upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-16 23:52:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Read from kasp whether to publish CDNSKEY

Browse source 
Check the policy and feed 'dns_dnssec_syncupdate() the right value
to enable/disable CDSNKEY publication.
This commit is contained in:
Matthijs Mekking 2023-05-11 16:15:57 +02:00
parent af15e760d7
commit 2c7d93d431
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/dns/zone.c
View file

@ -21022,6 +21022,7 @@ zone_rekey(dns_zone_t *zone) {
dns_kasp_digestlist_t digests;
bool cdsdel = false;
bool cdnskeydel = false;
bool cdnskeypub = true;
bool sane_diff, sane_dnskey;
isc_stdtime_t when;
@ -21035,6 +21036,7 @@ zone_rekey(dns_zone_t *zone) {
cdnskeydel = true;
}
digests = dns_kasp_digests(kasp);
cdnskeypub = dns_kasp_cdnskey(kasp);
} else {
/* Check if there is a CDS DELETE record. */
if (dns_rdataset_isassociated(&cdsset)) {
@ -21114,8 +21116,8 @@ zone_rekey(dns_zone_t *zone) {
* Update CDS / CDNSKEY records.
*/
result = dns_dnssec_syncupdate(&dnskeys, &rmkeys, &cdsset,
&cdnskeyset, now, &digests, true,
ttl, &diff, mctx);
&cdnskeyset, now, &digests,
cdnskeypub, ttl, &diff, mctx);
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR,
"zone_rekey:couldn't update CDS/CDNSKEY: %s",