Fix setnsec3param hang on shutdown

When performing the 'setnsec3param' task, zones that are not loaded will have
their task rescheduled. We should do this only if the zone load is still
pending, this prevents zones that failed to load get stuck in a busy wait and
causing a hang on shutdown.

diff --git a/bin/tests/system/nsec3/ns3/named.conf.in b/bin/tests/system/nsec3/ns3/named.conf.in
index 791881225b5635c5754b60acdba8e326e3e70745..2241bc87bfac7c00f51664e88ed8478bebeecff5 100644 (file)
--- a/bin/tests/system/nsec3/ns3/named.conf.in
+++ b/bin/tests/system/nsec3/ns3/named.conf.in
@@ -111,3 +111,11 @@ zone "nsec3-to-nsec.kasp" {
        file "nsec3-to-nsec.kasp.db";
        dnssec-policy "nsec3";
 };
+
+/* The zone fails to load, this should not prevent shutdown. */
+zone "nsec3-fails-to-load.kasp" {
+       type primary;
+       file "nsec3-fails-to-load.kasp.db";
+       dnssec-policy "nsec3";
+       allow-update { any; };
+};

diff --git a/bin/tests/system/nsec3/ns3/named2.conf.in b/bin/tests/system/nsec3/ns3/named2.conf.in
index 5c1094e276c2264f5a979fee6b5191c7fee4d5fd..380e56654cd9367461772e5f2f872f51c9b2ee54 100644 (file)
--- a/bin/tests/system/nsec3/ns3/named2.conf.in
+++ b/bin/tests/system/nsec3/ns3/named2.conf.in
@@ -118,7 +118,7 @@ zone "nsec3-to-nsec.kasp" {
        dnssec-policy "nsec";
 };
 
-/* Add a zone that fails to load, should not prevent shutdown. */
+/* The zone fails to load, but is fixed after a reload. */
 zone "nsec3-fails-to-load.kasp" {
        type primary;
        file "nsec3-fails-to-load.kasp.db";

diff --git a/bin/tests/system/nsec3/tests.sh b/bin/tests/system/nsec3/tests.sh
index 62c49e5904352b58ef9dde99438db50c281f919c..ac3a3c13cd7392d5afcb490ea0d80855aee574a4 100644 (file)
--- a/bin/tests/system/nsec3/tests.sh
+++ b/bin/tests/system/nsec3/tests.sh
@@ -218,7 +218,6 @@ echo_i "reconfig dnssec-policy to trigger nsec3 rollovers"
 copy_setports ns3/named2.conf.in ns3/named.conf
 rndc_reconfig ns3 10.53.0.3
 
-
 # Zone: nsec-to-nsec3.kasp. (reconfigured)
 set_zone_policy "nsec-to-nsec3.kasp" "nsec3"
 set_nsec3param "0" "5" "8"
@@ -324,5 +323,15 @@ echo_i "check zone ${ZONE} after restart has salt ${SALT}"
 check_nsec3
 dnssec_verify
 
+# Zone: nsec3-fails-to-load.kasp. (should be fixed after reload)
+cp ns3/template.db.in ns3/nsec3-fails-to-load.kasp.db
+rndc_reload ns3 10.53.0.3
+
+set_zone_policy "nsec3-fails-to-load.kasp" "nsec3"
+set_nsec3param "0" "5" "8"
+echo_i "check zone ${ZONE} after reload"
+check_nsec3
+dnssec_verify
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 0755baf63646c771cc43a41c79a830741dc50c1c..3d249675771fc83563675c67413a8be63c1b45c6 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -21228,6 +21228,7 @@ static void
 setnsec3param(isc_task_t *task, isc_event_t *event) {
        const char *me = "setnsec3param";
        dns_zone_t *zone = event->ev_arg;
+       bool loadpending;
 
        INSIST(DNS_ZONE_VALID(zone));
 
@@ -21235,6 +21236,10 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {
 
        ENTER;
 
+       LOCK_ZONE(zone);
+       loadpending = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING);
+       UNLOCK_ZONE(zone);
+
        /*
         * If receive_secure_serial is still processing or we have a
         * queued event append rss_post queue.
@@ -21252,7 +21257,7 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {
                 * be picked up later. This turns this function into a busy
                 * wait, but it only happens at startup.
                 */
-               if (zone->db == NULL) {
+               if (zone->db == NULL && loadpending) {
                        rescheduled = true;
                        isc_task_send(task, &event);
                }