upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-13 06:02:37 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib
History
Aram Sargsyan 354ae2d7e3 Don't trust a placeholder KEYDATA record 
When named starts it creates an empty KEYDATA record in the managed-keys
zone as a placeholder, then schedules a key refresh. If key refresh
fails for some reason (e.g. connectivity problems), named will load the
placeholder key into secroots as a trusted key during the next startup,
which will break the chain of trust, and named will never recover from
that state until managed-keys.bind and managed-keys.bind.jnl files are
manually deleted before (re)starting named again.

Before calling load_secroots(), check that we are not dealing with a
placeholder.
2022-11-01 09:50:34 +00:00
..
bind9 Clarify error message about missing inline-signing & dnssec-policy 2022-10-06 10:26:30 +02:00
dns Don't trust a placeholder KEYDATA record 2022-11-01 09:50:34 +00:00
irs Move all the unit tests to /tests/<libname>/ 2022-05-28 14:53:02 -07:00
isc isc_async_run() runs events in reverse order 2022-10-31 05:43:45 -07:00
isccc Convert DST_ALG defines to enum and group HMAC algorithms 2022-09-27 16:54:36 +02:00
isccfg Add check-svcb to named 2022-10-29 00:22:54 +11:00
ns Add check-svcb to named 2022-10-29 00:22:54 +11:00
.gitignore The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
Makefile.am move samples/resolve.c to bin/tests/system 2021-04-16 14:29:43 +02:00