AUTODNSSEC -> AUTODNSSEC_ON (#863)

* AUTODNSSEC -> AUTODNSSEC_ON
* Validate AutoDNSSEC values
* AUTODNSSEC now generates a warning and does nothing.

providers/axfrddns/axfrddnsProvider.go

@@ -279,10 +279,12 @@ func (c *AxfrDdns) GetDomainCorrections(dc *models.DomainConfig) ([]*models.Corr
 		}
 	}
 
-	if dc.AutoDNSSEC && !hasDnssecRecords {
-		fmt.Printf("Warning: AUTODNSSEC is set, but no DNSKEY or RRSIG record was found in the AXFR answer!\n")
-	} else if !dc.AutoDNSSEC && hasDnssecRecords {
-		fmt.Printf("Warning: AUTODNSSEC is not set, but DNSKEY or RRSIG records were found in the AXFR answer!\n")
+	// TODO(tlim): This check should be done on all providers. Move to the global validation code.
+	if dc.AutoDNSSEC == "on" && !hasDnssecRecords {
+		fmt.Printf("Warning: AUTODNSSEC is enabled, but no DNSKEY or RRSIG record was found in the AXFR answer!\n")
+	}
+	if dc.AutoDNSSEC == "off" && hasDnssecRecords {
+		fmt.Printf("Warning: AUTODNSSEC is disabled, but DNSKEY or RRSIG records were found in the AXFR answer!\n")
 	}
 
 	// Normalize

providers/bind/bindProvider.go

@@ -177,7 +177,11 @@ func (c *Bind) GetDomainCorrections(dc *models.DomainConfig) ([]*models.Correcti
 	comments = append(comments,
 		fmt.Sprintf("generated with dnscontrol %s", time.Now().Format(time.RFC3339)),
 	)
-	if dc.AutoDNSSEC {
+	if dc.AutoDNSSEC == "on" {
+		// This does nothing but reminds the user to add the correct
+		// auto-dnssecc zone statement to named.conf.
+		// While it is a no-op, it is useful for situations where a zone
+		// has multiple providers.
 		comments = append(comments, "Automatic DNSSEC signing requested")
 	}
 

providers/dnsimple/dnsimpleProvider.go

@@ -228,7 +228,7 @@ func (c *DnsimpleAPI) getDNSSECCorrections(dc *models.DomainConfig) ([]*models.C
 		return nil, err
 	}
 
-	if enabled && !dc.AutoDNSSEC {
+	if enabled && dc.AutoDNSSEC == "off" {
 		return []*models.Correction{
 			{
 				Msg: "Disable DNSSEC",
@@ -237,7 +237,7 @@ func (c *DnsimpleAPI) getDNSSECCorrections(dc *models.DomainConfig) ([]*models.C
 		}, nil
 	}
 
-	if !enabled && dc.AutoDNSSEC {
+	if !enabled && dc.AutoDNSSEC == "on" {
 		return []*models.Correction{
 			{
 				Msg: "Enable DNSSEC",

providers/powerdns/dnssec.go

@@ -2,6 +2,7 @@ package powerdns
 
 import (
 	"context"
+
 	"github.com/StackExchange/dnscontrol/v3/models"
 	"github.com/mittwald/go-powerdns/apis/cryptokeys"
 )
@@ -28,7 +29,7 @@ func (api *PowerDNS) getDNSSECCorrections(dc *models.DomainConfig) ([]*models.Co
 	}
 
 	// dnssec is enabled, we want it to be disabled
-	if hasEnabledKey && !dc.AutoDNSSEC {
+	if hasEnabledKey && dc.AutoDNSSEC == "off" {
 		return []*models.Correction{
 			{
 				Msg: "Disable DNSSEC",
@@ -38,7 +39,7 @@ func (api *PowerDNS) getDNSSECCorrections(dc *models.DomainConfig) ([]*models.Co
 	}
 
 	// dnssec is disabled, we want it to be enabled
-	if !hasEnabledKey && dc.AutoDNSSEC {
+	if !hasEnabledKey && dc.AutoDNSSEC == "on" {
 		return []*models.Correction{
 			{
 				Msg: "Enable DNSSEC",