mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-23 09:51:03 -05:00
bbfdcc36c8
Add an option to enable/disable inline-signing inside the
dnssec-policy clause. The existing inline-signing option that is
set in the zone clause takes priority, but if it is omitted, then the
value that is set in dnssec-policy is taken.
The built-in policies use inline-signing.
This means that if you want to use the default policy without
inline-signing you either have to set it explicitly in the zone
clause:
zone "example" {
...
dnssec-policy default;
inline-signing no;
};
Or create a new policy, only overriding the inline-signing option:
dnssec-policy "default-dynamic" {
inline-signing no;
};
zone "example" {
...
dnssec-policy default-dynamic;
};
This also means that if you are going insecure with a dynamic zone,
the built-in "insecure" policy needs to be accompanied with
"inline-signing no;".
|
||
|---|---|---|
| .. | ||
| cfg_test.c | ||
| checkgrammar.py | ||
| dnssec-policy.default.conf | ||
| forward.zoneopt | ||
| hint.zoneopt | ||
| in-view.zoneopt | ||
| Makefile.am | ||
| mirror.zoneopt | ||
| options | ||
| parsegrammar.py | ||
| primary.zoneopt | ||
| redirect.zoneopt | ||
| rndc.grammar | ||
| secondary.zoneopt | ||
| sort-options.pl | ||
| static-stub.zoneopt | ||
| stub.zoneopt | ||