From: Matthijs Mekking <matthijs@isc.org>
Date: Fri, 3 May 2024 12:04:58 +0000 (+0200)
Subject: Retrieve DNSKEY TTL from policy
X-Git-Tag: v9.20.0~56^2
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=03e8747aaa8dedf4e2e21cbd76f0756e6ec5e04e;p=thirdparty%2Fbind9.git

Retrieve DNSKEY TTL from policy

The desired DNSKEY TTL is configured in the policy so set it to that
value on new RRsets. Note that the same TTL is used for CDS and CDNSKEY.
---

diff --git a/bin/dnssec/dnssec-ksr.c b/bin/dnssec/dnssec-ksr.c
index bcbcf5857ae..493c483d6ef 100644
--- a/bin/dnssec/dnssec-ksr.c
+++ b/bin/dnssec/dnssec-ksr.c
@@ -87,7 +87,6 @@ static int min_dh = 128;
 #define KSR_LINESIZE   1500 /* should be long enough for any DNSKEY record */
 #define DATETIME_INDEX 25
 
-#define TTL_MAX INT32_MAX
 #define MAXWIRE (64 * 1024)
 
 #define STR(t) ((t).value.as_textregion.base)
@@ -1102,7 +1101,7 @@ sign(ksr_ctx_t *ksr) {
 			dns_rdatalist_init(rdatalist);
 			rdatalist->rdclass = dns_rdataclass_in;
 			rdatalist->type = dns_rdatatype_dnskey;
-			rdatalist->ttl = TTL_MAX;
+			rdatalist->ttl = ksr->ttl;
 			for (isc_result_t r = dns_rdatalist_first(&ksk);
 			     r == ISC_R_SUCCESS; r = dns_rdatalist_next(&ksk))
 			{
@@ -1129,7 +1128,7 @@ sign(ksr_ctx_t *ksr) {
 			} while (token.type != isc_tokentype_eol);
 		} else {
 			/* Parse DNSKEY */
-			dns_ttl_t ttl = TTL_MAX;
+			dns_ttl_t ttl = ksr->ttl;
 			isc_buffer_t buf;
 			isc_buffer_t *newbuf = NULL;
 			dns_rdata_t *rdata = NULL;