Merge branch 'marka-check-touched' into 'master'

Check that inline master zones that are only touched are correctly reloaded.

Closes #1627

See merge request isc-projects/bind9!3135

CHANGES

@@ -1,3 +1,7 @@
+5358.	[bug]		Inline master zones whose master files were touched
+			but otherwise unchanged and were subsequently reloaded
+			may have stopped re-signing. [GL !3135]
+
 5357.	[bug]		Newly added RRSIG records with expiry times before
 			the previous earliest expiry times might not be
 			re-signed in time.  The was a side effect of 5315.

bin/tests/system/inline/ns8/example.com.db.in

@@ -0,0 +1,19 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300	; 5 minutes
+@			IN SOA	ns8 . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns8
+ns8			A	10.53.0.8

bin/tests/system/inline/ns8/named.conf.in

@@ -0,0 +1,146 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS8
+
+include "../../common/rndc.key";
+
+controls {
+	inet 10.53.0.8 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+options {
+	query-source address 10.53.0.8;
+	notify-source 10.53.0.8;
+	transfer-source 10.53.0.8;
+	port @PORT@;
+	pid-file "named.pid";
+	session-keyfile "session.key";
+	listen-on { 10.53.0.8; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify yes;
+	try-tcp-refresh no;
+	notify-delay 0;
+	allow-new-zones yes;
+};
+
+zone "example01.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example01.com.db";
+};
+
+zone "example02.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example02.com.db";
+};
+
+zone "example03.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example03.com.db";
+};
+
+zone "example04.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example04.com.db";
+};
+
+zone "example05.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example05.com.db";
+};
+
+zone "example06.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example06.com.db";
+};
+
+zone "example07.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example07.com.db";
+};
+
+zone "example08.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example08.com.db";
+};
+
+zone "example09.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example09.com.db";
+};
+
+zone "example10.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example10.com.db";
+};
+
+zone "example11.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example11.com.db";
+};
+
+zone "example12.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example12.com.db";
+};
+
+zone "example13.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example13.com.db";
+};
+
+zone "example14.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example14.com.db";
+};
+
+zone "example15.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example15.com.db";
+};
+
+zone "example16.com" {
+	type master;
+	inline-signing yes;
+	auto-dnssec maintain;
+	file "example16.com.db";
+};

bin/tests/system/inline/ns8/sign.sh

@@ -0,0 +1,26 @@
+#!/bin/sh -e
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+for zone in example01.com example02.com example03.com example04.com \
+	    example05.com example06.com example07.com example08.com \
+	    example09.com example10.com example11.com example12.com \
+	    example13.com example14.com example15.com example16.com
+do
+  rm -f K${zone}.+*+*.key
+  rm -f K${zone}.+*+*.private
+  keyname=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+  keyname=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone`
+  cp example.com.db.in ${zone}.db
+  $SIGNER -S -T 3600 -O raw -o ${zone} ${zone}.db > /dev/null 2>&1
+done

bin/tests/system/inline/setup.sh

@@ -44,7 +44,9 @@ copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.pre ns5/named.conf
 copy_setports ns6/named.conf.in ns6/named.conf
 copy_setports ns7/named.conf.in ns7/named.conf
+copy_setports ns8/named.conf.in ns8/named.conf
 
 (cd ns3; $SHELL -e sign.sh)
 (cd ns1; $SHELL -e sign.sh)
 (cd ns7; $SHELL -e sign.sh)
+(cd ns8; $SHELL -e sign.sh)

bin/tests/system/inline/tests.sh

@@ -395,7 +395,6 @@ $DIG $DIGOPTS @10.53.0.3 e.master A > dig.out.ns6.test$n
 grep "10.0.0.5" dig.out.ns6.test$n > /dev/null || ans=1
 grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ans=1
 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ans=1
-
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -1381,5 +1380,24 @@ grep "type: slave" rndc.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo_i "checking reload of touched inline zones ($n)"
+echo_ic "pre-reload 'next key event'"
+nextpart ns8/named.run > nextpart.pre$n.out
+count=`grep "zone example[0-9][0-9].com/IN (signed): next key event:" nextpart.pre$n.out | wc -l`
+echo_ic "found: $count/16"
+[ $count -eq 16 ] || ret=1
+echo_ic "touch and reload"
+touch ns8/example??.com.db
+$RNDCCMD 10.53.0.8 reload 2>&1 | sed 's/^/ns3 /' | cat_i
+sleep 5
+echo_ic "post-reload 'next key event'"
+nextpart ns8/named.run > nextpart.post$n.out
+count=`grep "zone example[0-9][0-9].com/IN (signed): next key event:" nextpart.post$n.out | wc -l`
+echo_ic "found: $count/16"
+[ $count -eq 16 ] || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

lib/dns/zone.c

@@ -5282,6 +5282,14 @@ done:
 	if (inline_raw(zone) && DNS_ZONE_FLAG(zone->secure, DNS_ZONEFLG_LOADED))
 	{
 		DNS_ZONE_CLRFLAG(zone->secure, DNS_ZONEFLG_LOADPENDING);
+		/*
+		 * Re-start zone maintenance if it had been stalled
+		 * due to DNS_ZONEFLG_LOADPENDING being set when
+		 * zone_maintenance was called.
+		 */
+		if (zone->secure->task != NULL) {
+			zone_settimer(zone->secure, &now);
+		}
 	}
 
 	zone_debuglog(zone, "zone_postload", 99, "done");

util/copyrights

@@ -679,6 +679,7 @@
 ./bin/tests/system/inline/ns5/named.conf.post	X	2011,2014,2016,2018,2019,2020
 ./bin/tests/system/inline/ns5/named.conf.pre	X	2011,2016,2018,2019,2020
 ./bin/tests/system/inline/ns7/sign.sh		SH	2017,2018,2019,2020
+./bin/tests/system/inline/ns8/sign.sh		SH	2020
 ./bin/tests/system/inline/setup.sh		SH	2011,2012,2013,2014,2016,2017,2018,2019,2020
 ./bin/tests/system/inline/tests.sh		SH	2011,2012,2013,2014,2016,2017,2018,2019,2020
 ./bin/tests/system/integrity/clean.sh		SH	2017,2018,2019,2020