bool PacketHandler::tryAuthSignal(DNSPacket& p, std::unique_ptr<DNSPacket>& r, DNSName &target) {
DLOG(g_log<<Logger::Warning<<"Let's try authenticated DNSSEC bootstrapping (RFC 9615) ..."<<endl);
- if(d_sd.zonename.operator const DNSName&().getRawLabel(0) != "_signal" || !d_dk.isSignalingZone(d_sd.zonename)) {
+ if(d_sd.zonename.operator const DNSName&().countLabels() == 0 || d_sd.zonename.operator const DNSName&().getRawLabel(0) != "_signal" || !d_dk.isSignalingZone(d_sd.zonename)) {
return false;
}
}
// Check for prefix mismatch
- if(target.getRawLabel(0) != "_dsboot") {
+ if(target.countLabels() == 0 || target.getRawLabel(0) != "_dsboot") {
makeNOError(p, r, target, DNSName(), 0); // could be ENT
return true;
}
ZoneName zone(cmds.at(1));
- if(zone.operator const DNSName&().getRawLabel(0) != "_signal") {
+ if(zone.operator const DNSName&().countLabels() == 0 || zone.operator const DNSName&().getRawLabel(0) != "_signal") {
cerr << "Signaling zone's first label must be '_signal': " << zone << endl;
return 1;
}
{"set-signaling-zone", {true, setSignalingZone, GROUP_CDNSKEY,
"set-signaling-zone ZONE",
"\tConfigure zone for RFC 9615 DNSSEC bootstrapping\n"
- "(zone name must begin with _signal.)"}},
+ "\t(zone name must begin with _signal.)"}},
{"show-zone", {true, showZone, GROUP_DNSSEC,
"show-zone ZONE",
"\tShow DNSSEC (public) key details about a zone"}},
projects / thirdparty / pdns.git / commitdiff
