From bc7aed2a6b4ac01a4960fd66cb9964d7397ebffe Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 7 Feb 2011 00:16:48 +0000
Subject: [PATCH] 3018.   [bug]           Named failed to check for the "none;"
 acl when deciding                         if a zone may need to be re-signed.
 RT #23120]

---
 CHANGES        | 3 +++
 lib/dns/zone.c | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 84f171469f..614a63697b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3018.	[bug]		Named failed to check for the "none;" acl when deciding
+			if a zone may need to be re-signed. RT #23120]
+
 3017.	[doc]		dnssec-keyfromlabel -I was not properly documented.
 			[RT #22887]
 
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 13a00a7f77..9ebb5c1e7e 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.540.2.36 2011/02/03 05:38:10 tbox Exp $ */
+/* $Id: zone.c,v 1.540.2.37 2011/02/07 00:16:48 marka Exp $ */
 
 /*! \file */
 
@@ -1590,7 +1590,8 @@ get_master_options(dns_zone_t *zone) {
 	if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKWILDCARD))
 		options |= DNS_MASTER_CHECKWILDCARD;
 	if (zone->type == dns_zone_master &&
-	    (zone->update_acl != NULL || zone->ssutable != NULL))
+	    ((zone->update_acl != NULL && !dns_acl_isnone(zone->update_acl)) ||
+	      zone->ssutable != NULL))
 		options |= DNS_MASTER_RESIGN;
 	return (options);
 }