ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

[master] complete NTA work

Browse Source 
3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]
This commit is contained in:
Evan Hunt
2014-06-18 16:47:22 -07:00
parent 8eb2d262dc
commit b8a9632333
29 changed files with 802 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tests/system/dnssec/ns4/named1.conf
View File

@@ -34,6 +34,9 @@ options {
dnssec-validation yes;
dnssec-must-be-secure mustbesecure.example yes;
nta-lifetime 10s;
nta-recheck 7s;
# Note: We only reference the bind.keys file here to confirm that it
# is *not* being used. It contains the real root key, and we're
# using a local toy root zone for the tests, so it wouldn't work.