From: Libor Peltan <libor.peltan@nic.cz>
Date: Fri, 3 Sep 2021 11:59:35 +0000 (+0200)
Subject: dnssec: avoid planning signing event just to delete deleted keys
X-Git-Tag: v3.1.2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b8ad3d9addfc9af923a26366b01f8efdef43d8c;p=thirdparty%2Fknot-dns.git

dnssec: avoid planning signing event just to delete deleted keys
---

diff --git a/src/knot/dnssec/key-events.c b/src/knot/dnssec/key-events.c
index 0c40b3fb68..0c07a52051 100644
--- a/src/knot/dnssec/key-events.c
+++ b/src/knot/dnssec/key-events.c
@@ -437,6 +437,9 @@ static roll_action_t next_action(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flag
 				break;
 			case DNSSEC_KEY_STATE_REMOVED:
 				keytime = ksk_really_remove_time(key->timing.remove, ctx);
+				if (knot_time_cmp(keytime, ctx->now) > 0) {
+					keytime = 0;
+				}
 				restype = REALLY_REMOVE;
 				break;
 			default:
@@ -473,6 +476,9 @@ static roll_action_t next_action(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flag
 				break;
 			case DNSSEC_KEY_STATE_REMOVED:
 				keytime = zsk_really_remove_time(key->timing.remove, ctx);
+				if (knot_time_cmp(keytime, ctx->now) > 0) {
+					keytime = 0;
+				}
 				restype = REALLY_REMOVE;
 				break;
 			case DNSSEC_KEY_STATE_READY: