mirror of
https://github.com/isc-projects/bind9.git
synced 2026-04-15 22:09:31 -04:00
3e49223a67
These two configuration options worked in conjunction with 'auto-dnssec' to determine KSK usage, and thus are now obsoleted. However, in the code we keep KSK processing so that when a zone is reconfigured from using 'dnssec-policy' immediately to 'none' (without going through 'insecure'), the zone is not immediately made bogus. Add one more test case for going straight to none, now with a dynamic zone (no inline-signing).
27 lines
659 B
Text
27 lines
659 B
Text
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
zone not-inline {
|
|
type secondary;
|
|
primaries { 127.0.0.1; };
|
|
inline-signing no;
|
|
dnssec-loadkeys-interval 10;
|
|
|
|
};
|
|
|
|
zone inline {
|
|
type secondary;
|
|
primaries { 127.0.0.1; };
|
|
inline-signing yes;
|
|
dnssec-loadkeys-interval 10;
|
|
};
|