ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

dnssec-policy inheritance from options/view

Browse Source 
'dnssec-policy' can now also be set on the options and view level and
a zone that does not set 'dnssec-policy' explicitly will inherit it
from the view or options level.

This requires a new keyword to be introduced: 'none'.  If set to
'none' the zone will not be DNSSEC maintained, in other words it will
stay unsigned.  You can use this to break the inheritance.  Of course
you can also break the inheritance by referring to a different
policy.

The keywords 'default' and 'none' are not allowed when configuring
your own dnssec-policy statement.

Add appropriate tests for checking the configuration (checkconf)
and add tests to the kasp system test to verify the inheritance
works.

Edit the kasp system test such that it can deal with unsigned zones
and views (so setting a TSIG on the query).
This commit is contained in:
Matthijs Mekking
2019-11-05 17:22:35 +01:00
parent ce1c1631b3
commit 5f464d15a0
27 changed files with 895 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/tests/system/kasp/README
View File

@@ -9,3 +9,5 @@ ns1 is reserved for the root server.
ns2 is running primary service for ns3.
ns3 is an authoritative server for the various test domains.
ns4 and ns5 are authoritative servers for various test domains related to views.