Skip to content

Commit b60b03e

Browse files
author
Till Brehm
committed
Merge branch 'fix-dnssec-slave' into 'master'
 Resign should also take place if ISPC Master is not the Nameserver. We do only trigger a rewrite of the zonefile by touching server log so no need to chank against existance of a file. Thanks to Tom Albers who pointed me to this issue by providing an excellent bug report! Also removed some garbage Probably this should even go into next 3.1 patch as it really can break DNSSEC when the nameserver is on a slave. Not talking about slave zones or replication but talking about a nameserver not running on ISPC Masterserver Weird nobody noticed this yet... Thanks and Credits to @tom who noticed this This fix has been successfully tested on a singleserver as well as toms Server where the issue occured. See merge request !603
2 parents 60930a6 + e0c5cce commit b60b03e

File tree

1 file changed

+1
-6
lines changed

1 file changed

+1
-6
lines changed

server/lib/classes/cron.d/550-bind_dnssec.inc.php

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -82,18 +82,13 @@ public function onRunJob() {
8282

8383
//* Load libraries
8484
$app->uses("getconf,tpl");
85-
86-
//* load the server configuration options
87-
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns');
8885

8986
//TODO : change this when distribution information has been integrated into server record
9087
$filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.';
91-
$soas = $app->db->queryAllRecords("SELECT id,serial,origin FROM dns_soa WHERE server_id = ? AND active= 'Y' AND dnssec_wanted = 'Y' AND dnssec_initialized = 'Y' AND (dnssec_last_signed < ? OR dnssec_last_signed > ?)", $conf['server_id'], time()-(3600*24*5)+900, time()+900); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)
88+
$soas = $app->db->queryAllRecords("SELECT id,serial,origin FROM dns_soa WHERE active= 'Y' AND dnssec_wanted = 'Y' AND dnssec_initialized = 'Y' AND (dnssec_last_signed < ? OR dnssec_last_signed > ?)", time()-(3600*24*5)+900, time()+900); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)
9289

9390
foreach ($soas as $data) {
9491
$domain = substr($data['origin'], 0, strlen($data['origin'])-1);
95-
if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) continue;
96-
9792
$app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_DEBUG);
9893
$app->db->datalogUpdate('dns_soa', array("serial" => $this->increase_serial($data['serial'])), 'id', $data['id']);
9994
}

0 commit comments

Comments
 (0)