From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Thu, 12 Oct 2017 10:26:37 +0000 (+0200)
Subject: ignore SOA-EDIT for PRESIGNED zones. Fixes #5814
X-Git-Tag: auth-4.0.5~1^2~11^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ed7d9536ab43662b8cb3c1fa724f4b4e66a26d82;p=pdns

ignore SOA-EDIT for PRESIGNED zones. Fixes #5814

(cherry picked from commit 3ba1065625b2067da6058fa3e213fbb501b2b536)
---

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index b8662b8e9..9b9075817 100644
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -229,9 +229,14 @@ void DNSSECKeeper::getSoaEdit(const DNSName& zname, std::string& value)
   static const string soaEdit(::arg()["default-soa-edit"]);
   static const string soaEditSigned(::arg()["default-soa-edit-signed"]);
 
+  if (isPresigned(zname)) {
+    // SOA editing on a presigned zone never makes sense
+    return;
+  }
+
   getFromMeta(zname, "SOA-EDIT", value);
 
-  if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty() && !isPresigned(zname)) {
+  if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty()) {
     if (!soaEditSigned.empty() && isSecuredZone(zname))
       value=soaEditSigned;
     if (value.empty())
diff --git a/regression-tests.nobackend/counters/expected_result b/regression-tests.nobackend/counters/expected_result
index c68b39f9b..db87c4cea 100644
--- a/regression-tests.nobackend/counters/expected_result
+++ b/regression-tests.nobackend/counters/expected_result
@@ -8,7 +8,7 @@ dnsupdate-queries=0
 dnsupdate-refused=0
 incoming-notifications=0
 key-cache-size=0
-meta-cache-size=1
+meta-cache-size=2
 overload-drops=0
 packetcache-size=8
 qsize-q=0