Matthijs Mekking beeefe35c4 Fix bug introduced by #763 related to offline keys ... In some cases we want to keep expired signatures. For example, if the KSK is offline, we don't want to fall back to signing with the ZSK. We could remove the signatures, but in any case we end up with a broken zone. The change made for GL #763 prevented the behavior to sign the DNSKEY RRset with the ZSK if the KSK was offline (and signatures were expired). The change causes the definition of "having both keys": if one key is offline, we still consider having both keys, so we don't fallback signing with the ZSK if KSK is offline. That change also works the other way, if the ZSK is offline, we don't fallback signing with the KSK. This commit fixes that, so we only fallback signing zone RRsets with the KSK, not signing key RRsets with the ZSK.		2022-01-06 09:32:32 +01:00
..
bind9	remove broken-nsec and reject-000-label options	2021-12-23 15:13:46 +11:00
dns	Fix bug introduced by #763 related to offline keys	2022-01-06 09:32:32 +01:00
irs	Check parsed resconf values	2021-08-12 09:52:52 -07:00
isc	Add unit test of aligned isc_mem functions	2022-01-05 17:17:39 +01:00
isccc	Pass the digest buffer length to EVP_DigestSignFinal	2021-12-17 20:28:01 +11:00
isccfg	Report duplicate dnssec-policy names	2022-01-03 11:48:26 -08:00
ns	Use the TLS context cache for server-side contexts	2021-12-29 10:25:14 +02:00
.gitignore	The isc/platform.h header has been completely removed	2021-07-06 05:33:48 +00:00
Makefile.am	move samples/resolve.c to bin/tests/system	2021-04-16 14:29:43 +02:00
unit-test-driver.sh.in	Enforce a run time limit on unit test binaries	2021-04-07 11:41:45 +02:00