dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_t rdataset;
isc_result_t result;
- bool logit, foundrsa = false;
- const char *algorithm;
result = dns_db_findnode(db, &zone->origin, false, &node);
if (result != ISC_R_SUCCESS) {
* a more conservative choice would be 65537 (F4, the fourth
* fermat number).
*/
- if (dnskey.algorithm == DST_ALG_RSASHA1 &&
- dnskey.datalen > 1 && dnskey.data[0] == 1 &&
+ if (dnskey.datalen > 1 && dnskey.data[0] == 1 &&
dnskey.data[1] == 3)
{
- if (dnskey.algorithm == DST_ALG_RSASHA1) {
- logit = !foundrsa;
- foundrsa = true;
+ const char *algorithm = "";
+ isc_region_t r;
+ bool logit = true;
+
+ dns_rdata_toregion(&rdata, &r);
+
+ switch (dnskey.algorithm) {
+ case DNS_KEYALG_RSAMD5:
+ algorithm = "RSAMD5";
+ break;
+ case DNS_KEYALG_RSASHA1:
algorithm = "RSASHA1";
+ break;
+ case DNS_KEYALG_NSEC3RSASHA1:
+ algorithm = "NSEC3RSASHA1";
+ break;
+ case DNS_KEYALG_RSASHA256:
+ algorithm = "RSASHA236";
+ break;
+ case DNS_KEYALG_RSASHA512:
+ algorithm = "RSASHA512";
+ break;
+ default:
+ logit = false;
+ break;
}
+
if (logit) {
dnssec_log(zone, ISC_LOG_WARNING,
"weak %s (%u) key found "
- "(exponent=3)", algorithm,
- dnskey.algorithm);
+ "(exponent=3, id=%u)", algorithm,
+ dnskey.algorithm,
+ dst_region_computeid(&r));
}
}
dns_rdata_reset(&rdata);
projects / thirdparty / bind9.git / commitdiff
