From: Matthijs Mekking Date: Tue, 6 Apr 2021 09:31:35 +0000 (+0200) Subject: Fix a kasp lock issue X-Git-Tag: v9.17.13~14^2~8 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=cf17698f877e460cf24a49ce5cbe150ace094fc3;p=thirdparty%2Fbind9.git Fix a kasp lock issue The kasp lock would stay locked if 'dns_keymgr_run' failed. --- diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 7ccacf6e807..2f685f4bf6d 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -19971,22 +19971,20 @@ zone_rekey(dns_zone_t *zone) { isc_result_totext(result)); } - if (kasp != NULL && - (result == ISC_R_SUCCESS || result == ISC_R_NOTFOUND)) { - result = dns_keymgr_run(&zone->origin, zone->rdclass, dir, mctx, - &keys, kasp, now, &nexttime); - if (result != ISC_R_SUCCESS) { - if (kasp != NULL) { + if (kasp != NULL) { + if (result == ISC_R_SUCCESS || result == ISC_R_NOTFOUND) { + result = dns_keymgr_run(&zone->origin, zone->rdclass, + dir, mctx, &keys, kasp, now, + &nexttime); + if (result != ISC_R_SUCCESS) { + dnssec_log(zone, ISC_LOG_ERROR, + "zone_rekey:dns_dnssec_keymgr " + "failed: %s", + isc_result_totext(result)); UNLOCK(&kasp->lock); + goto failure; } - dnssec_log(zone, ISC_LOG_ERROR, - "zone_rekey:dns_dnssec_keymgr failed: %s", - isc_result_totext(result)); - goto failure; } - } - - if (kasp != NULL) { UNLOCK(&kasp->lock); } @@ -20343,6 +20341,10 @@ failure: * Something went wrong; try again in ten minutes or * after a key refresh interval, whichever is shorter. */ + dnssec_log(zone, ISC_LOG_DEBUG(3), + "zone_rekey failure: %s (retry in %u seconds)", + isc_result_totext(result), + ISC_MIN(zone->refreshkeyinterval, 600)); isc_interval_set(&ival, ISC_MIN(zone->refreshkeyinterval, 600), 0); isc_time_nowplusinterval(&zone->refreshkeytime, &ival);