Ensure that addTA() appends the DS.
: Add a Negative Trust Anchor for *DOMAIN*, suffixed optionally with *REASON*.
add-ta *DOMAIN* *DSRECORD*
-: Add a Trust Anchor for *DOMAIN* with DS record data *DSRECORD*.
+: Add a Trust Anchor for *DOMAIN* with DS record data *DSRECORD*. This adds the
+ new Trust Anchor to the existing set of Trust Anchors for *DOMAIN*.
current-queries
: Shows the currently active queries.
#include "rpzloader.hh"
#include "base64.hh"
#include "remote_logger.hh"
+#include "validate.hh"
GlobalStateHolder<LuaConfigItems> g_luaconfs;
LuaConfigItems::LuaConfigItems()
{
- auto ds=std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")));
+ auto ds=unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")));
+ dsmap_t dsmap;
+ dsmap.insert({ds->d_tag, *ds});
// this hurts physically
- dsAnchors[DNSName(".")] = *ds;
+ dsAnchors[DNSName(".")] = dsmap;
}
/* DID YOU READ THE STORY ABOVE? */
});
Lua.writeFunction("addDS", [&lci](const std::string& who, const std::string& what) {
- lci.dsAnchors[DNSName(who)]= *std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
- });
+ DNSName zone(who);
+ dsmap_t dsmap = lci.dsAnchors[zone];
+
+ auto ds = unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
+ dsmap.insert({ds->d_tag, *ds});
+ lci.dsAnchors[zone] = dsmap;
+ });
Lua.writeFunction("clearDS", [&lci](boost::optional<string> who) {
if(who)
#include "sortlist.hh"
#include "filterpo.hh"
#include "remote_logger.hh"
+#include "validate.hh"
class LuaConfigItems
{
LuaConfigItems();
SortList sortlist;
DNSFilterEngine dfe;
- map<DNSName,DSRecordContent> dsAnchors;
+ map<DNSName,dsmap_t> dsAnchors;
map<DNSName,std::string> negAnchors;
std::shared_ptr<RemoteLogger> protobufServer{nullptr};
uint8_t protobufMaskV4{32};
try {
L<<Logger::Warning<<"Adding Trust Anchor for "<<who<<" with data '"<<what<<"', requested via control channel";
g_luaconfs.modify([who, what](LuaConfigItems& lci) {
- lci.dsAnchors[who] = *std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
+ dsmap_t dsmap = lci.dsAnchors[who];
+ auto ds = unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
+ dsmap.insert({ds->d_tag, *ds});
+ lci.dsAnchors[who] = dsmap;
});
broadcastAccFunction<uint64_t>(boost::bind(pleaseWipePacketCache, who, true));
L<<Logger::Warning<<endl;
{
string ret("Configured Trust Anchors:\n");
auto luaconf = g_luaconfs.getLocal();
- for (auto anchor : luaconf->dsAnchors)
- ret += anchor.first.toLogString() + "\t" + anchor.second.getZoneRepresentation() + "\n";
+ for (auto anchor : luaconf->dsAnchors) {
+ ret += anchor.first.toLogString() + "\n";
+ for (auto e : anchor.second) {
+ ret+="\t\t"+e.second.getZoneRepresentation() + "\n";
+ }
+ }
+
return ret;
}
{
auto ds=std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")));
// this hurts physically
- dsAnchors[DNSName(".")] = *ds;
+ dsmap_t dsmap;
+ dsmap.insert({ds->d_tag, *ds});
+ dsAnchors[DNSName(".")] = dsmap;
}
DNSFilterEngine::DNSFilterEngine() {}
vector<string> labels = zone.getRawLabels();
- typedef std::multimap<uint16_t, DSRecordContent> dsmap_t;
dsmap_t dsmap;
keyset_t validkeys;
while(zone.isPartOf(qname))
{
- if(auto ds = rplookup(luaLocal->dsAnchors, qname))
- {
- dsmap.insert(make_pair(ds->d_tag, *ds));
- }
-
+ dsmap_t* tmp = (dsmap_t*) rplookup(luaLocal->dsAnchors, qname);
+ if (tmp)
+ dsmap = *tmp;
+
vector<RRSIGRecordContent> sigs;
vector<shared_ptr<DNSRecordContent> > toSign;
vector<uint16_t> toSignTags;
keyset_t tkeys; // tentative keys
validkeys.clear();
-
+
// start of this iteration
// we can trust that dsmap has valid DS records for qname
// ponder adding a validate method that accepts a key
};
typedef map<pair<DNSName,uint16_t>, ContentSigPair> cspmap_t;
+typedef std::multimap<uint16_t, DSRecordContent> dsmap_t;
void validateWithKeySet(const cspmap_t& rrsets, cspmap_t& validated, const std::set<DNSKEYRecordContent>& keys);
cspmap_t harvestCSPFromRecs(const vector<DNSRecord>& recs);
vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, std::set<DNSKEYRecordContent> &keyset);