Call set_resigntime() in receive_secure_serial()

With RRSIG records no longer being signed with the full
sig-validity-interval we need to ensure the zone->resigntime
as it may need to be set to a earlier time.

(cherry picked from commit 5d1611afdc61ea8f19ceecc3e88cdb2296ec3914)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3ef2394a5a5ec4dd63b47402fdc0f223fc3e5b18..893bf475ca73806a1a145ad83892493d921b7dd9 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -14571,6 +14571,11 @@ receive_secure_serial(isc_task_t *task, isc_event_t *event) {
        zone->sourceserialset = true;
        zone_needdump(zone, DNS_DUMP_DELAY);
 
+       /*
+        * Set resign time to make sure it is set to the earliest
+        * signature expiration.
+        */
+       set_resigntime(zone);
        TIME_NOW(&timenow);
        zone_settimer(zone, &timenow);
        UNLOCK_ZONE(zone);