Permalink
Browse files

give a better error on trying to add nsec3 parameters to a weird zone…

… like "1 0 1 ab" (which indicates that you forgot to specify a zone name on the command line).

Fixes #800.
  • Loading branch information...
1 parent b925384 commit 775acd9eb1cc068339c69a47bff021b74ab6e98c @ahupowerdns ahupowerdns committed May 24, 2013
Showing with 8 additions and 1 deletion.
  1. +8 −1 pdns/pdnssec.cc
View
@@ -1207,7 +1207,14 @@ try
string nsec3params = cmds.size() > 2 ? cmds[2] : "1 0 1 ab";
bool narrow = cmds.size() > 3 && cmds[3]=="narrow";
NSEC3PARAMRecordContent ns3pr(nsec3params);
- dk.setNSEC3PARAM(cmds[1], ns3pr, narrow);
+
+ string zone=cmds[1];
+ if(!dk.isSecuredZone(zone)) {
+ cerr<<"Zone '"<<zone<<"' is not secured, can't set NSEC3 parameters"<<endl;
+ exit(EXIT_FAILURE);
+ }
+ dk.setNSEC3PARAM(zone, ns3pr, narrow);
+
if (!ns3pr.d_flags)
cerr<<"NSEC3 set, please rectify-zone if your backend needs it"<<endl;
else

0 comments on commit 775acd9

Please sign in to comment.