From 3ba1065625b2067da6058fa3e213fbb501b2b536 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Thu, 12 Oct 2017 12:26:37 +0200 Subject: [PATCH] ignore SOA-EDIT for PRESIGNED zones. Fixes #5814 --- docs/changelog/4.1.rst | 6 ++++++ pdns/dbdnsseckeeper.cc | 7 ++++++- regression-tests.nobackend/counters/expected_result | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/changelog/4.1.rst b/docs/changelog/4.1.rst index dfe53c3c8..9dd961cfc 100644 --- a/docs/changelog/4.1.rst +++ b/docs/changelog/4.1.rst @@ -4,6 +4,12 @@ Changelogs for 4.1.x .. changelog:: :version: 4.1.0-rc2 + .. change:: + :tags: DNSSEC, Bug Fixes + :pullreq: 5815 + + Ignore SOA-EDIT for PRESIGNED zones. + .. change:: :tags: Packages, New Features :pullreq: 5665 diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc index d02132c65..86e89f7e3 100644 --- a/pdns/dbdnsseckeeper.cc +++ b/pdns/dbdnsseckeeper.cc @@ -233,9 +233,14 @@ void DNSSECKeeper::getSoaEdit(const DNSName& zname, std::string& value) static const string soaEdit(::arg()["default-soa-edit"]); static const string soaEditSigned(::arg()["default-soa-edit-signed"]); + if (isPresigned(zname)) { + // SOA editing on a presigned zone never makes sense + return; + } + getFromMeta(zname, "SOA-EDIT", value); - if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty() && !isPresigned(zname)) { + if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty()) { if (!soaEditSigned.empty() && isSecuredZone(zname)) value=soaEditSigned; if (value.empty()) diff --git a/regression-tests.nobackend/counters/expected_result b/regression-tests.nobackend/counters/expected_result index 00a483345..67dbf79a3 100644 --- a/regression-tests.nobackend/counters/expected_result +++ b/regression-tests.nobackend/counters/expected_result @@ -10,7 +10,7 @@ dnsupdate-queries=0 dnsupdate-refused=0 incoming-notifications=0 key-cache-size=0 -meta-cache-size=1 +meta-cache-size=2 overload-drops=0 packetcache-size=4 qsize-q=0 -- 2.49.0