upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-17 16:18:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib
History
Aram Sargsyan 4b80324f51 Don't trust a placeholder KEYDATA record 
When named starts it creates an empty KEYDATA record in the managed-keys
zone as a placeholder, then schedules a key refresh. If key refresh
fails for some reason (e.g. connectivity problems), named will load the
placeholder key into secroots as a trusted key during the next startup,
which will break the chain of trust, and named will never recover from
that state until managed-keys.bind and managed-keys.bind.jnl files are
manually deleted before (re)starting named again.

Before calling load_secroots(), check that we are not dealing with a
placeholder.

(cherry picked from commit 354ae2d7e3)
2022-11-01 10:49:51 +00:00
..
bind9 Clarify error message about missing inline-signing & dnssec-policy 2022-10-06 10:27:32 +02:00
dns Don't trust a placeholder KEYDATA record 2022-11-01 10:49:51 +00:00
irs Move all the unit tests to /tests/<libname>/ 2022-05-31 12:06:00 +02:00
isc Serialize the HTTP/1.1 statschannel requests 2022-10-20 17:23:36 +02:00
isccc Convert DST_ALG defines to enum and group HMAC algorithms 2022-09-27 16:55:33 +02:00
isccfg Handle large numbers when parsing/printing a duration 2022-10-17 08:54:10 +00:00
ns ensure RPZ lookups handle CD=1 correctly 2022-10-19 13:12:31 -07:00
.gitignore The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
Makefile.am move samples/resolve.c to bin/tests/system 2021-04-16 14:29:43 +02:00