From caeebbf4faf20162c2271ed3ff2eb6eb818e70a0 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Fri, 20 Nov 2009 12:06:00 +0000 Subject: [PATCH] review comments git-svn-id: file:///svn/unbound/trunk@1915 be551aaa-1e26-0410-a405-d3ace91eadb9 --- validator/autotrust.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/validator/autotrust.c b/validator/autotrust.c index 2d97b0bff..b81f048ee 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -1439,6 +1439,9 @@ do_newkey(struct module_env* env, struct autr_ta* anchor, int* c) static void do_addtime(struct module_env* env, struct autr_ta* anchor, int* c) { + /* This not according to RFC, this is 30 days, but the RFC demands + * MAX(30days, TTL expire time of first DNSKEY set with this key), + * The value may be too small if a very large TTL was used. */ int exceeded = check_holddown(env, anchor, env->cfg->add_holddown); if (exceeded && anchor->s == AUTR_STATE_ADDPEND) { verbose_key(anchor, VERB_ALGO, "add-holddown time exceeded "