Race condition in powerdns_plugin dnssec handling
Current logic in powerdns_plugin.inc.php is this:
- if $data['new']['dnssec_wanted'] === 'N' && $data['new']['dnssec_initialized'] === 'Y' - disable dnssec
- if $data['new']['dnssec_wanted'] === 'Y' - enable dnssec
The race condition occurs when the plugin is triggered if a user in the control panel makes modifications to dnssec_wanted, before the run has been completed by the cron job on the server (which runs every minute). This happens because the datalog contains the SQL record from the database, but dnssec_initialized is stays on 'N' until a cron run has been completed.
This means that if I quickly enable and disable the dnssec checkbox several times, or for some reason the server cron hangs, it can happen that lots of dnssec keys are created. Because dnssec_initialized is 'N' while the cron has not yet run, so existing keys don't get disabled.