2765. [bug] Skip masters for which the TSIG key cannot be found.

                        [RT #20595]

diff --git a/CHANGES b/CHANGES
index ec17dc978e8386d1aad0b8b7eff1b4ca8e073fb2..9f84bb8def6a3a3576454bae2624cc3945826ee9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2765.  [bug]           Skip masters for which the TSIG key cannot be found.
+                       [RT #20595]
+
 2760.  [cleanup]       Corrected named-compilezone usage summary. [RT #20533]
 
 2759.  [doc]           Add information about .jbk/.jnw files to 

diff --git a/lib/dns/view.c b/lib/dns/view.c
index 5f1447ae06ed33c5798b19989ea6c6d5768c80fa..961268e22c1cbf9eb91b429a0692f43ec22e5e51 100644 (file)
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: view.c,v 1.150.84.2 2009/01/29 23:47:44 tbox Exp $ */
+/* $Id: view.c,v 1.150.84.3 2009/11/12 23:39:23 marka Exp $ */
 
 /*! \file */
 
@@ -1250,7 +1250,8 @@ dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr,
        if (result != ISC_R_SUCCESS)
                return (result);
 
-       return (dns_view_gettsig(view, keyname, keyp));
+       result = dns_view_gettsig(view, keyname, keyp);
+       return ((result == ISC_R_NOTFOUND) ? ISC_R_FAILURE : result);
 }
 
 isc_result_t

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 43099696ec61f0200319e5515264af07b694a296..1fe1b2325344fa3c0f5fc8572f20068c18629047 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.483.36.15 2009/11/04 01:35:07 marka Exp $ */
+/* $Id: zone.c,v 1.483.36.16 2009/11/12 23:39:22 marka Exp $ */
 
 /*! \file */
 
@@ -6566,6 +6566,7 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
        isc_sockaddr_t any;
        isc_boolean_t isself;
        isc_netaddr_t dstaddr;
+       isc_result_t result;
 
        if (zone->view == NULL || zone->isself == NULL)
                return (ISC_FALSE);
@@ -6591,7 +6592,9 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
                src = *dst;
 
        isc_netaddr_fromsockaddr(&dstaddr, dst);
-       (void)dns_view_getpeertsig(zone->view, &dstaddr, &key);
+       result = dns_view_getpeertsig(zone->view, &dstaddr, &key);
+       if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
+               return (ISC_FALSE);
        isself = (zone->isself)(zone->view, key, &src, dst, zone->rdclass,
                                zone->isselfarg);
        if (key != NULL)
@@ -6793,9 +6796,14 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
                goto cleanup;
 
        isc_netaddr_fromsockaddr(&dstip, &notify->dst);
-       (void)dns_view_getpeertsig(notify->zone->view, &dstip, &key);
-
        isc_sockaddr_format(&notify->dst, addrbuf, sizeof(addrbuf));
+       result = dns_view_getpeertsig(notify->zone->view, &dstip, &key);
+       if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
+               notify_log(notify->zone, ISC_LOG_ERROR, "NOTIFY to %s not "
+                          "sent. Peer TSIG key lookup failure.", addrbuf);
+               goto cleanup_message;
+       }
+
        notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to %s",
                   addrbuf);
        if (notify->zone->view->peers != NULL) {
@@ -6842,6 +6850,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
  cleanup_key:
        if (key != NULL)
                dns_tsigkey_detach(&key);
+ cleanup_message:
        dns_message_destroy(&message);
  cleanup:
        UNLOCK_ZONE(notify->zone);
@@ -8038,10 +8047,19 @@ soa_query(isc_task_t *task, isc_event_t *event) {
                        dns_name_format(keyname, namebuf, sizeof(namebuf));
                        dns_zone_log(zone, ISC_LOG_ERROR,
                                     "unable to find key: %s", namebuf);
+                       goto skip_master;
+               }
+       }
+       if (key == NULL) {
+               result = dns_view_getpeertsig(zone->view, &masterip, &key);
+               if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
+                       char addrbuf[ISC_NETADDR_FORMATSIZE];
+                       isc_netaddr_format(&masterip, addrbuf, sizeof(addrbuf));
+                       dns_zone_log(zone, ISC_LOG_ERROR,
+                                    "unable to find TSIG key for %s", addrbuf);
+                       goto skip_master;
                }
        }
-       if (key == NULL)
-               (void)dns_view_getpeertsig(zone->view, &masterip, &key);
 
        have_xfrsource = ISC_FALSE;
        reqnsid = zone->view->requestnsid;