if (recordsToDelete.size()) {
- // If we remove an NS which is not at apex of the zone, we need to make everthing below it auth=true as those now are not delegated anymore.
+ // We're removing a delegate, so we need to reset ordername/auth for some records.
if (rrType == QType::NS && rrLabel != di->zone) {
vector<string> belowOldDelegate, nsRecs, updateAuthFlag;
di->backend->listSubZone(rrLabel, di->id);
string hashed;
if(! *narrow)
hashed=toLower(toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, *i)));
- di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, *i, hashed, false);
+ di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, *i, hashed, true);
}
}
}
-For DNSSEC, PowerDNS uses the Auth and Ordername fields in the database. This tests adds an (delegate) NS and A record
-to the test.dyndns zone, it also deletes these records. The test is rather big because it should cover
-all the scenario's. This thus validates the correction of these records, known as rectify-zone and cache.
+This tests adds a delegate between two records. The test validates that re have our ordernames correct when we insert a delegate between two others.
+It also validates that our cache is correctly purged (when we are selective about it).
\ No newline at end of file
projects / pdns / commitdiff