[Opendnssec-develop] Signer does not update TTL on RRs unless there is change in RDATA

Jerry Lundström jerry at opendnssec.org
Fri Sep 30 14:33:22 UTC 2011


Patrik reported this problem today and its very easy to replicate in 1.3.2,
just change the $TTL and issue a resign of the zone. Since there is no RDATA
change the TTL does not get changed in the signed zone.

This is because util_dnssec_rrs_compare() uses ldns_rr_compare_wire() and
that only checks for changes in RDATA.

Before I commit this fix that I've tested, I wanted to check if this can
break anything else?

I can't see if this is a problem in trunk since it seems that most of the
rr/rrset code has been changed.


Index: branches/OpenDNSSEC-1.3/signer/src/signer/rrset.c
--- branches/OpenDNSSEC-1.3/signer/src/signer/rrset.c (revision 5654)
+++ branches/OpenDNSSEC-1.3/signer/src/signer/rrset.c (working copy)
@@ -474,6 +474,9 @@
             current = current->next;
         } else { /* equal RRs */
+        /* TTL is not compared in util_dnssec_rrs_compare() so we copy it
+        ldns_rr_set_ttl(current->rr, ldns_rr_ttl(pending->rr));
             /* remove pending RR */
             if (!prev) {
                 rrset->add = pending->next;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20110930/08a2a902/attachment.htm>

More information about the Opendnssec-develop mailing list