Don't delete the NSEC3PARAM immediately

Wait until the new NSEC or NSEC3 chain is generated then it should
be deleted.

(cherry picked from commit f3ae88d84ec839d93fbc7f1dbc7ac8b80d349872)

diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 2563c3e98c2e312165c7f55678b1c33bdbecf087..5785cc1b504ef870b1dd0adc41ce0d462ccb57a5 100644 (file)
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1138,12 +1138,6 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
                dns_rdata_t private = DNS_RDATA_INIT;
 
                dns_rdataset_current(&rdataset, &rdata);
-
-               CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, origin,
-                                          rdataset.ttl, &rdata, &tuple));
-               CHECK(do_one_tuple(&tuple, db, ver, diff));
-               INSIST(tuple == NULL);
-
                dns_nsec3param_toprivate(&rdata, &private, privatetype, buf,
                                         sizeof(buf));
                buf[2] = DNS_NSEC3FLAG_REMOVE;