mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 06:25:31 +00:00
Rekey immediately after rndc checkds/rollover
Call 'dns_zone_rekey' after a 'rndc dnssec -checkds' or 'rndc dnssec -rollover' command is received, because such a command may influence the next key event. Updating the keys immediately avoids unnecessary rollover delays. The kasp system test no longer needs to call 'rndc loadkeys' after a 'rndc dnssec -checkds' or 'rndc dnssec -rollover' command.
This commit is contained in:
Matthijs Mekking
@@ -15122,6 +15122,12 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
|
||||
|
||||
switch (result) {
|
||||
case ISC_R_SUCCESS:
|
||||
/*
|
||||
* Rekey after checkds command because the next key
|
||||
* event may have changed.
|
||||
*/
|
||||
dns_zone_rekey(zone, false);
|
||||
|
||||
if (use_keyid) {
|
||||
char tagbuf[6];
|
||||
snprintf(tagbuf, sizeof(tagbuf), "%u", keyid);
|
||||
@@ -15166,6 +15172,12 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
|
||||
|
||||
switch (result) {
|
||||
case ISC_R_SUCCESS:
|
||||
/*
|
||||
* Rekey after rollover command because the next key
|
||||
* event may have changed.
|
||||
*/
|
||||
dns_zone_rekey(zone, false);
|
||||
|
||||
if (use_keyid) {
|
||||
char tagbuf[6];
|
||||
snprintf(tagbuf, sizeof(tagbuf), "%u", keyid);
|
||||
|
||||
Reference in New Issue
Block a user