diff --git a/bin/named/server.c b/bin/named/server.c index b57976ff31..12d05faaac 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -9865,6 +9865,7 @@ view_loaded(void *arg) { if (isc_refcount_decrement(&zl->refs) == 1) { named_server_t *server = zl->server; bool reconfig = zl->reconfig; + dns_view_t *view = NULL; isc_refcount_destroy(&zl->refs); isc_mem_put(server->mctx, zl, sizeof(*zl)); @@ -9885,6 +9886,28 @@ view_loaded(void *arg) { "all zones loaded"); } + for (view = ISC_LIST_HEAD(server->viewlist); view != NULL; + view = ISC_LIST_NEXT(view, link)) + { + if (view->managed_keys != NULL) { + result = dns_zone_synckeyzone( + view->managed_keys); + if (result != ISC_R_SUCCESS) { + isc_log_write( + named_g_lctx, + DNS_LOGCATEGORY_DNSSEC, + DNS_LOGMODULE_DNSSEC, + ISC_LOG_ERROR, + "failed to initialize " + "managed-keys for view %s " + "(%s): DNSSEC validation is " + "at risk", + view->name, + isc_result_totext(result)); + } + } + } + CHECKFATAL(dns_zonemgr_forcemaint(server->zonemgr), "forcing zone maintenance"); diff --git a/lib/dns/zone.c b/lib/dns/zone.c index a7a04fab57..76f6dc4bc3 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -4607,8 +4607,7 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { } failure: - if (result != ISC_R_SUCCESS && !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) - { + if (result != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "unable to synchronize managed keys: %s", isc_result_totext(result)); @@ -5075,10 +5074,7 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, break; case dns_zone_key: - result = sync_keyzone(zone, db); - if (result != ISC_R_SUCCESS) { - goto cleanup; - } + /* Nothing needs to be done now */ break; default: @@ -5235,13 +5231,6 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, goto done; cleanup: - if (zone->type == dns_zone_key && result != ISC_R_SUCCESS) { - dnssec_log(zone, ISC_LOG_ERROR, - "failed to initialize managed-keys (%s): " - "DNSSEC validation is at risk", - isc_result_totext(result)); - } - if (result != ISC_R_SUCCESS) { dns_zone_rpz_disable_db(zone, db); dns_zone_catz_disable_db(zone, db);