ignore SOA-EDIT for PRESIGNED zones. Fixes PowerDNS#5814

(cherry picked from commit 3ba1065)
pieterlexis · Nov 7, 2017 · ed7d953 · ed7d953
1 parent 0f9270d
commit ed7d953
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
@@ -229,9 +229,14 @@ void DNSSECKeeper::getSoaEdit(const DNSName& zname, std::string& value)
   static const string soaEdit(::arg()["default-soa-edit"]);
   static const string soaEditSigned(::arg()["default-soa-edit-signed"]);
 
+  if (isPresigned(zname)) {
+    // SOA editing on a presigned zone never makes sense
+    return;
+  }
+
   getFromMeta(zname, "SOA-EDIT", value);
 
-  if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty() && !isPresigned(zname)) {
+  if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty()) {
     if (!soaEditSigned.empty() && isSecuredZone(zname))
       value=soaEditSigned;
     if (value.empty())

diff --git a/regression-tests.nobackend/counters/expected_result b/regression-tests.nobackend/counters/expected_result
@@ -8,7 +8,7 @@ dnsupdate-queries=0
 dnsupdate-refused=0
 incoming-notifications=0
 key-cache-size=0
-meta-cache-size=1
+meta-cache-size=2
 overload-drops=0
 packetcache-size=8
 qsize-q=0