Commit 13ce70eb authored by Mark Karpilovskij's avatar Mark Karpilovskij

dnssec: disable strict changeset application when fixing NSEC chains

parent f547add1
......@@ -451,7 +451,14 @@ int knot_zone_fix_nsec_chain(zone_update_t *update,
}
if (ret == KNOT_EOK) {
// Disable strict changeset application momentarily for the NSEC chain fix.
// This is important for NSEC3, since some nodes are removed from contents
// when fixing individual NSEC3 nodes and then the NSEC3 records from these nodes
// are removed again when the chain is fixed, resulting in double removal,
// forbidden in the strict changeset application.
update->a_ctx->flags &= ~APPLY_STRICT;
ret = zone_update_apply_changeset(update, &ch);
update->a_ctx->flags |= APPLY_STRICT;
}
cleanup:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment