From 8fab5101ffdcdaef1ca0d9069b03c0bba04f53f5 Mon Sep 17 00:00:00 2001
From: Shreyas Zare <shreyas@technitium.com>
Date: Sun, 4 Feb 2024 17:50:37 +0530
Subject: [PATCH] PrimaryZone: fixed minor null ref issue. Fixed issue in
 revert code in SignZone() which missed to remove RRSIG records in subdomains.
 Code refactoring done.

---
 DnsServerCore/Dns/Zones/PrimaryZone.cs | 35 ++++++++++++++++++++------
 1 file changed, 27 insertions(+), 8 deletions(-)

diff --git a/DnsServerCore/Dns/Zones/PrimaryZone.cs b/DnsServerCore/Dns/Zones/PrimaryZone.cs
index 1f6101d5..3c7f5a4e 100644
--- a/DnsServerCore/Dns/Zones/PrimaryZone.cs
+++ b/DnsServerCore/Dns/Zones/PrimaryZone.cs
@@ -1,6 +1,6 @@
 /*
 Technitium DNS Server
-Copyright (C) 2023  Shreyas Zare (shreyas@technitium.com)
+Copyright (C) 2024  Shreyas Zare (shreyas@technitium.com)
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -167,7 +167,10 @@ namespace DnsServerCore.Dns.Zones
             base.UpdateDnssecStatus();
 
             if (_dnssecStatus != AuthZoneDnssecStatus.Unsigned)
-                _dnssecTimer = new Timer(DnssecTimerCallback, null, DNSSEC_TIMER_INITIAL_INTERVAL, Timeout.Infinite);
+            {
+                if (_dnssecPrivateKeys is not null)
+                    _dnssecTimer = new Timer(DnssecTimerCallback, null, DNSSEC_TIMER_INITIAL_INTERVAL, Timeout.Infinite);
+            }
         }
 
         private async void DnssecTimerCallback(object state)
@@ -668,11 +671,28 @@ namespace DnsServerCore.Dns.Zones
                 _dnssecStatus = AuthZoneDnssecStatus.Unsigned;
                 _dnssecPrivateKeys = null;
 
-                foreach (DnsResourceRecord addedRecord in addedRecords)
-                    TryDeleteRecord(addedRecord.Type, addedRecord.RDATA, out _);
+                Dictionary<string, Dictionary<DnsResourceRecordType, List<DnsResourceRecord>>> addedRecordGroups = DnsResourceRecord.GroupRecords(addedRecords);
 
-                foreach (DnsResourceRecord deletedRecord in deletedRecords)
-                    AddRecord(deletedRecord, out _, out _);
+                foreach (KeyValuePair<string, Dictionary<DnsResourceRecordType, List<DnsResourceRecord>>> addedRecordGroup in addedRecordGroups)
+                {
+                    AuthZone zone = _dnsServer.AuthZoneManager.GetAuthZone(_name, addedRecordGroup.Key);
+
+                    foreach (KeyValuePair<DnsResourceRecordType, List<DnsResourceRecord>> addedRecordEntry in addedRecordGroup.Value)
+                        zone.TryDeleteRecords(addedRecordEntry.Key, addedRecordEntry.Value, out _);
+                }
+
+                Dictionary<string, Dictionary<DnsResourceRecordType, List<DnsResourceRecord>>> deletedRecordGroups = DnsResourceRecord.GroupRecords(deletedRecords);
+
+                foreach (KeyValuePair<string, Dictionary<DnsResourceRecordType, List<DnsResourceRecord>>> deletedRecordGroup in deletedRecordGroups)
+                {
+                    AuthZone zone = _dnsServer.AuthZoneManager.GetAuthZone(_name, deletedRecordGroup.Key);
+
+                    foreach (KeyValuePair<DnsResourceRecordType, List<DnsResourceRecord>> deletedRecordEntry in deletedRecordGroup.Value)
+                    {
+                        foreach (DnsResourceRecord deletedRecord in deletedRecordEntry.Value)
+                            AddRecord(deletedRecord, out _, out _);
+                    }
+                }
 
                 throw;
             }
@@ -891,8 +911,7 @@ namespace DnsServerCore.Dns.Zones
             if (saltLength > 0)
             {
                 salt = new byte[saltLength];
-                using RandomNumberGenerator rng = RandomNumberGenerator.Create();
-                rng.GetBytes(salt);
+                RandomNumberGenerator.Fill(salt);
             }
             else
             {