CHECK_RET;
}
- if (dnssec_ctx->policy->ds_push && node_rrtype_exists(ch.add->apex, KNOT_RRTYPE_CDS)) {
+ if (node_rrtype_exists(ch.add->apex, KNOT_RRTYPE_CDS)) {
// there is indeed a change to CDS
update->zone->timers->next_ds_push = time(NULL) + dnssec_ctx->policy->propagation_delay;
update->zone->timers->flags |= TIMERS_MODIFIED;
- zone_events_schedule_at(update->zone, ZONE_EVENT_DS_PUSH, update->zone->timers->next_ds_push);
+ // the event is planned only if DS-push configured, but timers set always just for case of later reconfiguration
+ if (dnssec_ctx->policy->ds_push) {
+ zone_events_schedule_at(update->zone, ZONE_EVENT_DS_PUSH, update->zone->timers->next_ds_push);
+ }
+ } else if (node_rrtype_exists(ch.remove->apex, KNOT_RRTYPE_CDS)) {
+ // CDS removal
+ update->zone->timers->next_ds_push = 0;
+ update->zone->timers->flags |= TIMERS_MODIFIED;
}
ret = zone_update_apply_changeset(update, &ch);
if (ds_check == 0) {
ds_check = TIME_IGNORE;
}
- ds_push = zone->timers->next_ds_push;
+ val = conf_zone_get(conf, C_DS_PUSH, zone->name);
+ if (val.code != KNOT_EOK) {
+ val = conf_id_get(conf, C_POLICY, C_DS_PUSH, &policy);
+ }
+ if (conf_val_count(&val) > 0) {
+ ds_push = zone->timers->next_ds_push;
+ }
if (ds_push == 0) {
ds_push = TIME_IGNORE;
}
child.dnssec(child_zone).ksk_shared = True
child.dnssec(child_zone).cds_cdnskey_publish = "always"
-child.conf_zone(child_zone).ds_push = [ parent ]
child.conf_ss("submission", child_zone).parent = [ parent ]
child.conf_ss("submission", child_zone).check_interval = 2
child.start()
child.zone_wait(child_zone)
-t.sleep(9)
+SLEEP_FIRST=random.randint(0, 5)
+t.sleep(SLEEP_FIRST)
+
+child.conf_zone(child_zone).ds_push = [ parent ]
+child.gen_confile()
+child.reload()
+
+t.sleep(7-SLEEP_FIRST)
+
+if not child.log_search("KSK submission, confirmed"):
+ set_err("initial KSK not confirmed")
pregenerate_key(child, child_zone, "ECDSAP256SHA256")
watch_ksk_rollover(t, child, child_zone[0], 2, 2, 3, "KSK rollover")
projects / thirdparty / knot-dns.git / commitdiff
