From 1103f41fa06ae593e0a1a3bf8cf8f7ca6ada7b7d Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 27 Feb 2020 17:35:18 +1100 Subject: [PATCH] Call set_resigntime() in receive_secure_serial() With RRSIG records no longer being signed with the full sig-validity-interval we need to ensure the zone->resigntime as it may need to be set to a earlier time. (cherry picked from commit 5d1611afdc61ea8f19ceecc3e88cdb2296ec3914) --- lib/dns/zone.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/dns/zone.c b/lib/dns/zone.c index f63ec833707..f4d67e22f25 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -14950,6 +14950,11 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) { zone->sourceserialset = true; zone_needdump(zone, DNS_DUMP_DELAY); + /* + * Set resign time to make sure it is set to the earliest + * signature expiration. + */ + set_resigntime(zone); TIME_NOW(&timenow); zone_settimer(zone, &timenow); UNLOCK_ZONE(zone); -- 2.47.3