mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 22:15:20 +00:00
[9.20] fix: usr: Fix zone deletion issue
A secondary zone could initiate a new zone transfer from the primary server after it had been already deleted from the secondary server, and before the internal garbage collection was activated to clean it up completely. This has been fixed. Closes #5291 Backport of MR !10449 Merge branch 'backport-5291-zone-delete-bug-9.20' into 'bind-9.20' See merge request isc-projects/bind9!10496
This commit is contained in:
@@ -1757,6 +1757,20 @@ dns_zone_findkeys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
|
||||
*\li Error
|
||||
*/
|
||||
|
||||
void
|
||||
dns_zone_prepare_shutdown(dns_zone_t *zone);
|
||||
/*%<
|
||||
* Prepare a zone for shutdown by setting the DNS_ZONEFLG_EXITING flag even
|
||||
* before the final reference is detached. Useful, because the zone object can
|
||||
* be kept around with a valid reference from the zonetable until qp garbage
|
||||
* collector runs, and we don't want, for example, zone maintenance to happen
|
||||
* while waiting for it. Note that the zone can not be used normally again after
|
||||
* this function is called.
|
||||
*
|
||||
* Requires:
|
||||
*\li 'zone' to be a valid initialised zone.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_zonemgr_create(isc_mem_t *mctx, isc_nm_t *netmgr, dns_zonemgr_t **zmgrp);
|
||||
/*%<
|
||||
|
@@ -785,6 +785,8 @@ dns_view_delzone(dns_view_t *view, dns_zone_t *zone) {
|
||||
|
||||
REQUIRE(DNS_VIEW_VALID(view));
|
||||
|
||||
dns_zone_prepare_shutdown(zone);
|
||||
|
||||
rcu_read_lock();
|
||||
zonetable = rcu_dereference(view->zonetable);
|
||||
if (zonetable != NULL) {
|
||||
|
@@ -6401,6 +6401,15 @@ failure:
|
||||
return result;
|
||||
}
|
||||
|
||||
void
|
||||
dns_zone_prepare_shutdown(dns_zone_t *zone) {
|
||||
REQUIRE(DNS_ZONE_VALID(zone));
|
||||
|
||||
LOCK_ZONE(zone);
|
||||
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_EXITING);
|
||||
UNLOCK_ZONE(zone);
|
||||
}
|
||||
|
||||
/*%
|
||||
* Find DNSSEC keys used for signing zone with dnssec-policy. Load these keys
|
||||
* into 'keys'. Requires KASP to be locked.
|
||||
|
Reference in New Issue
Block a user