From 741bc11bdb4c09cc662d5ff7a8a8636e1d3e9a9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= Date: Tue, 21 Jan 2020 14:20:19 +0100 Subject: [PATCH] dnssec: use less-or-equal when looking at SyncPublish time If we created a key, mark its SyncPublish time as 'now' and started bind the key might not be published if the SyncPublish time is in the same second as the time the zone is loaded. This is mostly for dnssec system test, as this kind of scenario is very unlikely in a real world environment. --- lib/dns/dnssec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index f448113193..9d40ac6527 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -673,7 +673,7 @@ syncpublish(dst_key_t *key, isc_stdtime_t now) { /* If no kasp state, check timings. */ publish = false; result = dst_key_gettime(key, DST_TIME_SYNCPUBLISH, &when); - if (result == ISC_R_SUCCESS && when < now) { + if (result == ISC_R_SUCCESS && when <= now) { publish = true; } result = dst_key_gettime(key, DST_TIME_SYNCDELETE, &when);