Commit 56b1669d authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

dnssec: allow zsk-lifetime=0 (infinity)

parent ac2130de
......@@ -655,6 +655,8 @@ A period between ZSK publication and the next rollover initiation.
.INDENT 0.0
.INDENT 3.5
ZSK key lifetime is also infuenced by propagation\-delay and dnskey\-ttl
.sp
Zero (aka infinity) value causes no ZSK rollover as a result.
.UNINDENT
.UNINDENT
.SS ksk\-lifetime
......
......@@ -746,6 +746,8 @@ A period between ZSK publication and the next rollover initiation.
.. NOTE::
ZSK key lifetime is also infuenced by propagation-delay and dnskey-ttl
Zero (aka infinity) value causes no ZSK rollover as a result.
.. _policy_ksk-lifetime:
ksk-lifetime
......
......@@ -251,7 +251,7 @@ static const yp_item_t desc_policy[] = {
CONF_IO_FRLD_ZONES },
{ C_DNSKEY_TTL, YP_TINT, YP_VINT = { 0, UINT32_MAX, 0, YP_STIME },
CONF_IO_FRLD_ZONES },
{ C_ZSK_LIFETIME, YP_TINT, YP_VINT = { 1, UINT32_MAX, DAYS(30), YP_STIME },
{ C_ZSK_LIFETIME, YP_TINT, YP_VINT = { 0, UINT32_MAX, DAYS(30), YP_STIME },
CONF_IO_FRLD_ZONES },
{ C_KSK_LIFETIME, YP_TINT, YP_VINT = { 0, UINT32_MAX, 0, YP_STIME },
CONF_IO_FRLD_ZONES },
......
......@@ -359,7 +359,7 @@ int check_policy(
int64_t ksk_life_val = conf_int(&ksk_life);
int64_t dnskey_ttl_val = conf_int(&dnskey_ttl);
if (zsk_life_val < 2 * prop_del_val + dnskey_ttl_val) {
if (zsk_life_val != 0 && zsk_life_val < 2 * prop_del_val + dnskey_ttl_val) {
args->err_str = "ZSK lifetime too low according to propagation delay and DNSKEY TTL";
return KNOT_EINVAL;
}
......
......@@ -258,7 +258,7 @@ static const char *roll_action_name(roll_action_type_t type)
static knot_time_t zsk_rollover_time(knot_time_t active_time, const kdnssec_ctx_t *ctx)
{
if (active_time <= 0) {
if (active_time <= 0 || ctx->policy->zsk_lifetime == 0) {
return 0;
}
return knot_time_add(active_time, ctx->policy->zsk_lifetime);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment