From e0c5cce89ac5eca6d544df888ad1b71a0aa4af2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?A=2E=20T=C3=A4ffner?= <darkalex@firesplash.de>
Date: Tue, 30 May 2017 10:42:19 +0200
Subject: [PATCH] Resign should also take place if ISPC Master is not the
 Nameserver.

We do only trigger a rewrite of the zonefile by touching server log so no need to chank against existance of a file.
Thanks to Tom Albers who pointed me to this issue by providing an excellent bug report!

Also removed some garbage
---
 server/lib/classes/cron.d/550-bind_dnssec.inc.php | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/server/lib/classes/cron.d/550-bind_dnssec.inc.php b/server/lib/classes/cron.d/550-bind_dnssec.inc.php
index ed831ea910..7f917b64e0 100644
--- a/server/lib/classes/cron.d/550-bind_dnssec.inc.php
+++ b/server/lib/classes/cron.d/550-bind_dnssec.inc.php
@@ -82,18 +82,13 @@ class cronjob_bind_dnssec extends cronjob {
 
 		//* Load libraries
 		$app->uses("getconf,tpl");
-
-		//* load the server configuration options
-		$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns');
 		
 		//TODO : change this when distribution information has been integrated into server record
 		$filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.';
-		$soas = $app->db->queryAllRecords("SELECT id,serial,origin FROM dns_soa WHERE server_id = ? AND active= 'Y' AND dnssec_wanted = 'Y' AND dnssec_initialized = 'Y' AND (dnssec_last_signed < ? OR dnssec_last_signed > ?)", $conf['server_id'], time()-(3600*24*5)+900, time()+900); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)
+		$soas = $app->db->queryAllRecords("SELECT id,serial,origin FROM dns_soa WHERE active= 'Y' AND dnssec_wanted = 'Y' AND dnssec_initialized = 'Y' AND (dnssec_last_signed < ? OR dnssec_last_signed > ?)", time()-(3600*24*5)+900, time()+900); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)
 
 		foreach ($soas as $data) {
 			$domain = substr($data['origin'], 0, strlen($data['origin'])-1);
-			if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) continue;
-			
 			$app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_DEBUG);
 			$app->db->datalogUpdate('dns_soa', array("serial" => $this->increase_serial($data['serial'])), 'id', $data['id']);
 		}
-- 
GitLab