Read from kasp whether to publish CDNSKEY

Check the policy and feed 'dns_dnssec_syncupdate() the right value
to enable/disable CDSNKEY publication.

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index a7c009678b47a4fbe4633dbec31e01ba124af37e..d943295588b88e168983655964fd663bc4cfff85 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -21022,6 +21022,7 @@ zone_rekey(dns_zone_t *zone) {
                dns_kasp_digestlist_t digests;
                bool cdsdel = false;
                bool cdnskeydel = false;
+               bool cdnskeypub = true;
                bool sane_diff, sane_dnskey;
                isc_stdtime_t when;
 
@@ -21035,6 +21036,7 @@ zone_rekey(dns_zone_t *zone) {
                                cdnskeydel = true;
                        }
                        digests = dns_kasp_digests(kasp);
+                       cdnskeypub = dns_kasp_cdnskey(kasp);
                } else {
                        /* Check if there is a CDS DELETE record. */
                        if (dns_rdataset_isassociated(&cdsset)) {
@@ -21114,8 +21116,8 @@ zone_rekey(dns_zone_t *zone) {
                 * Update CDS / CDNSKEY records.
                 */
                result = dns_dnssec_syncupdate(&dnskeys, &rmkeys, &cdsset,
-                                              &cdnskeyset, now, &digests, true,
-                                              ttl, &diff, mctx);
+                                              &cdnskeyset, now, &digests,
+                                              cdnskeypub, ttl, &diff, mctx);
                if (result != ISC_R_SUCCESS) {
                        dnssec_log(zone, ISC_LOG_ERROR,
                                   "zone_rekey:couldn't update CDS/CDNSKEY: %s",