+3277. [bug] Make sure automatic key maintenance is started
+ when "auto-dnssec maintain" is turned on during
+ "rndc reconfig". [RT #26805]
+
3276. [bug] win32: ns_os_openfile failed to return NULL on
safe_open failure. [RT #27696]
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.556.8.47 2011/12/22 08:28:18 marka Exp $ */
+/* $Id: server.c,v 1.556.8.48 2012/02/06 21:27:17 each Exp $ */
/*! \file */
*/
CHECK(dns_view_addzone(view, zone));
+ /*
+ * Ensure that zone keys are reloaded on reconfig
+ */
+ if ((dns_zone_getkeyopts(zone) & DNS_ZONEKEY_MAINTAIN) != 0)
+ dns_zone_rekey(zone, ISC_FALSE);
+
cleanup:
if (zone != NULL)
dns_zone_detach(&zone);
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: clean.sh,v 1.3.6.7 2011/07/08 01:46:41 each Exp $
+# $Id: clean.sh,v 1.3.6.8 2012/02/06 21:27:17 each Exp $
rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
rm -f active.key inact.key del.key unpub.key standby.key rev.key
rm -f ns3/prepub.example.db
rm -f ns3/prepub.example.db.in
rm -f ns3/secure-to-insecure2.example.db
+rm -f ns3/*.nzf
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: keygen.sh,v 1.3.6.8 2011/07/08 01:46:41 each Exp $
+# $Id: keygen.sh,v 1.3.6.9 2012/02/06 21:27:17 each Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > /dev/null 2>&1
echo $zsk > ../inactivezsk.key
$SETTIME -I now $zsk > /dev/null
+
+#
+# A zone that is set to 'auto-dnssec maintain' during a recofnig
+#
+zone=reconf.example
+zonefile="${zone}.db"
+cp secure.example.db.in $zonefile
+$KEYGEN -q -3 -r $RANDFILE -fk $zone > /dev/null
+$KEYGEN -q -3 -r $RANDFILE $zone > /dev/null
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named.conf,v 1.3.6.7 2011/07/08 01:46:41 each Exp $ */
+/* $Id: named.conf,v 1.3.6.8 2012/02/06 21:27:17 each Exp $ */
// NS3
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port 5300;
+ session-keyfile "session.key";
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
notify yes;
dnssec-enable yes;
dnssec-validation yes;
+ allow-new-zones yes;
};
key rndc_key {
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.4.6.33 2012/02/02 23:46:09 tbox Exp $
+# $Id: tests.sh,v 1.4.6.34 2012/02/06 21:27:17 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+echo "I:test turning on auto-dnssec during reconfig ($n)"
+ret=0
+# first create a zone that doesn't have auto-dnssec
+rm -f ns3/*.nzf
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone reconf.example '{ type master; file "reconf.example.db"; };' 2>&1 | sed 's/^/I:ns3 /'
+rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l`
+[ "$rekey_calls" = 0 ] || ret=1
+# ...then we add auto-dnssec and reconfigure
+nzf=`ls ns3/*.nzf`
+echo 'zone reconf.example { type master; file "reconf.example.db"; allow-update { any; }; auto-dnssec maintain; };' > $nzf
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /'
+for i in 0 1 2 3 4 5 6 7 8 9; do
+ lret=0
+ rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l`
+ [ "$rekey_calls" -gt 0 ] || lret=1
+ if [ "$lret" = 0 ]; then break; fi
+ sleep 1
+done
+n=`expr $n + 1`
+if [ "$lret" != 0 ]; then ret=$lret; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
exit $status
projects / thirdparty / bind9.git / commitdiff
