pullup:

 677.   [bug]           dnssec-signzone would occasionally use the wrong ttl
                        for database operations and fail. [RT #643]

diff --git a/CHANGES b/CHANGES
index 66dfc2bb5f5f5922594ed536598db17e4a8d0dc6..2608825b324de36210ea9bad8293e60745bc88e0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
  678.  [bug]           "tranfer-format one-answer;" could trigger an assertion
                        failure. [RT #646]
 
+ 677.  [bug]           dnssec-signzone would occasionally use the wrong ttl
+                       for database operations and fail. [RT #643]
+
  676.  [bug]           Log messages about lame servers to category
                        'lame-servers' rather than 'resolver', so as not
                        to be gratuitously incompatible with BIND 8.

diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 9aec8966537709d763437dd81d7819bcf59f5435..148117b21edb782cbda7f861cc4afcf5fd320cc5 100644 (file)
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.126.2.1 2001/01/09 22:31:34 bwelling Exp $ */
+/* $Id: dnssec-signzone.c,v 1.126.2.2 2001/01/12 23:44:02 gson Exp $ */
 
 #include <config.h>
 
@@ -409,8 +409,8 @@ signset(dns_diff_t *diff, dns_dbnode_t *node, dns_name_t *name,
                } else {
                        tuple = NULL;
                        result = dns_difftuple_create(mctx, DNS_DIFFOP_DEL,
-                                                     name, 0, &sigrdata,
-                                                     &tuple);
+                                                     name, sigset.ttl,
+                                                     &sigrdata, &tuple);
                        check_result(result, "dns_difftuple_create");
                        dns_diff_append(diff, &tuple);
                        INCSTAT(ndropped);
@@ -724,7 +724,9 @@ nxt_setbit(dns_rdataset_t *rdataset, dns_rdatatype_t type) {
 }
 
 static void
-createnullkey(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name) {
+createnullkey(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
+             dns_ttl_t ttl)
+{
        unsigned char keydata[4];
        dns_rdata_t keyrdata = DNS_RDATA_INIT;
        dns_rdata_key_t key;
@@ -754,7 +756,7 @@ createnullkey(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name) {
 
        dns_diff_init(mctx, &diff);
 
-       result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, zonettl,
+       result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, ttl,
                                      &keyrdata, &tuple);
        check_result(result, "dns_difftuple_create");
 
@@ -824,9 +826,11 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
         */
        if (isdelegation) {
                dns_rdataset_t keyset;
+               dns_ttl_t nullkeyttl;
 
                childkey = haschildkey(name);
                neednullkey = ISC_TRUE;
+               nullkeyttl = zonettl;
 
                dns_rdataset_init(&keyset);
                result = dns_db_findrdataset(gdb, node, gversion,
@@ -835,12 +839,19 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
                if (result == ISC_R_SUCCESS && childkey) {
                        char namestr[DNS_NAME_FORMATSIZE];
                        dns_name_format(name, namestr, sizeof namestr);
-                       fatal("%s has both a signedkey file and KEY "
-                             "records in the zone.  Aborting.", namestr);
+                       if (hasnullkey(&keyset)) {
+                               fatal("%s has both a signedkey file and "
+                                     "null keys in the zone.  Aborting.",
+                                     namestr);
+                       }
+                       vbprintf(2, "child key for %s found\n", namestr);
+                       neednullkey = ISC_FALSE;
+                       dns_rdataset_disassociate(&keyset);
                }
                else if (result == ISC_R_SUCCESS) {
                        if (hasnullkey(&keyset))
                                neednullkey = ISC_FALSE;
+                       nullkeyttl = keyset.ttl;
                        dns_rdataset_disassociate(&keyset);
                } else if (childkey) {
                        char namestr[DNS_NAME_FORMATSIZE];
@@ -850,7 +861,7 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
                }
 
                if (neednullkey)
-                       createnullkey(gdb, gversion, name);
+                       createnullkey(gdb, gversion, name, nullkeyttl);
        }
 
        /*
@@ -913,7 +924,8 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
        if (result != ISC_R_SUCCESS) {
                char namestr[DNS_NAME_FORMATSIZE];
                dns_name_format(name, namestr, sizeof namestr);
-               fatal("failed to add SIGs at node %s", namestr);
+               fatal("failed to add SIGs at node '%s': %s",
+                     namestr, isc_result_totext(result));
        }
        dns_diff_clear(&diff);
 }