- Fix for IXFR fallback to reset counter when IXFR does not timeout.

git-svn-id: file:///svn/unbound/trunk@5066 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -9,6 +9,7 @@
 	- Fixes for patch (includes, declarations, warnings).  Free at end
 	  and keep config options in order read from file to keep the first
 	  one as the first one.
+	- Fix for IXFR fallback to reset counter when IXFR does not timeout.
 
 22 January 2018: Wouter
 	- Fix space calculation for tcp req buffer size.

doc/unbound.conf.5.in

@@ -513,6 +513,9 @@ Other keys use to decrypt only.  With this you can roll over to new keys,
 by generating a new first file and allowing decrypt of the old file by
 listing it after the first file for some time, after the wait clients are not
 using the old key any more and the old key can be removed.
+One way to create the file is dd if=/dev/random bs=1 count=80 of=ticket.dat
+The first 16 bytes should be different from the old one if you create a second key, that is the name used to identify the key.  Then there is 32 bytes random
+data for an AES key and then 32 bytes random data for the HMAC key.
 .TP
 .B tls\-ciphers: \fI<string with cipher list>
 Set the list of ciphers to allow when serving TLS.  Use "" for defaults,

services/authzone.c

@@ -5663,6 +5663,8 @@ auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err,
 		xfr_transfer_nexttarget_or_end(xfr, env);
 		return 0;
 	}
+	/* note that IXFR worked without timeout */
+	if(xfr->task_transfer->on_ixfr)
 		xfr->task_transfer->ixfr_possible_timeout_count = 0;
 
 	/* handle returned packet */