• Michał Kępień's avatar
    Do not check SEP bit for mirror zone trust anchors · 72c20173
    Michał Kępień authored
    When a mirror zone is verified, the 'ignore_kskflag' argument passed to
    dns_zoneverify_dnssec() is set to false.  This means that in order for
    its verification to succeed, a mirror zone needs to have at least one
    key with the SEP bit set configured as a trust anchor.  This brings no
    security benefit and prevents zones signed only using keys without the
    SEP bit set from being mirrored, so change the value of the
    'ignore_kskflag' argument passed to dns_zoneverify_dnssec() to true.
    72c20173
Name
Last commit
Last update
..
bind9 Loading commit data...
dns Loading commit data...
irs Loading commit data...
isc Loading commit data...
isccc Loading commit data...
isccfg Loading commit data...
ns Loading commit data...
samples Loading commit data...
win32/bindevt Loading commit data...
.gitignore Loading commit data...
Kyuafile Loading commit data...
Makefile.in Loading commit data...