Changeset 1932

Timestamp:

01/30/11 13:49:13 (2 years ago)

Author:

ahu

Message:

silence a lot of debugging output at loglevel 9 (you did not see it, but it did slow things down)
fix up pre-signed zones in hybrid installations (bind + generic). Because the BIND Backend needs the DBDnssecKeeper,
while the dbdnsseckeeper needs the bindbackend to function, getting presignatures from the dbdnsseckeeper failed.
We now pass an explicit database connection for this purpose. Spotted by Christof Meerwaald.

Location:

trunk/pdns/pdns

Files:

• backends/bind/bindbackend2.cc (modified) (1 diff)
• dbdnsseckeeper.cc (modified) (1 diff)
• dnspacket.cc (modified) (3 diffs)
• dnssecinfra.hh (modified) (2 diffs)
• dnsseckeeper.hh (modified) (1 diff)
• dnssecsigner.cc (modified) (4 diffs)
• packethandler.cc (modified) (3 diffs)
• tcpreceiver.cc (modified) (4 diffs)
• ueberbackend.hh (modified) (1 diff)

trunk/pdns/pdns/backends/bind/bindbackend2.cc

@@ -849 +849 @@
   NSEC3PARAMRecordContent ns3pr;
   string auth=state->id_zone_map[id].d_name;
-  
-  
+    
   if(!dk.getNSEC3PARAM(auth, &ns3pr)) {
     cerr<<"in bind2backend::getBeforeAndAfterAbsolute: no nsec3 for "<<auth<<endl;

trunk/pdns/pdns/dbdnsseckeeper.cc

@@ -323 +323 @@
 }
 
-bool DNSSECKeeper::getPreRRSIGs(const std::string& signer, const std::string& qname, const QType& qtype, 
+bool DNSSECKeeper::getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, const QType& qtype, 
         DNSPacketWriter::Place signPlace, vector<DNSResourceRecord>& rrsigs)
 {
-        d_db.lookup(QType(QType::RRSIG), qname);
+  // cerr<<"Doing DB lookup for precomputed RRSIGs for '"<<qname<<"'"<<endl;
+        db.lookup(QType(QType::RRSIG), qname);
         DNSResourceRecord rr;
-        while(d_db.get(rr)) { 
-                cerr<<"Considering for '"<<qtype.getName()<<"' RRSIG '"<<rr.content<<"'\n";
+        while(db.get(rr)) { 
+                // cerr<<"Considering for '"<<qtype.getName()<<"' RRSIG '"<<rr.content<<"'\n";
                 if(boost::starts_with(rr.content, qtype.getName()+" ")) {
-                        cerr<<"Got it"<<endl;
+                        // cerr<<"Got it"<<endl;
                         rr.d_place = (DNSResourceRecord::Place)signPlace;
                         rrsigs.push_back(rr);
                 }
-                else cerr<<"Skipping!"<<endl;
+                else ; // cerr<<"Skipping!"<<endl;
         }
         return true;

trunk/pdns/pdns/dnspacket.cc

@@ -231 +231 @@
     return;
   }
-  
-  // do embedded-additional processing decapsulation
+
   DNSResourceRecord rr;
   vector<DNSResourceRecord>::iterator pos;
@@ -240 +239 @@
 
   stable_sort(d_rrs.begin(),d_rrs.end(), rrcomp);
-
   static bool mustShuffle =::arg().mustDo("no-shuffle");
 
@@ -290 +288 @@
           }
           goto noCommit;
-      
-          break;
         }
       }

trunk/pdns/pdns/dnssecinfra.hh

@@ -101 +101 @@
 void fillOutRRSIG(DNSSECPrivateKey& dpk, const std::string& signQName, RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& toSign);
 uint32_t getCurrentInception();
-void addSignature(DNSSECKeeper& dk, const std::string signQName, const std::string& wildcardname, uint16_t signQType, uint32_t signTTL, DNSPacketWriter::Place signPlace, 
+void addSignature(DNSSECKeeper& dk, DNSBackend& db, const std::string signQName, const std::string& wildcardname, uint16_t signQType, uint32_t signTTL, DNSPacketWriter::Place signPlace, 
   vector<shared_ptr<DNSRecordContent> >& toSign, vector<DNSResourceRecord>& outsigned);
 int getRRSIGsForRRSET(DNSSECKeeper& dk, const std::string& signer, const std::string signQName, uint16_t signQType, uint32_t signTTL, 
@@ -109 +109 @@
 void decodeDERIntegerSequence(const std::string& input, vector<string>& output);
 class DNSPacket;
-void addRRSigs(DNSSECKeeper& dk, const std::string& signer, DNSPacket& p);
+void addRRSigs(DNSSECKeeper& dk, DNSBackend& db, const std::string& signer, DNSPacket& p);
 
 

trunk/pdns/pdns/dnsseckeeper.hh

@@ -48 +48 @@
   void unsetNSEC3PARAM(const std::string& zname);
   void clearCaches(const std::string& name);
-  bool getPreRRSIGs(const std::string& signer, const std::string& qname, const QType& qtype, DNSPacketWriter::Place, vector<DNSResourceRecord>& rrsigs);
+  bool getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, const QType& qtype, DNSPacketWriter::Place, vector<DNSResourceRecord>& rrsigs);
   bool isPresigned(const std::string& zname);
   void setPresigned(const std::string& zname);

trunk/pdns/pdns/dnssecsigner.cc

@@ -74 +74 @@
 
 // this is the entrypoint from DNSPacket
-void addSignature(DNSSECKeeper& dk, const std::string& signer, const std::string signQName, const std::string& wildcardname, uint16_t signQType, 
+void addSignature(DNSSECKeeper& dk, DNSBackend& db, const std::string& signer, const std::string signQName, const std::string& wildcardname, uint16_t signQType, 
   uint32_t signTTL, DNSPacketWriter::Place signPlace, 
   vector<shared_ptr<DNSRecordContent> >& toSign, vector<DNSResourceRecord>& outsigned)
 {
-  // cerr<<"Asked to sign '"<<signQName<<"'|"<<DNSRecordContent::NumberToType(signQType)<<", "<<toSign.size()<<" records\n";
+  //cerr<<"Asked to sign '"<<signQName<<"'|"<<DNSRecordContent::NumberToType(signQType)<<", "<<toSign.size()<<" records\n";
   if(toSign.empty())
     return;
   vector<RRSIGRecordContent> rrcs;
   if(dk.isPresigned(signer)) {
-    dk.getPreRRSIGs(signer, signQName, QType(signQType), signPlace, outsigned); // does it all
+    //cerr<<"Doing presignatures"<<endl;
+    dk.getPreRRSIGs(db, signer, signQName, QType(signQType), signPlace, outsigned); // does it all
   }
   else {
@@ -140 +141 @@
 }
 
-void addRRSigs(DNSSECKeeper& dk, const std::string& signer, DNSPacket& p)
+void addRRSigs(DNSSECKeeper& dk, DNSBackend& db, const std::string& signer, DNSPacket& p)
 {
   vector<DNSResourceRecord>& rrs=p.getRRS();
@@ -158 +159 @@
     signedRecords.push_back(*pos);
     if(pos != rrs.begin() && (signQType != pos->qtype.getCode()  || signQName != pos->qname)) {
-      addSignature(dk, signer, signQName, wildcardQName, signQType, signTTL, signPlace, toSign, signedRecords);
+      addSignature(dk, db, signer, signQName, wildcardQName, signQType, signTTL, signPlace, toSign, signedRecords);
     }
     signQName= pos->qname;
@@ -180 +181 @@
     }
   }
-  addSignature(dk, signer, signQName, wildcardQName, signQType, signTTL, signPlace, toSign, signedRecords);
-  
+  addSignature(dk, db, signer, signQName, wildcardQName, signQType, signTTL, signPlace, toSign, signedRecords);
   rrs.swap(signedRecords);
 }

trunk/pdns/pdns/packethandler.cc

@@ -39 +39 @@
 #include "dnsproxy.hh"
 
-#if 1
+#if 0
 #undef DLOG
 #define DLOG(x) x
@@ -474 +474 @@
   rr.d_place = (mode == 2 ) ? DNSResourceRecord::ANSWER: DNSResourceRecord::AUTHORITY;
   rr.auth = true;
+  
   r->addRecord(rr);
 }
@@ -1356 +1357 @@
 
     if(p->d_dnssecOk)
-      addRRSigs(d_dk, sd.qname, *r);
+      addRRSigs(d_dk, B, sd.qname, *r);
     r->wrapup(); // needed for inserting in cache
     PC.insert(p, r); // in the packet cache

trunk/pdns/pdns/tcpreceiver.cc

@@ -515 +515 @@
   outpacket->d_dnssecOk=true; // WRONG
   string keyname;
+  UeberBackend signatureDB;
   while(B->get(rr)) {
     if(rr.auth || rr.qtype.getCode() == QType::NS || rr.qtype.getCode() == QType::DS) {
@@ -533 +534 @@
     if(!((++count)%chunk)) {
       count=0;
-      addRRSigs(dk, sd.qname, *outpacket);
+      addRRSigs(dk, signatureDB, sd.qname, *outpacket);
       sendPacket(outpacket, outsock);
 
@@ -595 +596 @@
   
   if(count) {
-    addRRSigs(dk, sd.qname, *outpacket);
+    addRRSigs(dk, signatureDB, sd.qname, *outpacket);
     sendPacket(outpacket, outsock);
   }
@@ -603 +604 @@
   outpacket=shared_ptr<DNSPacket>(q->replyPacket());
   
-  addRRSigs(dk, sd.qname, *outpacket); // don't sign the SOA!
+  addRRSigs(dk, signatureDB, sd.qname, *outpacket); // don't sign the SOA!
   outpacket->addRecord(soa);
   sendPacket(outpacket, outsock);

trunk/pdns/pdns/ueberbackend.hh

@@ -1 +1 @@
 /*
     PowerDNS Versatile Database Driven Nameserver
-    Copyright (C) 2002  PowerDNS.COM BV
+    Copyright (C) 2002 - 2011  PowerDNS.COM BV
 
     This program is free software; you can redistribute it and/or modify