Commit 9a5f3082 authored by Mark Andrews's avatar Mark Andrews Committed by Evan Hunt

add named.conf option root-key-sentinel

(cherry picked from commit 68e9315c)
(cherry picked from commit ee763ef2)
parent afa97c65
......@@ -193,6 +193,7 @@ options {\n\
request-ixfr true;\n\
require-server-cookie no;\n\
# rfc2308-type1 <obsolete>;\n\
root-key-sentinel yes;\n\
servfail-ttl 1;\n\
# sortlist <none>\n\
# topology <none>\n\
......
......@@ -7080,7 +7080,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* Setup for root key sentinel processing.
*/
if (client->query.restarts == 0 &&
if (client->view->root_key_sentinel &&
client->query.restarts == 0 &&
(qtype == dns_rdatatype_a ||
qtype == dns_rdatatype_aaaa) &&
(client->message->flags & DNS_MESSAGEFLAG_CD) == 0)
......
......@@ -4255,6 +4255,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
INSIST(result == ISC_R_SUCCESS);
view->trust_anchor_telemetry = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "root-key-sentinel", &obj);
INSIST(result == ISC_R_SUCCESS);
view->root_key_sentinel = cfg_obj_asboolean(obj);
CHECK(configure_view_acl(vconfig, config, ns_g_config,
"allow-query-cache-on", NULL, actx,
ns_g_mctx, &view->cacheonacl));
......
......@@ -5952,6 +5952,17 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>root-key-sentinel</command></term>
<listitem>
<para>
Respond to root key sentinel probes as described in
draft-ietf-dnsop-kskroll-sentinel-08. The default is
<userinput>yes</userinput>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>maintain-ixfr-base</command></term>
<listitem>
......
......@@ -307,6 +307,7 @@ options {
qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
......@@ -607,6 +608,7 @@ view <string> [ <class> ] {
min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
rfc2308-type1 <boolean>; // not yet implemented
root-key-sentinel <boolean>;
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
......
......@@ -126,6 +126,7 @@ struct dns_view {
isc_boolean_t acceptexpired;
isc_boolean_t requireservercookie;
isc_boolean_t trust_anchor_telemetry;
isc_boolean_t root_key_sentinel;
dns_transfer_format_t transfer_format;
dns_acl_t * cacheacl;
dns_acl_t * cacheonacl;
......
......@@ -239,6 +239,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
view->sendcookie = ISC_TRUE;
view->requireservercookie = ISC_FALSE;
view->trust_anchor_telemetry = ISC_TRUE;
view->root_key_sentinel = ISC_TRUE;
view->new_zone_file = NULL;
view->new_zone_db = NULL;
view->new_zone_dbenv = NULL;
......
......@@ -1806,6 +1806,7 @@ view_clauses[] = {
{ "response-policy", &cfg_type_rpz, 0 },
{ "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },
{ "root-delegation-only", &cfg_type_optional_exclude, 0 },
{ "root-key-sentinel", &cfg_type_boolean, 0 },
{ "rrset-order", &cfg_type_rrsetorder, 0 },
{ "send-cookie", &cfg_type_boolean, 0 },
{ "servfail-ttl", &cfg_type_ttlval, 0 },
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment