From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 11 Feb 2012 14:46:13 +0000 (+0000)
Subject: zoneconf.in: Auto-DNSsec support for dynamic zones.
X-Git-Url: https://git.distorted.org.uk/~mdw/zoneconf/commitdiff_plain/db6576c8f0bb4be3fc34aa0e83face92cfc62495

zoneconf.in: Auto-DNSsec support for dynamic zones.
---

diff --git a/zoneconf.in b/zoneconf.in
index f0dcdef..8197a4d 100755
--- a/zoneconf.in
+++ b/zoneconf.in
@@ -970,6 +970,7 @@ define-configuration-space policy ZONECFG {
 define-configuration-space dynamic ZONECFG {
   prefix "ddns-"
   define-simple key "ddns"
+  define-simple auto-dnssec off
   define-list types {A TXT PTR}
 
   define policy {body} {
@@ -1004,7 +1005,6 @@ define-configuration-space zone ZONECFG {
 	   "-o%z" \
 	   "-f%o" \
 	   "%f"]
-  define-simple auto-dnssec off
   define-list reload-command [list "$BINDPROGS/rndc" "reload" "%z" "IN" "%v"]
   define-list autosign-command [list "$BINDPROGS/rndc" "sign" "%z" "IN" "%v"]
   define-list checkzone-command \
@@ -1260,7 +1260,12 @@ proc write-zone-stanza {view chan config} {
       puts $chan "\ttype master;"
       puts $chan "\tfile \"$zone(server-file-name)\";"
       switch -exact -- $zone(type) {
-	dynamic { write-ddns-update-policy "\t" $chan $config }
+	dynamic {
+	  write-ddns-update-policy "\t" $chan $config
+	  if {![string equal $zone(ddns-auto-dnssec) off]} {
+	    puts $chan "\tauto-dnssec $zone(ddns-auto-dnssec);"
+	  }
+	}
       }
     }
     slave {
@@ -1269,9 +1274,6 @@ proc write-zone-stanza {view chan config} {
       foreach host $zone(masters) { lappend masters [host-addr $host] }
       puts $chan "\tmasters { [join $masters {; }]; };"
       puts $chan "\tfile \"$zone(file-name)\";"
-      if {![string equal $zone(auto-dnssec) off]} {
-	puts $chan "\tauto-dnssec $zone(auto-dnssec);"
-      }
       switch -exact -- $zone(type) {
 	dynamic { puts $chan "\tallow-update-forwarding { any; };" }
       }
@@ -1493,7 +1495,7 @@ defcmd sign {} {
 	  }
 	}
       } elseif {[string equal $zone(type) dynamic] &&
-		![string equal $zone(auto-dnssec) off]} {
+		![string equal $zone(ddns-auto-dnssec) off]} {
 	## Dynamic zone: get BIND to re-sign it.
 
 	if {![run "re-sign zone `$zone(name) in server view `$view'" \