dnssec_is_zone_secured fail on unsigned zone (powerdns-3.4.3) #239
Comments
|
This is fixed by ktims@7051a79 which re-implements the secured check in the DB instead of calling Part of #244 |
|
Merged #244 so can be closed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The dnssec_is_zone_secured function does not properly detect unsigned zones (PowerDNS 3.4.3 + poweradmin 2015-05-06)
inc/dnssec.inc.php:
function dnssec_is_zone_secured($domain_name) {
$call_result = dnssec_call_pdnssec('show-zone', $domain_name);
$output = $call_result[0];
...
return (count($output) == 0 ? false : true);
}
Signed zone:
Array ( [0] => Array ( [0] => Zone is not presigned [1] => Zone has NSEC semantics [2] => keys: [3] => ID = 38 (KSK), tag = 62737, algo = 8, bits = 2048 Active: 1 ( RSASHA256 ) [4] => KSK DNSKEY = exemple.org IN DNSKEY 257 3 8 Aw...9IM= ; ( RSASHA256 ) [5] => DS = exemple.org IN DS 62737 8 1 f0a..a18 ; ( SHA1 digest ) [6] => DS = exemple.org IN DS 62737 8 2 152...ffc ; ( SHA256 digest ) [7] => DS = exemple.org IN DS 62737 8 3 3ae...e67 ; ( GOST R 34.11-94 digest ) [8] => DS = exemple.org IN DS 62737 8 4 3b0...e7c ; ( SHA-384 digest ) [9] => [10] => ID = 39 (ZSK), tag = 32524, algo = 8, bits = 1024 Active: 1 ( RSASHA256 ) ) [1] => 0 )
Unsigned zone:
Array ( [0] => Array ( [0] => Zone is not presigned ) [1] => 0 )
count($output) not return 0 on the unsigned zone.
The text was updated successfully, but these errors were encountered: