mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

Only log bumped signed serial after a successful secure zone update

Browse Source 
If a raw zone is modified, but the dns_update_signaturesinc() call in
receive_secure_serial() fails, the corresponding secure zone's database
will not be modified, even though by that time a message containing the
bumped signed serial will already have been logged.  This creates
confusion, because a different secure zone version will be served than
the one announced in the logs.  Move the relevant dns_zone_log() call so
that it is only performed if the secure zone's database is modified.
This commit is contained in:
Michał Kępień
2018-03-17 00:12:21 +01:00
committed by Evan Hunt
parent 498491555e
commit cfbc8e264d
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/dns/zone.c
View File

@@ -14085,6 +14085,7 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) {
dns_zone_t *zone; dns_zone_t *zone;
dns_difftuple_t *tuple = NULL, *soatuple = NULL; dns_difftuple_t *tuple = NULL, *soatuple = NULL;
dns_update_log_t log = { update_log_cb, NULL }; dns_update_log_t log = { update_log_cb, NULL };
isc_uint32_t newserial = 0, desired = 0;
isc_time_t timenow; isc_time_t timenow;
UNUSED(task); UNUSED(task);
@@ -14192,7 +14193,7 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) {
zone->rss_newver)); zone->rss_newver));
if (soatuple != NULL) { if (soatuple != NULL) {
isc_uint32_t oldserial, newserial, desired; isc_uint32_t oldserial;
CHECK(dns_db_createsoatuple(zone->rss_db, CHECK(dns_db_createsoatuple(zone->rss_db,
zone->rss_oldver, zone->rss_oldver,
@@ -14211,9 +14212,6 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) {
zone->rss_newver, &zone->rss_diff)); zone->rss_newver, &zone->rss_diff));
CHECK(do_one_tuple(&soatuple, zone->rss_db, CHECK(do_one_tuple(&soatuple, zone->rss_db,
zone->rss_newver, &zone->rss_diff)); zone->rss_newver, &zone->rss_diff));
dns_zone_log(zone, ISC_LOG_INFO,
"serial %u (unsigned %u)",
newserial, desired);
} else } else
CHECK(update_soa_serial(zone->rss_db, zone->rss_newver, CHECK(update_soa_serial(zone->rss_db, zone->rss_newver,
&zone->rss_diff, zone->mctx, &zone->rss_diff, zone->mctx,
@@ -14259,6 +14257,11 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) {
dns_db_closeversion(zone->rss_db, &zone->rss_oldver, ISC_FALSE); dns_db_closeversion(zone->rss_db, &zone->rss_oldver, ISC_FALSE);
dns_db_closeversion(zone->rss_db, &zone->rss_newver, ISC_TRUE); dns_db_closeversion(zone->rss_db, &zone->rss_newver, ISC_TRUE);
if (newserial != 0) {
dns_zone_log(zone, ISC_LOG_INFO, "serial %u (unsigned %u)",
newserial, desired);
}
failure: failure:
isc_event_free(&zone->rss_event); isc_event_free(&zone->rss_event);
event = ISC_LIST_HEAD(zone->rss_events); event = ISC_LIST_HEAD(zone->rss_events);