diff options
| author |  Miek Gieben <miek@miek.nl>
| 2017-12-01 11:14:39 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2017-12-01 11:14:39 +0000 |
| commit | f96555476eb616675987bcb6d6dfec6cfa06689c (patch) | |
| tree | d4d84a765cd79cf2e0f27056cc2371d0a27ebc61 /plugin/dnssec | |
| parent | dce696a2fe1373406f18fb0d58671ec78b10174c (diff) | |
| download | coredns-f96555476eb616675987bcb6d6dfec6cfa06689c.tar.gz coredns-f96555476eb616675987bcb6d6dfec6cfa06689c.tar.zst coredns-f96555476eb616675987bcb6d6dfec6cfa06689c.zip | |
plugin/dnssec: Drop inserting DS records on delegation (#1266)
See #1211 for disuccsion; current code is probably the wrong thing to
do; rethink if we need/want this. Comment out the code for now.
Diffstat (limited to 'plugin/dnssec')
| -rw-r--r-- | plugin/dnssec/dnssec.go | 25 | ||||
| -rw-r--r-- | plugin/dnssec/dnssec_test.go | 3 |
2 files changed, 17 insertions, 11 deletions
diff --git a/plugin/dnssec/dnssec.go b/plugin/dnssec/dnssec.go index b4f738691..6451182ff 100644 --- a/plugin/dnssec/dnssec.go +++ b/plugin/dnssec/dnssec.go @@ -46,16 +46,21 @@ func (d Dnssec) Sign(state request.Request, zone string, now time.Time) *dns.Msg mt, _ := response.Typify(req, time.Now().UTC()) // TODO(miek): need opt record here? if mt == response.Delegation { - ttl := req.Ns[0].Header().Ttl - - ds := []dns.RR{} - for i := range d.keys { - ds = append(ds, d.keys[i].D) - } - if sigs, err := d.sign(ds, zone, ttl, incep, expir); err == nil { - req.Ns = append(req.Ns, ds...) - req.Ns = append(req.Ns, sigs...) - } + // This reverts 11203e44. Reverting with git revert leads to conflicts in dnskey.go, and I'm + // not sure yet if we just should fiddle with inserting DSs or not. + // Easy way to, see #1211 for discussion. + /* + ttl := req.Ns[0].Header().Ttl + + ds := []dns.RR{} + for i := range d.keys { + ds = append(ds, d.keys[i].D) + } + if sigs, err := d.sign(ds, zone, ttl, incep, expir); err == nil { + req.Ns = append(req.Ns, ds...) + req.Ns = append(req.Ns, sigs...) + } + */ return req } diff --git a/plugin/dnssec/dnssec_test.go b/plugin/dnssec/dnssec_test.go index ab41800a1..090642acf 100644 --- a/plugin/dnssec/dnssec_test.go +++ b/plugin/dnssec/dnssec_test.go @@ -95,7 +95,8 @@ func TestSigningCname(t *testing.T) { } } -func TestZoneSigningDelegation(t *testing.T) { +// Disabled for now, see #1211. +func testZoneSigningDelegation(t *testing.T) { d, rm1, rm2 := newDnssec(t, []string{"miek.nl."}) defer rm1() defer rm2() |