upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-18 00:26:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib/bind9
History
Matthijs Mekking 6e3654c434 dnssec-policy: to sign inline or not 
When dnssec-policy was introduced, it implicitly set inline-signing.
But DNSSEC maintenance required either inline-signing to be enabled,
or a dynamic zone.  In other words, not in all cases you want to
DNSSEC maintain your zone with inline-signing.

Change the behavior and determine whether inline-signing is
required: if the zone is dynamic, don't use inline-signing,
otherwise implicitly set it.

You can also explicitly set inline-signing to yes with dnssec-policy,
the restriction that both inline-signing and dnssec-policy cannot
be set at the same time is now lifted.

However, 'inline-signing no;' on a non-dynamic zone with a
dnssec-policy is not possible.

(cherry picked from commit 644f0d958a)
2020-04-16 16:04:28 +02:00
..
include Merge branch '46-enforce-clang-format-rules' into 'master' 2020-02-14 08:45:59 +00:00
win32 Disable MSB8028 warning 2020-04-16 07:56:38 +02:00
api prep 9.16.1 2020-03-20 11:47:01 +01:00
check.c dnssec-policy: to sign inline or not 2020-04-16 16:04:28 +02:00
getaddresses.c Merge branch 'each-style-tweak' into 'master' 2020-02-14 05:35:29 +00:00
Makefile.in Add ZLIB_LIBS to ISCLIBS 2020-02-28 15:22:59 +01:00
version.c Merge branch '46-just-use-clang-format-to-reformat-sources' into 'master' 2020-02-12 14:51:18 +00:00