]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 329a332 3e836a8)
fix: usr: Fix several small DNSSEC timing issues
authorMatthijs Mekking <matthijs@isc.org>
Thu, 20 Mar 2025 10:13:22 +0000 (10:13 +0000)
committerMatthijs Mekking <matthijs@isc.org>
Thu, 20 Mar 2025 10:13:22 +0000 (10:13 +0000)
commitd2214cb704ca9fb80e3f136ca1fce03dd8ade7ce
treeeff687754891dfb18cb96d0edd05efcd19283058tree | snapshot
parent329a3327083f08769462111e7c7e612b866f0a4bcommit | diff
parent3e836a87e6ffd2afb7103c2a7f06f2ef5be748d1commit | diff
fix: usr: Fix several small DNSSEC timing issues

The following small issues related to `dnssec-policy` have been fixed:
- In some cases the key manager inside BIND 9 could run every hour, while it could have run less often.
- While `CDS` and `CDNSKEY` records will be removed correctly from the zone when the corresponding `DS` record needs to be updated, the expected timing metadata when this will happen was never set.
- There were a couple of cases where the safety intervals are added inappropriately, delaying key rollovers longer than necessary.
- If you have identical `keys` in your `dnssec-policy`, they may be retired inappropriately. Note that having keys with identical properties is discouraged in all cases.

Closes #5242

Merge branch '5242-several-keymgr-issues' into 'main'

See merge request isc-projects/bind9!10251
Mirror of https://gitlab.isc.org/isc-projects/bind9.git