From: Evan Hunt Date: Fri, 6 Nov 2009 08:38:21 +0000 (+0000) Subject: 2754. [bug] Secure-to-insecure transitions failed when zone X-Git-Tag: v9.6.1-P2~2^2~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f75c7e218c55149dc095e614e138321e766f9423;p=thirdparty%2Fbind9.git 2754. [bug] Secure-to-insecure transitions failed when zone was signed with NSEC3. [RT #20587] --- diff --git a/CHANGES b/CHANGES index bb684a7ae83..7eb56692944 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2754. [bug] Secure-to-insecure transitions failed when zone + was signed with NSEC3. [RT #20587] + 2750. [bug] dig: assertion failure could occur when a server didn't have an address. [RT #20579] diff --git a/bin/named/update.c b/bin/named/update.c index 0004e1662ad..6d7455cd786 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.151.12.7 2009/07/28 15:51:31 marka Exp $ */ +/* $Id: update.c,v 1.151.12.8 2009/11/06 08:38:21 each Exp $ */ #include @@ -3031,7 +3031,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, } else { CHECK(get_iterations(db, ver, &iterations)); CHECK(dns_nsec3_maxiterations(db, ver, client->mctx, &max)); - if (iterations > max) { + if (max != 0 && iterations > max) { flag = ISC_TRUE; update_log(client, zone, ISC_LOG_WARNING, "too many NSEC3 iterations (%u) for "