From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 17 Dec 2013 09:19:55 +0000 (+0100)
Subject: remove experimental status from direct-dnskey
X-Git-Tag: auth-3.3.1^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e4b36a4f924b0db824dedd9839e6fb229e73dbfa;p=pdns

remove experimental status from direct-dnskey
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 32d766d23..dc1f5f3d7 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -138,7 +138,7 @@ void declareArguments()
   ::arg().set("lua-prequery-script", "Lua script with prequery handler")="";
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
-  ::arg().setSwitch("experimental-direct-dnskey","EXPERIMENTAL: fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
+  ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
   ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="yes";
   ::arg().set("default-ksk-algorithms","Default KSK algorithms")="rsasha256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 674ac53c1..9a9625b27 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -219,7 +219,7 @@ bool PacketHandler::addDNSKEY(DNSPacket *p, DNSPacket *r, const SOAData& sd)
     haveOne=true;
   }
 
-  if(::arg().mustDo("experimental-direct-dnskey")) {
+  if(::arg().mustDo("direct-dnskey")) {
     B.lookup(QType(QType::DNSKEY), p->qdomain, p, sd.domain_id);
     while(B.get(rr)) {
       rr.ttl=sd.default_ttl;
@@ -880,7 +880,7 @@ void PacketHandler::synthesiseRRSIGs(DNSPacket* p, DNSPacket* r)
     }
     
     // fix direct DNSKEY ttl
-    if(::arg().mustDo("experimental-direct-dnskey") && rr.qtype.getCode() == QType::DNSKEY) {
+    if(::arg().mustDo("direct-dnskey") && rr.qtype.getCode() == QType::DNSKEY) {
       rr.ttl = sd.default_ttl;
     }
 
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index e1b31ded9..97e6c82ed 100644
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -84,6 +84,11 @@
 #
 # default-zsk-size=0
 
+#################################
+# direct-dnskey	Fetch DNSKEY RRs from backend during DNSKEY synthesis
+#
+# direct-dnskey=no
+
 #################################
 # disable-axfr	Disable zonetransfers but do allow TCP queries
 #
@@ -119,11 +124,6 @@
 #
 # entropy-source=/dev/urandom
 
-#################################
-# experimental-direct-dnskey	EXPERIMENTAL: fetch DNSKEY RRs from backend during DNSKEY synthesis
-#
-# experimental-direct-dnskey=no
-
 #################################
 # experimental-json-interface	If the webserver should serve JSON data
 #
diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index c3c0e3bd2..6d059d83e 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -131,7 +131,7 @@ void loadMainConfig(const std::string& configdir)
   
   ::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a zone")="100000";
   ::arg().set("module-dir","Default directory for modules")=LIBDIR;
-  ::arg().setSwitch("experimental-direct-dnskey","EXPERIMENTAL: fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
+  ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
   ::arg().laxFile(configname.c_str());
 
   BackendMakers().launch(::arg()["launch"]); // vrooooom!
@@ -472,7 +472,7 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
 
     if(!presigned && rr.qtype.getCode() == QType::DNSKEY)
     {
-      if(::arg().mustDo("experimental-direct-dnskey"))
+      if(::arg().mustDo("direct-dnskey"))
       {
         if(rr.ttl != sd.default_ttl)
         {
@@ -769,7 +769,7 @@ bool showZone(DNSSECKeeper& dk, const std::string& zone)
       algorithm2name(value.first.d_algorithm, algname);
       cout<<"ID = "<<value.second.id<<" ("<<(value.second.keyOrZone ? "KSK" : "ZSK")<<"), tag = "<<value.first.getDNSKEY().getTag();
       cout<<", algo = "<<(int)value.first.d_algorithm<<", bits = "<<value.first.getKey()->getBits()<<"\tActive: "<<value.second.active<< " ( " + algname + " ) "<<endl;
-      if(value.second.keyOrZone || ::arg().mustDo("experimental-direct-dnskey"))
+      if(value.second.keyOrZone || ::arg().mustDo("direct-dnskey"))
         cout<<(value.second.keyOrZone ? "KSK" : "ZSK")<<" DNSKEY = "<<zone<<" IN DNSKEY "<< value.first.getDNSKEY().getZoneRepresentation() << " ; ( "  + algname + " )" << endl;
       if(value.second.keyOrZone) {
         cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 1).getZoneRepresentation() << " ; ( SHA1 digest )" << endl;
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index dc30d9d61..4fbd7a427 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -610,7 +610,7 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
     csp.submit(rr);
   }
   
-  if(::arg().mustDo("experimental-direct-dnskey")) {
+  if(::arg().mustDo("direct-dnskey")) {
     sd.db->lookup(QType(QType::DNSKEY), target, NULL, sd.domain_id);
     while(sd.db->get(rr)) {
       rr.ttl = sd.default_ttl;
@@ -658,7 +658,7 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
 
     // only skip the DNSKEY if direct-dnskey is enabled, to avoid changing behaviour
     // when it is not enabled.
-    if(::arg().mustDo("experimental-direct-dnskey") && rr.qtype.getCode() == QType::DNSKEY)
+    if(::arg().mustDo("direct-dnskey") && rr.qtype.getCode() == QType::DNSKEY)
       continue;
 
     records++;