3286. [bug] Managed key maintenance timer could fail to start

			after 'rndc reconfig'. [RT #26786]

diff --git a/CHANGES b/CHANGES
index f4b5e77acdbd6509d8d21fe950ce9610c59bba74..3792282e6106128a52569ab6d41816070645b3b1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3286.  [bug]           Managed key maintenance timer could fail to start
+                       after 'rndc reconfig'. [RT #26786]
+
        --- 9.9.0rc3 released ---
 
 3285.  [bug]           val-frdataset was incorrectly disassociated in

diff --git a/bin/named/server.c b/bin/named/server.c
index aa2f12a9cf0a9fa41b9693fc1ad5d9f249f6becd..de227e7d7678262e4865595ab77f20a3fc898055 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.638.4.3 2012/02/07 00:58:40 each Exp $ */
+/* $Id: server.c,v 1.638.4.4 2012/02/22 00:35:52 each Exp $ */
 
 /*! \file */
 
@@ -3536,6 +3536,7 @@ add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) {
                dns_zone_attach(pview->managed_keys, &view->managed_keys);
                dns_zone_setview(pview->managed_keys, view);
                dns_view_detach(&pview);
+               dns_zone_synckeyzone(view->managed_keys);
                return (ISC_R_SUCCESS);
        }
 

diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh
index 8bce9d805f8a8a272ae848a7c8ed36c07d938af7..5226857869f83e25e4428497feb5ab24ba16b5e6 100644 (file)
--- a/bin/tests/system/dnssec/clean.sh
+++ b/bin/tests/system/dnssec/clean.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.46 2011/12/08 16:07:20 each Exp $
+# $Id: clean.sh,v 1.46.36.1 2012/02/22 00:35:53 each Exp $
 
 rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed
 rm -f */trusted.conf */managed.conf */tmp* */*.jnl */*.bk
@@ -51,6 +51,7 @@ rm -f signer/signer.out.*
 rm -f ns2/algroll.db
 rm -f ns3/kskonly.example.db
 rm -f ns4/named.conf
+rm -f ns4/managed-keys.bind*
 rm -f ns3/auto-nsec.example.db ns3/auto-nsec3.example.db
 rm -f ns3/secure.below-cname.example.db
 rm -f signer/example.db.after signer/example.db.before

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 809a56c5a90f1b551975068b5dadcde51920aa9a..2d27fd8aa20bbd1025f37f6f74206fa92ba710ca 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.107 2011/12/22 12:01:43 marka Exp $
+# $Id: tests.sh,v 1.107.20.1 2012/02/22 00:35:53 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -1255,6 +1255,13 @@ else
     echo "I:The DNSSEC update test requires the Net::DNS library." >&2
 fi
 
+echo "I:checking managed key maintenance has not started yet ($n)"
+ret=0
+[ -f "ns4/managed-keys.bind.jnl" ] && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 # Reconfigure caching server to use "dnssec-validation auto", and repeat
 # some of the DNSSEC validation tests to ensure that it works correctly.
 echo "I:switching to automatic root key configuration"
@@ -1262,6 +1269,13 @@ cp ns4/named2.conf ns4/named.conf
 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /'
 sleep 5
 
+echo "I:checking managed key maintenance timer has now started ($n)"
+ret=0
+[ -f "ns4/managed-keys.bind.jnl" ] || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:checking positive validation NSEC ($n)"
 ret=0
 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1

diff --git a/bin/tests/system/resolver/clean.sh b/bin/tests/system/resolver/clean.sh
index 862517e4786c23ade686de3e868ff8e3f80df6bb..5438105031602794a0c965bb8322936c34b2fccc 100644 (file)
--- a/bin/tests/system/resolver/clean.sh
+++ b/bin/tests/system/resolver/clean.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.8.248.2 2012/02/09 23:46:50 tbox Exp $
+# $Id: clean.sh,v 1.8.248.3 2012/02/22 00:35:53 each Exp $
 
 #
 # Clean up after resolver tests.
@@ -28,6 +28,6 @@ rm -f ns4/tld.db
 rm -f ns6/K*
 rm -f ns6/example.net.db.signed ns6/example.net.db
 rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl
-rm -r ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
+rm -f ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
 rm -f ns7/server.db ns7/server.db.jnl
 rm -f random.data

diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h
index 36b445c4526215645a98f96ceeaf775d905992c4..cd481d8c36c4516397577d9e7a7800dedffb03d8 100644 (file)
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.h,v 1.201 2012/01/25 23:46:49 tbox Exp $ */
+/* $Id: zone.h,v 1.201.2.1 2012/02/22 00:35:53 each Exp $ */
 
 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@@ -2037,6 +2037,14 @@ dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header);
  * Set the data to be included in the header when the zone is dumped in
  * binary format.
  */
+
+isc_result_t
+dns_zone_synckeyzone(dns_zone_t *zone);
+/*%
+ * Force the managed key zone to synchronize, and start the key
+ * maintenance timer.
+ */
+
 ISC_LANG_ENDDECLS
 
 #endif /* DNS_ZONE_H */

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index a1e2e5e6e459dac13a436ab09ad944c26f9e710c..327bc7588986aa783a290a040bbcb75bdd4d095b 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.667.2.2 2012/02/07 00:52:05 marka Exp $ */
+/* $Id: zone.c,v 1.667.2.3 2012/02/22 00:35:53 each Exp $ */
 
 /*! \file */
 
@@ -3559,6 +3559,26 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) {
        return (result);
 }
 
+isc_result_t
+dns_zone_synckeyzone(dns_zone_t *zone) {
+       isc_result_t result;
+       dns_db_t *db = NULL;
+
+       if (zone->type != dns_zone_key)
+               return (DNS_R_BADZONE);
+
+       CHECK(dns_zone_getdb(zone, &db));
+
+       LOCK_ZONE(zone);
+       result = sync_keyzone(zone, db);
+       UNLOCK_ZONE(zone);
+
+ failure:
+       if (db != NULL)
+               dns_db_detach(&db);
+       return (result);
+}
+
 static void
 maybe_send_secure(dns_zone_t *zone) {
        isc_result_t result;
@@ -8389,7 +8409,7 @@ zone_refreshkeys(dns_zone_t *zone) {
        if (!ISC_LIST_EMPTY(diff.tuples)) {
                CHECK(update_soa_serial(db, ver, &diff, zone->mctx,
                                        zone->updatemethod));
-               CHECK(zone_journal(zone, &diff, NULL, "sync_keyzone"));
+               CHECK(zone_journal(zone, &diff, NULL, "zone_refreshkeys"));
                commit = ISC_TRUE;
                DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
                zone_needdump(zone, 30);