mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-28 20:41:18 -05:00
Remove checks when going to dnssec-policy none
The changes in the code have the side effect that the CDNSKEY and CDS records in the secure version of the zone are not reusable and thus are thrashed from the zone. Remove the apex checks for this use case. We only care about that the zone is not immediately goes bogus, but a user really should use the built-in "insecure" policy when unsigning a zone.
This commit is contained in:
Matthijs Mekking
parent
ef1cb9935c
commit
bc703a12e7
1 changed files with 0 additions and 2 deletions
|
|
@ -4033,8 +4033,6 @@ key_clear "KEY4"
|
|||
# Various signing policy checks.
|
||||
check_keys
|
||||
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"
|
||||
check_apex
|
||||
check_subdomain
|
||||
dnssec_verify
|
||||
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in a new issue