mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

3277. [bug] Make sure automatic key maintenance is started

Browse Source 
when "auto-dnssec maintain" is turned on during
			"rndc reconfig". [RT #26805]
This commit is contained in:
Evan Hunt
2012-02-06 21:33:50 +00:00
parent 22e7f42b56
commit 99f6179191
6 changed files with 50 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,3 +1,7 @@
3277. [bug] Make sure automatic key maintenance is started
when "auto-dnssec maintain" is turned on during
"rndc reconfig". [RT #26805]
3276. [bug] win32: isc_socket_dup is not implemented. [RT #27696] 3276. [bug] win32: isc_socket_dup is not implemented. [RT #27696]
3276. [bug] win32: ns_os_openfile failed to return NULL on 3276. [bug] win32: ns_os_openfile failed to return NULL on

8
bin/named/server.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: server.c,v 1.644 2012/02/03 22:27:16 each Exp $ */ /* $Id: server.c,v 1.645 2012/02/06 21:33:49 each Exp $ */
/*! \file */ /*! \file */
@@ -3488,6 +3488,12 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
*/ */
CHECK(dns_view_addzone(view, zone)); CHECK(dns_view_addzone(view, zone));
/*
* Ensure that zone keys are reloaded on reconfig
*/
if ((dns_zone_getkeyopts(zone) & DNS_ZONEKEY_MAINTAIN) != 0)
dns_zone_rekey(zone, ISC_FALSE);
cleanup: cleanup:
if (zone != NULL) if (zone != NULL)
dns_zone_detach(&zone); dns_zone_detach(&zone);

3
bin/tests/system/autosign/clean.sh
View File

@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.13 2011/10/30 23:05:13 each Exp $ # $Id: clean.sh,v 1.14 2012/02/06 21:33:50 each Exp $
rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
rm -f active.key inact.key del.key unpub.key standby.key rev.key rm -f active.key inact.key del.key unpub.key standby.key rev.key
@@ -51,3 +51,4 @@ rm -f ns3/secure-to-insecure2.example.db
rm -f ns3/nozsk.example.db ns3/inaczsk.example.db rm -f ns3/nozsk.example.db ns3/inaczsk.example.db
rm -f ns3/ttl*.db rm -f ns3/ttl*.db
rm -f signing.out.* rm -f signing.out.*
rm -f ns3/*.nzf

11
bin/tests/system/autosign/ns3/keygen.sh
View File

@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: keygen.sh,v 1.13 2011/07/08 01:43:26 each Exp $ # $Id: keygen.sh,v 1.14 2012/02/06 21:33:50 each Exp $
SYSTEMTESTTOP=../.. SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -285,3 +285,12 @@ zsk=`$KEYGEN -q -3 -r $RANDFILE $zone`
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > /dev/null 2>&1 $SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > /dev/null 2>&1
echo $zsk > ../inactivezsk.key echo $zsk > ../inactivezsk.key
$SETTIME -I now $zsk > /dev/null $SETTIME -I now $zsk > /dev/null
#
# A zone that is set to 'auto-dnssec maintain' during a recofnig
#
zone=reconf.example
zonefile="${zone}.db"
cp secure.example.db.in $zonefile
$KEYGEN -q -3 -r $RANDFILE -fk $zone > /dev/null
$KEYGEN -q -3 -r $RANDFILE $zone > /dev/null

4
bin/tests/system/autosign/ns3/named.conf
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: named.conf,v 1.13 2011/07/08 01:43:26 each Exp $ */ /* $Id: named.conf,v 1.14 2012/02/06 21:33:50 each Exp $ */
// NS3 // NS3
@@ -25,6 +25,7 @@ options {
notify-source 10.53.0.3; notify-source 10.53.0.3;
transfer-source 10.53.0.3; transfer-source 10.53.0.3;
port 5300; port 5300;
session-keyfile "session.key";
pid-file "named.pid"; pid-file "named.pid";
listen-on { 10.53.0.3; }; listen-on { 10.53.0.3; };
listen-on-v6 { none; }; listen-on-v6 { none; };
@@ -33,6 +34,7 @@ options {
dnssec-enable yes; dnssec-enable yes;
dnssec-validation yes; dnssec-validation yes;
dnssec-loadkeys-interval 10; dnssec-loadkeys-interval 10;
allow-new-zones yes;
}; };
key rndc_key { key rndc_key {

25
bin/tests/system/autosign/tests.sh
View File

@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.44 2012/02/02 23:47:33 tbox Exp $ # $Id: tests.sh,v 1.45 2012/02/06 21:33:50 each Exp $
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -1116,5 +1116,28 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
echo "I:test turning on auto-dnssec during reconfig ($n)"
ret=0
# first create a zone that doesn't have auto-dnssec
rm -f ns3/*.nzf
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone reconf.example '{ type master; file "reconf.example.db"; };' 2>&1 | sed 's/^/I:ns3 /'
rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l`
[ "$rekey_calls" = 0 ] || ret=1
# ...then we add auto-dnssec and reconfigure
nzf=`ls ns3/*.nzf`
echo 'zone reconf.example { type master; file "reconf.example.db"; allow-update { any; }; auto-dnssec maintain; };' > $nzf
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /'
for i in 0 1 2 3 4 5 6 7 8 9; do
lret=0
rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l`
[ "$rekey_calls" -gt 0 ] || lret=1
if [ "$lret" = 0 ]; then break; fi
sleep 1
done
n=`expr $n + 1`
if [ "$lret" != 0 ]; then ret=$lret; fi
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status" echo "I:exit status: $status"
exit $status exit $status