increase jitter to cover the entire potential steady state expire range when initiall...

(cherry picked from commit 050fca2139a69b8057a8f5f87966b1e7215d78bc)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index c20caf70f1eb1e7366b8eb4fd38cdc6b472b9a91..eff8c32a8ec1d46b948d5b5ff9d92d907ad70f17 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -8416,7 +8416,7 @@ zone_sign(dns_zone_t *zone) {
        bool first;
        isc_result_t result;
        isc_stdtime_t now, inception, soaexpire, expire;
-       uint32_t jitter, sigvalidityinterval;
+       uint32_t jitter, sigvalidityinterval, expiryinterval;
        unsigned int i, j;
        unsigned int nkeys = 0;
        uint32_t nodes;
@@ -8470,6 +8470,12 @@ zone_sign(dns_zone_t *zone) {
        sigvalidityinterval = dns_zone_getsigvalidityinterval(zone);
        inception = now - 3600; /* Allow for clock skew. */
        soaexpire = now + sigvalidityinterval;
+       expiryinterval = dns_zone_getsigresigninginterval(zone);
+       if (expiryinterval > sigvalidityinterval) {
+               expiryinterval = sigvalidityinterval;
+       } else {
+               expiryinterval = sigvalidityinterval - expiryinterval;
+       }
 
        /*
         * Spread out signatures over time if they happen to be
@@ -8479,7 +8485,7 @@ zone_sign(dns_zone_t *zone) {
        if (sigvalidityinterval >= 3600U) {
                isc_random_get(&jitter);
                if (sigvalidityinterval > 7200U) {
-                       jitter %= 3600;
+                       jitter %= expiryinterval;
                } else {
                        jitter %= 1200;
                }