Skip to content

D
Dnsmasq
Commit 06093a9a authored by Kevin Darbyshire-Bryant's avatar Kevin Darbyshire-Bryant Committed by Simon Kelley
Browse files
Options

Fix problem with --dnssec-timestamp 

whereby receipt of SIGHUP would erroneously engage timestamp checking.
parent 1d07667a
Show whitespace changes
Inline Side-by-side
Showing with 12 additions and 5 deletions
CHANGELOG
View file @ 06093a9a
...@@ -17,6 +17,10 @@ version 2.77 ...@@ -17,6 +17,10 @@ version 2.77
Thanks to Ivan Kokshaysky for the diagnosis and Thanks to Ivan Kokshaysky for the diagnosis and
patch. patch.
Fix problem with --dnssec-timestamp whereby receipt
of SIGHUP would erroneously engage timestamp checking.
Thanks to Kevin Darbyshire-Bryant for this work.
version 2.76 version 2.76
Include 0.0.0.0/8 in DNS rebind checks. This range Include 0.0.0.0/8 in DNS rebind checks. This range
......
src/dnsmasq.c
View file @ 06093a9a
...@@ -750,7 +750,8 @@ int main (int argc, char **argv) ...@@ -750,7 +750,8 @@ int main (int argc, char **argv)
my_syslog(LOG_INFO, _("DNSSEC validation enabled")); my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
if (option_bool(OPT_DNSSEC_TIME)) daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload")); my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
if (rc == 1) if (rc == 1)
...@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now) ...@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
{ {
case EVENT_RELOAD: case EVENT_RELOAD:
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
{ {
my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps")); my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
reset_option_bool(OPT_DNSSEC_TIME); daemon->dnssec_no_time_check = 0;
} }
#endif #endif
/* fall through */ /* fall through */
......
src/dnsmasq.h
View file @ 06093a9a
...@@ -992,6 +992,7 @@ extern struct daemon { ...@@ -992,6 +992,7 @@ extern struct daemon {
#endif #endif
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
struct ds_config *ds; struct ds_config *ds;
int dnssec_no_time_check;
int back_to_the_future; int back_to_the_future;
char *timestamp_file; char *timestamp_file;
#endif #endif
......
src/dnssec.c
View file @ 06093a9a
...@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end) ...@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
if (utime(daemon->timestamp_file, NULL) != 0) if (utime(daemon->timestamp_file, NULL) != 0)
my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
daemon->back_to_the_future = 1; daemon->back_to_the_future = 1;
set_option_bool(OPT_DNSSEC_TIME); daemon->dnssec_no_time_check = 0;
queue_event(EVENT_RELOAD); /* purge cache */ queue_event(EVENT_RELOAD); /* purge cache */
} }
if (daemon->back_to_the_future == 0) if (daemon->back_to_the_future == 0)
return 1; return 1;
} }
else if (option_bool(OPT_DNSSEC_TIME)) else if (daemon->dnssec_no_time_check)
return 1; return 1;
/* We must explicitly check against wanted values, because of SERIAL_UNDEF */ /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment