From: Mark Andrews <marka@isc.org>
Date: Fri, 15 Dec 2023 05:07:46 +0000 (+1100)
Subject: Don't delete the NSEC3PARAM immediately
X-Git-Tag: v9.18.24~20^2~4
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=d78df5f96d973ac7704261b928a0e545cf4544d5;p=thirdparty%2Fbind9.git

Don't delete the NSEC3PARAM immediately

Wait until the new NSEC or NSEC3 chain is generated then it should
be deleted.

(cherry picked from commit f3ae88d84ec839d93fbc7f1dbc7ac8b80d349872)
---

diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 2563c3e98c2..5785cc1b504 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1138,12 +1138,6 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
 		dns_rdata_t private = DNS_RDATA_INIT;
 
 		dns_rdataset_current(&rdataset, &rdata);
-
-		CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, origin,
-					   rdataset.ttl, &rdata, &tuple));
-		CHECK(do_one_tuple(&tuple, db, ver, diff));
-		INSIST(tuple == NULL);
-
 		dns_nsec3param_toprivate(&rdata, &private, privatetype, buf,
 					 sizeof(buf));
 		buf[2] = DNS_NSEC3FLAG_REMOVE;