named.conf handling of dnssec-policy "default"; changed between 9.18.6 and 9.18.7
Summary
setting dnssec-policy "default"; in (top level) options{} in named.conf causes v9.18.7 to fail to start
BIND version used
% named -V BIND 9.18.7 (Stable Release) id:85a6eb1 running on Darwin x86_64 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 29 04:31:06 PDT 2022; root:xnu-7195.141.39~2/RELEASE_X86_64 built by make with '--with-openssl=/opt/local' 'LDFLAGS=-L/opt/local/lib' 'CPPFLAGS=-I/opt/local/include' compiled by CLANG Apple LLVM 13.0.0 (clang-1300.0.29.30) compiled with OpenSSL version: OpenSSL 3.0.5 5 Jul 2022 linked to OpenSSL version: OpenSSL 3.0.5 5 Jul 2022 compiled with libuv version: 1.44.2 linked to libuv version: 1.44.2 compiled with libnghttp2 version: 1.49.0 linked to libnghttp2 version: 1.49.0 compiled with libxml2 version: 2.10.2 linked to libxml2 version: 21002 compiled with json-c version: 0.16 linked to json-c version: 0.16 compiled with zlib version: 1.2.12 linked to zlib version: 1.2.12 threads support is enabled
default paths: named configuration: /usr/local/etc/named.conf rndc configuration: /usr/local/etc/rndc.conf DNSSEC root key: /usr/local/etc/bind.keys nsupdate session key: /usr/local/var/run/named/session.key named PID file: /usr/local/var/run/named/named.pid named lock file: /usr/local/var/run/named/named.lock
Steps to reproduce
create a named.conf file with:
options {
dnssec-policy "default";`
}try to run named
What is the current bug behavior?
named exits without any error messages (when run with -d it also does not emit any messages to help indicate why it's unhappy).
named-checkconf reports: "'dnssec-policy;' requires dynamic DNS or inline-signing to be configured for the zone"
What is the expected correct behavior?
named (and named-checkconf) should accept the same configuration that v9.18.6 does. Minimally, named should emit an error message explaining that there was a problem with the conf file.