From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Fri, 17 Jan 2025 10:31:35 +0000 (+0100)
Subject: only look up direct-dnskey-signature in the config once
X-Git-Tag: dnsdist-2.0.0-alpha1~154^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F14581%2Fhead;p=thirdparty%2Fpdns.git

only look up direct-dnskey-signature in the config once
---

diff --git a/pdns/dnssecsigner.cc b/pdns/dnssecsigner.cc
index 041a642a50..4a9ab1e7da 100644
--- a/pdns/dnssecsigner.cc
+++ b/pdns/dnssecsigner.cc
@@ -147,11 +147,13 @@ static void addSignature(DNSSECKeeper& dk, UeberBackend& db, const DNSName& sign
                          uint32_t signTTL, DNSResourceRecord::Place signPlace,
                          sortedRecords_t& toSign, vector<DNSZoneRecord>& outsigned, uint32_t origTTL, DNSPacket* packet)
 {
+  static bool directDNSKEYSignature = ::arg().mustDo("direct-dnskey-signature");
+
   //cerr<<"Asked to sign '"<<signQName<<"'|"<<DNSRecordContent::NumberToType(signQType)<<", "<<toSign.size()<<" records\n";
   if(toSign.empty())
     return;
   vector<RRSIGRecordContent> rrcs;
-  if(dk.isPresigned(signer) || (::arg().mustDo("direct-dnskey-signature") && signQType == QType::DNSKEY)) {
+  if(dk.isPresigned(signer) || (directDNSKEYSignature && signQType == QType::DNSKEY)) {
     //cerr<<"Doing presignatures"<<endl;
     dk.getPreRRSIGs(db, outsigned, origTTL, packet); // does it all
   }