We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The dnssec_is_zone_secured function does not properly detect unsigned zones (PowerDNS 3.4.3 + poweradmin 2015-05-06)
inc/dnssec.inc.php: function dnssec_is_zone_secured($domain_name) { $call_result = dnssec_call_pdnssec('show-zone', $domain_name); $output = $call_result[0]; ... return (count($output) == 0 ? false : true); }
Signed zone:
Array ( [0] => Array ( [0] => Zone is not presigned [1] => Zone has NSEC semantics [2] => keys: [3] => ID = 38 (KSK), tag = 62737, algo = 8, bits = 2048 Active: 1 ( RSASHA256 ) [4] => KSK DNSKEY = exemple.org IN DNSKEY 257 3 8 Aw...9IM= ; ( RSASHA256 ) [5] => DS = exemple.org IN DS 62737 8 1 f0a..a18 ; ( SHA1 digest ) [6] => DS = exemple.org IN DS 62737 8 2 152...ffc ; ( SHA256 digest ) [7] => DS = exemple.org IN DS 62737 8 3 3ae...e67 ; ( GOST R 34.11-94 digest ) [8] => DS = exemple.org IN DS 62737 8 4 3b0...e7c ; ( SHA-384 digest ) [9] => [10] => ID = 39 (ZSK), tag = 32524, algo = 8, bits = 1024 Active: 1 ( RSASHA256 ) ) [1] => 0 )
Unsigned zone:
Array ( [0] => Array ( [0] => Zone is not presigned ) [1] => 0 )
count($output) not return 0 on the unsigned zone.
The text was updated successfully, but these errors were encountered:
This is fixed by ktims@7051a79 which re-implements the secured check in the DB instead of calling pdnssec.
pdnssec
Part of #244
Sorry, something went wrong.
Merged #244 so can be closed
No branches or pull requests
The dnssec_is_zone_secured function does not properly detect unsigned zones (PowerDNS 3.4.3 + poweradmin 2015-05-06)
inc/dnssec.inc.php:
function dnssec_is_zone_secured($domain_name) {
$call_result = dnssec_call_pdnssec('show-zone', $domain_name);
$output = $call_result[0];
...
return (count($output) == 0 ? false : true);
}
Signed zone:
Array ( [0] => Array ( [0] => Zone is not presigned [1] => Zone has NSEC semantics [2] => keys: [3] => ID = 38 (KSK), tag = 62737, algo = 8, bits = 2048 Active: 1 ( RSASHA256 ) [4] => KSK DNSKEY = exemple.org IN DNSKEY 257 3 8 Aw...9IM= ; ( RSASHA256 ) [5] => DS = exemple.org IN DS 62737 8 1 f0a..a18 ; ( SHA1 digest ) [6] => DS = exemple.org IN DS 62737 8 2 152...ffc ; ( SHA256 digest ) [7] => DS = exemple.org IN DS 62737 8 3 3ae...e67 ; ( GOST R 34.11-94 digest ) [8] => DS = exemple.org IN DS 62737 8 4 3b0...e7c ; ( SHA-384 digest ) [9] => [10] => ID = 39 (ZSK), tag = 32524, algo = 8, bits = 1024 Active: 1 ( RSASHA256 ) ) [1] => 0 )
Unsigned zone:
Array ( [0] => Array ( [0] => Zone is not presigned ) [1] => 0 )
count($output) not return 0 on the unsigned zone.
The text was updated successfully, but these errors were encountered: