upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-23 09:51:03 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib/dns
History
Matthijs Mekking bbfdcc36c8 Add inline-signing to dnssec-policy 
Add an option to enable/disable inline-signing inside the
dnssec-policy clause. The existing inline-signing option that is
set in the zone clause takes priority, but if it is omitted, then the
value that is set in dnssec-policy is taken.

The built-in policies use inline-signing.

This means that if you want to use the default policy without
inline-signing you either have to set it explicitly in the zone
clause:

    zone "example" {
        ...
        dnssec-policy default;
        inline-signing no;
    };

Or create a new policy, only overriding the inline-signing option:

    dnssec-policy "default-dynamic" {
        inline-signing no;
    };

    zone "example" {
        ...
        dnssec-policy default-dynamic;
    };

This also means that if you are going insecure with a dynamic zone,
the built-in "insecure" policy needs to be accompanied with
"inline-signing no;".
2023-08-01 06:55:48 +00:00
..
include Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00
rdata Replace DE_CONST(k, v) with v = UNCONST(k) macro 2023-04-03 10:25:56 +00:00
.gitignore 4394. [func] Add rndc command "dnstap-reopen" to close and 2016-06-24 09:37:04 +10:00
acl.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
adb.c Refactor dns_adb_create() to return void 2023-07-27 11:37:44 +02:00
badcache.c Refactor dns_badcache to use cds_lfht lock-free hashtable 2023-07-31 15:51:15 +02:00
byaddr.c remove isc_task completely 2023-02-16 18:35:32 +01:00
cache.c Refactor isc_stats_create() and its downstream users to return void 2023-07-27 11:37:44 +02:00
callbacks.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
catz.c Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
client.c The zone table no longer depends on the loop manager 2023-05-12 20:48:31 +01:00
clientinfo.c refactor dns_clientinfo_init(); use separate function to set ECS 2023-02-07 23:48:22 -08:00
compress.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
db.c Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
dbiterator.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
diff.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
dispatch.c use isc_loop_now() for dispentry timeouts 2023-07-19 15:32:21 +02:00
dlz.c Refactor dns_zone_create() to return void 2023-07-27 11:37:44 +02:00
dns64.c Add isc_rwlock around dns_aclenv .localhost and .localnets member 2022-04-04 19:27:00 +02:00
dnsrps.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
dnssec.c Update findzonekeys function name in log message 2023-06-14 09:08:56 +02:00
dnstap.c Refactor isc_stats_create() and its downstream users to return void 2023-07-27 11:37:44 +02:00
dnstap.proto Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
ds.c Simplify way we tag unreachable code with only ISC_UNREACHABLE() 2022-03-25 08:33:43 +01:00
dst_api.c get_key_struct() can no longer fail 2023-06-14 08:14:38 +00:00
dst_internal.h Probe if ED448 and ED25519 are supported 2023-04-03 12:06:04 +10:00
dst_openssl.h Report file and line when converting OpenSSL errors 2023-04-03 12:06:04 +10:00
dst_parse.c Replace isc_fsaccess API with more secure file creation 2023-03-31 12:52:59 +00:00
dst_parse.h Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
dyndb.c switch to using isc_loopmgr_pause() instead of task exclusive 2023-02-16 17:51:55 +01:00
ecs.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
fixedname.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
forward.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
gen.c Remove unused support for fromwire(DNS_NAME_DOWNCASE) 2023-02-06 13:26:36 +00:00
geoip2.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
gssapi_link.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
gssapictx.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
hmac_link.c Emit deprecated warning for K* file pairs 2023-06-29 08:28:48 +10:00
ipkeylist.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
iptable.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
journal.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
kasp.c Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00
key.c Refactor KSK processing 2023-07-20 12:40:52 +02:00
keydata.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
keymgr.c Add key state init debugging 2023-04-17 10:56:08 +02:00
keytable.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
log.c remove {root-}delegation-only 2023-03-23 12:57:01 -07:00
Makefile.am split out cache-specific functions 2023-07-17 14:50:25 +02:00
master.c Apply the semantic patch to remove isc_stdtime_get() 2023-03-31 13:32:56 +02:00
masterdump.c Apply the semantic patch to remove isc_stdtime_get() 2023-03-31 13:32:56 +02:00
message.c convert TSIG keyring storage from RBT to hash table 2023-06-14 08:14:38 +00:00
name.c Correct value of DNS_NAME_MAXLABELS 2023-04-05 14:46:39 +00:00
ncache.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
nsec.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
nsec3.c Cleanup orphaned empty-non-terminal NSEC3 2023-04-25 05:03:12 +01:00
nta.c Apply the semantic patch to remove isc_stdtime_get() 2023-03-31 13:32:56 +02:00
openssl_link.c Report file and line when converting OpenSSL errors 2023-04-03 12:06:04 +10:00
openssl_shim.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
openssl_shim.h Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
opensslecdsa_link.c Introduce dst__openssl_keypair_{compare,isprivate,destroy} 2023-03-08 13:50:46 +01:00
openssleddsa_link.c INSIST that openssleddsa_alg_info() is successful 2023-04-05 08:03:43 +00:00
opensslrsa_link.c Remove redundant NULL checks in OpenSSL RSA glue 2023-03-08 13:50:46 +01:00
order.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
peer.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
private.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
qp.c Cleanup the __tsan_acquire/__tsan_release 2023-07-28 08:59:08 +02:00
qp_p.h Fixes for liburcu-qsbr 2023-05-15 20:49:42 +00:00
rbt-cachedb.c split out cache-specific functions 2023-07-17 14:50:25 +02:00
rbt-zonedb.c Cleanup the __tsan_acquire/__tsan_release 2023-07-28 08:59:08 +02:00
rbt.c Squash dns_name_fullhash() and dns_name_hash() 2023-03-31 12:43:30 +00:00
rbtdb.c fixup! Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
rbtdb_p.h split out cache-specific functions 2023-07-17 14:50:25 +02:00
rcode.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
rdata.c Add new dns_rdatatype_iskeymaterial() function 2023-05-23 08:53:23 +02:00
rdatalist.c Give the rdataset->privateN fields more helpful names 2023-07-17 14:50:25 +02:00
rdataset.c move slab rdataset implementation to rdataslab.c 2023-07-17 14:50:25 +02:00
rdatasetiter.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
rdataslab.c move slab rdataset implementation to rdataslab.c 2023-07-17 14:50:25 +02:00
remote.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
request.c Pin dns_request to the associated loop 2023-07-28 09:01:22 +02:00
resconf.c Properly process extra nameserver lines in resolv.conf 2023-05-16 02:04:55 +00:00
resolver.c Refactor dns_badcache to use cds_lfht lock-free hashtable 2023-07-31 15:51:15 +02:00
result.c Refactor how we map isc_result_t <-> dns_rcode_t 2023-06-15 15:32:04 +02:00
rootns.c Apply the semantic patch to remove isc_stdtime_get() 2023-03-31 13:32:56 +02:00
rpz.c Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
rriterator.c Extend dns_db_allrdatasets to control interation results 2022-12-07 22:20:02 +00:00
rrl.c Squash dns_name_fullhash() and dns_name_hash() 2023-03-31 12:43:30 +00:00
sdlz.c clean up unused dns_db methods 2023-07-17 14:50:25 +02:00
soa.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 08:33:43 +01:00
ssu.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
ssu_external.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
stats.c Refactor isc_stats_create() and its downstream users to return void 2023-07-27 11:37:44 +02:00
tests Move all the unit tests to /tests/<libname>/ 2022-05-28 14:53:02 -07:00
time.c Remove isc_stdtime_get() macro 2023-03-31 13:33:16 +02:00
tkey.c Return REFUSED if GSSAPI is not configured 2023-07-28 14:37:32 +10:00
transport.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
tsig.c rename 'ret' to 'result' 2023-06-14 08:14:38 +00:00
tsig_p.h remove dns__tsig_algallocated() 2023-06-14 08:14:38 +00:00
ttl.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
update.c Tiny refactor revoked key check 2023-07-20 12:44:19 +02:00
validator.c Refactor dns_badcache to use cds_lfht lock-free hashtable 2023-07-31 15:51:15 +02:00
view.c Refactor dns_badcache to use cds_lfht lock-free hashtable 2023-07-31 15:51:15 +02:00
xfrin.c Mark a primary as unreachable on timed out in xfin 2023-07-22 08:17:11 +10:00
zone.c Use cds_lfht for updatenotify mechanism in dns_db unit 2023-07-31 18:11:34 +02:00
zone_p.h Obsolete dnssec-dnskey-kskonly update-check-ksk 2023-07-20 12:40:54 +02:00
zonekey.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
zoneverify.c Replace DE_CONST(k, v) with v = UNCONST(k) macro 2023-04-03 10:25:56 +00:00
zt.c The zone table no longer depends on the loop manager 2023-05-12 20:48:31 +01:00