trust anchors: increase hold-down time for Missing

diff --git a/daemon/lua/trust_anchors.lua.in b/daemon/lua/trust_anchors.lua.in
index 89a0e198d175671eda8129e1781b5fbb005fa46a..33ca8909b435bcb1445f0f783ec154335e0e6fb9 100644 (file)
--- a/daemon/lua/trust_anchors.lua.in
+++ b/daemon/lua/trust_anchors.lua.in
@@ -86,7 +86,7 @@ local function ta_find(keyset, rr)
        return nil
 end
 
--- Evaluate TA status of a RR according to RFC5011
+-- Evaluate TA status of a RR according to RFC5011.  The time is in seconds.
 local function ta_present(keyset, rr, hold_down_time, force)
        if rr.type == kres.type.DNSKEY and not C.kr_dnssec_key_ksk(rr.rdata) then
                return false -- Ignore
@@ -140,7 +140,7 @@ local function ta_present(keyset, rr, hold_down_time, force)
        return false
 end
 
--- TA is missing in the new key set
+-- TA is missing in the new key set.  The time is in seconds.
 local function ta_missing(ta, hold_down_time)
        -- Key is removed (KeyRem)
        local keep_ta = true
@@ -244,7 +244,9 @@ local trust_anchors = {
                for i, ta in ipairs(trust_anchors.keyset) do
                        local keep = true
                        if not ta_find(new_keys, ta) then
-                               keep = ta_missing(ta, hold_down)
+                               -- Ad-hoc: RFC 5011 doesn't mention removing a Missing key.
+                               -- Let's do it after a very long period has elapsed.
+                               keep = ta_missing(ta, hold_down * 4)
                        end
                        -- Purge removed keys
                        if ta.state == key_state.Removed then