upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-02 05:20:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/named
History
Matthijs Mekking bbfdcc36c8 Add inline-signing to dnssec-policy 
Add an option to enable/disable inline-signing inside the
dnssec-policy clause. The existing inline-signing option that is
set in the zone clause takes priority, but if it is omitted, then the
value that is set in dnssec-policy is taken.

The built-in policies use inline-signing.

This means that if you want to use the default policy without
inline-signing you either have to set it explicitly in the zone
clause:

    zone "example" {
        ...
        dnssec-policy default;
        inline-signing no;
    };

Or create a new policy, only overriding the inline-signing option:

    dnssec-policy "default-dynamic" {
        inline-signing no;
    };

    zone "example" {
        ...
        dnssec-policy default-dynamic;
    };

This also means that if you are going insecure with a dynamic zone,
the built-in "insecure" policy needs to be accompanied with
"inline-signing no;".
2023-08-01 06:55:48 +00:00
..
include Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00
.gitignore Complete rewrite the BIND 9 build system 2020-04-21 14:19:48 +02:00
bind9.xsl remove isc_task completely 2023-02-16 18:35:32 +01:00
builtin.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
config.c Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00
control.c further cleanup after removing diffie-hellman TKEY mode 2023-03-08 08:36:25 +01:00
controlconf.c use algorithm number instead of name to create TSIG keys 2023-06-14 08:14:38 +00:00
dlz_dlopen_driver.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
fuzz.c Update netmgr, tasks, and applications to use isc_loopmgr 2022-08-26 09:09:24 +02:00
geoip.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
log.c Properly name ADB hashmap and named log memory contexts 2023-01-30 12:54:57 +01:00
logconf.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
main.c Restore the ability to read legacy K*+157+* files 2023-06-29 08:28:44 +10:00
Makefile.am Remove libbind9 2023-02-21 13:12:26 +00:00
named.conf.rst remove {root-}delegation-only 2023-03-23 12:57:01 -07:00
named.rst Allow FIPS mode to be enabled at run time in named 2023-04-03 12:05:29 +10:00
os.c remove named_os_gethostname() 2023-02-18 20:23:41 +00:00
server.c Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00
statschannel.c Use RCU for view->adb access 2023-06-14 19:21:28 +10:00
tkeyconf.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
transportconf.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
tsigconf.c convert TSIG keyring storage from RBT to hash table 2023-06-14 08:14:38 +00:00
xsl_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
zoneconf.c Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00