Commit 38d0777c authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

nsec3: fix slave signing in weird rare case

parent c8005e6d
......@@ -660,7 +660,9 @@ static int fix_nsec3_nodes(zone_update_t *update, const dnssec_nsec3_params_t *p
while (!zone_tree_it_finished(&it) && ret == KNOT_EOK) {
zone_node_t *n = zone_tree_it_val(&it);
ret = fix_nsec3_for_node(update, params, ttl, opt_out, chgset, n->owner);
if (zone_tree_get(update->change.remove->nodes, n->owner) == NULL) {
ret = fix_nsec3_for_node(update, params, ttl, opt_out, chgset, n->owner);
}
zone_tree_it_next(&it);
}
zone_tree_it_free(&it);
......
$TTL 86400
$ORIGIN dk.
@ IN SOA b.nic tech.dk-hostmaster 1553007240 600 300 1814400 7200
A 193.163.102.58
AAAA 2a01:630:0:40::58
TXT "DK zone update" "Epoch 1553007240" "localtime Tue Mar 19 15:54:00 2019" "gmtime Tue Mar 19 14:54:00 2019"
NS a.nic
a.nic A 1.1.1.1
bamoni 86400 NS ns2.hyp.net.
bamoni 86400 NS ns1.hyp.net.
bamoni 7200 DS 8983 13 2 ee95ed9dc852c344bcabd7e5f0648b9dca6362d5322506bcf8adad4304c21377
bamontage 86400 NS ns4.unoeuro.com.
bamontage 86400 NS ns3.unoeuro.com.
bamontage 86400 NS ns1.unoeuro.com.
bamontage 86400 NS ns2.unoeuro.com.
nextlevelinlife 86400 NS ns3.netsite.eu.
nextlevelinlife 86400 NS ns2.netsite.se.
nextlevelinlife 86400 NS ns1.netsite
nextlevelinlife 7200 DS 33990 13 4 b23fd72ff9083b104798238eae467dab738b27220b0b6f13f65e033e7e8c064b6b6acf8f55a2baa56ec82e20e8109bbe
#!/usr/bin/env python3
from dnstest.test import Test
from dnstest.keys import Keymgr
t = Test()
master = t.server("knot")
slave = t.server("knot")
slave2 = t.server("knot")
zone = t.zone("dk.", storage=".")
t.link(zone, master, slave, ddns=True)
t.link(zone, slave, slave2)
slave.dnssec(zone).enable = True
slave.dnssec(zone).nsec3 = True
slave.dnssec(zone).nsec3_opt_out = True
slave.dnssec(zone).nsec3_iters = 17
slave.zonefile_sync = "-1"
for z in slave.zones:
slave.zones[z].journal_content = "all"
slave.gen_confile()
_, out, _ = Keymgr.run_check(slave.confile, "dk.", "nsec3-salt", "9729B7160513B7A5")
t.start()
slave.zone_wait(zone)
up = master.update(zone)
up.add("dk.", "86400", "SOA", "b.nic. tech.dk-hostmaster. 1666666666 600 300 1814400 7200")
up.delete("dk.", "TXT")
up.add("dk.", "86400", "TXT", "DK zone update" "Epoch 1553009041" "localtime Tue Mar 19 16:24:01 2019" "gmtime Tue Mar 19 15:24:01 2019"
)
up.delete("nextlevelinlife.dk.", "NS")
up.delete("nextlevelinlife.dk.", "DS")
up.delete("nextlevelinlife.dk.", "TXT")
up.add("nextlevelinlife.dk.", "86400", "NS", "ns1.unoeuro.com.")
up.add("nextlevelinlife.dk.", "86400", "NS", "ns4.unoeuro.com.")
up.add("nextlevelinlife.dk.", "86400", "NS", "ns3.unoeuro.com.")
up.add("nextlevelinlife.dk.", "86400", "NS", "ns2.unoeuro.com.")
up.send("NOERROR")
slave2.zone_wait(zone, serial=1666666665)
slave.ctl("-f zone-flush dk.")
slave2.ctl("-f zone-flush dk.")
t.sleep(2)
slave2.zone_verify(zone)
t.end()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment