Skip to content
Snippets Groups Projects

Serial Policy

Merged Serial Policy
serial-policy into master
Merged Ghost User requested to merge serial-policy into master

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Ghost User
    Ghost User @ghost started a thread on the diff
    • src/knot/server/zones.c
    977 return KNOT_ERROR;
    978 }
    979
    980 return data->conf->serial_policy;
    981 }
    982
    983 static uint32_t zones_next_serial(int64_t old_sn, int serial_policy)
    984 {
    985 if (old_sn < 0) {
    986 return KNOT_EINVAL;
    987 }
    988
    989 switch (serial_policy) {
    990 case CONF_SERIAL_INCREMENT:
    991 return (uint32_t)old_sn + 1;
    992 break;
  • Ghost User
    Ghost User @ghost started a thread on the diff
    • src/knot/server/zones.c
    2610 2656 log_zone_info("%s Signing zone...\n", msgpref);
    2611 2657 }
    2612 2658
    2659 uint32_t old_serial = knot_zone_serial(knot_zone_contents(zone));
  • Ghost User
  • Ghost User
  • Ghost User
  • Ghost User
  • Ghost User
    Ghost User @ghost started a thread on the diff
    • src/libknot/dnssec/zone-events.c
    94 94 }
    95 95
    96 96 static int zone_sign(knot_zone_t *zone, knot_changeset_t *out_ch, bool force,
    97 knot_update_serial_t soa_up, uint32_t *expires_at)
    97 knot_update_serial_t soa_up, uint32_t *expires_at,
    98 uint32_t new_serial)
    • Ghost User
      Ghost User @ghost ·
      Author Contributor

      Why add new serial as a parameter? Serial policy is stored in the zone anyway. Also, I think the time used should be the time at the end of the signing, not the beginning (I know, there will be changeset application and what not, but still)

  • Ghost User
    Ghost User @ghost started a thread on the diff
    • src/libknot/dnssec/zone-events.c
    169 170 KNOT_RRTYPE_SOA);
    170 171 assert(soa);
    171 172 result = knot_zone_sign_update_soa(soa, &zone_keys, &policy,
  • Jan Včelák
    Jan Včelák @jvcelak started a thread on the diff
    • doc/reference.texi
    912 @subsubsection serial-policy
    913 @vindex serial-policy
    914
    915 Specifies how the zone serial is updated after DDNS (dynamic update) and
    916 automatic DNSSEC signing. If the serial is changed by the dynamic update, no
    917 change is made.
    918
    919 increment - After update or signing, the serial is automatically incremented
    920 (according to serial number arithmetic).
    921
    922 unixtime - After update or signing, serial is set to the current unix time.
    923
    924 @strong{Warning:} If your serial was in other than unix time format, be careful with
    925 transition to unix time. It may happen that the new serial will be 'lower' than
    926 the old one. If this is the case, the transition should be done by hand (consult:
    927 http://www.zytrax.com/books/dns/ch9/serial.html).
    • Jan Včelák
      Jan Včelák @jvcelak ·
      Contributor

      Link to documentation from Zytrax? Really? We should explain this on our own or link appropriate RFC.

    • Ghost User
      Ghost User @ghost ·
      Author Contributor

      Explanation in RFC isn't user-friendly enough, it just describes the serial number arithmetic (adding, comparing), the method of transitioning serial is not described anywhere in RFCs (AFAIK) and I was too lazy to re-write it to our manual. But feel free to do so.

  • Jan Včelák
    Jan Včelák @jvcelak started a thread on the diff
    • src/knot/conf/conf.h
    139 141 } conf_zone_t;
    140 142
    141 143 /*!
    144 * \brief Serial policy options.
    145 */
    146 typedef enum conf_serial_policy_t {
    147 CONF_SERIAL_INCREMENT = 1 << 0,
    148 CONF_SERIAL_UNIXTIME = 1 << 1
    149 } conf_serial_policy_t;
    Please register or sign in to reply