From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 20 Nov 2009 12:06:00 +0000 (+0000)
Subject: review comments
X-Git-Tag: release-1.4.0~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=caeebbf4faf20162c2271ed3ff2eb6eb818e70a0;p=thirdparty%2Funbound.git

review comments

git-svn-id: file:///svn/unbound/trunk@1915 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/validator/autotrust.c b/validator/autotrust.c
index 2d97b0bff..b81f048ee 100644
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -1439,6 +1439,9 @@ do_newkey(struct module_env* env, struct autr_ta* anchor, int* c)
 static void
 do_addtime(struct module_env* env, struct autr_ta* anchor, int* c)
 {
+	/* This not according to RFC, this is 30 days, but the RFC demands 
+	 * MAX(30days, TTL expire time of first DNSKEY set with this key),
+	 * The value may be too small if a very large TTL was used. */
 	int exceeded = check_holddown(env, anchor, env->cfg->add_holddown);
 	if (exceeded && anchor->s == AUTR_STATE_ADDPEND) {
 		verbose_key(anchor, VERB_ALGO, "add-holddown time exceeded "