From: Bert Hubert Date: Tue, 11 Jan 2011 13:44:43 +0000 (+0000) Subject: fix typo in bindbackend, add pdnssec hash-zone-record convenience function for manual... X-Git-Tag: auth-3.0~382 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=65c879425f3915c770bf49cf8d9fff8b8d97d6c5;p=pdns fix typo in bindbackend, add pdnssec hash-zone-record convenience function for manual hashing, plus document it git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1865 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index 217ceff8a..bd09a521c 100644 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -9323,6 +9323,15 @@ $ pdnssec rectify-zone + + hash-zone-record ZONE RECORDNAME + + + This convenience command hashes the name 'recordname' according to the NSEC3 settings of ZONE. + Refuses to hash for zones with no NSEC3 settings. + + + import-zone-dnskey ZONE filename [ksk|zsk] @@ -9479,7 +9488,8 @@ $ pdnssec rectify-zone For now, it is necessary to execute a manual SQL 'insert' into the domains table of the backend hosting - the keying material. This is needed to generate a zone-id for the relevant domain. + the keying material. This is needed to generate a zone-id for the relevant domain. Sample SQL statement: + insert into domains (name, type) values ('powerdnssec.org', 'NATIVE');. @@ -9496,8 +9506,8 @@ $ pdnssec rectify-zone data for which is itself authoritative, which includes the SOA record and its own NS records. - The 'auth' field should be 0 however for NS records which are used for delegation, and also for any glue records - present for this purpose. + The 'auth' field should be 0 however for NS records which are used for delegation, and also for any glue (A, AAAA) records + present for this purpose. Do note that the DS record for a secure delegation should be authoritative! The 'ordername' field needs to be filled out depending on the NSEC/NSEC3 mode. When running in NSEC3 'Narrow' mode, @@ -9509,7 +9519,7 @@ $ pdnssec rectify-zone In 'NSEC3' non-narrow mode, the ordername should contain a lowercase base32hex encoded representation of the salted & iterated hash - of the full record name. + of the full record name. pdnssec hash-zone-record zone record can be used to calculate this hash. @@ -9544,7 +9554,7 @@ $ pdnssec rectify-zone Roy Arends (Nominet) Miek Gieben Stephane Bortzmeyer (AFNIC) - Michael Braunoede (nic.at) + Michael Braunoeder (nic.at) Peter van Dijk Maik Zumstrull Jose Arthur Benetasso Villanova diff --git a/pdns/mastercommunicator.cc b/pdns/mastercommunicator.cc index 49a213a59..781ee59a4 100644 --- a/pdns/mastercommunicator.cc +++ b/pdns/mastercommunicator.cc @@ -170,7 +170,7 @@ time_t CommunicatorClass::doNotifications() } if(p.d.rcode) - L<