bool do_digest = (digest_alg != ZONE_DIGEST_NONE && !dnssec); // in case of DNSSEC, digest is part of signing routine
if (do_digest && !(update->flags & UPDATE_FULL) && zone_update_to(update) == NULL) {
// cold start, decide if (digest & bump SOA) or NOOP
- if (zone_contents_digest_exists(update->new_cont, digest_alg)) { // yes, computing hash twice, but in rare situation: cold start & exists & invalid
+ // yes, computing hash twice, but in rare situation: cold start & exists & invalid
+ if (zone_contents_digest_exists(update->new_cont, digest_alg, false)) {
do_digest = false;
} else {
ret = zone_update_increment_soa(update, conf);
return ret;
}
-bool zone_contents_digest_exists(const zone_contents_t *contents, uint8_t alg)
+bool zone_contents_digest_exists(const zone_contents_t *contents, uint8_t alg, bool no_verify)
{
+ if (alg == 0) {
+ return true;
+ }
+
knot_rdataset_t *zonemd = node_rdataset(contents->apex, KNOT_RRTYPE_ZONEMD);
if (zonemd == NULL || zonemd->count != 1 || knot_zonemd_algorithm(zonemd->rdata) != alg) {
return false;
}
+ if (no_verify) {
+ return true;
+ }
+
return verify_zonemd(zonemd->rdata, contents) == KNOT_EOK;
}
*
* \param contents Zone contents to be verified.
* \param alg Required algorithm of the ZONEMD.
+ * \param no_verify Don't verify the validness of the digest in ZONEMD.
*/
-bool zone_contents_digest_exists(const zone_contents_t *contents, uint8_t alg);
+bool zone_contents_digest_exists(const zone_contents_t *contents, uint8_t alg, bool no_verify);
/*!
* \brief Verify zone dgest in ZONEMD record.
#include "knot/conf/module.h"
#include "knot/events/replan.h"
#include "knot/journal/journal_metadata.h"
+#include "knot/zone/digest.h"
#include "knot/zone/timers.h"
#include "knot/zone/zone-load.h"
#include "knot/zone/zone.h"
bool conf_updated = (old_zone->change_type & CONF_IO_TRELOAD);
+ conf_val_t digest = conf_zone_get(conf, C_ZONEMD_GENERATE, name);
+ if (zone->contents != NULL && !zone_contents_digest_exists(zone->contents, conf_opt(&digest), true)) {
+ conf_updated = true;
+ }
+
if ((zone_file_updated(conf, old_zone, name) || conf_updated) && !zone_expired(zone)) {
replan_load_updated(zone, old_zone);
} else {
t.start()
-master.zones_wait(zone)
+serial = master.zones_wait(zone)
t.sleep(4)
check_zonemd(master, zone, "1")
+master.zonemd_generate = "zonemd-sha512"
+master.gen_confile()
+master.reload()
+master.zones_wait(zone, serial)
+t.sleep(4)
+check_zonemd(master, zone, "2")
+
t.end()
projects / thirdparty / knot-dns.git / commitdiff
