Commit b038c2a9 authored by Daniel Salzman's avatar Daniel Salzman

load: ignore DNSSEC records in the remove section of journal changesets

This can happen if 'zonefile-load: difference' and 'dnssec-signing: on` are
configured and the server tries to apply such a changeset on unsigned zone file.

Compatibility with journal versions < 2.9.

fixes #659
parent 9bbb54a4
......@@ -358,6 +358,9 @@ int node_remove_rrset(zone_node_t *node, const knot_rrset_t *rrset, knot_mm_t *m
}
knot_rdataset_t *node_rrs = node_rdataset(node, rrset->type);
if (node_rrs == NULL) {
return KNOT_ENOENT;
}
node->flags &= ~NODE_FLAGS_RRSIGS_VALID;
......
......@@ -64,8 +64,17 @@ static int apply_one_cb(bool remove, const knot_rrset_t *rr, void *ctx)
{
zone_node_t *unused = NULL;
zone_contents_t *contents = ctx;
return remove ? zone_contents_remove_rr(contents, rr, &unused)
: zone_contents_add_rr(contents, rr, &unused);
int ret = remove ? zone_contents_remove_rr(contents, rr, &unused)
: zone_contents_add_rr(contents, rr, &unused);
if (ret == KNOT_ENOENT && remove && knot_rrtype_is_dnssec(rr->type)) {
// Compatibility with imperfect journal contents (versions < 2.9) if
// 'zonefile-load: difference' and 'dnssec-signing: on`.
// Journal history can contain a changeset with removed DNSSEC records
// which are not present in the zonefile.
return KNOT_EOK;
} else {
return ret;
}
}
int zone_load_journal(conf_t *conf, zone_t *zone, zone_contents_t *contents)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment