upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-14 14:42:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib
History
Matthijs Mekking 23b85a4679 Update smart signing when key is offline 
BIND 9 is smart about when to sign with what key. If a key is offline,
BIND will delete the old signature anyway if there is another key to
sign the RRset with.

With KASP we don't want to fallback to the KSK if the ZSK is missing,
only for the SOA RRset. If the KSK is missing, but we do have a ZSK,
deleting the signature is fine. Otherwise it depends on if we use KASP
or not. Update the 'delsig_ok' function to reflect that.

(cherry picked from commit 6a60bf637d)
2021-05-05 12:50:00 +02:00
..
bind9 named-checkconf now detects redefinition of dnssec-policy 'insecure' 2021-05-05 17:05:17 +10:00
dns Update smart signing when key is offline 2021-05-05 12:50:00 +02:00
irs Cleanup the isc_<*>mgr_createinc() constructors 2021-04-19 15:57:40 +02:00
isc Cleanup the isc_<*>mgr_createinc() constructors 2021-04-19 15:57:40 +02:00
isccc Use BIND 9.17 preprocessor macro to skip unit test 2021-02-17 12:09:25 +01:00
isccfg Add built-in dnssec-policy "insecure" 2021-04-30 13:58:22 +02:00
ns Handle DNAME lookup via itself 2021-04-29 11:12:38 +02:00
win32/bindevt update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
.gitignore added gitignore, removed cvsignore 2012-03-03 23:10:05 -08:00
Kyuafile link in lib/isccc/tests/Kyuafile 2018-11-13 07:23:36 +11:00
Makefile.in move samples/resolve.c to bin/tests/system 2021-04-19 14:32:53 +02:00