From 6e82a2323edefcb8eca0a7e0d6377e63d6d57c4b Mon Sep 17 00:00:00 2001
From: Aki Tuomi <cmouse@desteem.org>
Date: Tue, 14 Oct 2014 09:42:33 +0300
Subject: [PATCH] Fix ordername for SOA record after update

---
 pdns/pdnssec.cc | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index 17b3f934f..24342e2c2 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -616,6 +616,28 @@ int increaseSerial(const string& zone, DNSSECKeeper &dk)
    cerr<<"Backend did not replace SOA record. Backend might not support this operation."<<endl;
    return -1;
   }
+
+  if (sd.db->doesDNSSEC()) {
+    NSEC3PARAMRecordContent ns3pr;
+    bool narrow;
+    bool haveNSEC3=dk.getNSEC3PARAM(zone, &ns3pr, &narrow);
+  
+    if(haveNSEC3)
+    {
+      if(!narrow) {
+        string hashed=toBase32Hex(hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rrs[0].qname));
+        if(g_verbose)
+          cerr<<"'"<<rrs[0].qname<<"' -> '"<< hashed <<"'"<<endl;
+        sd.db->updateDNSSECOrderAndAuthAbsolute(sd.domain_id, rrs[0].qname, hashed, 1);
+      }
+      else {
+        sd.db->nullifyDNSSECOrderNameAndUpdateAuth(sd.domain_id, rrs[0].qname, 1);
+      }
+    } else {
+      sd.db->updateDNSSECOrderAndAuth(sd.domain_id, zone, rrs[0].qname, 1);
+    }
+  }
+
   cout<<"SOA serial for zone "<<zone<<" set to "<<sd.serial<<endl;
   return 0;
 }
-- 
2.40.0