Commit 50105afc authored by Mark Andrews's avatar Mark Andrews
Browse files

1589. [func] DNSSEC lookaside validation.

enable-dnssec -> dnssec-enable
parent fa7ee558
1589. [func] DNSSEC lookaside validation.
1588. [bug] win32: TCP sockets could become blocked. [RT #10115] 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
1587. [bug] dns_message_settsigkey() failed to clear existing key. 1587. [bug] dns_message_settsigkey() failed to clear existing key.
...@@ -17,7 +19,7 @@ ...@@ -17,7 +19,7 @@
than 32 elements. [RT #10381] than 32 elements. [RT #10381]
1581. [func] Disable DNSSEC support by default. To enable 1581. [func] Disable DNSSEC support by default. To enable
DNSSEC specify "enable-dnssec yes;" in named.conf. DNSSEC specify "dnssec-enable yes;" in named.conf.
1580. [bug] Zone destuction on final detach takes a long time. 1580. [bug] Zone destuction on final detach takes a long time.
[RT #3746] [RT #3746]
......
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dnssec-keygen.c,v 1.65 2004/03/05 05:48:18 marka Exp $ */ /* $Id: dnssec-keygen.c,v 1.66 2004/03/10 02:19:51 marka Exp $ */
#include <config.h> #include <config.h>
...@@ -85,6 +85,7 @@ usage(void) { ...@@ -85,6 +85,7 @@ usage(void) {
"records with (default: 0)\n"); "records with (default: 0)\n");
fprintf(stderr, " -r <randomdev>: a file containing random data\n"); fprintf(stderr, " -r <randomdev>: a file containing random data\n");
fprintf(stderr, " -v <verbose level>\n"); fprintf(stderr, " -v <verbose level>\n");
fprintf(stderr, " -k : generate a TYPE=KEY key\n");
fprintf(stderr, "Output:\n"); fprintf(stderr, "Output:\n");
fprintf(stderr, " K<name>+<alg>+<id>.key, " fprintf(stderr, " K<name>+<alg>+<id>.key, "
"K<name>+<alg>+<id>.private\n"); "K<name>+<alg>+<id>.private\n");
...@@ -113,6 +114,7 @@ main(int argc, char **argv) { ...@@ -113,6 +114,7 @@ main(int argc, char **argv) {
isc_log_t *log = NULL; isc_log_t *log = NULL;
isc_entropy_t *ectx = NULL; isc_entropy_t *ectx = NULL;
dns_rdataclass_t rdclass; dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
if (argc == 1) if (argc == 1)
usage(); usage();
...@@ -122,7 +124,7 @@ main(int argc, char **argv) { ...@@ -122,7 +124,7 @@ main(int argc, char **argv) {
dns_result_register(); dns_result_register();
while ((ch = isc_commandline_parse(argc, argv, while ((ch = isc_commandline_parse(argc, argv,
"a:b:c:ef:g:n:t:p:s:r:v:h")) != -1) "a:b:c:ef:g:kn:t:p:s:r:v:h")) != -1)
{ {
switch (ch) { switch (ch) {
case 'a': case 'a':
...@@ -152,6 +154,9 @@ main(int argc, char **argv) { ...@@ -152,6 +154,9 @@ main(int argc, char **argv) {
if (*endp != '\0' || generator <= 0) if (*endp != '\0' || generator <= 0)
fatal("-g requires a positive number"); fatal("-g requires a positive number");
break; break;
case 'k':
options |= DST_TYPE_KEY;
break;
case 'n': case 'n':
nametype = isc_commandline_argument; nametype = isc_commandline_argument;
break; break;
...@@ -374,7 +379,7 @@ main(int argc, char **argv) { ...@@ -374,7 +379,7 @@ main(int argc, char **argv) {
fatal("cannot generate a null key when a key with id 0 " fatal("cannot generate a null key when a key with id 0 "
"already exists"); "already exists");
ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, NULL); ret = dst_key_tofile(key, options, NULL);
if (ret != ISC_R_SUCCESS) { if (ret != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE]; char keystr[KEY_FORMATSIZE];
key_format(key, keystr, sizeof(keystr)); key_format(key, keystr, sizeof(keystr));
......
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dnssec-signzone.c,v 1.176 2004/03/05 05:48:19 marka Exp $ */ /* $Id: dnssec-signzone.c,v 1.177 2004/03/10 02:19:51 marka Exp $ */
#include <config.h> #include <config.h>
...@@ -120,6 +120,9 @@ static isc_boolean_t nokeys = ISC_FALSE; ...@@ -120,6 +120,9 @@ static isc_boolean_t nokeys = ISC_FALSE;
static isc_boolean_t removefile = ISC_FALSE; static isc_boolean_t removefile = ISC_FALSE;
static isc_boolean_t generateds = ISC_FALSE; static isc_boolean_t generateds = ISC_FALSE;
static isc_boolean_t ignoreksk = ISC_FALSE; static isc_boolean_t ignoreksk = ISC_FALSE;
static dns_name_t *dlv = NULL;
static dns_fixedname_t dlv_fixed;
static dns_master_style_t *dsstyle = NULL;
#define INCSTAT(counter) \ #define INCSTAT(counter) \
if (printstats) { \ if (printstats) { \
...@@ -868,11 +871,18 @@ signname(dns_dbnode_t *node, dns_name_t *name) { ...@@ -868,11 +871,18 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
if (rdataset.type != dns_rdatatype_nsec && if (rdataset.type != dns_rdatatype_nsec &&
rdataset.type != dns_rdatatype_ds) rdataset.type != dns_rdatatype_ds)
goto skip; goto skip;
#if 0
/*
* The current draft allows DS not at a zone cut.
* This is a bad idea. Update once the RFC is published.
* XXXMPA.
*/
} else if (rdataset.type == dns_rdatatype_ds) { } else if (rdataset.type == dns_rdatatype_ds) {
char namebuf[DNS_NAME_FORMATSIZE]; char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf)); dns_name_format(name, namebuf, sizeof(namebuf));
fatal("'%s': found DS RRset without NS RRset\n", fatal("'%s': found DS RRset without NS RRset\n",
namebuf); namebuf);
#endif
} }
signset(&diff, node, name, &rdataset); signset(&diff, node, name, &rdataset);
...@@ -1407,40 +1417,45 @@ warnifallksk(dns_db_t *db) { ...@@ -1407,40 +1417,45 @@ warnifallksk(dns_db_t *db) {
} }
static void static void
writekeyset(void) { writeset(const char *prefix, dns_rdatatype_t type) {
char *filename;
char namestr[DNS_NAME_FORMATSIZE]; char namestr[DNS_NAME_FORMATSIZE];
isc_buffer_t namebuf;
unsigned int filenamelen;
char *keyfile;
signer_key_t *key;
unsigned char keybuf[DST_KEY_MAXSIZE];
dns_diff_t diff;
dns_difftuple_t *tuple = NULL;
dns_db_t *db = NULL; dns_db_t *db = NULL;
dns_dbversion_t *version = NULL; dns_dbversion_t *version = NULL;
dns_rdata_t rdata; dns_diff_t diff;
dns_difftuple_t *tuple = NULL;
dns_fixedname_t fixed;
dns_name_t *name;
dns_rdata_t rdata, ds;
isc_boolean_t have_ksk = ISC_FALSE;
isc_boolean_t have_non_ksk = ISC_FALSE;
isc_buffer_t b; isc_buffer_t b;
isc_buffer_t namebuf;
isc_region_t r; isc_region_t r;
isc_result_t result; isc_result_t result;
isc_boolean_t have_non_ksk = ISC_FALSE; signer_key_t *key;
isc_boolean_t have_ksk = ISC_FALSE; unsigned char dsbuf[DNS_DS_BUFFERSIZE];
unsigned char keybuf[DST_KEY_MAXSIZE];
unsigned int filenamelen;
const dns_master_style_t *style =
(type == dns_rdatatype_dnskey) ? masterstyle : dsstyle;
isc_buffer_init(&namebuf, namestr, sizeof(namestr)); isc_buffer_init(&namebuf, namestr, sizeof(namestr));
result = dns_name_tofilenametext(gorigin, ISC_FALSE, &namebuf); result = dns_name_tofilenametext(gorigin, ISC_FALSE, &namebuf);
check_result(result, "dns_name_tofilenametext"); check_result(result, "dns_name_tofilenametext");
isc_buffer_putuint8(&namebuf, 0); isc_buffer_putuint8(&namebuf, 0);
filenamelen = strlen("keyset-") + strlen(namestr); filenamelen = strlen(prefix) + strlen(namestr);
if (directory != NULL) if (directory != NULL)
filenamelen += strlen(directory) + 1; filenamelen += strlen(directory) + 1;
keyfile = isc_mem_get(mctx, filenamelen + 1); filename = isc_mem_get(mctx, filenamelen + 1);
if (keyfile == NULL) if (filename == NULL)
fatal("out of memory"); fatal("out of memory");
if (directory != NULL) if (directory != NULL)
sprintf(keyfile, "%s/", directory); sprintf(filename, "%s/", directory);
else else
keyfile[0] = 0; filename[0] = 0;
strcat(keyfile, "keyset-"); strcat(filename, prefix);
strcat(keyfile, namestr); strcat(filename, namestr);
dns_diff_init(mctx, &diff); dns_diff_init(mctx, &diff);
...@@ -1460,6 +1475,20 @@ writekeyset(void) { ...@@ -1460,6 +1475,20 @@ writekeyset(void) {
break; break;
} }
if (type == dns_rdatatype_dlv) {
dns_name_t tname;
unsigned int labels;
dns_name_init(&tname, NULL);
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
labels = dns_name_countlabels(gorigin);
dns_name_getlabelsequence(gorigin, 0, labels - 1, &tname);
result = dns_name_concatenate(&tname, dlv, name, NULL);
check_result(result, "dns_name_concatenate");
} else
name = gorigin;
for (key = ISC_LIST_HEAD(keylist); for (key = ISC_LIST_HEAD(keylist);
key != NULL; key != NULL;
key = ISC_LIST_NEXT(key, link)) key = ISC_LIST_NEXT(key, link))
...@@ -1467,13 +1496,25 @@ writekeyset(void) { ...@@ -1467,13 +1496,25 @@ writekeyset(void) {
if (have_ksk && have_non_ksk && !key->isksk) if (have_ksk && have_non_ksk && !key->isksk)
continue; continue;
dns_rdata_init(&rdata); dns_rdata_init(&rdata);
dns_rdata_init(&ds);
isc_buffer_init(&b, keybuf, sizeof(keybuf)); isc_buffer_init(&b, keybuf, sizeof(keybuf));
result = dst_key_todns(key->key, &b); result = dst_key_todns(key->key, &b);
check_result(result, "dst_key_todns"); check_result(result, "dst_key_todns");
isc_buffer_usedregion(&b, &r); isc_buffer_usedregion(&b, &r);
dns_rdata_fromregion(&rdata, gclass, dns_rdatatype_dnskey, &r); dns_rdata_fromregion(&rdata, gclass, dns_rdatatype_dnskey, &r);
result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, gorigin, if (type != dns_rdatatype_dnskey) {
zonettl, &rdata, &tuple); result = dns_ds_buildrdata(gorigin, &rdata,
DNS_DSDIGEST_SHA1,
dsbuf, &ds);
check_result(result, "dns_ds_buildrdata");
if (type == dns_rdatatype_dlv)
ds.type = dns_rdatatype_dlv;
result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
name, 0, &ds, &tuple);
} else
result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
gorigin, zonettl,
&rdata, &tuple);
check_result(result, "dns_difftuple_create"); check_result(result, "dns_difftuple_create");
dns_diff_append(&diff, &tuple); dns_diff_append(&diff, &tuple);
} }
...@@ -1489,10 +1530,10 @@ writekeyset(void) { ...@@ -1489,10 +1530,10 @@ writekeyset(void) {
check_result(result, "dns_diff_apply"); check_result(result, "dns_diff_apply");
dns_diff_clear(&diff); dns_diff_clear(&diff);
result = dns_master_dump(mctx, db, version, masterstyle, keyfile); result = dns_master_dump(mctx, db, version, style, filename);
check_result(result, "dns_master_dump"); check_result(result, "dns_master_dump");
isc_mem_put(mctx, keyfile, filenamelen + 1); isc_mem_put(mctx, filename, filenamelen + 1);
dns_db_closeversion(db, &version, ISC_FALSE); dns_db_closeversion(db, &version, ISC_FALSE);
dns_db_detach(&db); dns_db_detach(&db);
...@@ -1550,6 +1591,7 @@ usage(void) { ...@@ -1550,6 +1591,7 @@ usage(void) {
fprintf(stderr, "print statistics\n"); fprintf(stderr, "print statistics\n");
fprintf(stderr, "\t-n ncpus (number of cpus present)\n"); fprintf(stderr, "\t-n ncpus (number of cpus present)\n");
fprintf(stderr, "\t-k key_signing_key\n"); fprintf(stderr, "\t-k key_signing_key\n");
fprintf(stderr, "\t-l lookasidezone\n");
fprintf(stderr, "\n"); fprintf(stderr, "\n");
...@@ -1609,6 +1651,9 @@ main(int argc, char *argv[]) { ...@@ -1609,6 +1651,9 @@ main(int argc, char *argv[]) {
dns_rdataclass_t rdclass; dns_rdataclass_t rdclass;
dns_db_t *udb = NULL; dns_db_t *udb = NULL;
isc_task_t **tasks = NULL; isc_task_t **tasks = NULL;
isc_buffer_t b;
int len;
masterstyle = &dns_master_style_explicitttl; masterstyle = &dns_master_style_explicitttl;
check_result(isc_app_start(), "isc_app_start"); check_result(isc_app_start(), "isc_app_start");
...@@ -1620,7 +1665,7 @@ main(int argc, char *argv[]) { ...@@ -1620,7 +1665,7 @@ main(int argc, char *argv[]) {
dns_result_register(); dns_result_register();
while ((ch = isc_commandline_parse(argc, argv, while ((ch = isc_commandline_parse(argc, argv,
"ac:d:e:f:ghi:k:n:o:pr:s:Stv:z")) "ac:d:e:f:ghi:k:l:n:o:pr:s:Stv:z"))
!= -1) { != -1) {
switch (ch) { switch (ch) {
case 'a': case 'a':
...@@ -1660,6 +1705,19 @@ main(int argc, char *argv[]) { ...@@ -1660,6 +1705,19 @@ main(int argc, char *argv[]) {
"positive"); "positive");
break; break;
case 'l':
dns_fixedname_init(&dlv_fixed);
len = strlen(isc_commandline_argument);
isc_buffer_init(&b, isc_commandline_argument, len);
isc_buffer_add(&b, len);
dns_fixedname_init(&dlv_fixed);
dlv = dns_fixedname_name(&dlv_fixed);
result = dns_name_fromtext(dlv, &b, dns_rootname,
ISC_FALSE, NULL);
check_result(result, "dns_name_fromtext(dlv)");
break;
case 'k': case 'k':
if (ndskeys == MAXDSKEYS) if (ndskeys == MAXDSKEYS)
fatal("too many key-signing keys specified"); fatal("too many key-signing keys specified");
...@@ -1767,6 +1825,11 @@ main(int argc, char *argv[]) { ...@@ -1767,6 +1825,11 @@ main(int argc, char *argv[]) {
sprintf(output, "%s.signed", file); sprintf(output, "%s.signed", file);
} }
result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL,
0, 24, 0, 0, 0, 8, mctx);
check_result(result, "dns_master_stylecreate");
gdb = NULL; gdb = NULL;
TIME_NOW(&timer_start); TIME_NOW(&timer_start);
loadzone(file, origin, rdclass, &gdb); loadzone(file, origin, rdclass, &gdb);
...@@ -1868,8 +1931,13 @@ main(int argc, char *argv[]) { ...@@ -1868,8 +1931,13 @@ main(int argc, char *argv[]) {
nsecify(); nsecify();
if (!nokeys) if (!nokeys) {
writekeyset(); writeset("keyset-", dns_rdatatype_dnskey);
writeset("dsset-", dns_rdatatype_ds);
if (dlv != NULL) {
writeset("dlvset-", dns_rdatatype_dlv);
}
}
tempfilelen = strlen(output) + 20; tempfilelen = strlen(output) + 20;
tempfile = isc_mem_get(mctx, tempfilelen); tempfile = isc_mem_get(mctx, tempfilelen);
...@@ -1965,6 +2033,8 @@ main(int argc, char *argv[]) { ...@@ -1965,6 +2033,8 @@ main(int argc, char *argv[]) {
if (free_output) if (free_output)
isc_mem_free(mctx, output); isc_mem_free(mctx, output);
dns_master_styledestroy(&dsstyle, mctx);
cleanup_logging(&log); cleanup_logging(&log);
dst_lib_destroy(); dst_lib_destroy();
cleanup_entropy(&ectx); cleanup_entropy(&ectx);
......
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
- PERFORMANCE OF THIS SOFTWARE. - PERFORMANCE OF THIS SOFTWARE.
--> -->
<!-- $Id: dnssec-signzone.docbook,v 1.9 2004/03/05 04:57:41 marka Exp $ --> <!-- $Id: dnssec-signzone.docbook,v 1.10 2004/03/10 02:19:51 marka Exp $ -->
<refentry> <refentry>
<refentryinfo> <refentryinfo>
...@@ -45,6 +45,7 @@ ...@@ -45,6 +45,7 @@
<arg><option>-g</option></arg> <arg><option>-g</option></arg>
<arg><option>-h</option></arg> <arg><option>-h</option></arg>
<arg><option>-k <replaceable class="parameter">key</replaceable></option></arg> <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg> <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">nthreads</replaceable></option></arg> <arg><option>-n <replaceable class="parameter">nthreads</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg> <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
...@@ -105,6 +106,16 @@ ...@@ -105,6 +106,16 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>-l <replaceable class="parameter">domain</replaceable></term>
<listitem>
<para>
Generate a DLV set in addition to the key (DNSKEY) and DS sets.
The domain is appended to the name of the records.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>-d <replaceable class="parameter">directory</replaceable></term> <term>-d <replaceable class="parameter">directory</replaceable></term>
<listitem> <listitem>
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: config.c,v 1.45 2004/03/05 04:57:46 marka Exp $ */ /* $Id: config.c,v 1.46 2004/03/10 02:19:52 marka Exp $ */
#include <config.h> #include <config.h>
...@@ -123,7 +123,7 @@ options {\n\ ...@@ -123,7 +123,7 @@ options {\n\
check-names master fail;\n\ check-names master fail;\n\
check-names slave warn;\n\ check-names slave warn;\n\
check-names response ignore;\n\ check-names response ignore;\n\
enable-dnssec no; /* Make yes for 9.4. */ \n\ dnssec-enable no; /* Make yes for 9.4. */ \n\
\n\ \n\
/* zone */\n\ /* zone */\n\
allow-query {any;};\n\ allow-query {any;};\n\
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: query.c,v 1.256 2004/03/05 04:57:48 marka Exp $ */ /* $Id: query.c,v 1.257 2004/03/10 02:19:52 marka Exp $ */
#include <config.h> #include <config.h>
...@@ -1547,7 +1547,7 @@ query_addns(ns_client_t *client, dns_db_t *db) { ...@@ -1547,7 +1547,7 @@ query_addns(ns_client_t *client, dns_db_t *db) {
static inline isc_result_t static inline isc_result_t
query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname, query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
dns_ttl_t ttl, dns_name_t **anamep, dns_rdatatype_t type) dns_trust_t trust, dns_name_t **anamep, dns_rdatatype_t type)
{ {
dns_rdataset_t *rdataset; dns_rdataset_t *rdataset;
dns_rdatalist_t *rdatalist; dns_rdatalist_t *rdatalist;
...@@ -1583,7 +1583,7 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname, ...@@ -1583,7 +1583,7 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
rdatalist->type = type; rdatalist->type = type;
rdatalist->covers = 0; rdatalist->covers = 0;
rdatalist->rdclass = client->message->rdclass; rdatalist->rdclass = client->message->rdclass;
rdatalist->ttl = ttl; rdatalist->ttl = 0;
dns_name_toregion(tname, &r); dns_name_toregion(tname, &r);
rdata->data = r.base; rdata->data = r.base;
...@@ -1595,6 +1595,7 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname, ...@@ -1595,6 +1595,7 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
ISC_LIST_APPEND(rdatalist->rdata, rdata, link); ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset) RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
== ISC_R_SUCCESS); == ISC_R_SUCCESS);
rdataset->trust = trust;
query_addrrset(client, anamep, &rdataset, NULL, NULL, query_addrrset(client, anamep, &rdataset, NULL, NULL,
DNS_SECTION_ANSWER); DNS_SECTION_ANSWER);
...@@ -3076,7 +3077,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -3076,7 +3077,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/ */
dns_name_init(tname, NULL); dns_name_init(tname, NULL);
(void)query_addcnamelike(client, client->query.qname, fname, (void)query_addcnamelike(client, client->query.qname, fname,
0, &tname, dns_rdatatype_cname); trdataset->trust, &tname,
dns_rdatatype_cname);
if (tname != NULL) if (tname != NULL)
dns_message_puttempname(client->message, &tname); dns_message_puttempname(client->message, &tname);
/* /*
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: server.c,v 1.416 2004/03/05 04:57:48 marka Exp $ */ /* $Id: server.c,v 1.417 2004/03/10 02:19:52 marka Exp $ */
#include <config.h> #include <config.h>
...@@ -1118,10 +1118,24 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, ...@@ -1118,10 +1118,24 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
view->provideixfr = cfg_obj_asboolean(obj); view->provideixfr = cfg_obj_asboolean(obj);
obj = NULL; obj = NULL;
result = ns_config_get(maps, "enable-dnssec", &obj); result = ns_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
view->enablednssec = cfg_obj_asboolean(obj); view->enablednssec = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "dnssec-lookaside", &obj);
if (result == ISC_R_SUCCESS) {
const char *dlv;
isc_buffer_t b;
dlv = cfg_obj_asstring(obj);
isc_buffer_init(&b, dlv, strlen(dlv));
isc_buffer_add(&b, strlen(dlv));
CHECK(dns_name_fromtext(dns_fixedname_name(&view->dlv_fixed),
&b, dns_rootname, ISC_TRUE, NULL));
view->dlv = dns_fixedname_name(&view->dlv_fixed);
} else
view->dlv = NULL;