Files
bind9/lib/dns
Matthijs Mekking 949768b252 Don't allow DNSSEC records in the raw zone
There was an exception for dnssec-policy that allowed DNSSEC in the
unsigned version of the zone. This however causes a crash if the
zone switches from dynamic to inline-signing in the case of NSEC3,
because we are now trying to add an NSEC3 record to a non-NSEC3 node.
This is because BIND expects none of the records in the unsigned
version of the zone to be NSEC3.

Remove the exception for dnssec-policy when copying non DNSSEC
records, but do allow for DNSKEY as this may be a published DNSKEY
from a different provider.

(cherry picked from commit 332b98ae49)
2022-11-03 14:44:35 +01:00
..
2021-08-28 07:45:39 -07:00
2022-07-06 11:26:24 +10:00
2022-09-08 12:16:36 +02:00
2022-07-15 21:21:03 +02:00