bool DNSSECKeeper::setNSEC3PARAM(const ZoneName& zname, const NSEC3PARAMRecordContent& ns3p, const bool& narrow)
{
+ if (auto wirelength = zname.operator const DNSName&().wirelength(); wirelength > 222) {
+ throw runtime_error("Cannot enable NSEC3 for zone '" + zname.toLogString() + "' as it is too long (" + std::to_string(wirelength) + " bytes, maximum is 222 bytes)");
+ }
+ if(ns3p.d_algorithm != 1) {
+ throw runtime_error("NSEC3PARAM algorithm set to '" + std::to_string(ns3p.d_algorithm) + "', but '1' is the only valid value");
+ }
+
if (d_keymetadb->inTransaction()) {
d_metaUpdate = true;
}
DNSSECKeeper dk; //NOLINT(readability-identifier-length)
ZoneName zone(cmds.at(1));
- if (auto wirelength = zone.operator const DNSName&().wirelength(); wirelength > 222) {
- cerr<<"Cannot enable NSEC3 for " << zone << " as it is too long (" << wirelength << " bytes, maximum is 222 bytes)"<<endl;
- return 1;
- }
- if(ns3pr.d_algorithm != 1) {
- cerr<<"NSEC3PARAM algorithm set to '"<<std::to_string(ns3pr.d_algorithm)<<"', but '1' is the only valid value"<<endl;
- return EXIT_FAILURE;
+ try {
+ if (! dk.setNSEC3PARAM(zone, ns3pr, narrow)) {
+ cerr<<"Cannot set NSEC3 param for " << zone << endl;
+ return 1;
+ }
}
- if (! dk.setNSEC3PARAM(zone, ns3pr, narrow)) {
- cerr<<"Cannot set NSEC3 param for " << zone << endl;
+ catch (const runtime_error& err) {
+ cerr << err.what() << endl;
return 1;
}
projects / thirdparty / pdns.git / commitdiff
