dpk.d_flags = kd.flags;
dpk.d_algorithm = dkrc.d_algorithm;
- if(dpk.d_algorithm == DNSSECKeeper::RSASHA1 && getNSEC3PARAM(zname)) {
- dpk.d_algorithm = DNSSECKeeper::RSASHA1NSEC3SHA1;
- }
-
return dpk;
}
throw runtime_error("Can't find a key with id "+std::to_string(id)+" for zone '"+zname.toLogString()+"'");
dpk.d_flags = kd.flags;
dpk.d_algorithm = dkrc.d_algorithm;
- if(dpk.d_algorithm == DNSSECKeeper::RSASHA1 && getNSEC3PARAM(zone)) {
- g_log<<Logger::Warning<<"Zone '"<<zone<<"' has NSEC3 semantics, but the "<< (kd.active ? "" : "in" ) <<"active key with id "<<kd.id<<" has 'Algorithm: 5'. This should be corrected to 'Algorithm: 7' in the database (or NSEC3 should be disabled)."<<endl;
- dpk.d_algorithm = DNSSECKeeper::RSASHA1NSEC3SHA1;
- }
KeyMetaData kmd;
shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content));
if(dkrc.d_algorithm == DNSSECKeeper::RSASHA1) {
- cout<<"[Warning] zone '"<<zone<<"' has NSEC3 semantics, but the "<< (kd.active ? "" : "in" ) <<"active key with id "<<kd.id<<" has 'Algorithm: 5'. This should be corrected to 'Algorithm: 7' in the database (or NSEC3 should be disabled)."<<endl;
- numwarnings++;
+ cout<<"[Error] zone '"<<zone<<"' has NSEC3 semantics, but the "<< (kd.active ? "" : "in" ) <<"active key with id "<<kd.id<<" has 'Algorithm: 5'. This should be corrected to 'Algorithm: 7' in the database (or NSEC3 should be disabled)."<<endl;
+ numerrors++;
}
}
}
projects / thirdparty / pdns.git / commitdiff
