1 From 06093a9a845bb597005d892d5d1bc7859933ada4 Mon Sep 17 00:00:00 2001
2 From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
3 Date: Mon, 11 Jul 2016 21:03:27 +0100
4 Subject: [PATCH] Fix problem with --dnssec-timestamp whereby receipt of
5 SIGHUP would erroneously engage timestamp checking.
9 src/dnsmasq.c | 7 ++++---
11 src/dnssec.c | 5 +++--
12 4 files changed, 12 insertions(+), 5 deletions(-)
14 diff --git a/CHANGELOG b/CHANGELOG
15 index 59c9c49..9f1e404 100644
18 @@ -17,6 +17,10 @@ version 2.77
19 Thanks to Ivan Kokshaysky for the diagnosis and
22 + Fix problem with --dnssec-timestamp whereby receipt
23 + of SIGHUP would erroneously engage timestamp checking.
24 + Thanks to Kevin Darbyshire-Bryant for this work.
28 Include 0.0.0.0/8 in DNS rebind checks. This range
29 diff --git a/src/dnsmasq.c b/src/dnsmasq.c
30 index 045ec53..a47273f 100644
33 @@ -750,7 +750,8 @@ int main (int argc, char **argv)
35 my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
37 - if (option_bool(OPT_DNSSEC_TIME))
38 + daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
39 + if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
40 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
43 @@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
47 - if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
48 + if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
50 my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
51 - reset_option_bool(OPT_DNSSEC_TIME);
52 + daemon->dnssec_no_time_check = 0;
56 diff --git a/src/dnsmasq.h b/src/dnsmasq.h
57 index 1896a64..be27ae0 100644
60 @@ -992,6 +992,7 @@ extern struct daemon {
64 + int dnssec_no_time_check;
65 int back_to_the_future;
68 diff --git a/src/dnssec.c b/src/dnssec.c
69 index 3c77c7d..64358fa 100644
72 @@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
73 if (utime(daemon->timestamp_file, NULL) != 0)
74 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
76 + my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
77 daemon->back_to_the_future = 1;
78 - set_option_bool(OPT_DNSSEC_TIME);
79 + daemon->dnssec_no_time_check = 0;
80 queue_event(EVENT_RELOAD); /* purge cache */
83 if (daemon->back_to_the_future == 0)
86 - else if (option_bool(OPT_DNSSEC_TIME))
87 + else if (daemon->dnssec_no_time_check)
90 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */