Don't trust a placeholder KEYDATA record (!7003) · Merge requests · ISC Open Source Projects / BIND

Arаm Sаrgsyаn requested to merge 2895-named-can-create-unrecoverable-managed-keys into main Oct 31, 2022

When named starts it creates an empty KEYDATA record in the managed-keys zone as a placeholder, then schedules a key refresh. If key refresh fails for some reason (e.g. connectivity problems), named will load the placeholder key into secroots as a trusted key during the next startup, which will break the chain of trust, and named will never recover from that state until managed-keys.bind and managed-keys.bind.jnl files are manually deleted before (re)starting named.

Before calling load_secroots(), check that we are not dealing with a placeholder.

Closes #2895 (closed)

Edited Oct 31, 2022 by Arаm Sаrgsyаn

Don't trust a placeholder KEYDATA record

Merge request reports