Commit b3ff3bf2 authored by Evan Hunt's avatar Evan Hunt

remove configuration, syntax checking and implementation of dnssec-enable

parent d0696586
......@@ -143,7 +143,6 @@ options {\n\
cleaning-interval 0; /* now meaningless */\n\
clients-per-query 10;\n\
dnssec-accept-expired no;\n\
dnssec-enable yes;\n\
dnssec-validation " VALIDATION_DEFAULT "; \n"
#ifdef HAVE_DNSTAP
" dnstap-identity hostname;\n"
......
......@@ -4140,27 +4140,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
INSIST(result == ISC_R_SUCCESS);
view->acceptexpired = cfg_obj_asboolean(obj);
obj = NULL;
result = named_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS);
view->enablednssec = cfg_obj_asboolean(obj);
obj = NULL;
/* 'optionmaps', not 'maps': don't check named_g_defaults yet */
(void)named_config_get(optionmaps, "dnssec-validation", &obj);
if (obj == NULL) {
/*
* If dnssec-enable is yes, then we default to
* VALIDATION_DEFAULT as set in config.c. Otherwise
* we default to "no".
* Default to VALIDATION_DEFAULT as set in config.c.
*/
if (view->enablednssec) {
(void)cfg_map_get(named_g_defaults,
"dnssec-validation", &obj);
INSIST(obj != NULL);
} else {
view->enablevalidation = false;
}
(void)cfg_map_get(named_g_defaults, "dnssec-validation", &obj);
INSIST(obj != NULL);
}
if (obj != NULL) {
if (cfg_obj_isboolean(obj)) {
......
......@@ -3454,8 +3454,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
const cfg_obj_t *options = NULL;
const cfg_obj_t *opts = NULL;
const cfg_obj_t *plugin_list = NULL;
bool enablednssec, enablevalidation;
const char *valstr = "no";
unsigned int tflags, mflags;
/*
......@@ -3606,40 +3604,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
isc_symtab_destroy(&symtab);
/*
* Check that dnssec-enable/dnssec-validation are sensible.
*/
obj = NULL;
if (voptions != NULL)
(void)cfg_map_get(voptions, "dnssec-enable", &obj);
if (obj == NULL && options != NULL)
(void)cfg_map_get(options, "dnssec-enable", &obj);
if (obj == NULL)
enablednssec = true;
else
enablednssec = cfg_obj_asboolean(obj);
obj = NULL;
if (voptions != NULL)
(void)cfg_map_get(voptions, "dnssec-validation", &obj);
if (obj == NULL && options != NULL)
(void)cfg_map_get(options, "dnssec-validation", &obj);
if (obj == NULL) {
enablevalidation = enablednssec;
valstr = "yes";
} else if (cfg_obj_isboolean(obj)) {
enablevalidation = cfg_obj_asboolean(obj);
valstr = enablevalidation ? "yes" : "no";
} else {
enablevalidation = true;
valstr = "auto";
}
if (enablevalidation && !enablednssec)
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"'dnssec-validation %s;' and 'dnssec-enable no;'",
valstr);
/*
* Check trusted-keys and managed-keys.
*/
......
......@@ -123,7 +123,6 @@ struct dns_view {
bool use_glue_cache;
bool minimal_any;
dns_minimaltype_t minimalresponses;
bool enablednssec;
bool enablevalidation;
bool acceptexpired;
bool requireservercookie;
......
......@@ -179,7 +179,6 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
view->qminimization = false;
view->qmin_strict = false;
view->auth_nxdomain = false; /* Was true in BIND 8 */
view->enablednssec = true;
view->enablevalidation = true;
view->acceptexpired = false;
view->use_glue_cache = false;
......
......@@ -10787,14 +10787,6 @@ ns_query_start(ns_client_t *client) {
*/
client->next = query_next_callback;
/*
* Behave as if we don't support DNSSEC if not enabled.
*/
if (!client->view->enablednssec) {
message->flags &= ~DNS_MESSAGEFLAG_CD;
client->extflags &= ~DNS_MESSAGEEXTFLAG_DO;
}
if ((message->flags & DNS_MESSAGEFLAG_RD) != 0)
client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment