dnssec: use less-or-equal when looking at SyncPublish time

If we created a key, mark its SyncPublish time as 'now' and started
bind the key might not be published if the SyncPublish time is in
the same second as the time the zone is loaded. This is mostly
for dnssec system test, as this kind of scenario is very unlikely
in a real world environment.

diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index f448113193a765714fe48b15336979708f4f6bbe..9d40ac65277dddda5f982838b5461fe48f925d4a 100644 (file)
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -673,7 +673,7 @@ syncpublish(dst_key_t *key, isc_stdtime_t now) {
        /* If no kasp state, check timings. */
        publish = false;
        result = dst_key_gettime(key, DST_TIME_SYNCPUBLISH, &when);
-       if (result == ISC_R_SUCCESS && when < now) {
+       if (result == ISC_R_SUCCESS && when <= now) {
                publish = true;
        }
        result = dst_key_gettime(key, DST_TIME_SYNCDELETE, &when);