Commit 2d9673eb authored by Daniel Salzman's avatar Daniel Salzman

dnssec: enable NSEC3 resalt event with Single-Type Signing Scheme

parent 9fc34850
......@@ -38,12 +38,6 @@ static int plan(dnssec_event_ctx_t *ctx, dnssec_event_t *event)
assert(ctx);
assert(event);
// Not supported with Single-Type signing.
if (ctx->policy->singe_type_signing) {
event->type = DNSSEC_EVENT_NONE;
return DNSSEC_EOK;
}
if (!ctx->policy->nsec3_enabled || ctx->policy->nsec3_salt_length == 0) {
return DNSSEC_EOK;
}
......
......@@ -31,8 +31,9 @@ for zone in zones[:-1]:
knot.dnssec(zone).enable = True
knot.dnssec(zone).manual = True
# enable automatic Single-Type signing scheme on the last zone
# enable automatic Single-Type signing scheme with NSEC3 on the last zone
knot.dnssec(zones[-1]).enable = True
knot.dnssec(zones[-1]).nsec3 = True
knot.dnssec(zones[-1]).single_type_signing = True
knot.gen_confile()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment