git.ipfire.org Git - thirdparty/bind9.git/commit

author	Michał Kępień <michal@isc.org>
	Fri, 16 Mar 2018 23:12:23 +0000 (00:12 +0100)
committer	Evan Hunt <each@isc.org>
	Wed, 25 Apr 2018 19:24:36 +0000 (12:24 -0700)
commit	8b0f7f1b8d8056185ea2d6d76e99b119808fa0b0
tree	97717591fdc65ac294e75bff0ada1bde75402e1d	tree \| snapshot
parent	0d4750a8e98a160ea29a5ef70b05df24896c34c8	commit \| diff

Apply raw zone deltas to yet unsigned secure zones

When inline signing is enabled for a zone without creating signing keys
for it, changes subsequently applied to the raw zone will not be
reflected in the secure zone due to the dns_update_signaturesinc() call
inside receive_secure_serial() failing. Given that an inline zone will
be served (without any signatures) even with no associated signing keys
being present, keep applying raw zone deltas to the secure zone until
keys become available in an attempt to follow the principle of least
astonishment.

(cherry picked from commit 6acf326969862c68559d699be113c28dc35b35e6)
(cherry picked from commit 8a58a607723682c167d22e1bc5372e84a21e7f1f)
(cherry picked from commit fcbdeed802e21bc9a761003b9dbf30514807f2dd)

bin/tests/system/inline/clean.sh		diff \| blob \| blame \| history
bin/tests/system/inline/ns2/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/inline/ns3/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/inline/ns3/sign.sh		diff \| blob \| blame \| history
bin/tests/system/inline/setup.sh		diff \| blob \| blame \| history
bin/tests/system/inline/tests.sh		diff \| blob \| blame \| history
lib/dns/zone.c		diff \| blob \| blame \| history