Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
6eb8591f
Commit
6eb8591f
authored
Jan 05, 2006
by
Mark Andrews
Browse files
1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
[RT #15465]
parent
a1bc9410
Changes
2
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
6eb8591f
1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
[RT #15465]
1959. [func] Control the zeroing of the negative response TTL to
a soa query. Defaults "zero-no-soa-ttl yes;" and
"zero-no-soa-ttl-cache no;". [RT #15460]
...
...
bin/named/update.c
View file @
6eb8591f
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.12
5
200
5/10
/0
7
0
4:03:24
marka Exp $ */
/* $Id: update.c,v 1.12
6
200
6/01
/0
5
0
3:14:33
marka Exp $ */
#include
<config.h>
...
...
@@ -1519,7 +1519,8 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
*/
static
isc_result_t
add_nsec
(
ns_client_t
*
client
,
dns_zone_t
*
zone
,
dns_db_t
*
db
,
dns_dbversion_t
*
ver
,
dns_name_t
*
name
,
dns_diff_t
*
diff
)
dns_dbversion_t
*
ver
,
dns_name_t
*
name
,
dns_ttl_t
nsecttl
,
dns_diff_t
*
diff
)
{
isc_result_t
result
;
dns_dbnode_t
*
node
=
NULL
;
...
...
@@ -1554,8 +1555,7 @@ add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
* Add the new NSEC and record the change.
*/
CHECK
(
dns_difftuple_create
(
diff
->
mctx
,
DNS_DIFFOP_ADD
,
name
,
3600
,
/* XXXRTH */
&
rdata
,
&
tuple
));
nsecttl
,
&
rdata
,
&
tuple
));
CHECK
(
do_one_tuple
(
&
tuple
,
db
,
ver
,
diff
));
INSIST
(
tuple
==
NULL
);
...
...
@@ -1680,6 +1680,11 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
unsigned
int
nkeys
=
0
;
unsigned
int
i
;
isc_stdtime_t
now
,
inception
,
expire
;
dns_ttl_t
nsecttl
;
dns_rdata_soa_t
soa
;
dns_rdata_t
rdata
=
DNS_RDATA_INIT
;
dns_rdataset_t
rdataset
;
dns_dbnode_t
*
node
=
NULL
;
dns_diff_init
(
client
->
mctx
,
&
diffnames
);
dns_diff_init
(
client
->
mctx
,
&
affected
);
...
...
@@ -1700,6 +1705,20 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
inception
=
now
-
3600
;
/* Allow for some clock skew. */
expire
=
now
+
sigvalidityinterval
;
/*
* Get the NSEC's TTL from the SOA MINIMUM field.
*/
CHECK
(
dns_db_findnode
(
db
,
dns_db_origin
(
db
),
ISC_FALSE
,
&
node
));
dns_rdataset_init
(
&
rdataset
);
CHECK
(
dns_db_findrdataset
(
db
,
node
,
newver
,
dns_rdatatype_soa
,
0
,
(
isc_stdtime_t
)
0
,
&
rdataset
,
NULL
));
CHECK
(
dns_rdataset_first
(
&
rdataset
));
dns_rdataset_current
(
&
rdataset
,
&
rdata
);
CHECK
(
dns_rdata_tostruct
(
&
rdata
,
&
soa
,
NULL
));
nsecttl
=
soa
.
minimum
;
dns_rdataset_disassociate
(
&
rdataset
);
dns_db_detachnode
(
db
,
&
node
);
/*
* Find all RRsets directly affected by the update, and
* update their RRSIGs. Also build a list of names affected
...
...
@@ -1903,8 +1922,8 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
* there is other data, and if there is other data,
* there are other RRSIGs.
*/
CHECK
(
add_nsec
(
client
,
zone
,
db
,
newver
,
&
t
->
name
,
&
nsec_diff
));
CHECK
(
add_nsec
(
client
,
zone
,
db
,
newver
,
&
t
->
name
,
nsecttl
,
&
nsec_diff
));
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment