]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
increase jitter to cover the entire potential steady state expire range when initiall...
authorMark Andrews <marka@isc.org>
Fri, 17 Aug 2018 00:56:02 +0000 (10:56 +1000)
committerMark Andrews <marka@isc.org>
Fri, 31 Aug 2018 02:37:08 +0000 (22:37 -0400)
lib/dns/zone.c

index a35d3ae3cee95ee8c7ffc7bd820b73159f69e286..e11398e63ae697133d184eaae751cf2cef7dc3ac 100644 (file)
@@ -8419,7 +8419,7 @@ zone_sign(dns_zone_t *zone) {
        bool first;
        isc_result_t result;
        isc_stdtime_t now, inception, soaexpire, expire;
-       uint32_t jitter, sigvalidityinterval;
+       uint32_t jitter, sigvalidityinterval, expiryinterval;
        unsigned int i, j;
        unsigned int nkeys = 0;
        uint32_t nodes;
@@ -8473,6 +8473,12 @@ zone_sign(dns_zone_t *zone) {
        sigvalidityinterval = dns_zone_getsigvalidityinterval(zone);
        inception = now - 3600; /* Allow for clock skew. */
        soaexpire = now + sigvalidityinterval;
+       expiryinterval = dns_zone_getsigresigninginterval(zone);
+       if (expiryinterval > sigvalidityinterval) {
+               expiryinterval = sigvalidityinterval;
+       } else {
+               expiryinterval = sigvalidityinterval - expiryinterval;
+       }
 
        /*
         * Spread out signatures over time if they happen to be
@@ -8481,7 +8487,7 @@ zone_sign(dns_zone_t *zone) {
         */
        if (sigvalidityinterval >= 3600U) {
                if (sigvalidityinterval > 7200U) {
-                       jitter = isc_random_uniform(3600);
+                       jitter = isc_random_uniform(expiryinterval);
                } else {
                        jitter = isc_random_uniform(1200);
                }