[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r4093 - trunk/OpenDNSSEC/signer/src/signer

Matthijs Mekking matthijs at nlnetlabs.nl
Wed Oct 13 11:58:58 CEST 2010


Author: matthijs
Date: 2010-10-13 11:58:58 +0200 (Wed, 13 Oct 2010)
New Revision: 4093

Modified:
   trunk/OpenDNSSEC/signer/src/signer/domain.c
Log:
drop signatures if signing increased the serial



Modified: trunk/OpenDNSSEC/signer/src/signer/domain.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/domain.c	2010-10-13 09:58:32 UTC (rev 4092)
+++ trunk/OpenDNSSEC/signer/src/signer/domain.c	2010-10-13 09:58:58 UTC (rev 4093)
@@ -867,6 +867,9 @@
                 ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, serial),
                 SE_SOA_RDATA_SERIAL);
             if (soa_serial) {
+                if (ldns_rdf2native_int32(soa_serial) != serial) {
+                    rrset->drop_signatures = 1;
+                }
                 ldns_rdf_deep_free(soa_serial);
              } else {
                 se_log_error("unable to sign domain: failed to replace "




More information about the Opendnssec-commits mailing list