ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Don't delete the NSEC3PARAM immediately

Browse Source 
Wait until the new NSEC or NSEC3 chain is generated then it should
be deleted.

(cherry picked from commit f3ae88d84e)
This commit is contained in:
Mark Andrews
2023-12-15 16:07:46 +11:00
parent 52770b05d3
commit d78df5f96d
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/dns/nsec3.c
View File

@@ -1138,12 +1138,6 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
dns_rdata_t private = DNS_RDATA_INIT;
dns_rdataset_current(&rdataset, &rdata);
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, origin,
rdataset.ttl, &rdata, &tuple));
CHECK(do_one_tuple(&tuple, db, ver, diff));
INSIST(tuple == NULL);
dns_nsec3param_toprivate(&rdata, &private, privatetype, buf,
sizeof(buf));
buf[2] = DNS_NSEC3FLAG_REMOVE;