Show
Ignore:
Timestamp:
01/30/11 21:43:58 (2 years ago)
Author:
ahu
Message:

when operating in front-signing mode, make sure we set the auth & hash fields correctly on the first load too.

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/pdns/pdns/backends/bind/bindbackend2.cc

    r1932 r1937  
    211211} 
    212212 
     213bool Bind2Backend::updateDNSSECOrderAndAuthAbsolute(uint32_t domain_id, const std::string& qname, const std::string& ordername, bool auth) 
     214{ 
     215  #if 0 
     216  const shared_ptr<State> state = getState(); 
     217  BB2DomainInfo& bbd = state->id_zone_map[domain_id]; 
     218 
     219  string sqname; 
     220 
     221  if(bbd.d_name.empty()) 
     222    sqname=qname; 
     223  else if(strcasecmp(qname.c_str(), bbd.d_name.c_str())) 
     224    sqname=qname.substr(0,qname.size() - bbd.d_name.length()-1); // strip domain name 
     225 
     226  sqname = labelReverse(sqname); 
     227   
     228  if(!auth) 
     229    d_authDelayed[sqname] = auth; 
     230   
     231  #endif 
     232  return false; 
     233} 
     234 
    213235bool Bind2Backend::feedRecord(const DNSResourceRecord &r) 
    214236{ 
     
    241263    break; 
    242264  } 
    243  
    244265  return true; 
    245266} 
     
    527548} 
    528549#endif  
     550 
     551void Bind2Backend::fixupAuth(shared_ptr<recordstorage_t> records) 
     552{ 
     553  pair<recordstorage_t::const_iterator, recordstorage_t::const_iterator> range; 
     554            string sqname; 
     555   
     556  BOOST_FOREACH(const Bind2DNSRecord& bdr, *records) { 
     557    bdr.auth=true; 
     558    if(bdr.qtype == QType::DS) // as are delegation signer records 
     559      continue; 
     560 
     561    sqname = labelReverse(bdr.qname); 
     562     
     563    do { 
     564      if(sqname.empty()) // this is auth of course! 
     565        continue;  
     566     
     567      range=equal_range(records->begin(), records->end(), sqname); // XXX why isn't this wrong? should be records->equal_range, right? 
     568      if(range.first != range.second) { 
     569        for(recordstorage_t::const_iterator iter = range.first ; iter != range.second; ++iter) { 
     570          if(iter->qtype == QType::NS) { 
     571            //                cerr<<"Have an NS hit for '"<<labelReverse(bdr.qname)<<"' on '"<<iter->qname<<"'"<<endl; 
     572            bdr.auth=false; 
     573          } 
     574        } 
     575      } 
     576    } while(chopOff(sqname)); 
     577  } 
     578} 
     579 
    529580void Bind2Backend::loadConfig(string* status) 
    530581{ 
     
    634685            shared_ptr<recordstorage_t > records=staging->id_zone_map[bbd->d_id].d_records; 
    635686           
    636             pair<recordstorage_t::const_iterator, recordstorage_t::const_iterator> range; 
    637             string sqname; 
    638687             
    639             BOOST_FOREACH(const Bind2DNSRecord& bdr, *records) { 
    640               bdr.auth=true; 
    641               if(bdr.qtype == QType::DS) // as are delegation signer records 
    642                 continue; 
    643      
    644               sqname = labelReverse(bdr.qname); 
    645                
    646               do { 
    647                 if(sqname.empty()) // this is auth of course! 
    648                   continue;  
    649                
    650                 range=equal_range(records->begin(), records->end(), sqname); 
    651                 if(range.first != range.second) { 
    652                   for(recordstorage_t::const_iterator iter = range.first ; iter != range.second; ++iter) { 
    653                     if(iter->qtype == QType::NS) { 
    654                       //                      cerr<<"Have an NS hit for '"<<labelReverse(bdr.qname)<<"' on '"<<iter->qname<<"'"<<endl; 
    655                       bdr.auth=false; 
    656                     } 
    657                   } 
    658                 } 
    659               } while(chopOff(sqname)); 
    660             } 
     688            fixupAuth(records); 
    661689             
    662690            staging->id_zone_map[bbd->d_id].setCtime(); 
     
    769797    ZoneParserTNG zpt(bbd->d_filename, bbd->d_name, s_binddirectory); 
    770798    DNSResourceRecord rr; 
     799    string hashed; 
     800    DNSSECKeeper dk; 
     801    NSEC3PARAMRecordContent ns3pr; 
     802    bool nsec3zone=dk.getNSEC3PARAM(bbd->d_name, &ns3pr); 
    771803    while(zpt.get(rr)) { 
    772       insert(staging, bbd->d_id, rr.qname, rr.qtype, rr.content, rr.ttl, rr.priority); 
     804      if(nsec3zone) 
     805        hashed=toLower(toBase32Hex(hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname))); 
     806      insert(staging, bbd->d_id, rr.qname, rr.qtype, rr.content, rr.ttl, rr.priority, hashed); 
    773807    } 
    774808    // cerr<<"Start sort of "<<staging->id_zone_map[bbd->d_id].d_records->size()<<" records"<<endl;         
    775809    // sort(staging->id_zone_map[bbd->d_id].d_records->begin(), staging->id_zone_map[bbd->d_id].d_records->end()); 
    776810    // cerr<<"Sorting done"<<endl; 
     811     
     812    fixupAuth(staging->id_zone_map[bbd->d_id].d_records); 
    777813    staging->id_zone_map[bbd->d_id].setCtime(); 
    778814 
     
    925961    ; 
    926962 
    927  
    928963  if(iditer==state->name_id_map.end()) { 
    929964    if(mustlog)