return (result);
}
+static void
+calculate_rrsig_validity(dns_zone_t *zone, isc_stdtime_t now,
+ isc_stdtime_t *inception, isc_stdtime_t *soaexpire,
+ isc_stdtime_t *expire, isc_stdtime_t *fullexpire) {
+ REQUIRE(inception != NULL);
+ REQUIRE(soaexpire != NULL);
+ /* expire and fullexpire are optional */
+
+ isc_stdtime_t sigvalidityinterval =
+ dns_zone_getsigvalidityinterval(zone);
+ isc_stdtime_t expiryinterval = dns_zone_getsigresigninginterval(zone);
+ isc_stdtime_t normaljitter = 0, fulljitter = 0;
+
+ *inception = now - 3600; /* Allow for clock skew. */
+ *soaexpire = now + sigvalidityinterval;
+ if (expiryinterval > sigvalidityinterval) {
+ expiryinterval = sigvalidityinterval;
+ } else {
+ expiryinterval = sigvalidityinterval - expiryinterval;
+ }
+
+ /*
+ * Spread out signatures over time if they happen to be
+ * clumped. We don't do this for each add_sigs() call as
+ * we still want some clustering to occur. In normal operations
+ * the records should be re-signed as they fall due and they should
+ * already be spread out. However if the server is off for a
+ * period we need to ensure that the clusters don't become
+ * synchronised by using the full jitter range.
+ */
+ if (sigvalidityinterval >= 3600U) {
+ if (sigvalidityinterval > 7200U) {
+ normaljitter = isc_random_uniform(3600);
+ fulljitter = isc_random_uniform(expiryinterval);
+ } else {
+ normaljitter = fulljitter = isc_random_uniform(1200);
+ }
+ }
+
+ SET_IF_NOT_NULL(expire, *soaexpire - normaljitter - 1);
+ SET_IF_NOT_NULL(fullexpire, *soaexpire - fulljitter - 1);
+}
+
static void
zone_resigninc(dns_zone_t *zone) {
dns_db_t *db = NULL;
dst_key_t *zone_keys[DNS_MAXZONEKEYS];
isc_result_t result;
isc_stdtime_t now, inception, soaexpire, expire, fullexpire, stop;
- uint32_t sigvalidityinterval, expiryinterval;
unsigned int i;
unsigned int nkeys = 0;
unsigned int resign;
goto failure;
}
- sigvalidityinterval = dns_zone_getsigvalidityinterval(zone);
- inception = now - 3600; /* Allow for clock skew. */
- soaexpire = now + sigvalidityinterval;
- expiryinterval = dns_zone_getsigresigninginterval(zone);
- if (expiryinterval > sigvalidityinterval) {
- expiryinterval = sigvalidityinterval;
- } else {
- expiryinterval = sigvalidityinterval - expiryinterval;
- }
+ calculate_rrsig_validity(zone, now, &inception, &soaexpire, &expire,
+ &fullexpire);
- /*
- * Spread out signatures over time if they happen to be
- * clumped. We don't do this for each add_sigs() call as
- * we still want some clustering to occur. In normal operations
- * the records should be re-signed as they fall due and they should
- * already be spread out. However if the server is off for a
- * period we need to ensure that the clusters don't become
- * synchronised by using the full jitter range.
- */
- if (sigvalidityinterval >= 3600U) {
- uint32_t normaljitter, fulljitter;
- if (sigvalidityinterval > 7200U) {
- normaljitter = isc_random_uniform(3600);
- fulljitter = isc_random_uniform(expiryinterval);
- } else {
- normaljitter = fulljitter = isc_random_uniform(1200);
- }
- expire = soaexpire - normaljitter - 1;
- fullexpire = soaexpire - fulljitter - 1;
- } else {
- expire = fullexpire = soaexpire - 1;
- }
stop = now + 5;
name = dns_fixedname_initname(&fixed);
bool first;
isc_result_t result;
isc_stdtime_t now, inception, soaexpire, expire;
- uint32_t jitter, sigvalidityinterval, expiryinterval;
unsigned int i;
unsigned int nkeys = 0;
uint32_t nodes;
goto failure;
}
- sigvalidityinterval = dns_zone_getsigvalidityinterval(zone);
- inception = now - 3600; /* Allow for clock skew. */
- soaexpire = now + sigvalidityinterval;
- expiryinterval = dns_zone_getsigresigninginterval(zone);
- if (expiryinterval > sigvalidityinterval) {
- expiryinterval = sigvalidityinterval;
- } else {
- expiryinterval = sigvalidityinterval - expiryinterval;
- }
-
- /*
- * Spread out signatures over time if they happen to be
- * clumped. We don't do this for each add_sigs() call as
- * we still want some clustering to occur.
- */
- if (sigvalidityinterval >= 3600U) {
- if (sigvalidityinterval > 7200U) {
- jitter = isc_random_uniform(expiryinterval);
- } else {
- jitter = isc_random_uniform(1200);
- }
- expire = soaexpire - jitter - 1;
- } else {
- expire = soaexpire - 1;
- }
+ calculate_rrsig_validity(zone, now, &inception, &soaexpire, NULL,
+ &expire);
/*
* We keep pulling nodes off each iterator in turn until
bool first;
isc_result_t result;
isc_stdtime_t now, inception, soaexpire, expire;
- uint32_t jitter, sigvalidityinterval, expiryinterval;
unsigned int i, j;
unsigned int nkeys = 0;
uint32_t nodes;
}
kasp = zone->kasp;
- sigvalidityinterval = dns_zone_getsigvalidityinterval(zone);
- inception = now - 3600; /* Allow for clock skew. */
- soaexpire = now + sigvalidityinterval;
- expiryinterval = dns_zone_getsigresigninginterval(zone);
- if (expiryinterval > sigvalidityinterval) {
- expiryinterval = sigvalidityinterval;
- } else {
- expiryinterval = sigvalidityinterval - expiryinterval;
- }
- /*
- * Spread out signatures over time if they happen to be
- * clumped. We don't do this for each add_sigs() call as
- * we still want some clustering to occur.
- */
- if (sigvalidityinterval >= 3600U) {
- if (sigvalidityinterval > 7200U) {
- jitter = isc_random_uniform(expiryinterval);
- } else {
- jitter = isc_random_uniform(1200);
- }
- expire = soaexpire - jitter - 1;
- } else {
- expire = soaexpire - 1;
- }
+ calculate_rrsig_validity(zone, now, &inception, &soaexpire, NULL,
+ &expire);
/*
* We keep pulling nodes off each iterator in turn until
projects / thirdparty / bind9.git / commitdiff
