string nsec3params = cmds.size() > 2 ? cmds[2] : "1 0 1 ab";
bool narrow = cmds.size() > 3 && cmds[3]=="narrow";
NSEC3PARAMRecordContent ns3pr(nsec3params);
-
+
DNSName zone(cmds[1]);
- if(!dk.isSecuredZone(zone)) {
- cerr<<"Zone '"<<zone.toString()<<"' is not secured, can't set NSEC3 parameters"<<endl;
- exit(EXIT_FAILURE);
+ if (! dk.setNSEC3PARAM(zone, ns3pr, narrow)) {
+ cerr<<"Cannot set NSEC3 param for " << zone.toString() << endl;
+ return 1;
}
- dk.setNSEC3PARAM(zone, ns3pr, narrow);
-
+
if (!ns3pr.d_flags)
- cerr<<"NSEC3 set, please rectify-zone if your backend needs it"<<endl;
+ cerr<<"NSEC3 set, ";
else
- cerr<<"NSEC3 (opt-out) set, please rectify-zone if your backend needs it"<<endl;
+ cerr<<"NSEC3 (opt-out) set, ";
+
+ if(dk.isSecuredZone(zone))
+ cerr<<"please rectify your zone if your backend needs it"<<endl;
+ else
+ cerr<<"please secure and rectify your zone."<<endl;
+
+ return 0;
}
else if(cmds[0]=="set-presigned") {
if(cmds.size() < 2) {
do
if [ $context != ${backend}-nodnssec ]
then
- securezone $zone ${backend}
if [ $context = ${backend}-nsec3 ] || [ $context = ${backend}-nsec3-optout ]
then
../pdns/pdnssec --config-dir=. --config-name=$backend set-nsec3 $zone "1 $optout 1 abcd" 2>&1
- ../pdns/pdnssec --config-dir=. --config-name=$backend rectify-zone $zone 2>&1
elif [ $context = ${backend}-nsec3-narrow ]
then
../pdns/pdnssec --config-dir=. --config-name=$backend set-nsec3 $zone '1 1 1 abcd' narrow 2>&1
- ../pdns/pdnssec --config-dir=. --config-name=$backend rectify-zone $zone 2>&1
fi
+ securezone $zone ${backend}
else
../pdns/pdnssec --config-dir=. --config-name=$backend rectify-zone $zone 2>&1
fi
projects / thirdparty / pdns.git / commitdiff
