From 48b0f5ff87f0a5a138129bcd855fd72908491321 Mon Sep 17 00:00:00 2001
From: Andreas Gustafsson <source@isc.org>
Date: Tue, 22 Jan 2002 22:26:45 +0000
Subject: [PATCH] 1191.   [bug]           A dynamic update removing the last
 non-apex name in                         a secure zone would fail. [RT #2399]

---
 CHANGES            |  3 +++
 bin/named/update.c | 15 ++++++++-------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3af7a8c23d..5c5538586d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1191.	[bug]		A dynamic update removing the last non-apex name in
+			a secure zone would fail. [RT #2399]
+
 1190.	[func]		Add the "rndc freeze" and "rndc unfreeze" commands.
 			[RT #2394]
 
diff --git a/bin/named/update.c b/bin/named/update.c
index 2d1d0ffff4..d0faca8b63 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.96 2002/01/22 22:05:49 bwelling Exp $ */
+/* $Id: update.c,v 1.97 2002/01/22 22:26:45 gson Exp $ */
 
 #include <config.h>
 
@@ -1437,6 +1437,7 @@ next_active(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *oldname,
 
 /*
  * Add a NXT record for "name", recording the change in "diff".
+ * The existing NXT is removed.
  */
 static isc_result_t
 add_nxt(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff)
@@ -1452,7 +1453,6 @@ add_nxt(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff)
 	dns_fixedname_init(&fixedname);
 	target = dns_fixedname_name(&fixedname);
 
-
 	/*
 	 * Find the successor name, aka NXT target.
 	 */
@@ -1467,7 +1467,12 @@ add_nxt(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff)
 	dns_db_detachnode(db, &node);
 
 	/*
-	 * Create a diff tuple, update the database, and record the change.
+	 * Delete the old NXT and record the change.
+	 */
+	CHECK(delete_if(true_p, db, ver, name, dns_rdatatype_nxt, 0,
+			NULL, diff));
+	/*
+	 * Add the new NXT and record the change.
 	 */
 	CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name,
 				   3600,	/* XXXRTH */
@@ -1819,9 +1824,6 @@ update_signatures(isc_mem_t *mctx, dns_zone_t *zone, dns_db_t *db,
 			 * there is other data, and if there is other data,
 			 * there are other SIGs.
 			 */
-			CHECK(delete_if(true_p, db, newver, &t->name,
-					dns_rdatatype_nxt, 0,
-					NULL, &nxt_diff));
 			CHECK(add_nxt(db, newver, &t->name, &nxt_diff));
 		}
 	}
@@ -2497,7 +2499,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
 		}
 
 		if (dns_db_issecure(db)) {
-
 			result = update_signatures(mctx, zone, db, oldver, ver,
 			   &diff, dns_zone_getsigvalidityinterval(zone));
 			if (result != ISC_R_SUCCESS) {