Re: dnssec-policy default - where/how to determine what all its settings are?

Petr Špaček Fri, 07 Jun 2024 01:08:56 -0700

Hello,

and thank you for reaching out. I agree this was poorly documented.

In recent versions you can use command `named -C` which prints outdefault configuration, including the default DNSSEC policy.


I'm going to update documentation to reflect that:
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs

Petr Špaček
Internet Systems Consortium

On 06. 06. 24 21:01, Michael Paoli via bind-users wrote:

Ah, thanks!

Yeah, that's what I was looking to find:
https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf
Alas, not in the ISC distribution tarballs,
and the documentation refers to
doc/misc/dnssec-policy.default.conf
without indicating where to find that.

On Thu, Jun 6, 2024 at 8:31 AM Andrew Latham <lath...@gmail.com> wrote:


I took a quick look

* 
https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf
* 
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf

On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users 
<bind-users@lists.isc.org> wrote:


dnssec-policy default - where/how to determine what all its settings are?
Documentation
doc/bind9-doc/arm/reference.html#dnssec-policy-default
https://bind9.readthedocs.io/en/v9.18.27/reference.html#dnssec-policy-default
says:
A verbose copy of this policy may be found in the source tree, in the
file doc/misc/dnssec-policy.default.conf
But I'm not finding that in source nor elsewhere.
There doesn't even seem to be an rndc command that can list
defined dnssec-policy sets that are in place, nor that
can list how they're configured.  This information should be much more
visible/findable, so ... where is it?  I'm sure it must be present
somewhere in the source, but haven't easily located it by searching.
Shouldn't be necessary to run debugging to track down where this is
and where in the source it comes from.  So ... where does one find it?

I've been looking at Debian BIND9 packages:
bind9          1:9.18.24-1
bind9-doc      1:9.18.24-1
and also ISC BIND 9.18.24 source and 9.18.27 source and documentation.


--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec-policy default - where/how to determine what all its settings are?

Reply via email to