ldns_rdf *next_dname = NULL;
ldns_rr *nsec;
uint16_t i;
+ ldns_rr_type cur_rrset_type;
ldns_rr_list *next_rrset;
}
ldns_rr_list_free(orig_zone_rrs);
+ /* Sign all rrsets in the zone */
cur_rrset = ldns_rr_list_pop_rrset(signed_zone_rrs);
while (cur_rrset) {
- cur_rrsigs = ldns_sign_public(cur_rrset, key_list);
- ldns_zone_push_rr_list(signed_zone, cur_rrset);
- ldns_zone_push_rr_list(signed_zone, cur_rrsigs);
+ /* don't sign certain types */
+ cur_rrset_type = ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0));
+ cur_dname = ldns_rr_owner(ldns_rr_list_rr(cur_rrset, 0));
+
+ if (cur_rrset_type != LDNS_RR_TYPE_RRSIG &&
+ (ldns_dname_is_subdomain(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) ||
+ ldns_rdf_compare(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) == 0
+ )
+ ) {
+ cur_rrsigs = ldns_sign_public(cur_rrset, key_list);
+ ldns_zone_push_rr_list(signed_zone, cur_rrset);
+ ldns_zone_push_rr_list(signed_zone, cur_rrsigs);
+ }
cur_rrset = ldns_rr_list_pop_rrset(signed_zone_rrs);
}
return 1;
}
+ /*
printf("Reading zonefile: %s\n", zonefile_name);
-
+ */
+
zonefile = fopen(zonefile_name, "r");
if (!zonefile) {
if (!orig_zone) {
fprintf(stderr, "Zone not read\n");
} else {
- printf("Zone read.\nSOA:\n");
orig_soa = ldns_zone_soa(orig_zone);
orig_rrs = ldns_zone_rrs(orig_zone);
- ldns_rr_print(stdout, orig_soa);
- printf("\n");
-
- printf("Signing...\n");
+
signed_zone = ldns_zone_sign(orig_zone, keys);
- printf("done!\n\n");
if (signed_zone) {
+ /*
printf("SIGNED ZONE:\n");
+ */
ldns_zone_print(stdout, signed_zone);
ldns_zone_deep_free(signed_zone);
} else {
projects / thirdparty / ldns.git / commitdiff
