"CDS (%s) for key %s is now published", algbuf,
keystr);
addrdata(&cdsrdata, diff, origin, ttl, mctx);
+ return ISC_R_SUCCESS;
}
- return ISC_R_SUCCESS;
+ return DNS_R_UNCHANGED;
}
static isc_result_t
"CDS (%s) for key %s is now deleted", algbuf,
keystr);
delrdata(&cdsrdata, diff, origin, cds->ttl, mctx);
+ return ISC_R_SUCCESS;
}
- return ISC_R_SUCCESS;
+ return DNS_R_UNCHANGED;
}
isc_result_t
bool gencdnskey, dns_ttl_t ttl, dns_diff_t *diff,
isc_mem_t *mctx) {
unsigned char keybuf[DST_KEY_MAXSIZE];
- isc_result_t result;
+ isc_result_t result = DNS_R_UNCHANGED;
dns_ttl_t cdsttl = ttl;
dns_ttl_t cdnskeyttl = ttl;
+ bool changed = false;
REQUIRE(digests != NULL);
REQUIRE(keys != NULL);
dst_key_format(key->key, keystr, sizeof(keystr));
ISC_LIST_FOREACH(*digests, alg, link) {
- CHECK(add_cds(key, &cdnskeyrdata,
- (const char *)keystr, cds,
- alg->digest, cdsttl, diff, mctx));
+ result = add_cds(key, &cdnskeyrdata,
+ (const char *)keystr, cds,
+ alg->digest, cdsttl, diff,
+ mctx);
+ if (result == ISC_R_SUCCESS) {
+ changed = true;
+ } else if (result != DNS_R_UNCHANGED) {
+ goto cleanup;
+ }
}
if (gencdnskey &&
keystr);
addrdata(&cdnskeyrdata, diff, origin,
cdnskeyttl, mctx);
+ changed = true;
}
}
if (dns_rdataset_isassociated(cds)) {
/* Delete all possible CDS records */
- delete_cds(key, &cdnskeyrdata,
- (const char *)keystr, cds,
- DNS_DSDIGEST_SHA1, diff, mctx);
- delete_cds(key, &cdnskeyrdata,
- (const char *)keystr, cds,
- DNS_DSDIGEST_SHA256, diff, mctx);
- delete_cds(key, &cdnskeyrdata,
- (const char *)keystr, cds,
- DNS_DSDIGEST_SHA384, diff, mctx);
+ for (dns_dsdigest_t digest = DNS_DSDIGEST_SHA1;
+ digest < DNS_DSDIGEST_TOTAL; digest++)
+ {
+ result = delete_cds(
+ key, &cdnskeyrdata,
+ (const char *)keystr, cds,
+ digest, diff, mctx);
+
+ switch (result) {
+ case ISC_R_SUCCESS:
+ changed = true;
+ break;
+ case DNS_R_UNCHANGED:
+ case ISC_R_NOTIMPLEMENTED:
+ /*
+ * Either the digest is not
+ * supported and we cannot
+ * construct the CDS for it, or
+ * the CDS with this digest is
+ * not present in the CDS RRset.
+ */
+ break;
+ default:
+ goto cleanup;
+ }
+ }
}
if (dns_rdataset_isassociated(cdnskey)) {
keystr);
delrdata(&cdnskeyrdata, diff, origin,
cdnskey->ttl, mctx);
+ changed = true;
}
}
}
if (!dns_rdataset_isassociated(cds) &&
!dns_rdataset_isassociated(cdnskey))
{
- return ISC_R_SUCCESS;
+ if (changed) {
+ return ISC_R_SUCCESS;
+ }
+ return DNS_R_UNCHANGED;
}
/*
&cdnskeyrdata));
if (dns_rdataset_isassociated(cds)) {
- delete_cds(key, &cdnskeyrdata, (const char *)keystr,
- cds, DNS_DSDIGEST_SHA1, diff, mctx);
- delete_cds(key, &cdnskeyrdata, (const char *)keystr,
- cds, DNS_DSDIGEST_SHA256, diff, mctx);
- delete_cds(key, &cdnskeyrdata, (const char *)keystr,
- cds, DNS_DSDIGEST_SHA384, diff, mctx);
+ for (dns_dsdigest_t digest = DNS_DSDIGEST_SHA1;
+ digest < DNS_DSDIGEST_TOTAL; digest++)
+ {
+ result = delete_cds(key, &cdnskeyrdata,
+ (const char *)keystr, cds,
+ digest, diff, mctx);
+ switch (result) {
+ case ISC_R_SUCCESS:
+ changed = true;
+ break;
+ case DNS_R_UNCHANGED:
+ case ISC_R_NOTIMPLEMENTED:
+ /*
+ * Either the digest is not
+ * supported and we cannot
+ * construct the CDS for it, or
+ * the CDS with this digest is
+ * not present in the CDS RRset.
+ */
+ break;
+ default:
+ goto cleanup;
+ }
+ }
}
if (dns_rdataset_isassociated(cdnskey)) {
keystr);
delrdata(&cdnskeyrdata, diff, origin,
cdnskey->ttl, mctx);
+ changed = true;
}
}
}
- result = ISC_R_SUCCESS;
+ if (changed) {
+ return ISC_R_SUCCESS;
+ }
+ return DNS_R_UNCHANGED;
cleanup:
return result;
dns_rdata_t cds_delete = DNS_RDATA_INIT;
dns_rdata_t cdnskey_delete = DNS_RDATA_INIT;
isc_region_t r;
+ bool changed = false;
r.base = keybuf;
r.length = sizeof(keybuf);
"published",
namebuf);
addrdata(&cds_delete, diff, origin, ttl, mctx);
+ changed = true;
}
} else {
if (dns_rdataset_isassociated(cds) && exists(cds, &cds_delete))
"deleted",
namebuf);
delrdata(&cds_delete, diff, origin, cds->ttl, mctx);
+ changed = true;
}
}
"published",
namebuf);
addrdata(&cdnskey_delete, diff, origin, ttl, mctx);
+ changed = true;
}
} else {
if (dns_rdataset_isassociated(cdnskey) &&
namebuf);
delrdata(&cdnskey_delete, diff, origin, cdnskey->ttl,
mctx);
+ changed = true;
}
}
- return ISC_R_SUCCESS;
+ if (changed) {
+ return ISC_R_SUCCESS;
+ }
+ return DNS_R_UNCHANGED;
}
/*
result = dns_dnssec_syncupdate(&dnskeys, &rmkeys, &cdsset,
&cdnskeyset, now, &digests,
cdnskeypub, ttl, &diff, mctx);
- if (result != ISC_R_SUCCESS) {
+ if (result == ISC_R_SUCCESS) {
+ dnssec_log(zone, ISC_LOG_DEBUG(3),
+ "zone_rekey:CDS/CDNSKEY updated");
+ } else if (result != DNS_R_UNCHANGED) {
dnssec_log(zone, ISC_LOG_ERROR,
"zone_rekey:couldn't update CDS/CDNSKEY: %s",
isc_result_totext(result));
result = dns_dnssec_syncdelete(
&cdsset, &cdnskeyset, &zone->origin, zone->rdclass, ttl,
&diff, mctx, cdsdel, cdnskeydel);
- if (result != ISC_R_SUCCESS) {
+ if (result == ISC_R_SUCCESS) {
+ dnssec_log(zone, ISC_LOG_DEBUG(3),
+ "zone_rekey:CDS/CDNSKEY updated (DELETE)");
+ } else if (result != DNS_R_UNCHANGED) {
dnssec_log(zone, ISC_LOG_ERROR,
"zone_rekey:couldn't update CDS/CDNSKEY "
"DELETE records: %s",
projects / thirdparty / bind9.git / commitdiff
