upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 02:42:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

2022. [bug] If dnssec validation is disabled only assert CD if

Browse source 
CD was requested. [RT #16037]

2021.   [bug]           dnssec-enable no; triggered a REQUIRE. [RT #16037]
This commit is contained in:
Mark Andrews 2006-05-18 02:00:11 +00:00
parent bda34793bb
commit a9365554b6
1 changed files with 8 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
bin/named/server.c
View file

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.463 2006/05/03 01:54:53 marka Exp $ */
/* $Id: server.c,v 1.464 2006/05/18 02:00:11 marka Exp $ */
/*! \file */
@ -1545,19 +1545,13 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
* For now, there is only one kind of trusted keys, the
* "security roots".
*/
if (view->enablednssec) {
CHECK(configure_view_dnsseckeys(vconfig, config, mctx,
&view->secroots));
dns_resolver_resetmustbesecure(view->resolver);
obj = NULL;
result = ns_config_get(maps, "dnssec-must-be-secure", &obj);
if (result == ISC_R_SUCCESS)
CHECK(mustbesecure(obj, view->resolver));
} else {
if (view->secroots != NULL)
dns_keytable_detach(&view->secroots);
dns_resolver_resetmustbesecure(view->resolver);
}
CHECK(configure_view_dnsseckeys(vconfig, config, mctx,
&view->secroots));
dns_resolver_resetmustbesecure(view->resolver);
obj = NULL;
result = ns_config_get(maps, "dnssec-must-be-secure", &obj);
if (result == ISC_R_SUCCESS)
CHECK(mustbesecure(obj, view->resolver));
obj = NULL;
result = ns_config_get(maps, "max-cache-ttl", &obj);