[Opendnssec-user] Opendnssec signer Y2K bug?

Tom Hendrikx tom at whyscream.net
Fri Dec 23 17:19:53 UTC 2011

On 23-12-11 15:36, Yuri Schaeffer wrote:
>> I think this patch is correct. The confusion is that days represent
>> 'days since' rather than 'day of year'
> On second thought, I think the patch is not correct. Not only the day
> will be off but also the year. My daughter does not give me opportunity
> to think right now. But I suspect it is in the confusion I mentioned in
> my previous post. Instead I propose:
> +	++days;
> while (days < 0 || days >= (int64_t) (is_leap_year(year) ? 366 : 365)) {
>        new_year = year + (int) LDNS_DIV(days, 366);
>        if (year == new_year) {
>             year += days < 0 ? -1 : 1; 
> //yuri

First, thanks to all for helping out:)

I just did some tests with patched ldns sources and ods.

Mieks patch enables ods to generate a valid zone which passes the
auditor, and the resulting zone looks ok to my fairly untrained eye too:
offsets are fine.

With Yuris patch, ods creates different output, which also fails the
auditor but in a different way: both the inception and expiration fields
are a day later now, which means that inception is always one day in the
future => fail. This means that either the patch is wrong, or ods uses
the function in a wrong way due the confusion that Yuri mentioned, but
it never showed before.


More information about the Opendnssec-user mailing list