check-zone: warn on mismatch between algo and NSEC #4123

Merged
merged 1 commit into from Jul 6, 2016

Projects

None yet

3 participants

@pieterlexis
Member

Closes #3267

@pieterlexis pieterlexis merged commit 57c447d into PowerDNS:master Jul 6, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@pieterlexis pieterlexis deleted the pieterlexis:issue-3267-algo-5-7 branch Jul 6, 2016
@mind04
Contributor
mind04 commented Jul 7, 2016

no warning for algorithm 7 in NSEC zones?

@Habbie
Member
Habbie commented Jul 7, 2016

@mind04 why should we?

@pieterlexis if a comment says 'this should go' it does not mean itself ;) reopened #3267

@Habbie Habbie commented on the diff Jul 7, 2016
pdns/dbdnsseckeeper.cc
@@ -448,7 +448,7 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const DNSName& zone, bool useCache)
dpk.d_flags = kd.flags;
dpk.d_algorithm = dkrc.d_algorithm;
- if(dpk.d_algorithm == 5 && getNSEC3PARAM(zone)) // XXX Needs to go, see #3267
@Habbie
Habbie Jul 7, 2016 Member

Please reinstate this comment.

@Habbie Habbie added this to the auth-4.0.0 milestone Jul 7, 2016
@Habbie
Member
Habbie commented Jul 7, 2016

One nit, then LGTM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment