From: Michał Kępień Date: Fri, 16 Mar 2018 23:12:21 +0000 (+0100) Subject: Only log bumped signed serial after a successful secure zone update X-Git-Tag: v9.9.13rc1~32^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d4750a8e98a160ea29a5ef70b05df24896c34c8;p=thirdparty%2Fbind9.git Only log bumped signed serial after a successful secure zone update If a raw zone is modified, but the dns_update_signaturesinc() call in receive_secure_serial() fails, the corresponding secure zone's database will not be modified, even though by that time a message containing the bumped signed serial will already have been logged. This creates confusion, because a different secure zone version will be served than the one announced in the logs. Move the relevant dns_zone_log() call so that it is only performed if the secure zone's database is modified. (cherry picked from commit cfbc8e264d5a276fda2d1c0b15a4725cc293ba65) (cherry picked from commit cdc7ab42b111a4e6aaaac19e86069d996ea11002) (cherry picked from commit c042ec70d2aa433cc1fdd7f65c06febf3dd2cd82) --- diff --git a/lib/dns/zone.c b/lib/dns/zone.c index ddac489a7c7..a840cc6c54d 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -13371,6 +13371,7 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { dns_zone_t *zone; dns_difftuple_t *tuple = NULL, *soatuple = NULL; dns_update_log_t log = { update_log_cb, NULL }; + isc_uint32_t newserial = 0, desired = 0; isc_time_t timenow; UNUSED(task); @@ -13478,7 +13479,7 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { zone->rss_newver)); if (soatuple != NULL) { - isc_uint32_t oldserial, newserial, desired; + isc_uint32_t oldserial; CHECK(dns_db_createsoatuple(zone->rss_db, zone->rss_oldver, @@ -13497,9 +13498,6 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { zone->rss_newver, &zone->rss_diff)); CHECK(do_one_tuple(&soatuple, zone->rss_db, zone->rss_newver, &zone->rss_diff)); - dns_zone_log(zone, ISC_LOG_INFO, - "serial %u (unsigned %u)", - newserial, desired); } else CHECK(update_soa_serial(zone->rss_db, zone->rss_newver, &zone->rss_diff, zone->mctx, @@ -13545,6 +13543,11 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { dns_db_closeversion(zone->rss_db, &zone->rss_oldver, ISC_FALSE); dns_db_closeversion(zone->rss_db, &zone->rss_newver, ISC_TRUE); + if (newserial != 0) { + dns_zone_log(zone, ISC_LOG_INFO, "serial %u (unsigned %u)", + newserial, desired); + } + failure: isc_event_free(&zone->rss_event); event = ISC_LIST_HEAD(zone->rss_events);