Fix setnsec3param hang on shutdown

When performing the 'setnsec3param' task, zones that are not loaded will have their task rescheduled. We should do this only if the zone load is still pending, this prevents zones that failed to load get stuck in a busy wait and causing a hang on shutdown.
2025-08-30 05:57:52 +00:00 · 2021-06-23 11:20:43 +02:00 · 2021-06-23 11:20:43 +02:00 · 10055d44e3
commit 10055d44e3
parent 3631a23c7f
4 changed files with 25 additions and 3 deletions
--- a/bin/tests/system/nsec3/ns3/named.conf.in
+++ b/bin/tests/system/nsec3/ns3/named.conf.in
@ -111,3 +111,11 @@ zone "nsec3-to-nsec.kasp" {
 	file "nsec3-to-nsec.kasp.db";
 	dnssec-policy "nsec3";
 };
+
+/* The zone fails to load, this should not prevent shutdown. */
+zone "nsec3-fails-to-load.kasp" {
+	type primary;
+	file "nsec3-fails-to-load.kasp.db";
+	dnssec-policy "nsec3";
+	allow-update { any; };
+};
--- a/bin/tests/system/nsec3/ns3/named2.conf.in
+++ b/bin/tests/system/nsec3/ns3/named2.conf.in
@ -118,7 +118,7 @@ zone "nsec3-to-nsec.kasp" {
 	dnssec-policy "nsec";
 };

-/* Add a zone that fails to load, should not prevent shutdown. */
+/* The zone fails to load, but is fixed after a reload. */
 zone "nsec3-fails-to-load.kasp" {
 	type primary;
 	file "nsec3-fails-to-load.kasp.db";
--- a/bin/tests/system/nsec3/tests.sh
+++ b/bin/tests/system/nsec3/tests.sh
@ -218,7 +218,6 @@ echo_i "reconfig dnssec-policy to trigger nsec3 rollovers"
 copy_setports ns3/named2.conf.in ns3/named.conf
 rndc_reconfig ns3 10.53.0.3

-
 # Zone: nsec-to-nsec3.kasp. (reconfigured)
 set_zone_policy "nsec-to-nsec3.kasp" "nsec3"
 set_nsec3param "0" "5" "8"
@ -324,5 +323,15 @@ echo_i "check zone ${ZONE} after restart has salt ${SALT}"
 check_nsec3
 dnssec_verify

+# Zone: nsec3-fails-to-load.kasp. (should be fixed after reload)
+cp ns3/template.db.in ns3/nsec3-fails-to-load.kasp.db
+rndc_reload ns3 10.53.0.3
+
+set_zone_policy "nsec3-fails-to-load.kasp" "nsec3"
+set_nsec3param "0" "5" "8"
+echo_i "check zone ${ZONE} after reload"
+check_nsec3
+dnssec_verify
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@ -21228,6 +21228,7 @@ static void
 setnsec3param(isc_task_t *task, isc_event_t *event) {
 	const char *me = "setnsec3param";
 	dns_zone_t *zone = event->ev_arg;
+	bool loadpending;

 	INSIST(DNS_ZONE_VALID(zone));

@ -21235,6 +21236,10 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {

 	ENTER;

+	LOCK_ZONE(zone);
+	loadpending = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING);
+	UNLOCK_ZONE(zone);
+
 	/*
 	 * If receive_secure_serial is still processing or we have a
 	 * queued event append rss_post queue.
@ -21252,7 +21257,7 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {
 		 * be picked up later. This turns this function into a busy
 		 * wait, but it only happens at startup.
 		 */
-		if (zone->db == NULL) {
+		if (zone->db == NULL && loadpending) {
 			rescheduled = true;
 			isc_task_send(task, &event);
 		}