Commit 6eb8591f authored by Mark Andrews's avatar Mark Andrews
Browse files

1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.

                        [RT #15465]
parent a1bc9410
1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
[RT #15465]
1959. [func] Control the zeroing of the negative response TTL to
a soa query. Defaults "zero-no-soa-ttl yes;" and
"zero-no-soa-ttl-cache no;". [RT #15460]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.125 2005/10/07 04:03:24 marka Exp $ */
/* $Id: update.c,v 1.126 2006/01/05 03:14:33 marka Exp $ */
#include <config.h>
......@@ -1519,7 +1519,8 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
*/
static isc_result_t
add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff)
dns_dbversion_t *ver, dns_name_t *name, dns_ttl_t nsecttl,
dns_diff_t *diff)
{
isc_result_t result;
dns_dbnode_t *node = NULL;
......@@ -1554,8 +1555,7 @@ add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
* Add the new NSEC and record the change.
*/
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name,
3600, /* XXXRTH */
&rdata, &tuple));
nsecttl, &rdata, &tuple));
CHECK(do_one_tuple(&tuple, db, ver, diff));
INSIST(tuple == NULL);
......@@ -1680,6 +1680,11 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
unsigned int nkeys = 0;
unsigned int i;
isc_stdtime_t now, inception, expire;
dns_ttl_t nsecttl;
dns_rdata_soa_t soa;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_t rdataset;
dns_dbnode_t *node = NULL;
dns_diff_init(client->mctx, &diffnames);
dns_diff_init(client->mctx, &affected);
......@@ -1700,6 +1705,20 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
inception = now - 3600; /* Allow for some clock skew. */
expire = now + sigvalidityinterval;
/*
* Get the NSEC's TTL from the SOA MINIMUM field.
*/
CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
dns_rdataset_init(&rdataset);
CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0,
(isc_stdtime_t) 0, &rdataset, NULL));
CHECK(dns_rdataset_first(&rdataset));
dns_rdataset_current(&rdataset, &rdata);
CHECK(dns_rdata_tostruct(&rdata, &soa, NULL));
nsecttl = soa.minimum;
dns_rdataset_disassociate(&rdataset);
dns_db_detachnode(db, &node);
/*
* Find all RRsets directly affected by the update, and
* update their RRSIGs. Also build a list of names affected
......@@ -1903,8 +1922,8 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
* there is other data, and if there is other data,
* there are other RRSIGs.
*/
CHECK(add_nsec(client, zone, db, newver,
&t->name, &nsec_diff));
CHECK(add_nsec(client, zone, db, newver, &t->name,
nsecttl, &nsec_diff));
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment