2765. [bug] Skip masters for which the TSIG key cannot be found.

                        [RT #20595]

diff --git a/CHANGES b/CHANGES
index 82b5bec9705686c7d41a29f80491804cdcf61f71..7b4aa81e0a6d63bddc68b906c8563cfb7bb23201 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2765.  [bug]           Skip masters for which the TSIG key cannot be found.
+                       [RT #20595]
+
 2764.  [bug]           "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
 
 2763.  [bug]           "rndc sign" didn't create an NSEC chain. [RT #20591]

diff --git a/lib/dns/view.c b/lib/dns/view.c
index 2265a4934ae68df5de9e8d10b656e28dc5252d64..e9185cf8769a5b0fcf3e3a6f556c7f381c016cbb 100644 (file)
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: view.c,v 1.157 2009/10/27 22:46:13 each Exp $ */
+/* $Id: view.c,v 1.158 2009/11/12 23:30:36 marka Exp $ */
 
 /*! \file */
 
@@ -1300,7 +1300,8 @@ dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr,
        if (result != ISC_R_SUCCESS)
                return (result);
 
-       return (dns_view_gettsig(view, keyname, keyp));
+       result = dns_view_gettsig(view, keyname, keyp);
+       return ((result == ISC_R_NOTFOUND) ? ISC_R_FAILURE : result);
 }
 
 isc_result_t

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3bae041ed47584c87bb935648f30952d55c40c15..a84cc5e176e236b4456d5864ac0a204e2017da46 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.527 2009/11/12 03:03:36 each Exp $ */
+/* $Id: zone.c,v 1.528 2009/11/12 23:30:33 marka Exp $ */
 
 /*! \file */
 
@@ -8196,6 +8196,7 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
        isc_sockaddr_t any;
        isc_boolean_t isself;
        isc_netaddr_t dstaddr;
+       isc_result_t result;
 
        if (zone->view == NULL || zone->isself == NULL)
                return (ISC_FALSE);
@@ -8221,7 +8222,9 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
                src = *dst;
 
        isc_netaddr_fromsockaddr(&dstaddr, dst);
-       (void)dns_view_getpeertsig(zone->view, &dstaddr, &key);
+       result = dns_view_getpeertsig(zone->view, &dstaddr, &key);
+       if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
+               return (ISC_FALSE);
        isself = (zone->isself)(zone->view, key, &src, dst, zone->rdclass,
                                zone->isselfarg);
        if (key != NULL)
@@ -8423,9 +8426,14 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
                goto cleanup;
 
        isc_netaddr_fromsockaddr(&dstip, &notify->dst);
-       (void)dns_view_getpeertsig(notify->zone->view, &dstip, &key);
-
        isc_sockaddr_format(&notify->dst, addrbuf, sizeof(addrbuf));
+       result = dns_view_getpeertsig(notify->zone->view, &dstip, &key);
+       if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
+               notify_log(notify->zone, ISC_LOG_ERROR, "NOTIFY to %s not "
+                          "sent. Peer TSIG key lookup failure.", addrbuf);
+               goto cleanup_message;
+       }
+
        notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to %s",
                   addrbuf);
        if (notify->zone->view->peers != NULL) {
@@ -8472,6 +8480,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
  cleanup_key:
        if (key != NULL)
                dns_tsigkey_detach(&key);
+ cleanup_message:
        dns_message_destroy(&message);
  cleanup:
        UNLOCK_ZONE(notify->zone);
@@ -9668,10 +9677,19 @@ soa_query(isc_task_t *task, isc_event_t *event) {
                        dns_name_format(keyname, namebuf, sizeof(namebuf));
                        dns_zone_log(zone, ISC_LOG_ERROR,
                                     "unable to find key: %s", namebuf);
+                       goto skip_master;
+               }
+       }
+       if (key == NULL) {
+               result = dns_view_getpeertsig(zone->view, &masterip, &key);
+               if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
+                       char addrbuf[ISC_NETADDR_FORMATSIZE];
+                       isc_netaddr_format(&masterip, addrbuf, sizeof(addrbuf));
+                       dns_zone_log(zone, ISC_LOG_ERROR,
+                                    "unable to find TSIG key for %s", addrbuf);
+                       goto skip_master;
                }
        }
-       if (key == NULL)
-               (void)dns_view_getpeertsig(zone->view, &masterip, &key);
 
        have_xfrsource = ISC_FALSE;
        reqnsid = zone->view->requestnsid;