]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8f0c45b)
auth: Warn about algo 5 -> 7 upgrade in log
authorPieter Lexis <pieter.lexis@powerdns.com>
Wed, 1 Nov 2017 13:56:04 +0000 (14:56 +0100)
committerPieter Lexis <pieter.lexis@powerdns.com>
Wed, 1 Nov 2017 13:56:04 +0000 (14:56 +0100)
One step toward #3267

pdns/dbdnsseckeeper.cc patch | blob | history

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index eb4aead429e13aacc00d8fdd7af8af4c6d066a9c..063de10fb8e5270e84e4511a4a8134b5c456ffe3 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -485,8 +485,10 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const DNSName& zone, bool useCache)
 
     dpk.d_flags = kd.flags;
     dpk.d_algorithm = dkrc.d_algorithm;
-    if(dpk.d_algorithm == 5 && getNSEC3PARAM(zone))
+    if(dpk.d_algorithm == 5 && getNSEC3PARAM(zone)) {
+      L<<Logger::Warning<<"Zone '"<<zone<<"' has NSEC3 semantics, but the "<< (kd.active ? "" : "in" ) <<"active key with id "<<kd.id<<" has 'Algorithm: 5'. This should be corrected to 'Algorithm: 7' in the database (or NSEC3 should be disabled)."<<endl;
       dpk.d_algorithm+=2;
+    }
 
     KeyMetaData kmd;
 
Unnamed repository; edit this file 'description' to name the repository.