3286. [bug] Managed key maintenance timer could fail to start

after 'rndc reconfig'. [RT #26786]
2026-06-10 18:00:00 -04:00 · 2012-02-22 00:37:54 +00:00 · 2012-02-22 00:37:54 +00:00 · 89069e6b3a
commit 89069e6b3a
parent b27f44825c
7 changed files with 56 additions and 9 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+3286.	[bug]		Managed key maintenance timer could fail to start
+			after 'rndc reconfig'. [RT #26786]
+
 3285.	[bug]		val-frdataset was incorrectly disassociated in
 			proveunsecure after calling startfinddlvsep.
 			[RT #27928]
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: server.c,v 1.645 2012/02/06 21:33:49 each Exp $ */
+/* $Id: server.c,v 1.646 2012/02/22 00:37:53 each Exp $ */

 /*! \file */

@ -3536,6 +3536,7 @@ add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) {
 		dns_zone_attach(pview->managed_keys, &view->managed_keys);
 		dns_zone_setview(pview->managed_keys, view);
 		dns_view_detach(&pview);
+		dns_zone_synckeyzone(view->managed_keys);
 		return (ISC_R_SUCCESS);
 	}

--- a/bin/tests/system/dnssec/clean.sh
+++ b/bin/tests/system/dnssec/clean.sh
@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: clean.sh,v 1.46 2011/12/08 16:07:20 each Exp $
+# $Id: clean.sh,v 1.47 2012/02/22 00:37:54 each Exp $

 rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed
 rm -f */trusted.conf */managed.conf */tmp* */*.jnl */*.bk
@ -51,6 +51,7 @@ rm -f signer/signer.out.*
 rm -f ns2/algroll.db
 rm -f ns3/kskonly.example.db
 rm -f ns4/named.conf
+rm -f ns4/managed-keys.bind*
 rm -f ns3/auto-nsec.example.db ns3/auto-nsec3.example.db
 rm -f ns3/secure.below-cname.example.db
 rm -f signer/example.db.after signer/example.db.before
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: tests.sh,v 1.107 2011/12/22 12:01:43 marka Exp $
+# $Id: tests.sh,v 1.108 2012/02/22 00:37:54 each Exp $

 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@ -1255,6 +1255,13 @@ else
    echo "I:The DNSSEC update test requires the Net::DNS library." >&2
 fi

+echo "I:checking managed key maintenance has not started yet ($n)"
+ret=0
+[ -f "ns4/managed-keys.bind.jnl" ] && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 # Reconfigure caching server to use "dnssec-validation auto", and repeat
 # some of the DNSSEC validation tests to ensure that it works correctly.
 echo "I:switching to automatic root key configuration"
@ -1262,6 +1269,13 @@ cp ns4/named2.conf ns4/named.conf
 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /'
 sleep 5

+echo "I:checking managed key maintenance timer has now started ($n)"
+ret=0
+[ -f "ns4/managed-keys.bind.jnl" ] || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:checking positive validation NSEC ($n)"
 ret=0
 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
--- a/bin/tests/system/resolver/clean.sh
+++ b/bin/tests/system/resolver/clean.sh
@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: clean.sh,v 1.10 2012/02/09 23:47:17 tbox Exp $
+# $Id: clean.sh,v 1.11 2012/02/22 00:37:54 each Exp $

 #
 # Clean up after resolver tests.
@ -28,6 +28,6 @@ rm -f ns4/tld.db
 rm -f ns6/K*
 rm -f ns6/example.net.db.signed ns6/example.net.db
 rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl
-rm -r ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
+rm -f ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
 rm -f ns7/server.db ns7/server.db.jnl
 rm -f random.data
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: zone.h,v 1.203 2012/02/01 21:28:39 marka Exp $ */
+/* $Id: zone.h,v 1.204 2012/02/22 00:37:54 each Exp $ */

 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@ -2037,7 +2037,13 @@ dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header);
 * Set the data to be included in the header when the zone is dumped in
 * binary format.
 */
-ISC_LANG_ENDDECLS
+
+isc_result_t
+dns_zone_synckeyzone(dns_zone_t *zone);
+/*%
+ * Force the managed key zone to synchronize, and start the key
+ * maintenance timer.
+ */

 isc_result_t
 dns_zone_getloadtime(dns_zone_t *zone, isc_time_t *loadtime);
@ -2073,5 +2079,7 @@ dns_zone_getincludes(dns_zone_t *zone, char ***includesp);
 * The array and its contents need to be freed using isc_mem_free.
 */

+ISC_LANG_ENDDECLS
+

 #endif /* DNS_ZONE_H */
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: zone.c,v 1.672 2012/02/07 00:47:21 marka Exp $ */
+/* $Id: zone.c,v 1.673 2012/02/22 00:37:54 each Exp $ */

 /*! \file */

@ -3608,6 +3608,26 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) {
 	return (result);
 }

+isc_result_t
+dns_zone_synckeyzone(dns_zone_t *zone) {
+	isc_result_t result;
+	dns_db_t *db = NULL;
+
+	if (zone->type != dns_zone_key)
+		return (DNS_R_BADZONE);
+
+	CHECK(dns_zone_getdb(zone, &db));
+
+	LOCK_ZONE(zone);
+	result = sync_keyzone(zone, db);
+	UNLOCK_ZONE(zone);
+
+ failure:
+	if (db != NULL)
+		dns_db_detach(&db);
+	return (result);
+}
+
 static void
 maybe_send_secure(dns_zone_t *zone) {
 	isc_result_t result;
@ -8438,7 +8458,7 @@ zone_refreshkeys(dns_zone_t *zone) {
 	if (!ISC_LIST_EMPTY(diff.tuples)) {
 		CHECK(update_soa_serial(db, ver, &diff, zone->mctx,
 					zone->updatemethod));
-		CHECK(zone_journal(zone, &diff, NULL, "sync_keyzone"));
+		CHECK(zone_journal(zone, &diff, NULL, "zone_refreshkeys"));
 		commit = ISC_TRUE;
 		DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
 		zone_needdump(zone, 30);