upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-23 01:40:23 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/named/include
History
Matthijs Mekking bbfdcc36c8 Add inline-signing to dnssec-policy 
Add an option to enable/disable inline-signing inside the
dnssec-policy clause. The existing inline-signing option that is
set in the zone clause takes priority, but if it is omitted, then the
value that is set in dnssec-policy is taken.

The built-in policies use inline-signing.

This means that if you want to use the default policy without
inline-signing you either have to set it explicitly in the zone
clause:

    zone "example" {
        ...
        dnssec-policy default;
        inline-signing no;
    };

Or create a new policy, only overriding the inline-signing option:

    dnssec-policy "default-dynamic" {
        inline-signing no;
    };

    zone "example" {
        ...
        dnssec-policy default-dynamic;
    };

This also means that if you are going insecure with a dynamic zone,
the built-in "insecure" policy needs to be accompanied with
"inline-signing no;".
2023-08-01 06:55:48 +00:00
..
dlz Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
named Add inline-signing to dnssec-policy 2023-08-01 06:55:48 +00:00
.clang-format Add separate .clang-format files for headers 2020-02-14 09:31:05 +01:00
.gitignore [master] update gitignore files; use rev-parse to get srcid 2014-06-17 13:49:30 -07:00