DNSResourceRecord rr;
DNSKEYRecordContent drc;
RRSIGRecordContent rrc;
+ DSRecordContent dsrc;
vector<shared_ptr<DNSRecordContent> > toSign;
unsigned int ttl;
- string qname;
-
+ string qname, apex;
+ dsrc.d_digesttype=0;
while(zpt.get(rr)) {
if(rr.qtype.getCode() == QType::DNSKEY) {
cerr<<"got DNSKEY!"<<endl;
+ apex=rr.qname;
drc = *dynamic_cast<DNSKEYRecordContent*>(DNSRecordContent::mastermake(QType::DNSKEY, 1, rr.content));
}
else if(rr.qtype.getCode() == QType::RRSIG) {
cerr<<"got RRSIG"<<endl;
rrc = *dynamic_cast<RRSIGRecordContent*>(DNSRecordContent::mastermake(QType::RRSIG, 1, rr.content));
}
+ else if(rr.qtype.getCode() == QType::DS) {
+ cerr<<"got DS"<<endl;
+ dsrc = *dynamic_cast<DSRecordContent*>(DNSRecordContent::mastermake(QType::DS, 1, rr.content));
+ }
else {
qname = rr.qname;
ttl = rr.ttl;
}
DNSPrivateKey* dpk = DNSPrivateKey::makeFromPublicKeyString(drc.d_algorithm, drc.d_key);
string hash = getHashForRRSET(qname, rrc, toSign);
+
cerr<<"Verify: "<<dpk->verify(hash, rrc.d_signature)<<endl;
+ if(dsrc.d_digesttype) {
+ cerr<<"Calculated DS: "<<apex<<" IN DS "<<makeDSFromDNSKey(apex, drc, dsrc.d_digesttype).getZoneRepresentation()<<endl;
+ cerr<<"Original DS: "<<apex<<" IN DS "<<dsrc.getZoneRepresentation()<<endl;
+ }
}
void showZone(DNSSECKeeper& dk, const std::string& zone)
projects / pdns / commitdiff