1223365 – Remove usage of DLV from the default configuration

Bug 1223365 - Remove usage of DLV from the default configuration

Summary: Remove usage of DLV from the default configuration

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomáš Hozza
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	dlv-deprecation-fedora
TreeView+	depends on / blocked

Reported:	2015-05-20 12:10 UTC by Tomáš Hozza
Modified:	2016-01-06 14:12 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1223336
Environment:
Last Closed:	2015-05-22 17:13:39 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tomáš Hozza 2015-05-20 12:10:54 UTC

+++ This bug was initially created as a clone of Bug #1223336 +++

Description of problem:
As mentioned in Bug #1223325, ISC is planning to deprecate their DLV registry in the future. Currently, the default configuration shipped with BIND has DLV enabled.

The usage of DLV should be removed from the default configuration. 

Version-Release number of selected component (if applicable):
latest

How reproducible:
always

Steps to Reproduce:
1. inspect /etc/named.conf installed by bind package

Actual results:
There is "dnssec-lookaside auto;" line in the options section of the default configuration.

Expected results:
There is NO "dnssec-lookaside auto;" line in the options section of the default configuration.

Comment 1 Tomáš Hozza 2015-05-22 17:13:39 UTC

removed in bind-9.10.2-3.fc23

Comment 2 Robert Scheck 2015-12-26 23:38:21 UTC

Wouldn't it make sense to remove the 'bindkeys-file "/etc/named.iscdlv.key";'
line from the default configuration as well?

Comment 3 Tomáš Hozza 2016-01-04 12:37:25 UTC

(In reply to Robert Scheck from comment #2)
> Wouldn't it make sense to remove the 'bindkeys-file "/etc/named.iscdlv.key";'
> line from the default configuration as well?

Technically it could be removed. However it should not do any harm when left in the configuration. The file is named "named.iscdlv.key", however it contains also the root key. The file is from the BIND sources (just renamed from bind.keys) and if not found, then the keys compiled into the source are used.

I just left it there, because when it is not specified, BIND looks for the file /etc/bind.keys. So when someone wants to use the DLV, the compiled in keys would be used (which should not be a real problem).

I think I could comment it out with and provide short comment.

Comment 4 Robert Scheck 2016-01-04 18:50:07 UTC

(In reply to Tomas Hozza from comment #3)
> I think I could comment it out with and provide short comment.

That would be great. Btw, /etc/named.root.key contains the same key, so
there shouldn't be real need for /etc/named.iscdlv.key from my point of
view.

Comment 5 Tomáš Hozza 2016-01-05 09:58:27 UTC

(In reply to Robert Scheck from comment #4)
> (In reply to Tomas Hozza from comment #3)
> > I think I could comment it out with and provide short comment.
> 
> That would be great. Btw, /etc/named.root.key contains the same key, so
> there shouldn't be real need for /etc/named.iscdlv.key from my point of
> view.

I'm aware of that. Thank you.

Comment 6 Tomáš Hozza 2016-01-06 14:12:30 UTC

Commented out with short description:
http://pkgs.fedoraproject.org/cgit/rpms/bind.git/commit/?id=1a8262dde07fc595ad989bb63b23a59d4a353901

Note You need to log in before you can comment on or make changes to this bug.