From 5d1611afdc61ea8f19ceecc3e88cdb2296ec3914 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 27 Feb 2020 17:35:18 +1100 Subject: [PATCH] Call set_resigntime() in receive_secure_serial() With RRSIG records no longer being signed with the full sig-validity-interval we need to ensure the zone->resigntime as it may need to be set to a earlier time. --- lib/dns/zone.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 2009b9228b..baddd91a58 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15630,6 +15630,11 @@ nextevent: zone->sourceserialset = true; zone_needdump(zone, DNS_DUMP_DELAY); + /* + * Set resign time to make sure it is set to the earliest + * signature expiration. + */ + set_resigntime(zone); TIME_NOW(&timenow); zone_settimer(zone, &timenow); UNLOCK_ZONE(zone);