auth: Warn on startup if default key size is req'd

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index ef6689adb3e2098afb225d41fcafa84de5492045..336426a86f328872a1a2063eef26968647b0c575 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -28,6 +28,7 @@
 #include <sys/time.h>
 #include <sys/resource.h>
 #include "dynhandler.hh"
+#include "dnsseckeeper.hh"
 
 #ifdef HAVE_SYSTEMD
 #include <systemd/sd-daemon.h>
@@ -524,6 +525,17 @@ void mainthread()
   }
   catch(...) {}
 
+  // Some sanity checking on default key settings
+  for (const string& algotype : {"ksk", "zsk"}) {
+    int algo, size;
+    algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-"+algotype+"-algorithm"]);
+    size = ::arg().asNum("default-"+algotype+"-size");
+    if (algo == -1)
+      L<<Logger::Warning<<"Warning: default-"<<algotype<<"-algorithm set to unknown algorithm: "<<::arg()["default-"+algotype+"-algorithm"]<<endl;
+    else if (algo <= 10 && size == 0)
+      L<<Logger::Warning<<"Warning: default-"<<algotype<<"-algorithm is set to an algorithm("<<::arg()["default-"+algotype+"-algorithm"]<<") that requires a non-zero default-"<<algotype<<"-size!"<<endl;
+  }
+
   // NOW SAFE TO CREATE THREADS!
   dl->go();
 

diff --git a/pdns/common_startup.hh b/pdns/common_startup.hh
index 25e98a49375516a659fed21556f712244f66a23c..a46e2ba1f29009311d2fc1c2aa8f15efdc37c28a 100644 (file)
--- a/pdns/common_startup.hh
+++ b/pdns/common_startup.hh
@@ -34,6 +34,7 @@
 #include "nameserver.hh"
 #include "statbag.hh"
 #include "tcpreceiver.hh"
+#include "dnsseckeeper.hh"
 
 extern ArgvMap theArg;
 extern StatBag S;  //!< Statistics are gathered across PDNS via the StatBag class S