey-sig-validity", keyvalidity);
|
||||
result = ISC_R_RANGE;
|
||||
}
|
||||
|
||||
if (has_dnssecpolicy) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"dnskey-sig-validity: cannot be "
|
||||
"configured if dnssec-policy is also set");
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(options, "preferred-glue", &obj);
|
||||
if (obj != NULL) {
|
||||
|
|
|
|||
|
|
@ -2355,9 +2355,9 @@ static cfg_clausedef_t zone_clauses[] = {
|
|||
{ "sig-signing-type", &cfg_type_uint32,
|
||||
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
||||
{ "sig-validity-interval", &cfg_type_validityinterval,
|
||||
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
||||
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_OBSOLETE },
|
||||
{ "dnskey-sig-validity", &cfg_type_uint32,
|
||||
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
|
||||
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_OBSOLETE },
|
||||
{ "transfer-source", &cfg_type_sockaddr4wild,
|
||||
CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
|
||||
{ "transfer-source-v6", &cfg_type_sockaddr6wild,
|
||||
|
|
|
|||
Loading…
Reference in a new issue