bind9/doc/misc
Matthijs Mekking bbfdcc36c8 Add inline-signing to dnssec-policy
Add an option to enable/disable inline-signing inside the
dnssec-policy clause. The existing inline-signing option that is
set in the zone clause takes priority, but if it is omitted, then the
value that is set in dnssec-policy is taken.

The built-in policies use inline-signing.

This means that if you want to use the default policy without
inline-signing you either have to set it explicitly in the zone
clause:

    zone "example" {
        ...
        dnssec-policy default;
        inline-signing no;
    };

Or create a new policy, only overriding the inline-signing option:

    dnssec-policy "default-dynamic" {
        inline-signing no;
    };

    zone "example" {
        ...
        dnssec-policy default-dynamic;
    };

This also means that if you are going insecure with a dynamic zone,
the built-in "insecure" policy needs to be accompanied with
"inline-signing no;".
2023-08-01 06:55:48 +00:00
..
cfg_test.c remove {root-}delegation-only 2023-03-23 12:57:01 -07:00
checkgrammar.py Sort grammar map keys while pretty printing them 2022-07-01 08:59:23 +02:00
dnssec-policy.default.conf Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00
forward.zoneopt remove {root-}delegation-only 2023-03-23 12:57:01 -07:00
hint.zoneopt remove {root-}delegation-only 2023-03-23 12:57:01 -07:00
in-view.zoneopt [master] automatically generate named.conf grammars for the ARM 2018-01-22 11:06:32 -08:00
Makefile.am remove {root-}delegation-only 2023-03-23 12:57:01 -07:00
mirror.zoneopt Add 'tls' configuration support for the 'forwarders' option 2023-01-20 14:45:30 +00:00
options Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00
parsegrammar.py Add a new library to parse grammar format produced by cfg_test 2022-07-01 08:59:04 +02:00
primary.zoneopt Obsolete dnssec-update-mode 2023-07-20 12:44:19 +02:00
redirect.zoneopt Add 'tls' configuration support for the 'forwarders' option 2023-01-20 14:45:30 +00:00
rndc.grammar remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
secondary.zoneopt Obsolete dnssec-update-mode 2023-07-20 12:44:19 +02:00
sort-options.pl Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
static-stub.zoneopt Add 'tls' configuration support for the 'forwarders' option 2023-01-20 14:45:30 +00:00
stub.zoneopt remove {root-}delegation-only 2023-03-23 12:57:01 -07:00