]> granicus.if.org Git - pdns/commitdiff
add CNAME-and-other check to check-zone. Submitted by Ruben d'Arco, closes #613
authorPeter van Dijk <peter.van.dijk@netherlabs.nl>
Wed, 28 Nov 2012 17:56:39 +0000 (17:56 +0000)
committerPeter van Dijk <peter.van.dijk@netherlabs.nl>
Wed, 28 Nov 2012 17:56:39 +0000 (17:56 +0000)
git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2930 d19b8d6e-7fed-0310-83ef-9ca221ded41b

pdns/pdnssec.cc

index 9df8e5623eb18ac0e4960f5ed7cb2b11c1cfcbb0..8850e27652ee6930472f591e8446bf896a57c799 100644 (file)
@@ -277,6 +277,8 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
   DNSResourceRecord rr;
   uint64_t numrecords=0, numerrors=0, numwarnings=0;
   
+  set<string> cnames, noncnames;
+
   while(sd.db->get(rr)) {
     if(!endsOn(rr.qname, zone)) {
       cout<<"[Warning] The record "<<rr.qname<<" with type "<<rr.qtype.getName()<<" in zone "<<zone<<" is out-of-zone."<<endl;
@@ -287,6 +289,14 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
     if(!rr.qtype.getCode())
       continue;
     
+    if (rr.qtype.getCode() == QType::CNAME) {
+      cnames.insert(rr.qname);
+    }
+    else {
+      if (rr.qtype.getCode() != QType::RRSIG)
+        noncnames.insert(rr.qname);
+    }
+
     if(rr.qtype.getCode() == QType::NSEC || rr.qtype.getCode() == QType::NSEC3)
     {
       cout<<"[Error] NSEC or NSEC3 found at '"<<rr.qname<<"'. These do not belong in the database."<<endl;
@@ -361,6 +371,16 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
     }
     numrecords++;
   }
+
+  for(set<string>::const_iterator i = cnames.begin(); i != cnames.end(); i++) {
+    if (noncnames.find(*i) != noncnames.end()) {
+      cout<<"[Error] CNAME "<<*i<<" found, but other records with same label exist."<<endl;
+      numerrors++;
+    }
+  }
+
+
+
   cout<<"Checked "<<numrecords<<" records of '"<<zone<<"', "<<numerrors<<" errors, "<<numwarnings<<" warnings."<<endl;
   return numerrors;
 }