upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-08 21:52:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't resign raw version of the zone

Browse source 
Update the function 'set_resigntime()' so that raw versions of
inline-signing zones are not scheduled to be resigned.

Also update the check in the same function for zone is dynamic, there
exists a function 'dns_zone_isdynamic()' that does a similar thing
and is more complete.

Also in 'zone_postload()' check whether the zone is not the raw
version of an inline-signing zone, preventing calculating the next
resign time.
This commit is contained in:
Matthijs Mekking 2023-10-13 11:46:05 +02:00
parent c90b622648
commit 741ce2d07a
1 changed files with 3 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/dns/zone.c
View file

@ -3825,15 +3825,11 @@ set_resigntime(dns_zone_t *zone) {
INSIST(LOCKED_ZONE(zone));
/* We only re-sign zones that can be dynamically updated */
if (zone->update_disabled) {
if (!dns_zone_isdynamic(zone, false)) {
return;
}
if (!inline_secure(zone) &&
(zone->type != dns_zone_primary ||
(zone->ssutable == NULL &&
(zone->update_acl == NULL || dns_acl_isnone(zone->update_acl)))))
{
if (inline_raw(zone)) {
return;
}
@ -5174,7 +5170,7 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
is_dynamic = dns_zone_isdynamic(zone, false);
if (zone->type == dns_zone_primary && is_dynamic &&
dns_db_issecure(db))
dns_db_issecure(db) && !inline_raw(zone))
{
dns_name_t *name;
dns_fixedname_t fixed;