upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-24 02:59:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

simplify "dnssec-validation" configuration

Browse source 
In the past, "dnssec-validation" was not looked up in the global
defaults unless "dnssec-enable" was true. "dnssec-enable" has been
obsolete for several years, but dnssec-validation was still being
configured in two steps.  This commit removes the vestigial bits of
the old logic.
This commit is contained in:
Evan Hunt 2025-10-28 18:34:55 -07:00
parent cd921cc7ef
commit fffae65e27
1 changed files with 9 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
bin/named/server.c
View file

@ -4231,27 +4231,17 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
view->acceptexpired = cfg_obj_asboolean(obj);
obj = NULL;
/* 'optionmaps', not 'maps': don't check named_g_defaultoptions yet */
(void)named_config_get(optionmaps, "dnssec-validation", &obj);
if (obj == NULL) {
result = named_config_get(maps, "dnssec-validation", &obj);
INSIST(result == ISC_R_SUCCESS);
if (cfg_obj_isboolean(obj)) {
view->enablevalidation = cfg_obj_asboolean(obj);
} else {
/*
* Default to VALIDATION_DEFAULT as set in config.c.
* If dnssec-validation is set but not boolean,
* then it must be "auto"
*/
(void)cfg_map_get(named_g_defaultoptions, "dnssec-validation",
&obj);
INSIST(obj != NULL);
}
if (obj != NULL) {
if (cfg_obj_isboolean(obj)) {
view->enablevalidation = cfg_obj_asboolean(obj);
} else {
/*
* If dnssec-validation is set but not boolean,
* then it must be "auto"
*/
view->enablevalidation = true;
auto_root = true;
}
view->enablevalidation = true;
auto_root = true;
}
obj = NULL;