Don't allow other values than '1' for the NSEC3PARAM algorithm

author Pieter Lexis <pieter.lexis@powerdns.com>

Fri, 6 May 2016 11:07:22 +0000 (13:07 +0200)

committer Pieter Lexis <pieter.lexis@powerdns.com>

Tue, 10 May 2016 16:52:43 +0000 (18:52 +0200)
author Pieter Lexis <pieter.lexis@powerdns.com>
Fri, 6 May 2016 11:07:22 +0000 (13:07 +0200)
committer Pieter Lexis <pieter.lexis@powerdns.com>
Tue, 10 May 2016 16:52:43 +0000 (18:52 +0200)
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc

index 83a766a2254c89a8e21b7ea2f5ccbc4cb994a54e..1283930d54730b00b4004fb3ddcd8adb9f6a533a 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -2424,6 +2424,10 @@ loadMainConfig(g_vm["config-dir"].as<string>());
        cerr<<"Cannot enable NSEC3 for " << zone.toString() << " as it is too long (" << zone.wirelength() << " bytes, maximum is 222 bytes)"<<endl;
        return 1;
      }
+    if(ns3pr.d_algorithm != 1) {
+      cerr<<"NSEC3PARAM algorithm set to '"<<std::to_string(ns3pr.d_algorithm)<<"', but '1' is the only valid value"<<endl;
+      return EXIT_FAILURE;
+    }
      if (! dk.setNSEC3PARAM(zone, ns3pr, narrow)) {
        cerr<<"Cannot set NSEC3 param for " << zone.toString() << endl;
        return 1;
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Fri, 6 May 2016 11:07:22 +0000 (13:07 +0200)
committer	Pieter Lexis <pieter.lexis@powerdns.com>
	Tue, 10 May 2016 16:52:43 +0000 (18:52 +0200)