Commit 09852cfd authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

dnssec: don't sign whole zone when empty update

parent 6c3d03d3
......@@ -1151,8 +1151,7 @@ int knot_zone_sign_update(zone_update_t *update,
/* Check if the UPDATE changed DNSKEYs or NSEC3PARAM.
* If so, we have to sign the whole zone. */
const bool full_sign = changeset_empty(&update->change) ||
apex_dnssec_changed(update);
const bool full_sign = apex_dnssec_changed(update);
if (full_sign) {
ret = knot_zone_sign(update, zone_keys, dnssec_ctx, expire_at);
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment