[master] "dnssec-signzone -N date"

3827.	[func]		"dnssec-signzone -N date" updates serial number
			to the current date in YYYYMMDDNN format.
			[RT #35800]

CHANGES

+3827.	[func]		"dnssec-signzone -N date" updates serial number
+			to the current date in YYYYMMDDNN format.
+			[RT #35800]
+
 3826.	[bug]		Corrected a use-after-free in isc_radix_remove().
 			(This function is not used in BIND, but could have
 			caused problems in programs linking to libisc.)

README

@@ -64,6 +64,7 @@ BIND 9.11.0
 	- "serial-update-format" can now be set to "date". On update,
 	  the serial number will be set to the current date in YYYYMMDDNN
 	  format.
+	- "dnssec-signzone -N date" sets the serial number to YYYYMMDDNN.
 
 BIND 9.10.0
 

bin/dnssec/dnssec-signzone.c

@@ -83,6 +83,7 @@
 #include <dns/result.h>
 #include <dns/soa.h>
 #include <dns/time.h>
+#include <dns/update.h>
 
 #include <dst/dst.h>
 
@@ -118,6 +119,7 @@ static int nsec_datatype = dns_rdatatype_nsec;
 #define SOA_SERIAL_KEEP		0
 #define SOA_SERIAL_INCREMENT	1
 #define SOA_SERIAL_UNIXTIME	2
+#define SOA_SERIAL_DATE		3
 
 typedef struct signer_event sevent_t;
 struct signer_event {
@@ -1249,7 +1251,7 @@ get_soa_ttls(void) {
  * Increment (or set if nonzero) the SOA serial
  */
 static isc_result_t
-setsoaserial(isc_uint32_t serial) {
+setsoaserial(isc_uint32_t serial, dns_updatemethod_t method) {
 	isc_result_t result;
 	dns_dbnode_t *node = NULL;
 	dns_rdataset_t rdataset;
@@ -1275,7 +1277,10 @@ setsoaserial(isc_uint32_t serial) {
 
 	old_serial = dns_soa_getserial(&rdata);
 
-	if (serial) {
+	if (method == dns_updatemethod_date ||
+	    method == dns_updatemethod_unixtime) {
+		new_serial = dns_update_soaserial(old_serial, method);
+	} else if (serial != 0 || method == dns_updatemethod_none) {
 		/* Set SOA serial to the value provided. */
 		new_serial = serial;
 	} else {
@@ -3524,6 +3529,8 @@ main(int argc, char *argv[]) {
 			serialformat = SOA_SERIAL_INCREMENT;
 		else if (strcasecmp(serialformatstr, "unixtime") == 0)
 			serialformat = SOA_SERIAL_UNIXTIME;
+		else if (strcasecmp(serialformatstr, "date") == 0)
+			serialformat = SOA_SERIAL_DATE;
 		else
 			fatal("unknown soa serial format: %s",
 			      serialformatstr);
@@ -3649,10 +3656,13 @@ main(int argc, char *argv[]) {
 
 	switch (serialformat) {
 		case SOA_SERIAL_INCREMENT:
-			setsoaserial(0);
+			setsoaserial(0, dns_updatemethod_increment);
 			break;
 		case SOA_SERIAL_UNIXTIME:
-			setsoaserial(now);
+			setsoaserial(now, dns_updatemethod_unixtime);
+			break;
+		case SOA_SERIAL_DATE:
+			setsoaserial(now, dns_updatemethod_date);
 			break;
 		case SOA_SERIAL_KEEP:
 		default:

bin/dnssec/dnssec-signzone.docbook

@@ -430,8 +430,8 @@
           <para>
             The SOA serial number format of the signed zone.
 	    Possible formats are <command>"keep"</command> (default),
-            <command>"increment"</command> and
-	    <command>"unixtime"</command>.
+            <command>"increment"</command>, <command>"unixtime"</command>,
+            and <command>"date"</command>.
           </para>
 
           <variablelist>
@@ -457,6 +457,14 @@
 	        since epoch.</para>
 	      </listitem>
             </varlistentry>
+
+	    <varlistentry>
+	      <term><command>"date"</command></term>
+              <listitem>
+                <para>Set the SOA serial number to today's date in
+                YYYYMMDDNN format.</para>
+	      </listitem>
+            </varlistentry>
 	 </variablelist>
 
         </listitem>

bin/tests/system/dnssec/tests.sh

@@ -1536,6 +1536,18 @@ awk '/^;/ { next; } $2 > 30 { exit 1; }' signer/signer.out.8 || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking dnssec-signzone -N date ($n)"
+ret=0
+(
+cd signer
+$SIGNER -O full -f signer.out.9 -S -N date -o example example2.db > /dev/null 2>&1
+) || ret=1
+now=`$PERL -e '@lt=localtime(); printf "%.4d%.2d%2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];'`
+serial=`awk '/^;/ { next; } $4 == "SOA" { print $7 }' signer/signer.out.9`
+[ "$now" -eq "$serial" ] || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:checking validated data are not cached longer than originalttl ($n)"
 ret=0
 $DIG $DIGOPTS +ttl +noauth a.ttlpatch.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1

lib/dns/include/dns/types.h

@@ -344,13 +344,16 @@ typedef enum {
 /*%
  * DNS Serial Number Update Method.
  *
+ * \li	_none:		Keep the current serial.
  * \li	_increment:	Add one to the current serial, skipping 0.
  * \li	_unixtime:	Set to the seconds since 00:00 Jan 1, 1970,
  *			if possible.
- * \li	_date:		Set to YYYYMMDDVV: Year, Month, Day, Version
+ * \li	_date:		Set to today's date in YYYYMMDDVV format:
+ *                      (Year, Month, Day, Version)
  */
 typedef enum {
-	dns_updatemethod_increment = 0,
+	dns_updatemethod_none = 0,
+	dns_updatemethod_increment,
 	dns_updatemethod_unixtime,
 	dns_updatemethod_date
 } dns_updatemethod_t;

lib/dns/update.c

@@ -1858,18 +1858,23 @@ epoch_to_yyyymmdd(time_t when) {
 isc_uint32_t
 dns_update_soaserial(isc_uint32_t serial, dns_updatemethod_t method) {
 	isc_stdtime_t now;
+	isc_uint32_t new_serial;
 
-	if (method == dns_updatemethod_unixtime) {
+	switch (method) {
+	case dns_updatemethod_none:
+		return (serial);
+	case dns_updatemethod_unixtime:
 		isc_stdtime_get(&now);
 		if (now != 0 && isc_serial_gt(now, serial))
 			return (now);
-	} else if (method == dns_updatemethod_date) {
-		isc_uint32_t new_serial;
-
+		break;
+	case dns_updatemethod_date:
 		isc_stdtime_get(&now);
 		new_serial = epoch_to_yyyymmdd((time_t) now) * 100;
 		if (new_serial != 0 && isc_serial_gt(new_serial, serial))
 			return (new_serial);
+	case dns_updatemethod_increment:
+		break;
 	}
 
 	/* RFC1982 */