+3890. [bug] RRSIG sets that were not loaded in a single transaction
+ at start up where not being correctly added to
+ re-signing heaps. [RT #36302]
+
3889. [port] hurd: configure fixes as per:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746540
rm -f canonical?.*
rm -f ns3/siginterval.conf
rm -f ns4/named_dump.db
+rm -f ns7/split-rrsig.db ns7/split-rrsig.db.unsplit
(cd ../ns2 && $SHELL sign.sh )
(cd ../ns6 && $SHELL sign.sh )
+(cd ../ns7 && $SHELL sign.sh )
cp ../ns2/dsset-example. .
cp ../ns2/dsset-dlv. .
file "nosoa.secure.example.db";
};
+zone "split-rrsig" {
+ type master;
+ file "split-rrsig.db.signed";
+ allow-update { any; };
+};
+
include "trusted.conf";
--- /dev/null
+#!/bin/sh -e
+#
+# Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.43 2011/11/04 05:36:28 each Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+zone=split-rrsig
+infile=split-rrsig.in
+zonefile=split-rrsig.db
+
+k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
+k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
+
+cat $infile $k1.key $k2.key >$zonefile
+
+$SIGNER -P -3 - -A -r $RANDFILE -o $zone -O full -f $zonefile.unsplit -e now-3600 -s now-7200 $zonefile > /dev/null 2>&1
+awk 'BEGIN { r = ""; }
+ $4 == "RRSIG" && $5 == "SOA" && r == "" { r = $0; next; }
+ { print }
+ END { print r }' $zonefile.unsplit > $zonefile.signed
--- /dev/null
+split-rrsig. 3660 IN SOA . . (
+ 1 ; serial
+ 3600 ; refresh (1 hour)
+ 3600 ; retry (1 hour)
+ 3600 ; expire (1 hour)
+ 3600 ; minimum (1 hour)
+ )
+ 3660 NS ns.example.
+a.split-rrsig. 3660 IN A 192.0.2.2
+b.split-rrsig. 3660 IN A 192.0.2.2
cd ../ns3 && cp -f siginterval1.conf siginterval.conf
cd ../ns4 && cp -f named1.conf named.conf
cd ../ns5 && cp -f trusted.conf.bad trusted.conf
-
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+echo "I:check that split rrsigs are handled ($n)"
+ret=0
+$DIG $DIGOPTS split-rrsig soa @10.53.0.7 > dig.out.test$n || ret=1
+awk 'BEGIN { ok=0; } $4 == "SOA" { if ($7 > 1) ok=1; } END { if (!ok) exit(1); }' dig.out.test$n || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
exit $status
*/
newheader->down = NULL;
free_rdataset(rbtdb, rbtdb->common.mctx, header);
+
+ idx = newheader->node->locknum;
+ if (IS_CACHE(rbtdb)) {
+ ISC_LIST_PREPEND(rbtdb->rdatasets[idx],
+ newheader, link);
+ INSIST(rbtdb->heaps != NULL);
+ (void)isc_heap_insert(rbtdb->heaps[idx],
+ newheader);
+ } else if (RESIGN(newheader)) {
+ result = resign_insert(rbtdb, idx, newheader);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
} else {
newheader->down = topheader;
topheader->next = newheader;
projects / thirdparty / bind9.git / commitdiff
