From: Libor Peltan <libor.peltan@nic.cz>
Date: Mon, 28 Jun 2021 16:35:38 +0000 (+0200)
Subject: nsec3param: set TTL to the same like for NSEC3...
X-Git-Tag: v3.1.0~51^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99e401a5d1c24a7ff0654f7bfcc20bcf6b64ad77;p=thirdparty%2Fknot-dns.git

nsec3param: set TTL to the same like for NSEC3...

...the change does not take effect until NSEC3PARAM
is updated for other reason (eg resalt)
---

diff --git a/src/knot/dnssec/nsec3-chain.c b/src/knot/dnssec/nsec3-chain.c
index fa3d238fe2..b3dc480100 100644
--- a/src/knot/dnssec/nsec3-chain.c
+++ b/src/knot/dnssec/nsec3-chain.c
@@ -790,7 +790,7 @@ int knot_nsec3_fix_chain(zone_update_t *update,
 
 	// ensure that the salt has not changed
 	if (!knot_nsec3param_uptodate(update->new_cont, params)) {
-		int ret = knot_nsec3param_update(update, params);
+		int ret = knot_nsec3param_update(update, params, ttl);
 		if (ret != KNOT_EOK) {
 			return ret;
 		}
diff --git a/src/knot/dnssec/zone-nsec.c b/src/knot/dnssec/zone-nsec.c
index 5e6f1e55fe..07d6a5d96b 100644
--- a/src/knot/dnssec/zone-nsec.c
+++ b/src/knot/dnssec/zone-nsec.c
@@ -236,14 +236,15 @@ static int set_nsec3param(knot_rrset_t *rrset, const dnssec_nsec3_params_t *para
 }
 
 static int add_nsec3param(zone_update_t *update,
-                          const dnssec_nsec3_params_t *params)
+                          const dnssec_nsec3_params_t *params,
+                          uint32_t ttl)
 {
 	assert(update);
 	assert(params);
 
 	knot_rrset_t *rrset = NULL;
 	rrset = knot_rrset_new(update->new_cont->apex->owner, KNOT_RRTYPE_NSEC3PARAM,
-	                       KNOT_CLASS_IN, 0, NULL);
+	                       KNOT_CLASS_IN, ttl, NULL);
 	if (rrset == NULL) {
 		return KNOT_ENOMEM;
 	}
@@ -268,7 +269,8 @@ bool knot_nsec3param_uptodate(const zone_contents_t *zone,
 }
 
 int knot_nsec3param_update(zone_update_t *update,
-                           const dnssec_nsec3_params_t *params)
+                           const dnssec_nsec3_params_t *params,
+                           uint32_t ttl)
 {
 	assert(update);
 	assert(params);
@@ -284,7 +286,7 @@ int knot_nsec3param_update(zone_update_t *update,
 	}
 
 	if (params->algorithm != 0 && !valid) {
-		return add_nsec3param(update, params);
+		return add_nsec3param(update, params, ttl);
 	}
 
 	return KNOT_EOK;
@@ -336,7 +338,7 @@ int knot_zone_create_nsec_chain(zone_update_t *update, const kdnssec_ctx_t *ctx)
 
 	dnssec_nsec3_params_t params = nsec3param_init(ctx->policy, ctx->zone);
 
-	int ret = knot_nsec3param_update(update, &params);
+	int ret = knot_nsec3param_update(update, &params, nsec_ttl);
 	if (ret != KNOT_EOK) {
 		return ret;
 	}
diff --git a/src/knot/dnssec/zone-nsec.h b/src/knot/dnssec/zone-nsec.h
index ad7d384151..c43b658428 100644
--- a/src/knot/dnssec/zone-nsec.h
+++ b/src/knot/dnssec/zone-nsec.h
@@ -119,11 +119,13 @@ bool knot_nsec3param_uptodate(const zone_contents_t *zone,
  *
  * \param update  Zone to be updated.
  * \param params  NSEC3 params.
+ * \param ttl     Desired TTL for NSEC3PARAM.
  *
  * \return KNOT_E*
  */
 int knot_nsec3param_update(zone_update_t *update,
-                           const dnssec_nsec3_params_t *params);
+                           const dnssec_nsec3_params_t *params,
+                           uint32_t ttl);
 
 /*!
  * \brief Create NSEC or NSEC3 chain in the zone.