From 10055d44e3083ab6fb66d26f5f0bfbb67125edb5 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Wed, 23 Jun 2021 11:20:43 +0200 Subject: [PATCH] Fix setnsec3param hang on shutdown When performing the 'setnsec3param' task, zones that are not loaded will have their task rescheduled. We should do this only if the zone load is still pending, this prevents zones that failed to load get stuck in a busy wait and causing a hang on shutdown. --- bin/tests/system/nsec3/ns3/named.conf.in | 8 ++++++++ bin/tests/system/nsec3/ns3/named2.conf.in | 2 +- bin/tests/system/nsec3/tests.sh | 11 ++++++++++- lib/dns/zone.c | 7 ++++++- 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/bin/tests/system/nsec3/ns3/named.conf.in b/bin/tests/system/nsec3/ns3/named.conf.in index 791881225b..2241bc87bf 100644 --- a/bin/tests/system/nsec3/ns3/named.conf.in +++ b/bin/tests/system/nsec3/ns3/named.conf.in @@ -111,3 +111,11 @@ zone "nsec3-to-nsec.kasp" { file "nsec3-to-nsec.kasp.db"; dnssec-policy "nsec3"; }; + +/* The zone fails to load, this should not prevent shutdown. */ +zone "nsec3-fails-to-load.kasp" { + type primary; + file "nsec3-fails-to-load.kasp.db"; + dnssec-policy "nsec3"; + allow-update { any; }; +}; diff --git a/bin/tests/system/nsec3/ns3/named2.conf.in b/bin/tests/system/nsec3/ns3/named2.conf.in index 5c1094e276..380e56654c 100644 --- a/bin/tests/system/nsec3/ns3/named2.conf.in +++ b/bin/tests/system/nsec3/ns3/named2.conf.in @@ -118,7 +118,7 @@ zone "nsec3-to-nsec.kasp" { dnssec-policy "nsec"; }; -/* Add a zone that fails to load, should not prevent shutdown. */ +/* The zone fails to load, but is fixed after a reload. */ zone "nsec3-fails-to-load.kasp" { type primary; file "nsec3-fails-to-load.kasp.db"; diff --git a/bin/tests/system/nsec3/tests.sh b/bin/tests/system/nsec3/tests.sh index 62c49e5904..ac3a3c13cd 100644 --- a/bin/tests/system/nsec3/tests.sh +++ b/bin/tests/system/nsec3/tests.sh @@ -218,7 +218,6 @@ echo_i "reconfig dnssec-policy to trigger nsec3 rollovers" copy_setports ns3/named2.conf.in ns3/named.conf rndc_reconfig ns3 10.53.0.3 - # Zone: nsec-to-nsec3.kasp. (reconfigured) set_zone_policy "nsec-to-nsec3.kasp" "nsec3" set_nsec3param "0" "5" "8" @@ -324,5 +323,15 @@ echo_i "check zone ${ZONE} after restart has salt ${SALT}" check_nsec3 dnssec_verify +# Zone: nsec3-fails-to-load.kasp. (should be fixed after reload) +cp ns3/template.db.in ns3/nsec3-fails-to-load.kasp.db +rndc_reload ns3 10.53.0.3 + +set_zone_policy "nsec3-fails-to-load.kasp" "nsec3" +set_nsec3param "0" "5" "8" +echo_i "check zone ${ZONE} after reload" +check_nsec3 +dnssec_verify + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 0755baf636..3d24967577 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -21228,6 +21228,7 @@ static void setnsec3param(isc_task_t *task, isc_event_t *event) { const char *me = "setnsec3param"; dns_zone_t *zone = event->ev_arg; + bool loadpending; INSIST(DNS_ZONE_VALID(zone)); @@ -21235,6 +21236,10 @@ setnsec3param(isc_task_t *task, isc_event_t *event) { ENTER; + LOCK_ZONE(zone); + loadpending = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING); + UNLOCK_ZONE(zone); + /* * If receive_secure_serial is still processing or we have a * queued event append rss_post queue. @@ -21252,7 +21257,7 @@ setnsec3param(isc_task_t *task, isc_event_t *event) { * be picked up later. This turns this function into a busy * wait, but it only happens at startup. */ - if (zone->db == NULL) { + if (zone->db == NULL && loadpending) { rescheduled = true; isc_task_send(task, &event); }