mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.

Browse Source 
[RT #15465]
This commit is contained in:
Mark Andrews 2006-01-05 03:14:33 +00:00
parent a1bc941093
commit 6eb8591f00
2 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
[RT #15465]
1959. [func] Control the zeroing of the negative response TTL to 1959. [func] Control the zeroing of the negative response TTL to
a soa query. Defaults "zero-no-soa-ttl yes;" and a soa query. Defaults "zero-no-soa-ttl yes;" and
"zero-no-soa-ttl-cache no;". [RT #15460] "zero-no-soa-ttl-cache no;". [RT #15460]

31
bin/named/update.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: update.c,v 1.125 2005/10/07 04:03:24 marka Exp $ */ /* $Id: update.c,v 1.126 2006/01/05 03:14:33 marka Exp $ */
#include <config.h> #include <config.h>
@ -1519,7 +1519,8 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
*/ */
static isc_result_t static isc_result_t
add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff) dns_dbversion_t *ver, dns_name_t *name, dns_ttl_t nsecttl,
dns_diff_t *diff)
{ {
isc_result_t result; isc_result_t result;
dns_dbnode_t *node = NULL; dns_dbnode_t *node = NULL;
@ -1554,8 +1555,7 @@ add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
* Add the new NSEC and record the change. * Add the new NSEC and record the change.
*/ */
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name,
3600, /* XXXRTH */ nsecttl, &rdata, &tuple));
&rdata, &tuple));
CHECK(do_one_tuple(&tuple, db, ver, diff)); CHECK(do_one_tuple(&tuple, db, ver, diff));
INSIST(tuple == NULL); INSIST(tuple == NULL);
@ -1680,6 +1680,11 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
unsigned int nkeys = 0; unsigned int nkeys = 0;
unsigned int i; unsigned int i;
isc_stdtime_t now, inception, expire; isc_stdtime_t now, inception, expire;
dns_ttl_t nsecttl;
dns_rdata_soa_t soa;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_t rdataset;
dns_dbnode_t *node = NULL;
dns_diff_init(client->mctx, &diffnames); dns_diff_init(client->mctx, &diffnames);
dns_diff_init(client->mctx, &affected); dns_diff_init(client->mctx, &affected);
@ -1700,6 +1705,20 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
inception = now - 3600; /* Allow for some clock skew. */ inception = now - 3600; /* Allow for some clock skew. */
expire = now + sigvalidityinterval; expire = now + sigvalidityinterval;
/*
* Get the NSEC's TTL from the SOA MINIMUM field.
*/
CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
dns_rdataset_init(&rdataset);
CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0,
(isc_stdtime_t) 0, &rdataset, NULL));
CHECK(dns_rdataset_first(&rdataset));
dns_rdataset_current(&rdataset, &rdata);
CHECK(dns_rdata_tostruct(&rdata, &soa, NULL));
nsecttl = soa.minimum;
dns_rdataset_disassociate(&rdataset);
dns_db_detachnode(db, &node);
/* /*
* Find all RRsets directly affected by the update, and * Find all RRsets directly affected by the update, and
* update their RRSIGs. Also build a list of names affected * update their RRSIGs. Also build a list of names affected
@ -1903,8 +1922,8 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
* there is other data, and if there is other data, * there is other data, and if there is other data,
* there are other RRSIGs. * there are other RRSIGs.
*/ */
CHECK(add_nsec(client, zone, db, newver, CHECK(add_nsec(client, zone, db, newver, &t->name,
&t->name, &nsec_diff)); nsecttl, &nsec_diff));
} }
} }