diff --git a/Knot.files b/Knot.files
index 059311ff93edfc260d6ef4a7b8f7614b5dc35350..fc87d0da5fb02f93d1ca122cfd368e0849c6e23b 100644
--- a/Knot.files
+++ b/Knot.files
@@ -190,7 +190,6 @@ src/knot/events/handlers/flush.c
src/knot/events/handlers/freeze_thaw.c
src/knot/events/handlers/load.c
src/knot/events/handlers/notify.c
-src/knot/events/handlers/nsec3resalt.c
src/knot/events/handlers/refresh.c
src/knot/events/handlers/update.c
src/knot/events/replan.c
diff --git a/src/knot/Makefile.inc b/src/knot/Makefile.inc
index 7d611db8bcc55dca2dc5f0633b4c81505c25ea45..cd2945f9d820a7ac0a1349693f279644dcf9105b 100644
--- a/src/knot/Makefile.inc
+++ b/src/knot/Makefile.inc
@@ -85,7 +85,6 @@ libknotd_la_SOURCES = \
knot/events/handlers/freeze_thaw.c \
knot/events/handlers/load.c \
knot/events/handlers/notify.c \
- knot/events/handlers/nsec3resalt.c \
knot/events/handlers/refresh.c \
knot/events/handlers/update.c \
knot/events/replan.c \
diff --git a/src/knot/events/events.c b/src/knot/events/events.c
index 41c297626e3cc1e706e88683108a35d8b8c94808..c8947bbcae2ea360ac429db64aa8008b523a4a7c 100644
--- a/src/knot/events/events.c
+++ b/src/knot/events/events.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -48,7 +48,6 @@ static const event_info_t EVENT_INFO[] = {
{ ZONE_EVENT_DNSSEC, event_dnssec, "DNSSEC re-sign" },
{ ZONE_EVENT_UFREEZE, event_ufreeze, "update freeze" },
{ ZONE_EVENT_UTHAW, event_uthaw, "update thaw" },
- { ZONE_EVENT_NSEC3RESALT, event_nsec3resalt, "NSEC3 resalt" },
{ ZONE_EVENT_DS_CHECK, event_ds_check, "DS check" },
{ ZONE_EVENT_DS_PUSH, event_ds_push, "DS push" },
{ 0 }
@@ -80,7 +79,6 @@ bool ufreeze_applies(zone_event_type_t type)
case ZONE_EVENT_UPDATE:
case ZONE_EVENT_FLUSH:
case ZONE_EVENT_DNSSEC:
- case ZONE_EVENT_NSEC3RESALT:
case ZONE_EVENT_DS_CHECK:
return true;
default:
diff --git a/src/knot/events/events.h b/src/knot/events/events.h
index b542233fb39476a5dd154115521f324f2eaf5fdd..8ede5fbb7bea2b02c5c03ec0f51ce37538948f9e 100644
--- a/src/knot/events/events.h
+++ b/src/knot/events/events.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -40,7 +40,6 @@ typedef enum zone_event_type {
ZONE_EVENT_DNSSEC,
ZONE_EVENT_UFREEZE,
ZONE_EVENT_UTHAW,
- ZONE_EVENT_NSEC3RESALT,
ZONE_EVENT_DS_CHECK,
ZONE_EVENT_DS_PUSH,
// terminator
diff --git a/src/knot/events/handlers.h b/src/knot/events/handlers.h
index af4a0134d1c8405869a0d2b70cc450f53bded57e..e6dfd6c723b577d172e85a61261a6569c0187db9 100644
--- a/src/knot/events/handlers.h
+++ b/src/knot/events/handlers.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -43,8 +43,6 @@ void event_dnssec_reschedule(conf_t *conf, zone_t *zone,
int event_ufreeze(conf_t *conf, zone_t *zone);
/*! \brief Unfreeze zone updates. */
int event_uthaw(conf_t *conf, zone_t *zone);
-/*! \brief Recreates salt for NSEC3 hashing. */
-int event_nsec3resalt(conf_t *conf, zone_t *zone);
/*! \brief When CDS/CDNSKEY published, look for matching DS */
int event_ds_check(conf_t *conf, zone_t *zone);
/*! \brief After change of CDS/CDNSKEY, push the new DS to parent zone as DDNS. */
diff --git a/src/knot/events/handlers/dnssec.c b/src/knot/events/handlers/dnssec.c
index 68df1be4f71f1553c9169ce2fd7fb81e584df38d..2f2e1f906a4899a664ffd2ba9d8748d9ab24885c 100644
--- a/src/knot/events/handlers/dnssec.c
+++ b/src/knot/events/handlers/dnssec.c
@@ -44,9 +44,8 @@ void event_dnssec_reschedule(conf_t *conf, zone_t *zone,
time_t ignore = -1;
knot_time_t refresh_at = refresh->next_sign;
- if (knot_time_cmp(refresh->next_rollover, refresh_at) < 0) {
- refresh_at = refresh->next_rollover;
- }
+ refresh_at = knot_time_min(refresh_at, refresh->next_rollover);
+ refresh_at = knot_time_min(refresh_at, refresh->next_nsec3resalt);
log_dnssec_next(zone->name, (time_t)refresh_at);
@@ -57,7 +56,6 @@ void event_dnssec_reschedule(conf_t *conf, zone_t *zone,
zone_events_schedule_at(zone,
ZONE_EVENT_DNSSEC, refresh_at ? (time_t)refresh_at : ignore,
ZONE_EVENT_DS_CHECK, refresh->plan_ds_check ? now : ignore,
- ZONE_EVENT_NSEC3RESALT, refresh->next_nsec3resalt ? refresh->next_nsec3resalt : ignore,
ZONE_EVENT_NOTIFY, zone_changed ? now : ignore
);
}
diff --git a/src/knot/events/handlers/nsec3resalt.c b/src/knot/events/handlers/nsec3resalt.c
deleted file mode 100644
index 5c01d2edfd951612264df865e97673f1f7647a81..0000000000000000000000000000000000000000
--- a/src/knot/events/handlers/nsec3resalt.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-#include "knot/dnssec/context.h"
-#include "knot/dnssec/zone-events.h"
-
-int event_nsec3resalt(conf_t *conf, zone_t *zone)
-{
- knot_time_t salt_changed = 0;
- knot_time_t next_resalt = 0;
-
- kdnssec_ctx_t kctx = { 0 };
-
- int ret = kdnssec_ctx_init(conf, &kctx, zone->name, zone_kaspdb(zone), NULL);
- if (ret != KNOT_EOK) {
- return ret;
- }
-
- ret = knot_dnssec_nsec3resalt(&kctx, true, &salt_changed, &next_resalt);
- if (ret == KNOT_EOK && salt_changed != 0) {
- zone_events_schedule_now(zone, ZONE_EVENT_DNSSEC);
- }
-
- kdnssec_ctx_deinit(&kctx);
-
- if (next_resalt) {
- zone_events_schedule_at(zone, ZONE_EVENT_NSEC3RESALT, next_resalt);
- }
-
- return ret;
-}
diff --git a/src/knot/events/replan.c b/src/knot/events/replan.c
index 7211e2ec5f76d568c0e27feb0a26a3343e15d3a5..a7ba8d5cb13e285e41632c2114a25e20f9b8e11f 100644
--- a/src/knot/events/replan.c
+++ b/src/knot/events/replan.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -118,7 +118,7 @@ void replan_from_timers(conf_t *conf, zone_t *zone)
}
}
- time_t resalt = TIME_CANCEL;
+ time_t resalt = TIME_IGNORE;
time_t ds_check = TIME_CANCEL;
time_t ds_push = TIME_CANCEL;
conf_val_t val = conf_zone_get(conf, C_DNSSEC_SIGNING, zone->name);
@@ -156,7 +156,7 @@ void replan_from_timers(conf_t *conf, zone_t *zone)
ZONE_EVENT_EXPIRE, expire_pre,
ZONE_EVENT_EXPIRE, expire,
ZONE_EVENT_FLUSH, flush,
- ZONE_EVENT_NSEC3RESALT, resalt,
+ ZONE_EVENT_DNSSEC, resalt,
ZONE_EVENT_DS_CHECK, ds_check,
ZONE_EVENT_DS_PUSH, ds_push);
}