Some tweaks are still needed for nsec3
This commit is contained in:
parent
2d7e833173
commit
37f396a05b
|
@ -9,10 +9,10 @@ things that need to be fixed.
|
|||
* Add handy zone data structure (r/b tree)?
|
||||
* Use the Exchange structure to deal with errors when resolving, esp. Timeout
|
||||
* IsSubdomain, IsGlue helper functions;
|
||||
* NSECX covers/matches helper function
|
||||
* SaltLength in NSEC3 is ugly to set, should be automatically done. There are prolly a few more
|
||||
settings just like that -- need to look at them.
|
||||
-edns NSID is another
|
||||
|
||||
## Examples to add
|
||||
|
||||
* Nameserver, with a small zone, 1 KSK and online signing;
|
||||
|
|
|
@ -168,9 +168,9 @@ func sectionCheck(set []dns.RR, server string) {
|
|||
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
|
||||
}
|
||||
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
|
||||
fmt.Printf(";- Bogus signature, %s does not validate with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
fmt.Printf(";- Bogus signature, %s does not validate (DNSKEY %s/%d)\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
} else {
|
||||
fmt.Printf(";+ Secure signature, %s validates with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
fmt.Printf(";+ Secure signature, %s validates (DNSKEY %s/%d)\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue