Permalink
Browse files

change default for add-superfluous-nsec3-for-old-bind config option

  • Loading branch information...
1 parent 017a78b commit b3dec9c7e9c078f52cea53d6374952fc171d40ee @mind04 mind04 committed with mind04 May 1, 2015
Showing with 10 additions and 2 deletions.
  1. +1 −1 pdns/common_startup.cc
  2. +1 −1 pdns/pdns.conf-dist
  3. +8 −0 regression-tests/start-test-stop
@@ -139,7 +139,7 @@ void declareArguments()
::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
- ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="yes";
+ ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="no";
::arg().set("default-ksk-algorithms","Default KSK algorithms")="rsasha256";
::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
::arg().set("default-zsk-algorithms","Default ZSK algorithms")="rsasha256";
View
@@ -2,7 +2,7 @@
#################################
# add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record to positive wildcard response
#
-# add-superfluous-nsec3-for-old-bind=yes
+# add-superfluous-nsec3-for-old-bind=no
#################################
# allow-axfr-ips Allow zonetransfers only to these subnets
@@ -148,6 +148,7 @@ case $context in
--no-shuffle --launch=bind --bind-config=./named.conf \
--bind-dnssec-db=./dnssec.sqlite3 \
--send-root-referral \
+ --add-superfluous-nsec3-for-old-bind \
--cache-ttl=0 --no-config &
bindwait
;;
@@ -268,6 +269,7 @@ __EOF__
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch --launch+=random --launch+=gmysql --launch+=random --gmysql-dnssec \
--fancy-records --send-root-referral \
+ --add-superfluous-nsec3-for-old-bind \
--cache-ttl=0 --no-config \
--gmysql-dbname="$GMYSQLDB" \
--gmysql-user="$GMYSQLUSER" \
@@ -320,6 +322,7 @@ __EOF__
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=gpgsql --gpgsql-dnssec \
--fancy-records --send-root-referral \
+ --add-superfluous-nsec3-for-old-bind \
--cache-ttl=0 --no-config \
--gpgsql-dbname="$GPGSQLDB" \
--gpgsql-user="$GPGSQLUSER" &
@@ -433,6 +436,7 @@ __EOF__
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
--fancy-records --send-root-referral \
+ --add-superfluous-nsec3-for-old-bind \
--cache-ttl=0 --no-config \
--gsqlite3-database=pdns.sqlite3 &
if [ $context = gsqlite3-nsec3 ]
@@ -522,6 +526,7 @@ EOF
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=remote \
--query-logging --loglevel=9 --cache-ttl=0 --no-config \
+ --add-superfluous-nsec3-for-old-bind \
--send-root-referral \
--remote-connection-string="$connstr" $remote_add_param &
@@ -598,6 +603,7 @@ then
$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=gmysql --gmysql-dnssec \
--fancy-records --send-root-referral \
+ --add-superfluous-nsec3-for-old-bind \
--cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
--gmysql-dbname="$GMYSQL2DB" \
--gmysql-user="$GMYSQL2USER" \
@@ -631,6 +637,7 @@ then
$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
--fancy-records --send-root-referral \
+ --add-superfluous-nsec3-for-old-bind \
--cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
--gsqlite3-database=pdns.sqlite31 --gsqlite3-pragma-synchronous=0 |& egrep -v "update records set ordername|insert into records" &
echo 'waiting for zones to be slaved'
@@ -665,6 +672,7 @@ then
$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=./named-slave.conf --slave \
--send-root-referral --retrieval-threads=1 --config-name=bind-slave \
+ --add-superfluous-nsec3-for-old-bind \
--cache-ttl=0 --no-config --bind-dnssec-db=./dnssec-slave.sqlite3 &
echo 'waiting for zones to be loaded'
bindwait bind-slave

0 comments on commit b3dec9c

Please sign in to comment.