DNSSEC/DDNS: Do not remove DNSSEC records when deleting whole RRSet using DDNS.

60990950 · Jan Kadlec · bb204e52 · 60990950
Commit 60990950 authored 11 years ago by Jan Kadlec
--- a/src/libknot/updates/ddns.c
+++ b/src/libknot/updates/ddns.c
@@ -1637,13 +1637,14 @@ static int knot_ddns_process_rem_all(knot_node_t *node,

 	dbg_ddns_verb("Removing all RRSets (count: %d).\n", count);
 	for (int i = 0; i < count; ++i) {
-		// If the node is apex, skip NS, SOA and DNSSEC records
+		// Skip DNSSEC records - automatic signing will handle this
+		if (knot_rrtype_is_ddns_forbidden(rrsets[i]->type)) {
+			continue;
+		}
+		// If the node is apex, skip NS and SOA as well
 		if (is_apex &&
 		    (knot_rrset_type(rrsets[i]) == KNOT_RRTYPE_SOA
-		     || knot_rrset_type(rrsets[i]) == KNOT_RRTYPE_NS
-		     || knot_rrtype_is_ddns_forbidden(
-		             knot_rrset_type(rrsets[i])))) {
-			/* Do not remove these RRSets, nor their RRSIGs. */
+		     || knot_rrset_type(rrsets[i]) == KNOT_RRTYPE_NS)) {
 			continue;
 		}