From: Mark Andrews <marka@isc.org>
Date: Thu, 27 Feb 2020 06:35:18 +0000 (+1100)
Subject: Call set_resigntime() in receive_secure_serial()
X-Git-Tag: v9.14.12~21^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1103f41fa06ae593e0a1a3bf8cf8f7ca6ada7b7d;p=thirdparty%2Fbind9.git

Call set_resigntime() in receive_secure_serial()

With RRSIG records no longer being signed with the full
sig-validity-interval we need to ensure the zone->resigntime
as it may need to be set to a earlier time.

(cherry picked from commit 5d1611afdc61ea8f19ceecc3e88cdb2296ec3914)
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index f63ec833707..f4d67e22f25 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -14950,6 +14950,11 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) {
 	zone->sourceserialset = true;
 	zone_needdump(zone, DNS_DUMP_DELAY);
 
+	/*
+	 * Set resign time to make sure it is set to the earliest
+	 * signature expiration.
+	 */
+	set_resigntime(zone);
 	TIME_NOW(&timenow);
 	zone_settimer(zone, &timenow);
 	UNLOCK_ZONE(zone);