upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Be more precise with the stopping conditions in zone_resigninc

Browse source 
If there happens to be a RRSIG(SOA) that is not at the zone apex
for any reason it should not be considered as a stopping condition
for incremental zone signing.
This commit is contained in:
Mark Andrews 2021-04-08 10:49:28 +10:00 committed by Michał Kępień
parent a64dd511f4
commit b7cdc3583e
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/dns/zone.c
View file

@ -7089,8 +7089,10 @@ zone_resigninc(dns_zone_t *zone) {
* recent signature.
*/
/* XXXMPA increase number of RRsets signed pre call */
if (covers == dns_rdatatype_soa || i++ > zone->signatures ||
resign > stop) {
if ((covers == dns_rdatatype_soa &&
dns_name_equal(name, &zone->origin)) ||
i++ > zone->signatures || resign > stop)
{
break;
}