Permalink
Browse files

pdnssec check-zone, fix DNSKEY checks

  • Loading branch information...
1 parent edb255f commit 52058922e527e0fc293e092041ba6883cbaed684 @mind04 mind04 committed with mind04 Nov 13, 2013
Showing with 9 additions and 12 deletions.
  1. +9 −12 pdns/pdnssec.cc
View
@@ -470,24 +470,21 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
continue;
}
- if(rr.qtype.getCode() == QType::DNSKEY)
+ if(!presigned && rr.qtype.getCode() == QType::DNSKEY)
{
- if(presigned)
+ if(::arg().mustDo("experimental-direct-dnskey"))
{
- if(::arg().mustDo("experimental-direct-dnskey"))
+ if(rr.ttl != sd.default_ttl)
{
- if(rr.ttl != sd.default_ttl)
- {
- cout<<"[Warning] DNSKEY TTL of "<<rr.ttl<<" at '"<<rr.qname<<"' differs from SOA minimum of "<<sd.default_ttl<<endl;
- numwarnings++;
- }
- }
- else
- {
- cout<<"[Warning] DNSKEY at '"<<rr.qname<<"' in non-presigned zone will mostly be ignored and can cause problems."<<endl;
+ cout<<"[Warning] DNSKEY TTL of "<<rr.ttl<<" at '"<<rr.qname<<"' differs from SOA minimum of "<<sd.default_ttl<<endl;
numwarnings++;
}
}
+ else
+ {
+ cout<<"[Warning] DNSKEY at '"<<rr.qname<<"' in non-presigned zone will mostly be ignored and can cause problems."<<endl;
+ numwarnings++;
+ }
}
if(rr.qtype.getCode() == QType::URL || rr.qtype.getCode() == QType::MBOXFW) {

0 comments on commit 5205892

Please sign in to comment.