upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 04:09:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Skip private records when syncing secure db

Browse source 
When synchronizing the secure database, we skip DNSSEC records that
BIND 9 maintains with inline-signing. We should also skip private
RDATA type records that are used to track the current state of a
zone-signing process.
This commit is contained in:
Matthijs Mekking 2025-11-07 15:56:54 +01:00
parent be3e4c83d0
commit 6dcb9ce77f
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/dns/zone.c
View file

@ -16312,6 +16312,17 @@ sync_secure_db(dns_zone_t *seczone, dns_zone_t *raw, dns_db_t *secdb,
ISC_LIST_FOREACH(diff->tuples, tuple, link) {
dns_difftuplelist_t *al = &add, *dl = &del;
/*
* Skip private records that BIND maintains with inline-signing.
*/
if (seczone->privatetype != 0 &&
tuple->rdata.type == seczone->privatetype)
{
ISC_LIST_UNLINK(diff->tuples, tuple, link);
dns_difftuple_free(&tuple);
continue;
}
/*
* Skip DNSSEC records that BIND maintains with inline-signing.
*/