change default for add-superfluous-nsec3-for-old-bind config option

mind04 · mind04 · commit b3dec9c7e9c0 · 2015-05-01T07:52:16.000+02:00
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
@@ -139,7 +139,7 @@ void declareArguments()
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
   ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
-  ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="yes";
+  ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="no";
   ::arg().set("default-ksk-algorithms","Default KSK algorithms")="rsasha256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
   ::arg().set("default-zsk-algorithms","Default ZSK algorithms")="rsasha256";
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
@@ -2,7 +2,7 @@
 #################################
 # add-superfluous-nsec3-for-old-bind	Add superfluous NSEC3 record to positive wildcard response
 #
-# add-superfluous-nsec3-for-old-bind=yes
+# add-superfluous-nsec3-for-old-bind=no
 
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop
@@ -148,6 +148,7 @@ case $context in
 				--no-shuffle --launch=bind --bind-config=./named.conf \
 				--bind-dnssec-db=./dnssec.sqlite3 \
 				--send-root-referral \
+				--add-superfluous-nsec3-for-old-bind \
 				--cache-ttl=0 --no-config &
 			bindwait
 			;;
@@ -268,6 +269,7 @@ __EOF__
 			$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
 				--no-shuffle --launch --launch+=random --launch+=gmysql --launch+=random --gmysql-dnssec \
 				--fancy-records --send-root-referral \
+				--add-superfluous-nsec3-for-old-bind \
 				--cache-ttl=0 --no-config \
 				--gmysql-dbname="$GMYSQLDB" \
 				--gmysql-user="$GMYSQLUSER" \
@@ -320,6 +322,7 @@ __EOF__
 			$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
 				--no-shuffle --launch=gpgsql --gpgsql-dnssec \
 				--fancy-records --send-root-referral \
+				--add-superfluous-nsec3-for-old-bind \
 				--cache-ttl=0 --no-config \
 				--gpgsql-dbname="$GPGSQLDB" \
 				--gpgsql-user="$GPGSQLUSER" &
@@ -433,6 +436,7 @@ __EOF__
 			$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
 				--no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
 				--fancy-records --send-root-referral \
+				--add-superfluous-nsec3-for-old-bind \
 				--cache-ttl=0 --no-config \
 				--gsqlite3-database=pdns.sqlite3 &
 			if [ $context = gsqlite3-nsec3 ]
@@ -522,6 +526,7 @@ EOF
 			$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
 				--no-shuffle --launch=remote \
 				--query-logging --loglevel=9 --cache-ttl=0 --no-config \
+				--add-superfluous-nsec3-for-old-bind \
 				--send-root-referral \
 				--remote-connection-string="$connstr" $remote_add_param &
                         
@@ -598,6 +603,7 @@ then
 		$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
 			--no-shuffle --launch=gmysql --gmysql-dnssec \
 			--fancy-records --send-root-referral \
+			--add-superfluous-nsec3-for-old-bind \
 			--cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
 			--gmysql-dbname="$GMYSQL2DB" \
 			--gmysql-user="$GMYSQL2USER" \
@@ -631,6 +637,7 @@ then
 		$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
 			--no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
 			--fancy-records --send-root-referral \
+			--add-superfluous-nsec3-for-old-bind \
 			--cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
 			--gsqlite3-database=pdns.sqlite31 --gsqlite3-pragma-synchronous=0 |& egrep -v "update records set ordername|insert into records" &
 		echo 'waiting for zones to be slaved'
@@ -665,6 +672,7 @@ then
 		$RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
 			--no-shuffle --launch=bind --bind-config=./named-slave.conf --slave         \
 			--send-root-referral --retrieval-threads=1  --config-name=bind-slave \
+			--add-superfluous-nsec3-for-old-bind \
 			--cache-ttl=0 --no-config --bind-dnssec-db=./dnssec-slave.sqlite3 &
 		echo 'waiting for zones to be loaded'
 		bindwait bind-slave

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`#################################`
`3`	`3`	`# add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record to positive wildcard response`
`4`	`4`	`#`
`5`		`-# add-superfluous-nsec3-for-old-bind=yes`
	`5`	`+# add-superfluous-nsec3-for-old-bind=no`
`6`	`6`
`7`	`7`	`#################################`
`8`	`8`	`# allow-axfr-ips Allow zonetransfers only to these subnets`