From 75f6c57d9544aa77a3b1a04587b4702c07343c90 Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Wed, 31 May 2000 22:01:39 +0000 Subject: [PATCH] When an rdataset is signed, its ttl is normalized based on the signature validity period. --- CHANGES | 3 +++ lib/dns/resolver.c | 13 +++++++++---- lib/dns/validator.c | 13 +++++++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 1293bc8056..1fedf977b2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ + 218. [func] When an rdataset is signed, its ttl is normalized + based on the signature validity period. + 217. [func] Also-notify and trusted-keys can now be used in a config file. diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index a15551aa46..bf2ecfafd5 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -2448,14 +2448,19 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) { } } + /* + * Normalize the rdataset and sigrdataset TTLs. + */ + if (sigrdataset != NULL) { + rdataset->ttl = ISC_MIN(rdataset->ttl, + sigrdataset->ttl); + sigrdataset->ttl = rdataset->ttl; + } + /* * Cache this rdataset/sigrdataset pair as * pending data. */ -#ifdef notyet - if (sigrdataset != NULL) - set_ttl(rdataset, sigrdataset); -#endif rdataset->trust = dns_trust_pending; if (sigrdataset != NULL) sigrdataset->trust = dns_trust_pending; diff --git a/lib/dns/validator.c b/lib/dns/validator.c index e9ad178a99..b7fea568d8 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -864,6 +864,19 @@ validate(dns_validator_t *val, isc_boolean_t resume) { if (result != ISC_R_SUCCESS) validator_log(val, ISC_LOG_DEBUG(3), "failed to verify rdataset"); + else { + isc_uint32_t ttl; + isc_stdtime_t now; + + isc_stdtime_get(&now); + ttl = ISC_MIN(event->rdataset->ttl, + val->siginfo->timeexpire - now); + if (val->keyset != NULL) + ttl = ISC_MIN(ttl, val->keyset->ttl); + event->rdataset->ttl = ttl; + event->sigrdataset->ttl = ttl; + } + if (val->keynode != NULL) dns_keytable_detachkeynode(val->keytable, &val->keynode);