]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ca57aa9)
pdnssec check-all-zones now detect RRSIG records in non-presigned zones
authorKees Monshouwer <mind04@monshouwer.org>
Mon, 9 Sep 2013 19:30:28 +0000 (21:30 +0200)
committermind04 <mind04@monshouwer.org>
Mon, 9 Sep 2013 21:20:20 +0000 (23:20 +0200)
pdns/pdnssec.cc patch | blob | history

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index a8f98e05d30f524eec649f3adeb54e096d12a31e..75d628bfd895b3f712e9583a7689406d4162c834 100644 (file)
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -356,15 +356,18 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
     if (rr.qtype.getCode() == QType::CNAME) {
       if (!cnames.count(rr.qname))
         cnames.insert(rr.qname);
-      else
-      {
+      else {
         cout<<"[Error] Duplicate CNAME found at '"<<rr.qname<<"'. These do not belong in the database."<<endl;
         numerrors++;
         continue;
       }
-    }
-    else {
-      if (rr.qtype.getCode() != QType::RRSIG)
+    } else {
+      if (rr.qtype.getCode() == QType::RRSIG) {
+        if(!dk.isPresigned(zone)) {
+          cout<<"[Error] RRSIG found at '"<<rr.qname<<"' in non-presigned zone. These do not belong in the database."<<endl;
+          numerrors++;
+        }
+      } else
         noncnames.insert(rr.qname);
     }
 
@@ -389,8 +392,8 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
         }
         else
         {
-          cout<<"[Error] DNSKEY in non-presigned zone will mostly be ignored and can cause problems."<<endl;
-          numerrors++;
+          cout<<"[Warning] DNSKEY at '"<<rr.qname<<"' in non-presigned zone will mostly be ignored and can cause problems."<<endl;
+          numwarnings++;
         }
       }
     }
Unnamed repository; edit this file 'description' to name the repository.