From: Mark Andrews <marka@isc.org>
Date: Thu, 27 Feb 2020 06:35:18 +0000 (+1100)
Subject: Call set_resigntime() in receive_secure_serial()
X-Git-Tag: v9.17.1~87^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d1611afdc61ea8f19ceecc3e88cdb2296ec3914;p=thirdparty%2Fbind9.git

Call set_resigntime() in receive_secure_serial()

With RRSIG records no longer being signed with the full
sig-validity-interval we need to ensure the zone->resigntime
as it may need to be set to a earlier time.
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 2009b9228b0..baddd91a584 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15630,6 +15630,11 @@ nextevent:
 	zone->sourceserialset = true;
 	zone_needdump(zone, DNS_DUMP_DELAY);
 
+	/*
+	 * Set resign time to make sure it is set to the earliest
+	 * signature expiration.
+	 */
+	set_resigntime(zone);
 	TIME_NOW(&timenow);
 	zone_settimer(zone, &timenow);
 	UNLOCK_ZONE(zone);