nsd.conf wasn't properly using the signed zone files

761fac72 · Joshua Tauberer · dd15bf43 · 761fac72
Commit 761fac72 authored Jun 18, 2014 by Joshua Tauberer
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 6 deletions

dns_update.py management/dns_update.py +7 -6

No files found.
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -72,9 +72,13 @@ def do_dns_update(env):
 		# write_nsd_zone is smart enough to check if a zone's signature
 		# is nearing experiation and if so it'll bump the serial number
 		# and return True so we get a chance to re-sign it.
-		#
+		sign_zone(domain, zonefile, env)
-		# Also update the zone's filename so nsd.conf uses the signed file.
-		zonefiles[i][1] = sign_zone(domain, zonefile, env)
+	# Now that all zones are signed (some might not have changed and so didn't
+	# just get signed now, but were before) update the zone filename so nsd.conf
+	# uses the signed file.
+	for i in range(len(zonefiles)):
+		zonefiles[i][1] += ".signed"
 	# Write the main nsd.conf file.
 	if write_nsd_conf(zonefiles):
@@ -365,9 +369,6 @@ def sign_zone(domain, zonefile, env):
 	for fn in files_to_kill:
 		os.unlink(fn)
-	# Update the zone's filename so nsd.conf uses the signed file.
-	return zonefile + ".signed"
 ########################################################################
 def get_ds_records(env):