mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-26 11:32:01 -05:00
76cf72e65a
The 'key_init()' function is used to initialize a state file for keys that don't have one yet. This can happen if you are migrating from a 'auto-dnssec' or 'inline-signing' to a 'dnssec-policy' configuration. It did not look at the "Inactive" and "Delete" timing metadata and so old keys left behind in the key directory would also be considered as a possible active key. This commit fixes this and now explicitly sets the key goal to OMNIPRESENT for keys that have their "Active/Publish" timing metadata in the past, but their "Inactive/Delete" timing metadata in the future. If the "Inactive/Delete" timing metadata is also in the past, the key goal is set to HIDDEN. If the "Inactive/Delete" timing metadata is in the past, also the key states are adjusted to either UNRETENTIVE or HIDDEN, depending on how far in the past the metadata is set. |
||
|---|---|---|
| .. | ||
| notes-9.17.0.rst | ||
| notes-9.17.1.rst | ||
| notes-9.17.2.rst | ||
| notes-9.17.3.rst | ||
| notes-9.17.4.rst | ||
| notes-9.17.5.rst | ||
| notes-9.17.6.rst | ||
| notes-9.17.7.rst | ||
| notes-9.17.8.rst | ||
| notes-9.17.9.rst | ||
| notes-current.rst | ||