Fix setnsec3param hang on shutdown

When performing the 'setnsec3param' task, zones that are not loaded
will have their task rescheduled. We should do this only if the zone
load is still pending, this prevents zones that failed to load get
stuck in a busy wait and causing a hang on shutdown.

(cherry picked from commit 10055d44e3083ab6fb66d26f5f0bfbb67125edb5)

diff --git a/bin/tests/system/nsec3/ns3/named.conf.in b/bin/tests/system/nsec3/ns3/named.conf.in
index 791881225b5635c5754b60acdba8e326e3e70745..2241bc87bfac7c00f51664e88ed8478bebeecff5 100644 (file)
--- a/bin/tests/system/nsec3/ns3/named.conf.in
+++ b/bin/tests/system/nsec3/ns3/named.conf.in
@@ -111,3 +111,11 @@ zone "nsec3-to-nsec.kasp" {
        file "nsec3-to-nsec.kasp.db";
        dnssec-policy "nsec3";
 };
+
+/* The zone fails to load, this should not prevent shutdown. */
+zone "nsec3-fails-to-load.kasp" {
+       type primary;
+       file "nsec3-fails-to-load.kasp.db";
+       dnssec-policy "nsec3";
+       allow-update { any; };
+};

diff --git a/bin/tests/system/nsec3/ns3/named2.conf.in b/bin/tests/system/nsec3/ns3/named2.conf.in
index 5c1094e276c2264f5a979fee6b5191c7fee4d5fd..380e56654cd9367461772e5f2f872f51c9b2ee54 100644 (file)
--- a/bin/tests/system/nsec3/ns3/named2.conf.in
+++ b/bin/tests/system/nsec3/ns3/named2.conf.in
@@ -118,7 +118,7 @@ zone "nsec3-to-nsec.kasp" {
        dnssec-policy "nsec";
 };
 
-/* Add a zone that fails to load, should not prevent shutdown. */
+/* The zone fails to load, but is fixed after a reload. */
 zone "nsec3-fails-to-load.kasp" {
        type primary;
        file "nsec3-fails-to-load.kasp.db";

diff --git a/bin/tests/system/nsec3/tests.sh b/bin/tests/system/nsec3/tests.sh
index 62c49e5904352b58ef9dde99438db50c281f919c..ac3a3c13cd7392d5afcb490ea0d80855aee574a4 100644 (file)
--- a/bin/tests/system/nsec3/tests.sh
+++ b/bin/tests/system/nsec3/tests.sh
@@ -218,7 +218,6 @@ echo_i "reconfig dnssec-policy to trigger nsec3 rollovers"
 copy_setports ns3/named2.conf.in ns3/named.conf
 rndc_reconfig ns3 10.53.0.3
 
-
 # Zone: nsec-to-nsec3.kasp. (reconfigured)
 set_zone_policy "nsec-to-nsec3.kasp" "nsec3"
 set_nsec3param "0" "5" "8"
@@ -324,5 +323,15 @@ echo_i "check zone ${ZONE} after restart has salt ${SALT}"
 check_nsec3
 dnssec_verify
 
+# Zone: nsec3-fails-to-load.kasp. (should be fixed after reload)
+cp ns3/template.db.in ns3/nsec3-fails-to-load.kasp.db
+rndc_reload ns3 10.53.0.3
+
+set_zone_policy "nsec3-fails-to-load.kasp" "nsec3"
+set_nsec3param "0" "5" "8"
+echo_i "check zone ${ZONE} after reload"
+check_nsec3
+dnssec_verify
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 323be2da3bc5206ed0269659f79ef3569abf0a2f..223e5267d2ce28ea773df118f771ed5b1eb3ea42 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -21051,6 +21051,7 @@ static void
 setnsec3param(isc_task_t *task, isc_event_t *event) {
        const char *me = "setnsec3param";
        dns_zone_t *zone = event->ev_arg;
+       bool loadpending;
 
        INSIST(DNS_ZONE_VALID(zone));
 
@@ -21058,6 +21059,10 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {
 
        ENTER;
 
+       LOCK_ZONE(zone);
+       loadpending = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING);
+       UNLOCK_ZONE(zone);
+
        /*
         * If receive_secure_serial is still processing or we have a
         * queued event append rss_post queue.
@@ -21075,7 +21080,7 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {
                 * be picked up later. This turns this function into a busy
                 * wait, but it only happens at startup.
                 */
-               if (zone->db == NULL) {
+               if (zone->db == NULL && loadpending) {
                        rescheduled = true;
                        isc_task_send(task, &event);
                }