ignore SOA-EDIT for PRESIGNED zones. Fixes #5814

diff --git a/docs/changelog/4.1.rst b/docs/changelog/4.1.rst
index dfe53c3c8efe959b66cea15bade2d0b382e726a6..9dd961cfc76bc5b3e575e01260756bcf04e6655a 100644 (file)
--- a/docs/changelog/4.1.rst
+++ b/docs/changelog/4.1.rst
@@ -4,6 +4,12 @@ Changelogs for 4.1.x
 .. changelog::
   :version: 4.1.0-rc2
 
+  .. change::
+    :tags: DNSSEC, Bug Fixes
+    :pullreq: 5815
+
+    Ignore SOA-EDIT for PRESIGNED zones.
+
   .. change::
     :tags: Packages, New Features
     :pullreq: 5665

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index d02132c651338157e9f9658116d8682018e641b5..86e89f7e33a8ae63fca8129ecea74bfcd2c81b43 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -233,9 +233,14 @@ void DNSSECKeeper::getSoaEdit(const DNSName& zname, std::string& value)
   static const string soaEdit(::arg()["default-soa-edit"]);
   static const string soaEditSigned(::arg()["default-soa-edit-signed"]);
 
+  if (isPresigned(zname)) {
+    // SOA editing on a presigned zone never makes sense
+    return;
+  }
+
   getFromMeta(zname, "SOA-EDIT", value);
 
-  if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty() && !isPresigned(zname)) {
+  if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty()) {
     if (!soaEditSigned.empty() && isSecuredZone(zname))
       value=soaEditSigned;
     if (value.empty())

diff --git a/regression-tests.nobackend/counters/expected_result b/regression-tests.nobackend/counters/expected_result
index 00a483345102dbd851e3c280d3e2cacf49dfeeae..67dbf79a3803b8e1432958bb727d83f4a8476a08 100644 (file)
--- a/regression-tests.nobackend/counters/expected_result
+++ b/regression-tests.nobackend/counters/expected_result
@@ -10,7 +10,7 @@ dnsupdate-queries=0
 dnsupdate-refused=0
 incoming-notifications=0
 key-cache-size=0
-meta-cache-size=1
+meta-cache-size=2
 overload-drops=0
 packetcache-size=4
 qsize-q=0