From: Mark Andrews <marka@isc.org>
Date: Tue, 12 Dec 2023 02:51:19 +0000 (+1100)
Subject: Use the current CDS and CDNSKEY TTLs
X-Git-Tag: v9.19.21~15^2~7
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=21be35c54e1329556062cd772860e730bb37e1de;p=thirdparty%2Fbind9.git

Use the current CDS and CDNSKEY TTLs

When adding new CDS and CDNSKEY records use the existing RRset
TTL if they already exist.
---

diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 92ac0961345..6b45dfc1178 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -2034,11 +2034,21 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
 	unsigned char keybuf[DST_KEY_MAXSIZE];
 	isc_result_t result;
 	dns_dnsseckey_t *key;
+	dns_ttl_t cdsttl = ttl;
+	dns_ttl_t cdnskeyttl = ttl;
 
 	REQUIRE(digests != NULL);
 	REQUIRE(keys != NULL);
 	REQUIRE(rmkeys != NULL);
 
+	if (dns_rdataset_isassociated(cds)) {
+		cdsttl = cds->ttl;
+	}
+
+	if (dns_rdataset_isassociated(cdnskey)) {
+		cdnskeyttl = cdnskey->ttl;
+	}
+
 	for (key = ISC_LIST_HEAD(*keys); key != NULL;
 	     key = ISC_LIST_NEXT(key, link))
 	{
@@ -2058,7 +2068,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
 			{
 				RETERR(add_cds(key, &cdnskeyrdata,
 					       (const char *)keystr, cds,
-					       alg->digest, ttl, diff, mctx));
+					       alg->digest, cdsttl, diff,
+					       mctx));
 			}
 
 			if (gencdnskey &&
@@ -2071,7 +2082,7 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
 					"CDNSKEY for key %s is now published",
 					keystr);
 				RETERR(addrdata(&cdnskeyrdata, diff, origin,
-						ttl, mctx));
+						cdnskeyttl, mctx));
 			}
 		}