Changeset 1616 for trunk/pdns/pdns/packethandler.cc
- Timestamp:
- 05/16/10 23:00:34 (3 years ago)
- Files:
-
- 1 modified
-
trunk/pdns/pdns/packethandler.cc (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/pdns/pdns/packethandler.cc
r1615 r1616 198 198 } 199 199 200 /** This catches versionrequests. Returns 1 if it was handled, 0 if it wasn't */200 /** This catches DNSKEY requests. Returns 1 if it was handled, 0 if it wasn't */ 201 201 int PacketHandler::doDNSKEYRequest(DNSPacket *p, DNSPacket *r) 202 202 { 203 DNSResourceRecord rr;204 DNSSECKeeper dk(::arg()["key-repository"]);205 206 203 if(p->qtype.getCode()!=QType::DNSKEY) 207 204 return false; 205 206 DNSResourceRecord rr; 207 DNSSECKeeper dk(::arg()["key-repository"]); 208 208 209 209 210 bool haveOne=false; 210 211 DNSSECPrivateKey dpk; 211 212 212 213 213 if(dk.haveKSKFor(p->qdomain, &dpk)) { … … 234 234 235 235 return haveOne; 236 } 237 238 239 /** This catches DNSKEY requests. Returns 1 if it was handled, 0 if it wasn't */ 240 int PacketHandler::doNSEC3PARAMRequest(DNSPacket *p, DNSPacket *r) 241 { 242 if(p->qtype.getCode()!=QType::NSEC3PARAM) 243 return false; 244 245 DNSResourceRecord rr; 246 DNSSECKeeper dk(::arg()["key-repository"]); 247 248 NSEC3PARAMRecordContent ns3prc; 249 if(dk.getNSEC3PARAM(p->qdomain, &ns3prc)) { 250 rr.qtype=QType::NSEC3PARAM; 251 rr.ttl=3600; 252 rr.qname=p->qdomain; 253 rr.content=ns3prc.getZoneRepresentation(); 254 rr.auth = true; 255 r->addRecord(rr); 256 return true; 257 } 258 return false; 236 259 } 237 260 … … 465 488 } 466 489 467 void PacketHandler::emitNSEC3( NSEC3PARAMRecordContent *ns3rc, const std::string& auth, const std::string& begin, const std::string& end, const std::string& toNSEC3, DNSPacket *r, int mode)490 void PacketHandler::emitNSEC3(const NSEC3PARAMRecordContent& ns3prc, const std::string& auth, const std::string& unhashed, const std::string& begin, const std::string& end, const std::string& toNSEC3, DNSPacket *r, int mode) 468 491 { 469 492 cerr<<"We should emit NSEC3 '"<<toBase32Hex(begin)<<"' - ('"<<toNSEC3<<"') - '"<<toBase32Hex(end)<<"'"<<endl; 470 493 NSEC3RecordContent n3rc; 471 494 n3rc.d_set.insert(QType::RRSIG); 472 n3rc.d_s et.insert(QType::NSEC3);473 n3rc.d_ salt=ns3rc->d_salt;474 n3rc.d_iterations = ns3 rc->d_iterations;475 n3rc.d_algorithm = 1; 476 477 DNSResourceRecord rr; 478 B.lookup(QType(QType::ANY), begin);495 n3rc.d_salt=ns3prc.d_salt; 496 n3rc.d_flags = 0; 497 n3rc.d_iterations = ns3prc.d_iterations; 498 n3rc.d_algorithm = 1; // ? 499 500 DNSResourceRecord rr; 501 B.lookup(QType(QType::ANY), unhashed); 479 502 while(B.get(rr)) { 480 503 n3rc.d_set.insert(rr.qtype.getCode()); 504 } 505 506 if(unhashed == auth) { 507 n3rc.d_set.insert(QType::NSEC3PARAM); 481 508 } 482 509 … … 503 530 void PacketHandler::addNSECX(DNSPacket *p, DNSPacket *r, const string& target, const string& auth, int mode) 504 531 { 532 DNSSECKeeper dk(::arg()["key-repository"]); 533 NSEC3PARAMRecordContent ns3rc; 505 534 cerr<<"Doing NSEC3PARAM lookup for '"<<auth<<"'"<<endl; 506 B.lookup(QType(QType::NSEC3PARAM), auth, p); 507 DNSResourceRecord rr, nsec3param; 508 while(B.get(rr)) { 509 nsec3param = rr; 510 } 511 if(!nsec3param.qname.empty()) 512 addNSEC3(p, r, target, auth, nsec3param, mode); 535 if(dk.getNSEC3PARAM(auth, &ns3rc)) 536 addNSEC3(p, r, target, auth, ns3rc, mode); 513 537 else 514 538 addNSEC(p, r, target, auth, mode); 515 539 } 516 540 517 void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, const string& auth, const DNSResourceRecord& nsec3param, int mode) 518 { 519 cerr<<"NSEC3 generator called!"<<endl; 520 cerr<<nsec3param.content<<endl; 521 NSEC3PARAMRecordContent *ns3rc=dynamic_cast<NSEC3PARAMRecordContent*>(DNSRecordContent::mastermake(QType::NSEC3PARAM, 1, nsec3param.content)); 522 string hashed=toBase32Hex(hashQNameWithSalt(ns3rc->d_iterations, ns3rc->d_salt, p->qdomain)); 523 cerr<<"NSEC3 hash, "<<ns3rc->d_iterations<<" iterations, salt '"<<makeHexDump(ns3rc->d_salt)<<"': "<<hashed<<endl; 524 541 void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, const string& auth, const NSEC3PARAMRecordContent& ns3rc, int mode) 542 { 543 string hashed; 544 525 545 SOAData sd; 526 546 sd.db = (DNSBackend*)-1; … … 529 549 return; 530 550 } 531 532 string before,after; 533 cerr<<"Calling getBeforeandAfterAbsolute!"<<endl; 534 sd.db->getBeforeAndAfterNamesAbsolute(sd.domain_id, hashed, before, after); 535 cerr<<"Done calling, before='"<<before<<"', after='"<<after<<"'"<<endl; 536 emitNSEC3( ns3rc, auth, fromBase32Hex(before), fromBase32Hex(after), target, r, mode); 551 cerr<<"salt in ph: '"<<makeHexDump(ns3rc.d_salt)<<"'"<<endl; 552 string unhashed, before,after; 553 554 // now add the closest encloser 555 hashed=toBase32Hex(hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, auth)); 556 sd.db->getBeforeAndAfterNamesAbsolute(sd.domain_id, hashed, unhashed, before, after); 557 cerr<<"Done calling for closest encloser, before='"<<before<<"', after='"<<after<<"'"<<endl; 558 emitNSEC3(ns3rc, auth, unhashed, fromBase32Hex(before), fromBase32Hex(after), target, r, mode); 559 560 // now add the main nsec3 561 hashed=toBase32Hex(hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, p->qdomain)); 562 sd.db->getBeforeAndAfterNamesAbsolute(sd.domain_id, hashed, unhashed, before, after); 563 cerr<<"Done calling for main, before='"<<before<<"', after='"<<after<<"'"<<endl; 564 emitNSEC3( ns3rc, auth, unhashed, fromBase32Hex(before), fromBase32Hex(after), target, r, mode); 565 566 567 // now add the * 568 hashed=toBase32Hex(hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, dotConcat("*", auth))); 569 sd.db->getBeforeAndAfterNamesAbsolute(sd.domain_id, hashed, unhashed, before, after); 570 cerr<<"Done calling for '*', before='"<<before<<"', after='"<<after<<"'"<<endl; 571 emitNSEC3( ns3rc, auth, unhashed, fromBase32Hex(before), fromBase32Hex(after), target, r, mode); 537 572 } 538 573 … … 1104 1139 goto sendit; 1105 1140 1141 if(doNSEC3PARAMRequest(p,r)) 1142 goto sendit; 1143 1106 1144 if(doVersionRequest(p,r,target)) // catch version.bind requests 1107 1145 goto sendit;
