mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 06:55:30 +00:00
Code Issues Releases Wiki Activity

Merge branch '3822-rndc-dnssec-checkds-force-ds-state' into 'main'

Browse Source 
Force set DS state after 'rndc dnssec -checkds'

Closes #3822

See merge request isc-projects/bind9!7423
This commit is contained in:
Matthijs Mekking
2023-01-27 15:07:33 +00:00
parent 837da85ef7 38ffe5acf3
commit b942fea872
3 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
6079. [bug] Force set the DS state after a 'rdnc dnssec -checkds'
command. [GL #3822]
6078. [func] Cleanup the memory statistic counters to a bare
minumum - InUse with Malloced as alias. [GL #3718]

16
bin/tests/system/kasp/tests.sh
View File

@@ -550,15 +550,23 @@ _wait_for_metadata() {
n=$((n+1))
echo_i "checkds publish correctly sets DSPublish for zone $ZONE ($n)"
rndc_checkds "$SERVER" "$DIR" "-" "20190102121314" "published" "$ZONE"
retry_quiet 3 _wait_for_metadata "DSPublish: 20190102121314" "${basefile}.state" || log_error "bad DSPublish in ${basefile}.state"
now=$(date +%Y%m%d%H%M%S)
rndc_checkds "$SERVER" "$DIR" "-" "$now" "published" "$ZONE"
retry_quiet 3 _wait_for_metadata "DSPublish: $now" "${basefile}.state" || log_error "bad DSPublish in ${basefile}.state"
# DS State should be forced into RUMOURED.
set_keystate "KEY1" "STATE_DS" "rumoured"
check_keys
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
n=$((n+1))
echo_i "checkds withdraw correctly sets DSRemoved for zone $ZONE ($n)"
rndc_checkds "$SERVER" "$DIR" "-" "20200102121314" "withdrawn" "$ZONE"
retry_quiet 3 _wait_for_metadata "DSRemoved: 20200102121314" "${basefile}.state" || log_error "bad DSRemoved in ${basefile}.state"
now=$(date +%Y%m%d%H%M%S)
rndc_checkds "$SERVER" "$DIR" "-" "$now" "withdrawn" "$ZONE"
retry_quiet 3 _wait_for_metadata "DSRemoved: $now" "${basefile}.state" || log_error "bad DSRemoved in ${basefile}.state"
# DS State should be forced into UNRETENTIVE.
set_keystate "KEY1" "STATE_DS" "unretentive"
check_keys
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))

10
lib/dns/keymgr.c
View File

@@ -2273,9 +2273,19 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
}
if (dspublish) {
dst_key_state_t s;
dst_key_settime(ksk_key->key, DST_TIME_DSPUBLISH, when);
result = dst_key_getstate(ksk_key->key, DST_KEY_DS, &s);
if (result != ISC_R_SUCCESS || s != RUMOURED) {
dst_key_setstate(ksk_key->key, DST_KEY_DS, RUMOURED);
}
} else {
dst_key_state_t s;
dst_key_settime(ksk_key->key, DST_TIME_DSDELETE, when);
result = dst_key_getstate(ksk_key->key, DST_KEY_DS, &s);
if (result != ISC_R_SUCCESS || s != UNRETENTIVE) {
dst_key_setstate(ksk_key->key, DST_KEY_DS, UNRETENTIVE);
}
}
if (isc_log_wouldlog(dns_lctx, ISC_LOG_NOTICE)) {