]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 563aff1)
use the full sig-validity-interval for RRSIG(SOA)
authorMark Andrews <marka@isc.org>
Tue, 25 Feb 2020 01:09:13 +0000 (12:09 +1100)
committerMark Andrews <marka@isc.org>
Thu, 27 Feb 2020 22:30:14 +0000 (22:30 +0000)
lib/dns/update.c patch | blob | blame | history

diff --git a/lib/dns/update.c b/lib/dns/update.c
index e3477acb1be0b3af51adcf7f3c15a39833f1bb2d..6ba2fbd53a4edca329daea6b528fbb765e18adac 100644 (file)
--- a/lib/dns/update.c
+++ b/lib/dns/update.c
@@ -1467,7 +1467,7 @@ struct dns_update_state {
        dns_diff_t work;
        dst_key_t *zone_keys[DNS_MAXZONEKEYS];
        unsigned int nkeys;
-       isc_stdtime_t inception, expire, keyexpire;
+       isc_stdtime_t inception, expire, soaexpire, keyexpire;
        dns_ttl_t nsecttl;
        bool check_ksk, keyset_kskonly, build_nsec3;
        enum { sign_updates,
@@ -1552,6 +1552,7 @@ dns_update_signaturesinc(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
                state->inception = now - 3600; /* Allow for some clock skew. */
                state->expire = now +
                                dns__jitter_expire(zone, sigvalidityinterval);
+               state->soaexpire = now + sigvalidityinterval;
                state->keyexpire = dns_zone_getkeyvalidityinterval(zone);
                if (state->keyexpire == 0) {
                        state->keyexpire = state->expire;
@@ -1661,6 +1662,8 @@ next_state:
                                            type == dns_rdatatype_cds)
                                        {
                                                exp = state->keyexpire;
+                                       } else if (type == dns_rdatatype_soa) {
+                                               exp = state->soaexpire;
                                        } else {
                                                exp = state->expire;
                                        }
Mirror of https://gitlab.isc.org/isc-projects/bind9.git