mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 18:19:42 +00:00
Code Issues Releases Wiki Activity

add 300 seconds of fudge

Browse Source
This commit is contained in:
Mark Andrews 2019-01-30 13:02:14 +11:00 committed by Evan Hunt
parent 36ea9b8181
commit acf0292da4
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/python/dnssec-keymgr.docbook
View File

@ -99,6 +99,12 @@
set by the <option>-K</option> option), and check the keys for set by the <option>-K</option> option), and check the keys for
all the zones represented in the directory. all the zones represented in the directory.
</para> </para>
<para>
Key times that are in the past will not be updated unless
the <option>-f</option> is used (see below). Key inactivation
and deletion times that are less than five minutes in the future
will be delayed by five minutes.
</para>
<para> <para>
It is expected that this tool will be run automatically and It is expected that this tool will be run automatically and
unattended (for example, by <command>cron</command>). unattended (for example, by <command>cron</command>).

21
bin/python/isc/keyseries.py.in
View File

@ -83,31 +83,36 @@ class keyseries:
a = now a = now
i = key.inactive() i = key.inactive()
fudge = 300
if not rp: if not rp:
key.setinactive(None, **kwargs) key.setinactive(None, **kwargs)
key.setdelete(None, **kwargs) key.setdelete(None, **kwargs)
elif not i or a + rp != i: elif not i or a + rp != i:
if not i and a + rp > now + prepub: if not i and a + rp > now + prepub + fudge:
key.setinactive(a + rp, **kwargs) key.setinactive(a + rp, **kwargs)
key.setdelete(a + rp + postpub, **kwargs) key.setdelete(a + rp + postpub, **kwargs)
elif not i: elif not i:
key.setinactive(now + prepub, **kwargs) key.setinactive(now + prepub + fudge, **kwargs)
key.setdelete(now + prepub + postpub, **kwargs) key.setdelete(now + prepub + postpub + fudge, **kwargs)
elif i < now:
pass
elif a + rp > i: elif a + rp > i:
key.setinactive(a + rp, **kwargs) key.setinactive(a + rp, **kwargs)
key.setdelete(a + rp + postpub, **kwargs) key.setdelete(a + rp + postpub, **kwargs)
elif a + rp > now + prepub: elif a + rp > now + prepub + fudge:
key.setinactive(a + rp, **kwargs) key.setinactive(a + rp, **kwargs)
key.setdelete(a + rp + postpub, **kwargs) key.setdelete(a + rp + postpub, **kwargs)
else: else:
key.setinactive(now + prepub, **kwargs) key.setinactive(now + prepub + fudge, **kwargs)
key.setdelete(now + prepub + postpub, **kwargs) key.setdelete(now + prepub + postpub + fudge, **kwargs)
else: else:
d = key.delete() d = key.delete()
if not d or i + postpub > now: if not d or i + postpub > now + fudge:
key.setdelete(i + postpub, **kwargs) key.setdelete(i + postpub, **kwargs)
elif not d: elif not d:
key.setdelete(now + postpub, **kwargs) key.setdelete(now + postpub + fudge, **kwargs)
elif d < now + fudge:
pass
elif d < i + postpub: elif d < i + postpub:
key.setdelete(i + postpub, **kwargs) key.setdelete(i + postpub, **kwargs)