Commit c0a9fb4a authored by Libor Peltan's avatar Libor Peltan

ksk-roolover-related-fixes

1) fixed comments
2) unreachable code in knotc
3) knotc --help zone-ksk-submitted
parent ff8a018a
......@@ -31,13 +31,26 @@
* proper DNSSEC chain.
*
* \param ctx zone signing context
* \param keys_changed output if KNOT_EOK: were any keys changed ? (if so, please re-sign)
* \param next_rollover output if KNOT_EOK: tmestamp when next rollover action takes place
* \param reschedule Out: timestamp of desired next invoke
*
* \return KNOT_E*
*/
int knot_dnssec_key_rollover(kdnssec_ctx_t *ctx, zone_sign_reschedule_t *reschedule);
/*!
* \brief Set the submitted KSK to active state and the active one to retired
*
* \param ctx zone signing context
*
* \return KNOT_E*
*/
int knot_dnssec_ksk_sbm_confirm(kdnssec_ctx_t *ctx);
/*!
* \brief Is there a key in sumbmission phase?
*
* \param ctx zone signing context
*
* \return False if there is no submitted key or if error; True otherwise
*/
bool zone_has_key_sbm(const kdnssec_ctx_t *ctx);
......@@ -306,11 +306,11 @@ static int remove_expired_rrsigs(const knot_rrset_t *covered,
/*!
* \brief Add missing RRSIGs into the changeset for adding.
*
* \param covered RR set with covered records.
* \param rrsigs RR set with RRSIGs.
* \param zone_keys Zone keys.
* \param policy DNSSEC policy.
* \param changeset Changeset to be updated.
* \param covered RR set with covered records.
* \param rrsigs RR set with RRSIGs.
* \param zone_keys Zone keys.
* \param dnssec_ctx DNSSEC signing context
* \param changeset Changeset to be updated.
*
* \return Error code, KNOT_EOK if successful.
*/
......@@ -703,9 +703,9 @@ static bool is_from_keyset(zone_keyset_t *keyset,
}
/*!
* \brief Check if DNSKEY/DS is present in the zone.
* \brief Check if DNSKEY/DS/CDNSKEY/CDS is present in the zone.
*
* \param dnskeys RR set in zone apex.
* \param records RR set in zone apex.
* \param key Key to be searched for.
* \param ttl Key TTL.
*
......@@ -782,7 +782,7 @@ static int rrset_add_zone_ds(knot_rrset_t *rrset,
* Extra DNSKEY is a key, which is not present in zone public key set.
*
* \param soa RR set with SOA (to get TTL value from).
* \param dnskeys RR set with DNSKEYs.
* \param records RR set with DNSKEYs/CDNSKEYs/CDSs.
* \param keyset Zone keys.
* \param changeset Changeset to be updated.
*
......@@ -857,6 +857,8 @@ static bool publish_cds(const zone_key_t *key)
*
* \param soa RR set with SOA (to get TTL value from).
* \param dnskeys RR set with DNSKEYs.
* \param cdnskeys RR set with CDNSKEYs.
* \param cdss RR set with CDSs.
* \param keyset Zone keys.
* \param changeset Changeset to be updated.
*
......
......@@ -825,8 +825,6 @@ static int set_node_items(cmd_args_t *args, knot_ctl_data_t *data, char *rdata,
switch (args->desc->cmd) {
case CTL_ZONE_READ:
case CTL_ZONE_GET: min_args = 1; max_args = 3; break;
case CTL_ZONE_STATUS: min_args = 1; max_args = 2; break;
case CTL_ZONE_KSK_SBM: min_args = 2; max_args = 2; break;
case CTL_ZONE_DIFF: min_args = 1; max_args = 1; break;
case CTL_ZONE_SET: min_args = 3; max_args = -1; break;
case CTL_ZONE_UNSET: min_args = 2; max_args = -1; break;
......@@ -1108,6 +1106,7 @@ static const cmd_help_t cmd_help_table[] = {
{ CMD_ZONE_RETRANSFER, "[<zone>...]", "Force slave zone retransfer (no serial check)." },
{ CMD_ZONE_FLUSH, "[<zone>...] [<filter>...]", "Flush zone journal into the zone file." },
{ CMD_ZONE_SIGN, "[<zone>...]", "Re-sign the automatically signed zone." },
{ CMD_ZONE_KSK_SBM, "<zone>", "When KSK submission, sonfirm parent's DS presence manualy." },
{ CMD_ZONE_FREEZE, "[<zone>...]", "Temporarily postpone automatic zone-changing events." },
{ CMD_ZONE_THAW, "[<zone>...]", "Dismiss zone freeze." },
{ "", "", "" },
......
#!/usr/bin/env python3
"""
Check if keytag conflict is correctly handled by Knot.
Basic check of automatic KSK rollover scenario.
"""
import collections
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment