From: Benjamin Zengin <b.zengin@yahoo.de>
Date: Thu, 21 Jul 2016 13:28:52 +0000 (+0200)
Subject: New interface for addKey()
X-Git-Tag: dnsdist-1.1.0-beta2~136^2~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=82cc07611d23c5e815d8673ae070cf0e421351ad;p=pdns

New interface for addKey()
- id of added key is returned by a reference parameter
- return type bool indicates success of adding the key
- id is returned as int64_t
---

diff --git a/docs/markdown/authoritative/backend-remote.md b/docs/markdown/authoritative/backend-remote.md
index f92314ff3..613db1c62 100644
--- a/docs/markdown/authoritative/backend-remote.md
+++ b/docs/markdown/authoritative/backend-remote.md
@@ -369,8 +369,8 @@ Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Z
 Adds key into local storage. See [`getDomainKeys`](#getdomainkeys) for more information.
 
 * Mandatory: No
-* Parameters: name, key=`<flags,active,content>`
-* Reply: id (>= 0) for success, -1 for failure
+* Parameters: name, key=`<flags,active,content>`, id
+* Reply: true for success, false for failure
 
 #### Example JSON/RPC
 Query:
diff --git a/modules/bindbackend/bindbackend2.hh b/modules/bindbackend/bindbackend2.hh
index 114323ae5..21b45e3b4 100644
--- a/modules/bindbackend/bindbackend2.hh
+++ b/modules/bindbackend/bindbackend2.hh
@@ -214,7 +214,7 @@ public:
   virtual bool setDomainMetadata(const DNSName& name, const std::string& kind, const std::vector<std::string>& meta);
   virtual bool getDomainKeys(const DNSName& name, unsigned int kind, std::vector<KeyData>& keys);
   virtual bool removeDomainKey(const DNSName& name, unsigned int id);
-  virtual int addDomainKey(const DNSName& name, const KeyData& key);
+  virtual bool addDomainKey(const DNSName& name, const KeyData& key, int64_t& id);
   virtual bool activateDomainKey(const DNSName& name, unsigned int id);
   virtual bool deactivateDomainKey(const DNSName& name, unsigned int id);
   virtual bool getTSIGKey(const DNSName& name, DNSName* algorithm, string* content);
diff --git a/modules/bindbackend/binddnssec.cc b/modules/bindbackend/binddnssec.cc
index ba57339b5..6d91db233 100644
--- a/modules/bindbackend/binddnssec.cc
+++ b/modules/bindbackend/binddnssec.cc
@@ -56,7 +56,7 @@ bool Bind2Backend::getDomainKeys(const DNSName& name, unsigned int kind, std::ve
 bool Bind2Backend::removeDomainKey(const DNSName& name, unsigned int id)
 { return false; }
 
-int Bind2Backend::addDomainKey(const DNSName& name, const KeyData& key)
+bool Bind2Backend::addDomainKey(const DNSName& name, const KeyData& key, int64_t& id)
 { return -1; }
 
 bool Bind2Backend::activateDomainKey(const DNSName& name, unsigned int id)
@@ -308,10 +308,10 @@ bool Bind2Backend::removeDomainKey(const DNSName& name, unsigned int id)
   return true;
 }
 
-int Bind2Backend::addDomainKey(const DNSName& name, const KeyData& key)
+bool Bind2Backend::addDomainKey(const DNSName& name, const KeyData& key, int64_t& id)
 {
   if(!d_dnssecdb || d_hybrid)
-    return -1;
+    return false;
 
   try {
     d_insertDomainKeyQuery_stmt->
@@ -328,19 +328,22 @@ int Bind2Backend::addDomainKey(const DNSName& name, const KeyData& key)
 
   try {
     d_GetLastInsertedKeyIdQuery_stmt->execute();
-    if (!d_GetLastInsertedKeyIdQuery_stmt->hasNextRow())
-      throw PDNSException("GSQLBackend unable to get id");
+    if (!d_GetLastInsertedKeyIdQuery_stmt->hasNextRow()) {
+      id = -2;
+      return true;
+    }
     SSqlStatement::row_t row;
     d_GetLastInsertedKeyIdQuery_stmt->nextRow(row);
     int id = std::stoi(row[0]);
     d_GetLastInsertedKeyIdQuery_stmt->reset();
-    return id;
+    return true;
   }
   catch (SSqlException &e) {
-    throw PDNSException("DNSSEC database in BIND backend unable to get id: "+e.txtReason());
+    id = -2;
+    return true;
   }
 
-  return -1;
+  return false;
 }
 
 bool Bind2Backend::activateDomainKey(const DNSName& name, unsigned int id)
diff --git a/modules/geoipbackend/geoipbackend.cc b/modules/geoipbackend/geoipbackend.cc
index 841c6f016..bfb9207ed 100644
--- a/modules/geoipbackend/geoipbackend.cc
+++ b/modules/geoipbackend/geoipbackend.cc
@@ -871,7 +871,7 @@ bool GeoIPBackend::removeDomainKey(const DNSName& name, unsigned int id) {
   return false;
 }
 
-int GeoIPBackend::addDomainKey(const DNSName& name, const KeyData& key) {
+bool GeoIPBackend::addDomainKey(const DNSName& name, const KeyData& key, int64_t& id) {
   if (!d_dnssec) return false;
   WriteLock rl(&s_state_lock);
   unsigned int nextid=1;
@@ -899,7 +899,8 @@ int GeoIPBackend::addDomainKey(const DNSName& name, const KeyData& key) {
       ofstream ofs(pathname.str().c_str());
       ofs.write(key.content.c_str(), key.content.size());
       ofs.close();
-      return nextid;
+      id = nextid;
+      return true;
     }
   }
   return false;
diff --git a/modules/geoipbackend/geoipbackend.hh b/modules/geoipbackend/geoipbackend.hh
index 94fc1646b..52990770e 100644
--- a/modules/geoipbackend/geoipbackend.hh
+++ b/modules/geoipbackend/geoipbackend.hh
@@ -64,7 +64,7 @@ public:
   virtual bool getDomainMetadata(const DNSName& name, const std::string& kind, std::vector<std::string>& meta);
   virtual bool getDomainKeys(const DNSName& name, unsigned int kind, std::vector<DNSBackend::KeyData>& keys);
   virtual bool removeDomainKey(const DNSName& name, unsigned int id);
-  virtual int addDomainKey(const DNSName& name, const KeyData& key);
+  virtual bool addDomainKey(const DNSName& name, const KeyData& key, int64_t& id);
   virtual bool activateDomainKey(const DNSName& name, unsigned int id);
   virtual bool deactivateDomainKey(const DNSName& name, unsigned int id);
 
diff --git a/modules/luabackend/dnssec.cc b/modules/luabackend/dnssec.cc
index c833143df..aa00b7a92 100644
--- a/modules/luabackend/dnssec.cc
+++ b/modules/luabackend/dnssec.cc
@@ -312,13 +312,13 @@ bool LUABackend::removeDomainKey(const DNSName& name, unsigned int id) {
     return ok;
 }
 
-int LUABackend::addDomainKey(const DNSName& name, const KeyData& key) {
+bool LUABackend::addDomainKey(const DNSName& name, const KeyData& key, int64_t& id) {
 // there is no logging function in pdnsutil when running this routine?
 
 //key = id, flags, active, content
 
     if(f_lua_adddomainkey == 0) 
-	return -1;
+	return false;
 
     if(logging)
 	//L << Logger::Info << backend_name << "(addDomainKey) BEGIN name: '" << name << "' id: '" << id << endl;
@@ -347,7 +347,6 @@ int LUABackend::addDomainKey(const DNSName& name, const KeyData& key) {
         lua_pop(lua, 1);
 
         throw runtime_error(e);
-        return -1;
     }
 
     size_t returnedwhat = lua_type(lua, -1);
@@ -359,9 +358,9 @@ int LUABackend::addDomainKey(const DNSName& name, const KeyData& key) {
     lua_pop(lua, 1);
 
     if(logging)
-	cerr << backend_name << "(addDomainKey) END" << endl;
-	
-    return ok;
+        cerr << backend_name << "(addDomainKey) END" << endl;
+
+    return ok >= 0;
 }
 
 bool LUABackend::getDomainKeys(const DNSName& name, unsigned int kind, std::vector<KeyData>& keys) {
diff --git a/modules/luabackend/luabackend.hh b/modules/luabackend/luabackend.hh
index b658af576..c861558a6 100644
--- a/modules/luabackend/luabackend.hh
+++ b/modules/luabackend/luabackend.hh
@@ -98,7 +98,7 @@ public:
     bool activateDomainKey(const DNSName& name, unsigned int id) override ;
     bool deactivateDomainKey(const DNSName& name, unsigned int id) override ;
     bool getTSIGKey(const DNSName& name, DNSName* algorithm, string* content) override ;
-    int addDomainKey(const DNSName& name, const KeyData& key) override ;
+    bool addDomainKey(const DNSName& name, const KeyData& key, int64_t& id) override ;
     bool updateDNSSECOrderAndAuthAbsolute(uint32_t domain_id, const DNSName& qname, const std::string& ordername, bool auth);
     bool getBeforeAndAfterNamesAbsolute(uint32_t id, const      string& qname, DNSName& unhashed, string& before, string& after) override;
     bool updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& zonename, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t qtype=QType::ANY) override;
diff --git a/modules/oraclebackend/oraclebackend.cc b/modules/oraclebackend/oraclebackend.cc
index 72a299124..b3ab9fd8e 100644
--- a/modules/oraclebackend/oraclebackend.cc
+++ b/modules/oraclebackend/oraclebackend.cc
@@ -1649,11 +1649,11 @@ OracleBackend::removeDomainKey (const DNSName& name, unsigned int id)
   return true;
 }
 
-int
-OracleBackend::addDomainKey (const DNSName& name, const KeyData& key)
+bool
+OracleBackend::addDomainKey (const DNSName& name, const KeyData& key, int64_t& id)
 {
   if(!d_dnssecQueries)
-    return -1;
+    return false;
   DomainInfo di;
   if (getDomainInfo(name, di) == false) return false;
 
@@ -1697,7 +1697,8 @@ OracleBackend::addDomainKey (const DNSName& name, const KeyData& key)
     throw OracleException("Oracle addDomainKey COMMIT", oraerr);
   }
 
-  return key_id;
+  id = key_id;
+  return key_id >= 0;
 }
 
 bool
diff --git a/modules/oraclebackend/oraclebackend.hh b/modules/oraclebackend/oraclebackend.hh
index 7443b9d9c..f2fcc15d3 100644
--- a/modules/oraclebackend/oraclebackend.hh
+++ b/modules/oraclebackend/oraclebackend.hh
@@ -106,7 +106,7 @@ public:
 
   bool getDomainKeys(const DNSName& name, unsigned int kind, vector<KeyData>& keys);
   bool removeDomainKey(const DNSName& name, unsigned int id);
-  int addDomainKey(const DNSName& name, const KeyData& key);
+  bool addDomainKey(const DNSName& name, const KeyData& key, int64_t& id);
   bool activateDomainKey(const DNSName& name, unsigned int id);
   bool deactivateDomainKey(const DNSName& name, unsigned int id);
 
diff --git a/modules/remotebackend/remotebackend.cc b/modules/remotebackend/remotebackend.cc
index 436b23293..5f76b4d84 100644
--- a/modules/remotebackend/remotebackend.cc
+++ b/modules/remotebackend/remotebackend.cc
@@ -405,7 +405,7 @@ bool RemoteBackend::removeDomainKey(const DNSName& name, unsigned int id) {
    return true;
 }
 
-int RemoteBackend::addDomainKey(const DNSName& name, const KeyData& key) {
+bool RemoteBackend::addDomainKey(const DNSName& name, const KeyData& key, int64_t& id) {
    // no point doing dnssec if it's not supported
    if (d_dnssec == false) return false;
 
@@ -425,7 +425,8 @@ int RemoteBackend::addDomainKey(const DNSName& name, const KeyData& key) {
    if (this->send(query) == false || this->recv(answer) == false)
      return false;
 
-   return answer["result"].int_value();
+   id = answer["result"].int_value();
+   return id >= 0;
 }
 
 bool RemoteBackend::activateDomainKey(const DNSName& name, unsigned int id) {
diff --git a/modules/remotebackend/remotebackend.hh b/modules/remotebackend/remotebackend.hh
index 0a71cf341..0cf0f3981 100644
--- a/modules/remotebackend/remotebackend.hh
+++ b/modules/remotebackend/remotebackend.hh
@@ -165,7 +165,7 @@ class RemoteBackend : public DNSBackend
   virtual bool getBeforeAndAfterNamesAbsolute(uint32_t id, const string& qname, DNSName& unhashed, string& before, string& after);
   virtual bool setDomainMetadata(const DNSName& name, const string& kind, const std::vector<std::basic_string<char> >& meta);
   virtual bool removeDomainKey(const DNSName& name, unsigned int id);
-  virtual int addDomainKey(const DNSName& name, const KeyData& key);
+  virtual bool addDomainKey(const DNSName& name, const KeyData& key, int64_t& id);
   virtual bool activateDomainKey(const DNSName& name, unsigned int id);
   virtual bool deactivateDomainKey(const DNSName& name, unsigned int id);
   virtual bool getDomainInfo(const DNSName& domain, DomainInfo& di);
diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc
index 79b51293f..8c01b14af 100644
--- a/pdns/backends/gsql/gsqlbackend.cc
+++ b/pdns/backends/gsql/gsqlbackend.cc
@@ -645,10 +645,10 @@ bool GSQLBackend::getBeforeAndAfterNamesAbsolute(uint32_t id, const string& qnam
   return true;
 }
 
-int GSQLBackend::addDomainKey(const DNSName& name, const KeyData& key)
+bool GSQLBackend::addDomainKey(const DNSName& name, const KeyData& key, int64_t& id)
 {
   if(!d_dnssecQueries)
-    return -1;
+    return false;
 
   try {
     d_AddDomainKeyQuery_stmt->
@@ -665,19 +665,22 @@ int GSQLBackend::addDomainKey(const DNSName& name, const KeyData& key)
 
   try {
     d_GetLastInsertedKeyIdQuery_stmt->execute();
-    if (!d_GetLastInsertedKeyIdQuery_stmt->hasNextRow())
-      throw PDNSException("GSQLBackend unable to get id");
+    if (!d_GetLastInsertedKeyIdQuery_stmt->hasNextRow()) {
+      id = -2;
+      return true;
+    }
     SSqlStatement::row_t row;
     d_GetLastInsertedKeyIdQuery_stmt->nextRow(row);
-    int id = std::stoi(row[0]);
+    id = std::stoi(row[0]);
     d_GetLastInsertedKeyIdQuery_stmt->reset();
-    return id;
+    return true;
   }
   catch (SSqlException &e) {
-    throw PDNSException("GSQLBackend unable to get id: "+e.txtReason());
+    id = -2;
+    return true;
   }
 
-  return -1;
+  return false;
 }
 
 bool GSQLBackend::activateDomainKey(const DNSName& name, unsigned int id)
diff --git a/pdns/backends/gsql/gsqlbackend.hh b/pdns/backends/gsql/gsqlbackend.hh
index d5deb3a20..cfd3ff542 100644
--- a/pdns/backends/gsql/gsqlbackend.hh
+++ b/pdns/backends/gsql/gsqlbackend.hh
@@ -217,7 +217,7 @@ public:
 
   bool replaceRRSet(uint32_t domain_id, const DNSName& qname, const QType& qt, const vector<DNSResourceRecord>& rrset);
   bool listSubZone(const DNSName &zone, int domain_id);
-  int addDomainKey(const DNSName& name, const KeyData& key);
+  bool addDomainKey(const DNSName& name, const KeyData& key, int64_t& id);
   bool getDomainKeys(const DNSName& name, unsigned int kind, std::vector<KeyData>& keys);
   bool getAllDomainMetadata(const DNSName& name, std::map<std::string, std::vector<std::string> >& meta);
   bool getDomainMetadata(const DNSName& name, const std::string& kind, std::vector<std::string>& meta);
diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 66f2c4a0c..e770e4ccc 100644
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -73,7 +73,7 @@ bool DNSSECKeeper::isPresigned(const DNSName& name)
   return meta=="1";
 }
 
-int DNSSECKeeper::addKey(const DNSName& name, bool setSEPBit, int algorithm, int bits, bool active)
+bool DNSSECKeeper::addKey(const DNSName& name, bool setSEPBit, int algorithm, int64_t& id, int bits, bool active)
 {
   if(!bits) {
     if(algorithm <= 10)
@@ -98,7 +98,7 @@ int DNSSECKeeper::addKey(const DNSName& name, bool setSEPBit, int algorithm, int
   dspk.setKey(dpk);
   dspk.d_algorithm = algorithm;
   dspk.d_flags = setSEPBit ? 257 : 256;
-  return addKey(name, dspk, active);
+  return addKey(name, dspk, id, active);
 }
 
 void DNSSECKeeper::clearAllCaches() {
@@ -123,7 +123,7 @@ void DNSSECKeeper::clearCaches(const DNSName& name)
 }
 
 
-int DNSSECKeeper::addKey(const DNSName& name, const DNSSECPrivateKey& dpk, bool active)
+bool DNSSECKeeper::addKey(const DNSName& name, const DNSSECPrivateKey& dpk, int64_t& id, bool active)
 {
   clearCaches(name);
   DNSBackend::KeyData kd;
@@ -131,7 +131,7 @@ int DNSSECKeeper::addKey(const DNSName& name, const DNSSECPrivateKey& dpk, bool
   kd.active = active;
   kd.content = dpk.getKey()->convertToISC();
  // now store it
-  return d_keymetadb->addDomainKey(name, kd);
+  return d_keymetadb->addDomainKey(name, kd, id);
 }
 
 
diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh
index 9ae0492e8..e97b87988 100644
--- a/pdns/dnsbackend.hh
+++ b/pdns/dnsbackend.hh
@@ -179,7 +179,7 @@ public:
 
   virtual bool getDomainKeys(const DNSName& name, unsigned int kind, std::vector<KeyData>& keys) { return false;}
   virtual bool removeDomainKey(const DNSName& name, unsigned int id) { return false; }
-  virtual int addDomainKey(const DNSName& name, const KeyData& key){ return -1; }
+  virtual bool addDomainKey(const DNSName& name, const KeyData& key, int64_t& id){ return false; }
   virtual bool activateDomainKey(const DNSName& name, unsigned int id) { return false; }
   virtual bool deactivateDomainKey(const DNSName& name, unsigned int id) { return false; }
 
diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh
index 0c5d4e885..d88d8e97c 100644
--- a/pdns/dnsseckeeper.hh
+++ b/pdns/dnsseckeeper.hh
@@ -161,8 +161,8 @@ public:
   keyset_t getEntryPoints(const DNSName& zname);
   keyset_t getKeys(const DNSName& zone, bool useCache = true);
   DNSSECPrivateKey getKeyById(const DNSName& zone, unsigned int id);
-  int addKey(const DNSName& zname, bool setSEPBit, int algorithm, int bits=0, bool active=true);
-  int addKey(const DNSName& zname, const DNSSECPrivateKey& dpk, bool active=true);
+  bool addKey(const DNSName& zname, bool setSEPBit, int algorithm, int64_t& id, int bits=0, bool active=true);
+  bool addKey(const DNSName& zname, const DNSSECPrivateKey& dpk, int64_t& id, bool active=true);
   bool removeKey(const DNSName& zname, unsigned int id);
   bool activateKey(const DNSName& zname, unsigned int id);
   bool deactivateKey(const DNSName& zname, unsigned int id);
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 29a3c773a..6378d70f6 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -1702,7 +1702,9 @@ bool secureZone(DNSSECKeeper& dk, const DNSName& zone)
   vector<string> k_algos;
   vector<string> z_algos;
   int k_size;
-  int z_size; 
+  int z_size;
+  // temp var for addKey
+  int64_t id;
 
   stringtok(k_algos, ::arg()["default-ksk-algorithms"], " ,");
   k_size = ::arg().asNum("default-ksk-size");
@@ -1747,13 +1749,12 @@ bool secureZone(DNSSECKeeper& dk, const DNSName& zone)
   if (k_algos.empty()) { /* only a ZSK was requested by the defaults, set the SEP bit */
   }
 
-
   for(auto &k_algo: k_algos) {
     cout << "Adding "<<(z_algos.empty()? "CSK (257)" : "KSK")<<" with algorithm " << k_algo << endl;
 
     int algo = DNSSECKeeper::shorthand2algorithm(k_algo);
 
-    if(dk.addKey(zone, true, algo, k_size, true) < 0) {
+    if (!dk.addKey(zone, true, algo, id, k_size, true)) {
       cerr<<"No backend was able to secure '"<<zone<<"', most likely because no DNSSEC"<<endl;
       cerr<<"capable backends are loaded, or because the backends have DNSSEC disabled."<<endl;
       cerr<<"For the Generic SQL backends, set the 'gsqlite3-dnssec', 'gmysql-dnssec' or"<<endl;
@@ -1768,7 +1769,7 @@ bool secureZone(DNSSECKeeper& dk, const DNSName& zone)
 
     int algo = DNSSECKeeper::shorthand2algorithm(z_algo);
 
-    if(!dk.addKey(zone, false, algo, z_size, true) < 0) {
+    if (!dk.addKey(zone, false, algo, id, z_size, true)) {
       cerr<<"No backend was able to secure '"<<zone<<"', most likely because no DNSSEC"<<endl;
       cerr<<"capable backends are loaded, or because the backends have DNSSEC disabled."<<endl;
       cerr<<"For the Generic SQL backends, set the 'gsqlite3-dnssec', 'gmysql-dnssec' or"<<endl;
@@ -2254,16 +2255,21 @@ loadMainConfig(g_vm["config-dir"].as<string>());
         exit(EXIT_FAILURE);;
       }
     }
-    int id;
-    if((id = dk.addKey(zone, keyOrZone, algorithm, bits, active)) < 0) {
+    int64_t id;
+    if (!dk.addKey(zone, keyOrZone, algorithm, id, bits, active)) {
       cerr<<"Adding key failed, perhaps DNSSEC not enabled in configuration?"<<endl;
       exit(1);
-    }
-    else {
+    } else {
       cerr<<"Added a " << (keyOrZone ? "KSK" : "ZSK")<<" with algorithm = "<<algorithm<<", active="<<active<<endl;
-      if(bits)
+      if (bits)
         cerr<<"Requested specific key size of "<<bits<<" bits"<<endl;
-      cout<<std::to_string(id)<<endl;
+      if (id == -1) {
+        cerr<<std::to_string(id)<<"Key was added, but backend does not support returning of key id"<<endl;
+      } else if (id < -1) {
+        cerr<<std::to_string(id)<<"Key was added, but there was a failure while returning the key id"<<endl;
+      } else {
+        cout<<std::to_string(id)<<endl;
+      }
     }
   }
   else if(cmds[0] == "remove-zone-key") {
@@ -2640,12 +2646,18 @@ loadMainConfig(g_vm["config-dir"].as<string>());
     else
       dpk.d_flags = 257; // ksk
 
-    int id;
-    if((id = dk.addKey(DNSName(zone), dpk)) < 0) {
+    int64_t id;
+    if (!dk.addKey(DNSName(zone), dpk, id)) {
       cerr<<"Adding key failed, perhaps DNSSEC not enabled in configuration?"<<endl;
       exit(1);
     }
-    cout<<std::to_string(id)<<endl;
+    if (id == -1) {
+      cerr<<std::to_string(id)<<"Key was added, but backend does not support returning of key id"<<endl;
+    } else if (id < -1) {
+      cerr<<std::to_string(id)<<"Key was added, but there was a failure while returning the key id"<<endl;
+    } else {
+      cout<<std::to_string(id)<<endl;
+    }
     
   }
   else if(cmds[0]=="import-zone-key") {
@@ -2681,12 +2693,18 @@ loadMainConfig(g_vm["config-dir"].as<string>());
         exit(1);
       }          
     }
-    int id;
-    if((id = dk.addKey(DNSName(zone), dpk, active)) < 0) {
+    int64_t id;
+    if (!dk.addKey(DNSName(zone), dpk, id, active)) {
       cerr<<"Adding key failed, perhaps DNSSEC not enabled in configuration?"<<endl;
       exit(1);
     }
-    cout<<std::to_string(id)<<endl;
+    if (id == -1) {
+      cerr<<std::to_string(id)<<"Key was added, but backend does not support returning of key id"<<endl;
+    } else if (id < -1) {
+      cerr<<std::to_string(id)<<"Key was added, but there was a failure while returning the key id"<<endl;
+    } else {
+      cout<<std::to_string(id)<<endl;
+    }
   }
   else if(cmds[0]=="export-zone-dnskey") {
     if(cmds.size() < 3) {
@@ -2982,7 +3000,7 @@ loadMainConfig(g_vm["config-dir"].as<string>());
         return 1;
       }
 
-      int id;
+      int64_t id;
       bool keyOrZone = (cmds[4] == "ksk" ? true : false);
       string module = cmds[5];
       string slot = cmds[6];
@@ -2997,55 +3015,42 @@ loadMainConfig(g_vm["config-dir"].as<string>());
         "PIN: " << pin << std::endl << 
         "Label: " << label << std::endl;
 
-     DNSKEYRecordContent drc; 
-     DNSSECPrivateKey dpk;
-     dpk.d_flags = (keyOrZone ? 257 : 256);
-
-     shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str()));
-     if(!dke->checkKey()) {
-       cerr << "Invalid DNS Private Key in engine " << module << " slot " << slot << std::endl;
-       return 1;
-     }
-     dpk.setKey(dke);
-
-     // make sure this key isn't being reused.
-     B.getDomainKeys(zone, 0, keys);
-     id = -1;
-
-     for(DNSBackend::KeyData& kd :  keys) {
-       if (kd.content == iscString.str()) {
-         // it's this one, I guess...
-         id = kd.id;
-         break;
-       }
-     }
+      DNSKEYRecordContent drc;
+      DNSSECPrivateKey dpk;
+      dpk.d_flags = (keyOrZone ? 257 : 256);
 
-     if (id > -1) {
-       cerr << "You have already assigned this key with ID=" << id << std::endl;
-       return 1;
-     }
+      shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str()));
+      if(!dke->checkKey()) {
+        cerr << "Invalid DNS Private Key in engine " << module << " slot " << slot << std::endl;
+        return 1;
+      }
+      dpk.setKey(dke);
 
-     if (!(id = dk.addKey(zone, dpk))) {
-       cerr << "Unable to assign module slot to zone" << std::endl;
-       return 1;
-     }
+      // make sure this key isn't being reused.
+      B.getDomainKeys(zone, 0, keys);
+      id = -1;
 
-     // figure out key id.
+      for(DNSBackend::KeyData& kd :  keys) {
+        if (kd.content == iscString.str()) {
+          // it's this one, I guess...
+          id = kd.id;
+          break;
+        }
+      }
 
-     B.getDomainKeys(zone, 0, keys);
+      if (id > -1) {
+        cerr << "You have already assigned this key with ID=" << id << std::endl;
+        return 1;
+      }
 
-     // validate which one got the key...
-     for(DNSBackend::KeyData& kd :  keys) {
-       if (kd.content == iscString.str()) {
-         // it's this one, I guess...
-         id = kd.id;
-         break;
-       }
-     }
+      if (!dk.addKey(zone, dpk, id)) {
+        cerr << "Unable to assign module slot to zone" << std::endl;
+        return 1;
+      }
 
-     cerr << "Module " << module << " slot " << slot << " assigned to " << zone << " with key id " << id << endl;
+      cerr << "Module " << module << " slot " << slot << " assigned to " << zone << " with key id " << id << endl;
 
-     return 0;
+      return 0;
     } else if (cmds[1] == "create-key") {
 
       if (cmds.size() < 4) {
@@ -3175,10 +3180,12 @@ loadMainConfig(g_vm["config-dir"].as<string>());
       }
       // move keys
       nk=0;
+      // temp var for KeyID
+      int64_t keyID;
       std::vector<DNSBackend::KeyData> keys;
       if (src->getDomainKeys(di.zone, 0, keys)) {
         for(const DNSBackend::KeyData& k: keys) {
-          tgt->addDomainKey(di.zone, k);
+          tgt->addDomainKey(di.zone, k, keyID);
           nk++;
         }
       }
diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc
index 9557b36fc..fe97528c4 100644
--- a/pdns/ueberbackend.cc
+++ b/pdns/ueberbackend.cc
@@ -99,14 +99,14 @@ bool UeberBackend::createDomain(const DNSName &domain)
   return false;
 }
 
-int UeberBackend::addDomainKey(const DNSName& name, const DNSBackend::KeyData& key)
+bool UeberBackend::addDomainKey(const DNSName& name, const DNSBackend::KeyData& key, int64_t& id)
 {
-  int ret;
+  id = -1;
   for(DNSBackend* db :  backends) {
-    if((ret = db->addDomainKey(name, key)) >= 0)
-      return ret;
+    if(db->addDomainKey(name, key, id))
+      return true;
   }
-  return -1;
+  return false;
 }
 bool UeberBackend::getDomainKeys(const DNSName& name, unsigned int kind, std::vector<DNSBackend::KeyData>& keys)
 {
diff --git a/pdns/ueberbackend.hh b/pdns/ueberbackend.hh
index 7c1aecd53..ab1eb2dac 100644
--- a/pdns/ueberbackend.hh
+++ b/pdns/ueberbackend.hh
@@ -116,7 +116,7 @@ public:
   bool getDomainInfo(const DNSName &domain, DomainInfo &di);
   bool createDomain(const DNSName &domain);
   
-  int addDomainKey(const DNSName& name, const DNSBackend::KeyData& key);
+  bool addDomainKey(const DNSName& name, const DNSBackend::KeyData& key, int64_t& id);
   bool getDomainKeys(const DNSName& name, unsigned int kind, std::vector<DNSBackend::KeyData>& keys);
   bool getAllDomainMetadata(const DNSName& name, std::map<std::string, std::vector<std::string> >& meta);
   bool getDomainMetadata(const DNSName& name, const std::string& kind, std::vector<std::string>& meta);