d_lw->registerMember<bool (DNSQuestion::*)>("isTcp", [](const DNSQuestion& dq) -> bool { return dq.isTcp; }, [](DNSQuestion& dq, bool newTcp) { (void) newTcp; });
d_lw->registerMember<const ComboAddress (DNSQuestion::*)>("localaddr", [](const DNSQuestion& dq) -> const ComboAddress& { return dq.local; }, [](DNSQuestion& dq, const ComboAddress& newLocal) { (void) newLocal; });
d_lw->registerMember<const ComboAddress (DNSQuestion::*)>("remoteaddr", [](const DNSQuestion& dq) -> const ComboAddress& { return dq.remote; }, [](DNSQuestion& dq, const ComboAddress& newRemote) { (void) newRemote; });
+ d_lw->registerMember<vState (DNSQuestion::*)>("validationState", [](const DNSQuestion& dq) -> vState { return dq.validationState; }, [](DNSQuestion& dq, vState newState) { (void) newState; });
d_lw->registerMember<bool (DNSQuestion::*)>("variable", [](const DNSQuestion& dq) -> bool { return dq.variable; }, [](DNSQuestion& dq, bool newVariable) { dq.variable = newVariable; });
d_lw->registerMember<bool (DNSQuestion::*)>("wantsRPZ", [](const DNSQuestion& dq) -> bool { return dq.wantsRPZ; }, [](DNSQuestion& dq, bool newWantsRPZ) { dq.wantsRPZ = newWantsRPZ; });
for(const auto& n : QType::names)
pd.push_back({n.first, n.second});
+
+ pd.push_back({"validationstates", in_t{
+ {"Indeterminate", Indeterminate },
+ {"Bogus", Bogus },
+ {"Insecure", Insecure },
+ {"Secure", Secure },
+ }});
+
pd.push_back({"now", &g_now});
d_lw->registerMember("tv_sec", &timeval::tv_sec);
d_lw->registerMember("tv_usec", &timeval::tv_usec);
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#pragma once
-#include "iputils.hh"
-#include "dnsname.hh"
-#include "namespaces.hh"
-#include "dnsrecords.hh"
-#include "filterpo.hh"
-#include "ednsoptions.hh"
#include <unordered_map>
#include "config.h"
#endif
+#include "iputils.hh"
+#include "dnsname.hh"
+#include "namespaces.hh"
+#include "dnsrecords.hh"
+#include "filterpo.hh"
+#include "ednsoptions.hh"
+#include "validate.hh"
+
string GenUDPQueryResponse(const ComboAddress& dest, const string& query);
unsigned int getRecursorThreadId();
std::unordered_map<std::string,bool>* discardedPolicies{nullptr};
std::string requestorId;
std::string deviceId;
+ vState validationState{Indeterminate};
bool& variable;
bool& wantsRPZ;
unsigned int tag{0};
res = RCode::ServFail;
}
+ dq.validationState = sr.getValidationState();
+
// During lookup, an NSDNAME or NSIP trigger was hit in RPZ
if (res == -2) { // XXX This block should be macro'd, it is repeated post-resolve.
appliedPolicy = sr.d_appliedPolicy;
return false
end -- only AAAA records
+ -- don't fake AAAA records if DNSSEC validation failed
+ if dq.validationState == pdns.validationstates.Bogus then
+ return false
+ end
+
dq.followupFunction = "getFakeAAAARecords"
dq.followupPrefix = prefix
dq.followupName = dq.qname
The name of the callback function that is called when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>` when an answer is received.
+.. attribute:: DNSQuestion.validationState
+
+ .. versionadded:: 4.1.0
+
+ The result of the DNSSEC validation, accessible from the ``postresolve``, ``nxdomain`` and ``nodata`` hooks.
+ Possible states are ``pdns.validationstates.Indeterminate``, ``pdns.validationstates.Bogus``, ``pdns.validationstates.Insecure`` and ``pdns.validationstates.Secure``.
+ The result will always be ``pdns.validationstates.Indeterminate`` is validation is disabled or was not requested.
+
It also supports the following methods:
.. classmethod:: DNSQuestion:addAnswer(type, content, [ttl, name])
projects / pdns / commitdiff