Permalink
Browse files

pdnssec check-all-zones now detect RRSIG records in non-presigned zones

  • Loading branch information...
1 parent e319467 commit 7eaa83ab0f7fb721f9b936ab2b1ec9a04f11de83 @mind04 mind04 committed with mind04 Sep 9, 2013
Showing with 10 additions and 7 deletions.
  1. +10 −7 pdns/pdnssec.cc
View
@@ -354,15 +354,18 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
if (rr.qtype.getCode() == QType::CNAME) {
if (!cnames.count(rr.qname))
cnames.insert(rr.qname);
- else
- {
+ else {
cout<<"[Error] Duplicate CNAME found at '"<<rr.qname<<"'. These do not belong in the database."<<endl;
numerrors++;
continue;
}
- }
- else {
- if (rr.qtype.getCode() != QType::RRSIG)
+ } else {
+ if (rr.qtype.getCode() == QType::RRSIG) {
+ if(!dk.isPresigned(zone)) {
+ cout<<"[Error] RRSIG found at '"<<rr.qname<<"' in non-presigned zone. These do not belong in the database."<<endl;
+ numerrors++;
+ }
+ } else
noncnames.insert(rr.qname);
}
@@ -387,8 +390,8 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
}
else
{
- cout<<"[Error] DNSKEY in non-presigned zone will mostly be ignored and can cause problems."<<endl;
- numerrors++;
+ cout<<"[Warning] DNSKEY at '"<<rr.qname<<"' in non-presigned zone will mostly be ignored and can cause problems."<<endl;
+ numwarnings++;
}
}
}

0 comments on commit 7eaa83a

Please sign in to comment.