Skip to content
  • Michał Kępień's avatar
    Fix reloading inline-signed zones · cf7557dc
    Michał Kępień authored
    While "rndc reload" causes dns_zone_asyncload() to be called for the
    signed version of an inline-signed zone, the subsequent zone_load() call
    causes the raw version to be reloaded from storage.  This means that
    DNS_ZONEFLG_LOADPENDING gets set for the signed version of the zone by
    dns_zone_asyncload() before the reload is attempted, but zone_postload()
    is only called for the raw version and thus DNS_ZONEFLG_LOADPENDING is
    cleared for the raw version, but not for the signed version.  This in
    turn prevents zone maintenance from happening for the signed version of
    the zone.
    
    Until commit 749b3cac, this problem
    remained dormant because DNS_ZONEFLG_LOADPENDING was previously
    immediately, unconditionally cleared after zone loading was started
    (whereas it should only be cleared when zone loading is finished or an
    error occurs).  This behavior caused other issues [1] and thus had to be
    changed.
    
    Fix reloading inline-signed zones by clearing DNS_ZONEFLG_LOADPENDING
    for the signed version of the zone once the raw version reload
    completes.  Take care not to clear it prematurely during initial zone
    load.  Also make sure that DNS_ZONEFLG_LOADPENDING gets cleared when
    zone_postload() encounters an error or returns early, to prevent other
    scenarios from resulting in the same problem.  Add comments aiming to
    help explain code flow.
    
    [1] see RT #47076
    
    (cherry picked from commit 54315839)
    cf7557dc