Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rec: Backport 11890 to rec-4.7.x: Failure to retrieve DNSKEYs of an Insecure zone should not be fatal. #11940

Merged
merged 1 commit into from Sep 12, 2022
Merged

rec: Backport 11890 to rec-4.7.x: Failure to retrieve DNSKEYs of an Insecure zone should not be fatal. #11940

merged 1 commit into from Sep 12, 2022

Conversation

omoerbeek
Copy link
Member

@omoerbeek omoerbeek commented Sep 12, 2022
edited

This issue happens if a record set is signed even though the zone itself is Insecure. Syncres then tries to retrieve DNSKEYs and a timeout on that would lead to an ImmediateServFailException.

Only throw exception later in validateRecordsWithSigs, after checking zone cuts, when we are sure the zone is Secure.

(cherry picked from commit 6dc8b0b)

Backport of #11890

Short description

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
  • checked that this code was merged to master

@omoerbeek
Failure to retrieve DNSKEYs of an Insecure zone should not be fatal.
ee75c75 
This issue happens if a record set is signed even though the zone
itself is Insecure. Syncres then tries to retrieve DNSKEYs and a
timeout on that would lead to an ImmediateServFailException.

Only throw exception later in validateRecordsWithSigs, after checking
zone cuts, when we are sure the zone is Secure.

(cherry picked from commit 6dc8b0b)
@omoerbeek omoerbeek added this to the rec-4.7.x milestone Sep 12, 2022
@omoerbeek omoerbeek merged commit 793bae0 into PowerDNS:rel/rec-4.7.x Sep 12, 2022
@omoerbeek omoerbeek deleted the backport-11890-to-rec-4.7.x branch September 12, 2022 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rgacogne rgacogne rgacogne approved these changes

Assignees
No one assigned
Labels
defect rec
Projects
None yet
Milestone
rec-4.7.x
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@omoerbeek @rgacogne