Check key-directory duplicates for kasp zones (!5055) · Merge requests · ISC Open Source Projects / BIND

Matthijs Mekking requested to merge 2463-kasp-views-different-policy-same-keydirectory-v9_16 into v9_16 May 18, 2021

Don't allow the same zone with different dnssec-policies in separate views have the same key-directory.

Track zones plus key-directory in a symtab and if there is a match, check the offending zone's dnssec-policy name. If the name is "none" (there is no kasp for the offending zone), or if the name is the same (the zone shares keys), it is fine, otherwise it is an error (zones in views using different policies cannot share the same key-directory).

(cherry picked from commit 494e8b2c)

Closes #2463 (closed)

Check key-directory duplicates for kasp zones

Merge request reports