mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-27 03:51:16 -05:00
c8205bfa0e
The CDS/CDNSKEY record will be published when the DS is in the rumoured state. However, with the introduction of the rndc '-checkds' command, the logic in the keymgr was changed to prevent the DS state to go in RUMOURED unless the specific command was given. Hence, the CDS was never published before it was seen in the parent. Initially I thought this was a policy approval rule, however it is actually a DNSSEC timing rule. Remove the restriction from 'keymgr_policy_approval' and update the 'keymgr_transition_time' function. When looking to move the DS state to OMNIPRESENT it will no longer calculate the state from its last change, but from when the DS was seen in the parent, "DS Publish". If the time was not set, default to next key event of an hour. Similarly for moving the DS state to HIDDEN, the time to wait will be derived from the "DS Delete" time, not from when the DS state last changed. |
||
|---|---|---|
| .. | ||
| bind9 | ||
| dns | ||
| irs | ||
| isc | ||
| isccc | ||
| isccfg | ||
| ns | ||
| samples | ||
| win32/bindevt | ||
| .gitignore | ||
| Makefile.am | ||
| unit-test-driver.sh.in | ||