dns_kasp_t *
dns_zone_getkasp(dns_zone_t *zone) {
+ dns_kasp_t *kasp;
+
REQUIRE(DNS_ZONE_VALID(zone));
- return (zone->kasp);
+ LOCK_ZONE(zone);
+ if (inline_raw(zone) && zone->secure != NULL) {
+ kasp = zone->secure->kasp;
+ } else {
+ kasp = zone->kasp;
+ }
+ UNLOCK_ZONE(zone);
+
+ return (kasp);
}
void
dns_dnsseckey_t *key, *key_next;
dns_dnsseckeylist_t dnskeys;
dns_name_t *origin = dns_zone_getorigin(zone);
- dns_kasp_t *kasp = dns_zone_getkasp(zone);
+ dns_kasp_t *kasp = zone->kasp;
dns_rdataset_t keyset;
REQUIRE(DNS_ZONE_VALID(zone));
dns_rdataset_t rdataset;
unsigned int i;
dns_rdata_rrsig_t rrsig;
- bool kasp = (dns_zone_getkasp(zone) != NULL);
+ bool kasp = zone->kasp;
bool found;
int64_t timewarn = 0, timemaybe = 0;
unsigned int i, j;
bool use_kasp = false;
- if (dns_zone_getkasp(zone) != NULL) {
+ if (zone->kasp != NULL) {
check_ksk = false;
keyset_kskonly = true;
use_kasp = true;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_rrsig_t rrsig;
int count = 0;
- dns_kasp_t *kasp = dns_zone_getkasp(zone);
+ dns_kasp_t *kasp = zone->kasp;
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(db, node, version, dns_rdatatype_rrsig,
dns_rdata_reset(&rdata);
}
- if (dns_zone_getkasp(zone) != NULL) {
+ if (zone->kasp != NULL) {
dns_kasp_key_t *kkey;
int zsk_count = 0;
bool approved;
inception, &when))
{
/* Only applies to dnssec-policy. */
- if (dns_zone_getkasp(zone) != NULL) {
+ if (zone->kasp != NULL) {
goto next_rdataset;
}
}
/* Check kasp for NSEC3PARAM settings */
if (!nsec3) {
- dns_kasp_t *kasp = dns_zone_getkasp(zone);
+ dns_kasp_t *kasp = zone->kasp;
if (kasp != NULL) {
nsec3 = dns_kasp_nsec3(kasp);
}
goto cleanup;
}
- kasp = dns_zone_getkasp(zone);
+ kasp = zone->kasp;
sigvalidityinterval = dns_zone_getsigvalidityinterval(zone);
inception = now - 3600; /* Allow for clock skew. */
soaexpire = now + sigvalidityinterval;
signing = ISC_LIST_HEAD(zone->signing);
first = true;
- if (dns_zone_getkasp(zone) != NULL) {
+ if (kasp != NULL) {
check_ksk = false;
keyset_kskonly = true;
use_kasp = true;
static bool
do_checkds(dns_zone_t *zone, dst_key_t *key, isc_stdtime_t now,
bool dspublish) {
- dns_kasp_t *kasp = dns_zone_getkasp(zone);
+ dns_kasp_t *kasp = zone->kasp;
const char *dir = dns_zone_getkeydirectory(zone);
isc_result_t result;
uint32_t count = 0;
timenow = isc_time_now();
now = isc_time_seconds(&timenow);
- kasp = dns_zone_getkasp(zone);
+ kasp = zone->kasp;
dnssec_log(zone, ISC_LOG_INFO, "reconfiguring zone keys");