]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2e190ea)
Backport #7976: Make pdnsutil set-publish-cds default to SHA-256 only
authorPeter van Dijk <peter.van.dijk@powerdns.com>
Mon, 8 Jul 2019 08:44:15 +0000 (10:44 +0200)
committerPeter van Dijk <peter.van.dijk@powerdns.com>
Mon, 8 Jul 2019 08:44:15 +0000 (10:44 +0200)
docs/manpages/pdnsutil.1.rst patch | blob | history
pdns/pdnsutil.cc patch | blob | history
regression-tests/tests/publishing-cds-cdnskey/expected_result patch | blob | history

diff --git a/docs/manpages/pdnsutil.1.rst b/docs/manpages/pdnsutil.1.rst
index 63b19bf59196748159dbcacbaf3682490fb645ce..72cdf6a7265eff7c777e6b6e027eecc6b9f2a831 100644 (file)
--- a/docs/manpages/pdnsutil.1.rst
+++ b/docs/manpages/pdnsutil.1.rst
@@ -109,7 +109,7 @@ unset-nsec3 *ZONE*
 set-publish-cds *ZONE* [*DIGESTALGOS*]
     Set *ZONE* to respond to queries for its CDS records. the optional
     argument *DIGESTALGOS* should be a comma-separated list of DS
-    algorithms to use. By default, this is 1,2 (SHA1 and SHA2-256).
+    algorithms to use. By default, this is 2 (SHA-256).
 set-publish-cdnskey *ZONE*
     Set *ZONE* to publish CDNSKEY records.
 unset-publish-cds *ZONE*
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 5bea46eb95ce76e2ccd3daf365b39184d160dfe6..ed3bf5d3db487856fde77ac258d7317cae9084e6 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -2017,7 +2017,7 @@ try
     cout<<"set-presigned ZONE                 Use presigned RRSIGs from storage"<<endl;
     cout<<"set-publish-cdnskey ZONE           Enable sending CDNSKEY responses for ZONE"<<endl;
     cout<<"set-publish-cds ZONE [DIGESTALGOS] Enable sending CDS responses for ZONE, using DIGESTALGOS as signature algorithms"<<endl;
-    cout<<"                                   DIGESTALGOS should be a comma separated list of numbers, it is '1,2' by default"<<endl;
+    cout<<"                                   DIGESTALGOS should be a comma separated list of numbers, it is '2' by default"<<endl;
     cout<<"add-meta ZONE KIND VALUE           Add zone metadata, this adds to the existing KIND"<<endl;
     cout<<"                   [VALUE ...]"<<endl;
     cout<<"set-meta ZONE KIND [VALUE] [VALUE] Set zone metadata, optionally providing a value. *No* value clears meta"<<endl;
@@ -2575,7 +2575,7 @@ try
 
     // If DIGESTALGOS is unset
     if(cmds.size() == 2)
-      cmds.push_back("1,2");
+      cmds.push_back("2");
 
     if (! dk.setPublishCDS(DNSName(cmds[1]), cmds[2])) {
       cerr << "Could not set publishing for CDS records for "<< cmds[1]<<endl;
diff --git a/regression-tests/tests/publishing-cds-cdnskey/expected_result b/regression-tests/tests/publishing-cds-cdnskey/expected_result
index 0c709606dd693c5e90ae2b76cd245a3f444f7d00..15fdc76804ecaff570e1063d913f60d467f82c27 100644 (file)
--- a/regression-tests/tests/publishing-cds-cdnskey/expected_result
+++ b/regression-tests/tests/publishing-cds-cdnskey/expected_result
@@ -1,4 +1,3 @@
-0      secure-delegated.dnssec-parent.com.     IN      CDS     86400   54319 8 1 a28ebe791e9cc7f4c2821131be367326ddd7434c
 0      secure-delegated.dnssec-parent.com.     IN      CDS     86400   54319 8 2 a0b9c38cd324182af0ef66830d0a0e85a1d58979c9834e18c871779e040857b7
 0      secure-delegated.dnssec-parent.com.     IN      RRSIG   86400   CDS 8 3 86400 [expiry] [inception] [keytag] secure-delegated.dnssec-parent.com. ...
 0      secure-delegated.dnssec-parent.com.     IN      RRSIG   86400   CDS 8 3 86400 [expiry] [inception] [keytag] secure-delegated.dnssec-parent.com. ...
@@ -12,14 +11,12 @@ Reply to question for qname='secure-delegated.dnssec-parent.com.', qtype=CDS
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='secure-delegated.dnssec-parent.com.', qtype=CDNSKEY
 0      secure-delegated.dnssec-parent.com.     IN      CDNSKEY 86400   257 3 8 AwEAAZd9R7SWWGqA12oG7Ls+h3b0/IAyMj/Pqn/ZuKWM/OdpxT/cn2xwLDhkdmqP/pUqAzvyFPyd4kTqrmLfbohBwA7+07pBVa4qf/jxlHivdMNUD72H+dUYqBlmhCC6l3eG+8FZi2tkdwn8kUoa9kyLMtrEaFnOd/oUQbmNvIDp+8VWv1cSnRJ8UXKdXLl0smpvC7h1K2AUiC5oGIYQTCYWwYRM1wCbb+q1fbFCdkbI7OQW/h7Pj30eLpIuz0bJj4vdKXXZHK8clSdTMAFm6rQsNDI0w7QdCgaDmTn3b6TF2UJi4eDnh7uDbSpUd1mI5XWNw4C6WrUmebFLfiry6vqdiIc=
-0      secure-delegated.dnssec-parent.com.     IN      CDS     86400   54319 8 1 a28ebe791e9cc7f4c2821131be367326ddd7434c
 0      secure-delegated.dnssec-parent.com.     IN      CDS     86400   54319 8 2 a0b9c38cd324182af0ef66830d0a0e85a1d58979c9834e18c871779e040857b7
 0      secure-delegated.dnssec-parent.com.     IN      RRSIG   86400   CDNSKEY 8 3 86400 [expiry] [inception] [keytag] secure-delegated.dnssec-parent.com. ...
 0      secure-delegated.dnssec-parent.com.     IN      RRSIG   86400   CDNSKEY 8 3 86400 [expiry] [inception] [keytag] secure-delegated.dnssec-parent.com. ...
 0      secure-delegated.dnssec-parent.com.     IN      RRSIG   86400   CDS 8 3 86400 [expiry] [inception] [keytag] secure-delegated.dnssec-parent.com. ...
 0      secure-delegated.dnssec-parent.com.     IN      RRSIG   86400   CDS 8 3 86400 [expiry] [inception] [keytag] secure-delegated.dnssec-parent.com. ...
 0      cdnskey-cds-test.com.   IN      CDS     86400
-0      cdnskey-cds-test.com.   IN      CDS     86400
 0      cdnskey-cds-test.com.   IN      RRSIG   86400
 2      .       IN      OPT     32768   
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
@@ -31,6 +28,5 @@ Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='cdnskey-cds-test.com.', qtype=CDNSKEY
 0      cdnskey-cds-test.com.   IN      CDNSKEY 86400
 0      cdnskey-cds-test.com.   IN      CDS     86400
-0      cdnskey-cds-test.com.   IN      CDS     86400
 0      cdnskey-cds-test.com.   IN      RRSIG   86400
 0      cdnskey-cds-test.com.   IN      RRSIG   86400
Unnamed repository; edit this file 'description' to name the repository.