Remove dynamic update key management code

author Matthijs Mekking <matthijs@isc.org>

Mon, 7 Nov 2022 12:31:34 +0000 (13:31 +0100)

committer Matthijs Mekking <matthijs@isc.org>

Fri, 18 Nov 2022 10:04:17 +0000 (11:04 +0100)
author Matthijs Mekking <matthijs@isc.org>
Mon, 7 Nov 2022 12:31:34 +0000 (13:31 +0100)
committer Matthijs Mekking <matthijs@isc.org>
Fri, 18 Nov 2022 10:04:17 +0000 (11:04 +0100)
diff --git a/lib/ns/update.c b/lib/ns/update.c

index cf4a469e106dbb80285e8d9b8674eab97cb2072c..1d98ff379bbf81ba622a224dcfff4a65eed13882 100644 (file)
--- a/lib/ns/update.c
+++ b/lib/ns/update.c
@@ -2623,8 +2623,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
         dns_fixedname_t tmpnamefixed;
         dns_name_t *tmpname = NULL;
         dns_zoneopt_t options;
-       dns_difftuple_t *tuple;
-       dns_rdata_dnskey_t dnskey;
         bool had_dnskey;
         dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone);
         dns_ttl_t maxttl = 0;
@@ -3500,81 +3498,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
                  * Notify secondaries of the change we just made.
                  */
                 dns_zone_notify(zone);
-
-               /*
-                * Cause the zone to be signed with the key that we
-                * have just added or have the corresponding signatures
-                * deleted.
-                *
-                * Note: we are already committed to this course of action.
-                */
-               for (tuple = ISC_LIST_HEAD(diff.tuples); tuple != NULL;
-                    tuple = ISC_LIST_NEXT(tuple, link))
-               {
-                       isc_region_t r;
-                       dns_secalg_t algorithm;
-                       uint16_t keyid;
-
-                       if (tuple->rdata.type != dns_rdatatype_dnskey) {
-                               continue;
-                       }
-
-                       dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
-                       if ((dnskey.flags &
-                            (DNS_KEYFLAG_OWNERMASK | DNS_KEYTYPE_NOAUTH)) !=
-                           DNS_KEYOWNER_ZONE)
-                       {
-                               continue;
-                       }
-
-                       dns_rdata_toregion(&tuple->rdata, &r);
-                       algorithm = dnskey.algorithm;
-                       keyid = dst_region_computeid(&r);
-
-                       result = dns_zone_signwithkey(
-                               zone, algorithm, keyid,
-                               (tuple->op == DNS_DIFFOP_DEL));
-                       if (result != ISC_R_SUCCESS) {
-                               update_log(client, zone, ISC_LOG_ERROR,
-                                          "dns_zone_signwithkey failed: %s",
-                                          isc_result_totext(result));
-                       }
-               }
-
-               /*
-                * Cause the zone to add/delete NSEC3 chains for the
-                * deferred NSEC3PARAM changes.
-                *
-                * Note: we are already committed to this course of action.
-                */
-               for (tuple = ISC_LIST_HEAD(diff.tuples); tuple != NULL;
-                    tuple = ISC_LIST_NEXT(tuple, link))
-               {
-                       unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
-                       dns_rdata_t rdata = DNS_RDATA_INIT;
-                       dns_rdata_nsec3param_t nsec3param;
-
-                       if (tuple->rdata.type != privatetype ||
-                           tuple->op != DNS_DIFFOP_ADD) {
-                               continue;
-                       }
-
-                       if (!dns_nsec3param_fromprivate(&tuple->rdata, &rdata,
-                                                       buf, sizeof(buf))) {
-                               continue;
-                       }
-                       dns_rdata_tostruct(&rdata, &nsec3param, NULL);
-                       if (nsec3param.flags == 0) {
-                               continue;
-                       }
-
-                       result = dns_zone_addnsec3chain(zone, &nsec3param);
-                       if (result != ISC_R_SUCCESS) {
-                               update_log(client, zone, ISC_LOG_ERROR,
-                                          "dns_zone_addnsec3chain failed: %s",
-                                          isc_result_totext(result));
-                       }
-               }
         } else {
                 update_log(client, zone, LOGLEVEL_DEBUG, "redundant request");
                 dns_db_closeversion(db, &ver, true);
author	Matthijs Mekking <matthijs@isc.org>
	Mon, 7 Nov 2022 12:31:34 +0000 (13:31 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Fri, 18 Nov 2022 10:04:17 +0000 (11:04 +0100)