2754. [bug] Secure-to-insecure transitions failed when zone

author Evan Hunt <each@isc.org>

Fri, 6 Nov 2009 08:38:21 +0000 (08:38 +0000)

committer Evan Hunt <each@isc.org>

Fri, 6 Nov 2009 08:38:21 +0000 (08:38 +0000)
author Evan Hunt <each@isc.org>
Fri, 6 Nov 2009 08:38:21 +0000 (08:38 +0000)
committer Evan Hunt <each@isc.org>
Fri, 6 Nov 2009 08:38:21 +0000 (08:38 +0000)
diff --git a/CHANGES b/CHANGES

index bb684a7ae832ffb413aa546a9c6ed8fefeb4fea7..7eb56692944d51d2791c3ee7cab4553b66dfa903 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2754.  [bug]           Secure-to-insecure transitions failed when zone
+                       was signed with NSEC3. [RT #20587]
+
  2750.  [bug]           dig: assertion failure could occur when a server
                         didn't have an address. [RT #20579]
  
diff --git a/bin/named/update.c b/bin/named/update.c

index 0004e1662ad3d213e1ef1ca7203d5afe12b8ef80..6d7455cd7860d6dc3e6af52af52daeecfd6fb80f 100644 (file)
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
   * PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: update.c,v 1.151.12.7 2009/07/28 15:51:31 marka Exp $ */
+/* $Id: update.c,v 1.151.12.8 2009/11/06 08:38:21 each Exp $ */
  
  #include <config.h>
  
@@ -3031,7 +3031,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
         } else {
                 CHECK(get_iterations(db, ver, &iterations));
                 CHECK(dns_nsec3_maxiterations(db, ver, client->mctx, &max));
-               if (iterations > max) {
+               if (max != 0 && iterations > max) {
                         flag = ISC_TRUE;
                         update_log(client, zone, ISC_LOG_WARNING,
                                    "too many NSEC3 iterations (%u) for "
author	Evan Hunt <each@isc.org>
	Fri, 6 Nov 2009 08:38:21 +0000 (08:38 +0000)
committer	Evan Hunt <each@isc.org>
	Fri, 6 Nov 2009 08:38:21 +0000 (08:38 +0000)
CHANGES		patch \| blob \| blame \| history
bin/named/update.c		patch \| blob \| blame \| history