Commit 382273c4 authored by Daniel Salzman's avatar Daniel Salzman

ctl: fix zone commit with signing enabled on initial zone contents

relates #641
parent 3127127c
......@@ -469,7 +469,12 @@ static int zone_txn_commit(zone_t *zone, ctl_args_t *args)
bool dnssec_enable = (zone->control_update->flags & UPDATE_SIGN) && conf_bool(&val);
if (dnssec_enable) {
zone_sign_reschedule_t resch = { 0 };
int ret = knot_dnssec_sign_update(zone->control_update, &resch);
bool full = (zone->control_update->flags & UPDATE_FULL);
zone_sign_roll_flags_t rflags = KEY_ROLL_ALLOW_KSK_ROLL |
KEY_ROLL_ALLOW_ZSK_ROLL |
KEY_ROLL_DO_NSEC3RESALT;
int ret = (full ? knot_dnssec_zone_sign(zone->control_update, 0, rflags, &resch) :
knot_dnssec_sign_update(zone->control_update, &resch));
if (ret != KNOT_EOK) {
zone_txn_update_clear(zone);
return ret;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment