increase jitter to cover the entire potential steady state expire range when initiall...

(cherry picked from commit 050fca2139a69b8057a8f5f87966b1e7215d78bc)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index c5891100b161cb62d83c51cd8b04f063d0100ee7..19f3ddac66a991ed4fff1c7ba27da2dec00ff755 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -8470,7 +8470,7 @@ zone_sign(dns_zone_t *zone) {
        bool first;
        isc_result_t result;
        isc_stdtime_t now, inception, soaexpire, expire;
-       uint32_t jitter, sigvalidityinterval;
+       uint32_t jitter, sigvalidityinterval, expiryinterval;
        unsigned int i, j;
        unsigned int nkeys = 0;
        uint32_t nodes;
@@ -8524,6 +8524,12 @@ zone_sign(dns_zone_t *zone) {
        sigvalidityinterval = dns_zone_getsigvalidityinterval(zone);
        inception = now - 3600; /* Allow for clock skew. */
        soaexpire = now + sigvalidityinterval;
+       expiryinterval = dns_zone_getsigresigninginterval(zone);
+       if (expiryinterval > sigvalidityinterval) {
+               expiryinterval = sigvalidityinterval;
+       } else {
+               expiryinterval = sigvalidityinterval - expiryinterval;
+       }
 
        /*
         * Spread out signatures over time if they happen to be
@@ -8533,7 +8539,7 @@ zone_sign(dns_zone_t *zone) {
        if (sigvalidityinterval >= 3600U) {
                isc_random_get(&jitter);
                if (sigvalidityinterval > 7200U) {
-                       jitter %= 3600;
+                       jitter %= expiryinterval;
                } else {
                        jitter %= 1200;
                }