bool DNSBackend::getBeforeAndAfterNames(uint32_t id, const DNSName& zonename, const DNSName& qname, DNSName& before, DNSName& after)
{
+ // FIXME FIXME FIXME
// string lcqname=toLower(qname); FIXME tolower?
// string lczonename=toLower(zonename); FIXME tolower?
// lcqname=makeRelative(lcqname, lczonename);
// lcqname=labelReverse(lcqname);
DNSName dnc;
- bool ret = this->getBeforeAndAfterNamesAbsolute(id, qname, dnc, before, after);
+ string sbefore, safter;
+ sbefore = before.toString();
+ safter = after.toString();
+ bool ret = this->getBeforeAndAfterNamesAbsolute(id, qname, dnc, sbefore, safter);
+ before = DNSName(sbefore);
+ after = DNSName(safter);
// before=dotConcat(labelReverse(before), lczonename); FIXME
// after=dotConcat(labelReverse(after), lczonename); FIXME
virtual bool deleteTSIGKey(const DNSName& name) { return false; }
virtual bool getTSIGKeys(std::vector< struct TSIGKey > &keys) { return false; }
- virtual bool getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qname, DNSName& unhashed, DNSName& before, DNSName& after)
+ virtual bool getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qname, DNSName& unhashed, string& before, string& after)
{
std::cerr<<"Default beforeAndAfterAbsolute called!"<<std::endl;
abort();
#include <deque>
#include <strings.h>
// #include "dns.hh"
+#include "logger.hh"
// #include <ext/vstring.h>
NOTE: For now, everything MUST be . terminated, otherwise it is an error
*/
+
class DNSName
{
public:
std::vector<std::string> getRawLabels() const; //!< Individual raw unescaped labels
bool chopOff(); //!< Turn www.powerdns.com. into powerdns.com., returns false for .
unsigned int countLabels() const;
+ bool empty() const { return countLabels()==0; } // FIXME remove me?
+ void clear() { trimToLabels(0); } // FIXME remove me?
void trimToLabels(unsigned int);
DNSName& operator+=(const DNSName& rhs)
{
const string& relevant=(parts.size() > 2) ? parts[2] : "";
unsigned int total=atoi(parts[1].c_str());
if(relevant.size()!=2*total)
- throw MOADNSException((boost::format("invalid unknown record length for label %s: size not equal to length field (%d != %d)") % d_dr.d_label.c_str() % relevant.size() % (2*total)).str());
+ throw MOADNSException((boost::format("invalid unknown record length for label %s: size not equal to length field (%d != %d)") % d_dr.d_label.toString() % relevant.size() % (2*total)).str());
string out;
out.reserve(total+1);
for(unsigned int n=0; n < total; ++n) {
}
-shared_ptr<DNSRecordContent> DNSRecordContent::unserialize(const string& qname, uint16_t qtype, const string& serialized)
+shared_ptr<DNSRecordContent> DNSRecordContent::unserialize(const DNSName& qname, uint16_t qtype, const string& serialized)
{
dnsheader dnsheader;
memset(&dnsheader, 0, sizeof(dnsheader));
return record;
}
- static shared_ptr<DNSRecordContent> unserialize(const string& qname, uint16_t qtype, const string& serialized);
+ static shared_ptr<DNSRecordContent> unserialize(const DNSName& qname, uint16_t qtype, const string& serialized);
void doRecordCheck(const struct DNSRecord&){}
- std::string label;
+ DNSName label; // FIXME rename
struct dnsrecordheader header;
typedef DNSRecordContent* makerfunc_t(const struct DNSRecord& dr, PacketReader& pr);
struct DNSRecord
{
- std::string d_label;
+ DNSName d_label; //FIXME rename
uint16_t d_type;
uint16_t d_class;
uint32_t d_ttl;
if(rhs.d_content)
rzrp=toLower(rhs.d_content->getZoneRepresentation());
- string llabel=toLower(d_label);
- string rlabel=toLower(rhs.d_label);
+ string llabel=toLower(d_label.toString()); //FIXME
+ string rlabel=toLower(rhs.d_label.toString()); //FIXME
return
tie(llabel, d_type, d_class, lzrp) <
if(rhs.d_content)
rzrp=toLower(rhs.d_content->getZoneRepresentation());
- string llabel=toLower(d_label);
- string rlabel=toLower(rhs.d_label);
+ string llabel=toLower(d_label.toString()); //FIXME
+ string rlabel=toLower(rhs.d_label.toString()); //FIXME
return
tie(llabel, d_type, d_class, lzrp) ==
}
dnsheader d_header;
- string d_qname;
+ DNSName d_qname;
uint16_t d_qclass, d_qtype;
//uint8_t d_rcode;
}
//! look up qname aname with r->qtype, plonk it in the answer section of 'r' with name target
-bool DNSProxy::completePacket(DNSPacket *r, const std::string& target,const std::string& aname)
+bool DNSProxy::completePacket(DNSPacket *r, const DNSName& target,const DNSName& aname)
{
uint16_t id;
{
ce.outsock = r->getSocket();
ce.created = time( NULL );
ce.qtype = r->qtype.getCode();
- ce.qname = stripDot(target);
+ ce.qname = target;
ce.anyLocal = r->d_anyLocal;
ce.complete = r;
ce.aname=aname;
void go(); //!< launches the actual thread
void onlyFrom(const string &ips); //!< Only these netmasks are allowed to recurse via us
bool sendPacket(DNSPacket *p); //!< send out a packet and make a conntrack entry to we can send back the answer
- bool completePacket(DNSPacket *r, const std::string& target,const std::string& aname);
+ bool completePacket(DNSPacket *r, const DNSName& target,const DNSName& aname);
void mainloop(); //!< this is the main loop that receives reply packets and sends them out again
static void *launchhelper(void *p)
DNSName qname;
uint16_t qtype;
DNSPacket* complete;
- string aname;
+ DNSName aname;
boost::optional<ComboAddress> anyLocal;
};
return a->serialize("", true, true) < b->serialize("", true, true);
}
-string getMessageForRRSET(const std::string& qname, const RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& signRecords)
+string getMessageForRRSET(const DNSName& qname, const RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& signRecords)
{
sort(signRecords.begin(), signRecords.end(), sharedDNSSECCompare);
toHash.resize(toHash.size() - rrc.d_signature.length()); // chop off the end, don't sign the signature!
BOOST_FOREACH(shared_ptr<DNSRecordContent>& add, signRecords) {
- toHash.append(toLower(simpleCompress(qname, "")));
+ toHash.append(qname.toDNSString()); // FIXME tolower?
uint16_t tmp=htons(rrc.d_type);
toHash.append((char*)&tmp, 2);
tmp=htons(1); // class
return toHash;
}
-DSRecordContent makeDSFromDNSKey(const std::string& qname, const DNSKEYRecordContent& drc, int digest)
+DSRecordContent makeDSFromDNSKey(const DNSName& qname, const DNSKEYRecordContent& drc, int digest)
{
string toHash;
- toHash.assign(toLower(simpleCompress(qname)));
+ toHash.assign(qname.toDNSString()); // FIXME tolower?
toHash.append(const_cast<DNSKEYRecordContent&>(drc).serialize("", true, true));
DSRecordContent dsrc;
std::string hashQNameWithSalt(unsigned int times, const std::string& salt, const DNSName& qname);
void decodeDERIntegerSequence(const std::string& input, vector<string>& output);
class DNSPacket;
-void addRRSigs(DNSSECKeeper& dk, UeberBackend& db, const std::set<string, CIStringCompare>& authMap, vector<DNSResourceRecord>& rrs);
+void addRRSigs(DNSSECKeeper& dk, UeberBackend& db, const std::set<DNSName>& authMap, vector<DNSResourceRecord>& rrs);
string calculateMD5HMAC(const std::string& key, const std::string& text);
return g_signatures.size();
}
-void fillOutRRSIG(DNSSECPrivateKey& dpk, const std::string& signQName, RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& toSign)
+void fillOutRRSIG(DNSSECPrivateKey& dpk, const DNSName& signQName, RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& toSign)
{
if(!g_signatureCount)
g_signatureCount = S.getPointer("signatures");
}
string stripDot(const string& dom);
+
void seedRandom(const string& source);
string makeRelative(const std::string& fqdn, const std::string& zone);
string labelReverse(const std::string& qname);
{
vector<DNSResourceRecord> ret;
DNSResourceRecord rr;
- string prefix;
+ DNSName prefix;
DNSName subdomain(target);
do {
DLOG(L<<"Attempting DNAME lookup for "<<subdomain.toString()<<", sd.qname="<<sd.qname.toString()<<endl);
ret.push_back(rr); // put in the original
rr.qtype = QType::CNAME;
rr.qname = prefix + rr.qname;
- rr.content = prefix + rr.content;
+ rr.content = (prefix + rr.content).toString();
rr.auth = 0; // don't sign CNAME
target= rr.content;
ret.push_back(rr);
}
if(!ret.empty())
return ret;
- string::size_type pos = subdomain.find('.');
- if(pos != string::npos)
- prefix+= subdomain.substr(0, pos+1);
+ if(subdomain.countLabels())
+ prefix+= subdomain.getRawLabels()[0];
if(subdomain == sd.qname) // stop at SOA
break;
r->addRecord(rr);
}
-void emitNSEC3(UeberBackend& B, const NSEC3PARAMRecordContent& ns3prc, const SOAData& sd, const DNSName& unhashed, const DNSName& begin, const DNSName& end, const DNSName& toNSEC3, DNSPacket *r, int mode)
+void emitNSEC3(UeberBackend& B, const NSEC3PARAMRecordContent& ns3prc, const SOAData& sd, const DNSName& unhashed, const string& begin, const string& end, const DNSName& toNSEC3, DNSPacket *r, int mode)
{
// cerr<<"We should emit NSEC3 '"<<toBase32Hex(begin)<<"' - ('"<<toNSEC3<<"') - '"<<toBase32Hex(end)<<"' (unhashed: '"<<unhashed<<"')"<<endl;
NSEC3RecordContent n3rc;
n3rc.d_nexthash=end;
- rr.qname=dotConcat(toBase32Hex(begin), sd.qname);
+ rr.qname=DNSName(toBase32Hex(begin))+sd.qname;
rr.ttl = sd.default_ttl;
rr.qtype=QType::NSEC3;
rr.content=n3rc.getZoneRepresentation();
r->addRecord(rr);
}
-void PacketHandler::emitNSEC3(const NSEC3PARAMRecordContent& ns3prc, const SOAData& sd, const DNSName& unhashed, const DNSName& begin, const DNSName& end, const DNSName& toNSEC3, DNSPacket *r, int mode)
+void PacketHandler::emitNSEC3(const NSEC3PARAMRecordContent& ns3prc, const SOAData& sd, const DNSName& unhashed, const string& begin, const string& end, /* FIXME unused */ const DNSName& toNSEC3, DNSPacket *r, int mode)
{
::emitNSEC3(B, ns3prc, sd, unhashed, begin, end, toNSEC3, r, mode);
return;
NSEC3PARAMRecordContent ns3rc;
- // cerr<<"Doing NSEC3PARAM lookup for '"<<auth<<"', "<<p->qdomain<<"|"<<p->qtype.getName()<<": ";
+ // cerr<<"Doing NSEC3PARAM lookup for '"<<auth<<"', "<<p->qdomain
.toString()<<"|"<<p->qtype.getName()<<": ";
bool narrow;
if(d_dk.getNSEC3PARAM(auth, &ns3rc, &narrow)) {
// cerr<<"Present, narrow="<<narrow<<endl;
}
-bool getNSEC3Hashes(bool narrow, DNSBackend* db, int id, const std::string& hashed, bool decrement, string& unhashed, string& before, string& after, int mode)
+bool getNSEC3Hashes(bool narrow, DNSBackend* db, int id, const std::string& hashed, bool decrement, DNSName& unhashed, string& before, string& after, int mode)
{
bool ret;
if(narrow) { // nsec3-narrow
return ret;
}
-void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, const string& wildcard, const string& auth, const NSEC3PARAMRecordContent& ns3rc, bool narrow, int mode)
+void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const DNSName& target, const DNSName& wildcard, const DNSName& auth, const NSEC3PARAMRecordContent& ns3rc, bool narrow, int mode)
{
- DLOG(L<<"addNSEC3() mode="<<mode<<" auth="<<auth<<" target="<<target<<" wildcard="<<wildcard<<endl);
+ DLOG(L<<"addNSEC3() mode="<<mode<<" auth="<<auth.toString()<<" target="<<target.toString()<<" wildcard="<<wildcard.toString()<<endl);
SOAData sd;
if(!B.getSOAUncached(auth, sd)) {
}
bool doNextcloser = false;
- string unhashed, hashed, before, after;
- string closest;
+ string before, after, hashed;
+ DNSName unhashed, closest;
DNSResourceRecord rr;
if (mode == 2 || mode == 3 || mode == 4) {
closest=wildcard;
- (void) chopOff(closest);
+ closest.chopOff();
} else
closest=target;
if (mode != 3) {
unhashed=(mode == 0 || mode == 1 || mode == 5) ? target : closest;
hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed);
- DLOG(L<<"1 hash: "<<toBase32Hex(hashed)<<" "<<unhashed<<endl);
+ DLOG(L<<"1 hash: "<<toBase32Hex(hashed)<<" "<<unhashed.toString()<<endl);
- if(!B.getDirectNSECx(sd.domain_id, hashed, QType(QType::NSEC3), before, rr))
+ // if(!B.getDirectNSECx(sd.domain_id, hashed, QType(QType::NSEC3), before, rr))
getNSEC3Hashes(narrow, sd.db, sd.domain_id, hashed, false, unhashed, before, after, mode);
if (((mode == 0 && ns3rc.d_flags) || mode == 1) && (hashed != before)) {
bool doBreak = false;
DNSResourceRecord rr;
- while( chopOff( closest ) && (closest != sd.qname)) { // stop at SOA
+ while( closest.chopOff() && (closest != sd.qname)) { // stop at SOA
B.lookup(QType(QType::ANY), closest, p, sd.domain_id);
while(B.get(rr))
if (rr.auth)
doNextcloser = true;
unhashed=closest;
hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed);
- DLOG(L<<"1 hash: "<<toBase32Hex(hashed)<<" "<<unhashed<<endl);
+ DLOG(L<<"1 hash: "<<toBase32Hex(hashed)<<" "<<unhashed.toString()<<endl);
- if(!B.getDirectNSECx(sd.domain_id, hashed, QType(QType::NSEC3), before, rr))
+ // if(!B.getDirectNSECx(sd.domain_id, hashed, QType(QType::NSEC3), before, rr))
getNSEC3Hashes(narrow, sd.db, sd.domain_id, hashed, false, unhashed, before, after);
}
// add covering NSEC3 RR
if ((mode >= 2 && mode <= 4) || doNextcloser) {
- string next(target);
+ DNSName next(target);
do {
unhashed=next;
}
- while( chopOff( next ) && !pdns_iequals(next, closest));
+ while( next.chopOff() && !pdns_iequals(next, closest));
hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed);
- DLOG(L<<"2 hash: "<<toBase32Hex(hashed)<<" "<<unhashed<<endl);
- if(!B.getDirectNSECx(sd.domain_id, hashed, QType(QType::NSEC3), before, rr)) {
+ DLOG(L<<"2 hash: "<<toBase32Hex(hashed)<<" "<<unhashed.toString()<<endl);
+ // if(!B.getDirectNSECx(sd.domain_id, hashed, QType(QType::NSEC3), before, rr)) {
getNSEC3Hashes(narrow, sd.db,sd.domain_id, hashed, true, unhashed, before, after);
DLOG(L<<"Done calling for covering, hashed: '"<<toBase32Hex(hashed)<<"' before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"'"<<endl);
emitNSEC3( ns3rc, sd, unhashed, before, after, target, r, mode);
- } else if(!before.empty())
- r->addRecord(rr);
+ // } else if(!before.empty())
+ // r->addRecord(rr);
}
// wildcard denial
if (mode == 2 || mode == 4) {
- unhashed=dotConcat("*", closest);
+ unhashed=DNSName("*")+closest;
hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed);
- DLOG(L<<"3 hash: "<<toBase32Hex(hashed)<<" "<<unhashed<<endl);
+ DLOG(L<<"3 hash: "<<toBase32Hex(hashed)<<" "<<unhashed.toString()<<endl);
- if(!B.getDirectNSECx(sd.domain_id, hashed, QType(QType::NSEC3), before, rr)) {
+ // if(!B.getDirectNSECx(sd.domain_id, hashed, QType(QType::NSEC3), before, rr)) {
getNSEC3Hashes(narrow, sd.db, sd.domain_id, hashed, (mode != 2), unhashed, before, after);
DLOG(L<<"Done calling for '*', hashed: '"<<toBase32Hex(hashed)<<"' before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"'"<<endl);
emitNSEC3( ns3rc, sd, unhashed, before, after, target, r, mode);
- } else if(!before.empty())
- r->addRecord(rr);
+ // } else if(!before.empty())
+ // r->addRecord(rr);
}
}
-void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, const string& wildcard, const string& auth, int mode)
+void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const DNSName& target, const DNSName& wildcard, const DNSName& auth, int mode)
{
- DLOG(L<<"addNSEC() mode="<<mode<<" auth="<<auth<<" target="<<target<<" wildcard="<<wildcard<<endl);
+ DLOG(L<<"addNSEC() mode="<<mode<<" auth="<<auth.toString()<<" target="<<target.toString()<<" wildcard="<<wildcard.toString()<<endl);
SOAData sd;
if(!B.getSOAUncached(auth, sd)) {
return;
}
- string before,after;
+ DNSName before,after;
DNSResourceRecord rr;
rr.auth=false;
- if(!B.getDirectNSECx(sd.domain_id, toLower(labelReverse(makeRelative(target, auth))), QType(QType::NSEC), before, rr)) {
+ // if(!B.getDirectNSECx(sd.domain_id, toLower(labelReverse(makeRelative(target.toString(), auth.toString()))) /* FIXME DNSName should do this */, QType(QType::NSEC), before, rr)) {
sd.db->getBeforeAndAfterNames(sd.domain_id, auth, target, before, after);
emitNSEC(before, after, target, sd, r, mode);
- } else if(rr.auth) {
- if (mode == 5)
- rr.d_place=DNSResourceRecord::ANSWER;
- r->addRecord(rr);
- }
+ // } else if(rr.auth) {
+ // if (mode == 5)
+ // rr.d_place=DNSResourceRecord::ANSWER;
+ // r->addRecord(rr);
+ // }
if (mode == 2 || mode == 4) {
// wildcard NO-DATA or wildcard denial
before.clear();
- string closest(wildcard);
+ DNSName closest(wildcard);
if (mode == 4) {
- (void) chopOff(closest);
- closest=dotConcat("*", closest);
+ closest.chopOff();
+ closest.prependRawLabel("*");
}
rr.auth=false;
- if(!B.getDirectNSECx(sd.domain_id, toLower(labelReverse(makeRelative(closest, auth))), QType(QType::NSEC), before, rr)) {
+ if(!B.getDirectNSECx(sd.domain_id, toLower(labelReverse(makeRelative(closest.toString(), auth.toString()))), QType(QType::NSEC), before, rr)) {
sd.db->getBeforeAndAfterNames(sd.domain_id, auth, closest, before, after);
emitNSEC(before, after, target, sd, r, mode);
} else if(rr.auth)
Resolver resolver;
uint32_t theirserial;
resolver.getSoaSerial(p->getRemote(),p->qdomain, &theirserial);
- resolver.resolve(p->getRemote(), p->qdomain.c_str(), QType::NS, &nsset);
+ resolver.resolve(p->getRemote(), p->qdomain, QType::NS, &nsset);
}
catch(ResolverException &re) {
- L<<Logger::Error<<"Error resolving SOA or NS for "<<p->qdomain<<" at: "<< p->getRemote() <<": "<<re.reason<<endl;
+ L<<Logger::Error<<"Error resolving SOA or NS for "<<p->qdomain.toString()<<" at: "<< p->getRemote() <<": "<<re.reason<<endl;
return RCode::ServFail;
}
}
if(!haveNS) {
- L<<Logger::Error<<"While checking for supermaster, did not find NS for "<<p->qdomain<<" at: "<< p->getRemote()<<endl;
+ L<<Logger::Error<<"While checking for supermaster, did not find NS for "<<p->qdomain.toString()<<" at: "<< p->getRemote()<<endl;
return RCode::ServFail;
}
string nameserver, account;
DNSBackend *db;
if(!B.superMasterBackend(p->getRemote(), p->qdomain, nsset, &nameserver, &account, &db)) {
- L<<Logger::Error<<"Unable to find backend willing to host "<<p->qdomain<<" for potential supermaster "<<p->getRemote()<<". Remote nameservers: "<<endl;
+ L<<Logger::Error<<"Unable to find backend willing to host "<<p->qdomain
.toString()<<" for potential supermaster "<<p->getRemote()<<". Remote nameservers: "<<endl;
BOOST_FOREACH(class DNSResourceRecord& rr, nsset) {
if(rr.qtype.getCode()==QType::NS)
L<<Logger::Error<<rr.content<<endl;
db->createSlaveDomain(p->getRemote(), p->qdomain, nameserver, account);
}
catch(PDNSException& ae) {
- L<<Logger::Error<<"Database error trying to create "<<p->qdomain<<" for potential supermaster "<<p->getRemote()<<": "<<ae.reason<<endl;
+ L<<Logger::Error<<"Database error trying to create "<<p->qdomain
.toString()<<" for potential supermaster "<<p->getRemote()<<": "<<ae.reason<<endl;
return RCode::ServFail;
}
- L<<Logger::Warning<<"Created new slave zone '"<<p->qdomain<<"' from supermaster "<<p->getRemote()<<endl;
+ L<<Logger::Warning<<"Created new slave zone '"<<p->qdomain
.toString()<<"' from supermaster "<<p->getRemote()<<endl;
return RCode::NoError;
}
if master is higher -> do stuff
*/
if(!::arg().mustDo("slave")) {
- L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<" but slave support is disabled in the configuration"<<endl;
+ L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain
.toString()<<" from "<<p->getRemote()<<" but slave support is disabled in the configuration"<<endl;
return RCode::NotImp;
}
if(!s_allowNotifyFrom.match((ComboAddress *) &p->d_remote )) {
- L<<Logger::Notice<<"Received NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<" but remote is not in allow-notify-from"<<endl;
+ L<<Logger::Notice<<"Received NOTIFY for "<<p->qdomain
.toString()<<" from "<<p->getRemote()<<" but remote is not in allow-notify-from"<<endl;
return RCode::Refused;
}
DomainInfo di;
di.serial = 0;
if(!B.getDomainInfo(p->qdomain, di) || !(db=di.backend)) {
- L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<" for which we are not authoritative"<<endl;
+ L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain
.toString()<<" from "<<p->getRemote()<<" for which we are not authoritative"<<endl;
return trySuperMaster(p);
}
if(::arg().contains("trusted-notification-proxy", p->getRemote())) {
- L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from trusted-notification-proxy "<< p->getRemote()<<endl;
+ L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain.toString()<<" from trusted-notification-proxy "<< p->getRemote()<<endl;
if(di.masters.empty()) {
- L<<Logger::Error<<"However, "<<p->qdomain<<" does not have any masters defined"<<endl;
+ L<<Logger::Error<<"However, "<<p->qdomain.toString()<<" does not have any masters defined"<<endl;
return RCode::Refused;
}
}
else if(!db->isMaster(p->qdomain, p->getRemote())) {
- L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<" which is not a master"<<endl;
+ L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain
.toString()<<" from "<<p->getRemote()<<" which is not a master"<<endl;
return RCode::Refused;
}
if(d_dk.isSecuredZone(sd.qname))
addNSECX(p, r, target, wildcard, sd.qname, mode);
- S.ringAccount("noerror-queries",p->qdomain+"/"+p->qtype.getName());
+ S.ringAccount("noerror-queries",p->qdomain.toString()+"/"+p->qtype.getName());
}
if(rrset.empty())
return false;
- DLOG(L<<"The best NS is: "<<rrset.begin()->qname<<endl);
+ DLOG(L<<"The best NS is: "<<rrset.begin()->qname.toString()<<endl);
BOOST_FOREACH(DNSResourceRecord rr, rrset) {
DLOG(L<<"\tadding '"<<rr.content<<"'"<<endl);
rr.d_place=DNSResourceRecord::AUTHORITY;
bool PacketHandler::tryWildcard(DNSPacket *p, DNSPacket*r, SOAData& sd, DNSName &target, DNSName &wildcard, bool& retargeted, bool& nodata)
{
retargeted = nodata = false;
- string bestmatch;
+ DNSName bestmatch;
vector<DNSResourceRecord> rrset;
if(!getBestWildcard(p, sd, target, wildcard, &rrset))
nodata=true;
}
else {
- DLOG(L<<"The best wildcard match: "<<rrset.begin()->qname<<endl);
+ DLOG(L<<"The best wildcard match: "<<rrset.begin()->qname.toString()<<endl);
BOOST_FOREACH(DNSResourceRecord rr, rrset) {
rr.wildcardname = rr.qname;
rr.qname=bestmatch=target;
DNSResourceRecord rr;
SOAData sd;
- string subdomain="";
+ // string subdomain="";
string soa;
int retargetcount=0;
set<DNSName> authSet;
vector<DNSResourceRecord> rrset;
bool weDone=0, weRedirected=0, weHaveUnauth=0;
- string haveAlias;
+ DNSName haveAlias;
DNSPacket *r=0;
bool noCache=false;
// XXX FIXME do this in DNSPacket::parse ?
- if(!validDNSName(p->qdomain)) {
- if(d_logDNSDetails)
- L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': sending servfail"<<endl;
- S.inc("corrupt-packets");
- S.ringAccount("remotes-corrupt", p->d_remote);
- S.inc("servfail-packets");
- r->setRcode(RCode::ServFail);
- return r;
- }
+ // if(!validDNSName(p->qdomain)) {
+ // if(d_logDNSDetails)
+ // L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain.toString()<<"': sending servfail"<<endl;
+ // S.inc("corrupt-packets");
+ // S.ringAccount("remotes-corrupt", p->d_remote);
+ // S.inc("servfail-packets");
+ // r->setRcode(RCode::ServFail);
+ // return r;
+ // }
if(p->d.opcode) { // non-zero opcode (again thanks RA!)
if(p->d.opcode==Opcode::Update) {
S.inc("dnsupdate-queries");
return 0;
}
- L<<Logger::Error<<"Received an unknown opcode "<<p->d.opcode<<" from "<<p->getRemote()<<" for "<<p->qdomain<<endl;
+ L<<Logger::Error<<"Received an unknown opcode "<<p->d.opcode<<" from "<<p->getRemote()<<" for "<<p->qdomain.toString()<<endl;
r->setRcode(RCode::NotImp);
return r;
}
- // L<<Logger::Warning<<"Query for '"<<p->qdomain<<"' "<<p->qtype.getName()<<" from "<<p->getRemote()<< " (tcp="<<p->d_tcp<<")"<<endl;
+ // L<<Logger::Warning<<"Query for '"<<p->qdomain
.toString()<<"' "<<p->qtype.getName()<<" from "<<p->getRemote()<< " (tcp="<<p->d_tcp<<")"<<endl;
r->d.ra = (p->d.rd && d_doRecursion && DP->recurseFor(p)); // make sure we set ra if rd was set, and we'll do it
return r;
}
- string target=p->qdomain;
+ DNSName target=p->qdomain;
// catch chaos qclass requests
if(p->qclass == QClass::CHAOS) {
retargeted:;
if(retargetcount > 10) { // XXX FIXME, retargetcount++?
- L<<Logger::Warning<<"Abort CNAME chain resolution after "<<--retargetcount<<" redirects, sending out servfail. Initial query: '"<<p->qdomain<<"'"<<endl;
+ L<<Logger::Warning<<"Abort CNAME chain resolution after "<<--retargetcount<<" redirects, sending out servfail. Initial query: '"<<p->qdomain.toString()<<"'"<<endl;
delete r;
r=p->replyPacket();
r->setRcode(RCode::ServFail);
}
if(!B.getAuth(p, &sd, target)) {
- DLOG(L<<Logger::Error<<"We have no authority over zone '"<<target<<"'"<<endl);
+ DLOG(L<<Logger::Error<<"We have no authority over zone '"<<target.toString()<<"'"<<endl);
if(r->d.ra) {
DLOG(L<<Logger::Error<<"Recursion is available for this remote, doing that"<<endl);
*shouldRecurse=true;
}
goto sendit;
}
- DLOG(L<<Logger::Error<<"We have authority, zone='"<<sd.qname<<"', id="<<sd.domain_id<<endl);
+ DLOG(L<<Logger::Error<<"We have authority, zone='"<<sd.qname.toString()<<"', id="<<sd.domain_id<<endl);
authSet.insert(sd.qname);
if(!retargetcount) r->qdomainzone=sd.qname;
// this TRUMPS a cname!
if(p->qtype.getCode() == QType::RRSIG) {
- L<<Logger::Info<<"Direct RRSIG query for "<<target<<" from "<<p->getRemote()<<endl;
+ L<<Logger::Info<<"Direct RRSIG query for "<<target
.toString()<<" from "<<p->getRemote()<<endl;
r->setRcode(RCode::NotImp);
goto sendit;
}
// see what we get..
B.lookup(QType(QType::ANY), target, p, sd.domain_id);
rrset.clear();
- haveAlias.clear();
+ haveAlias.trimToLabels(0);
weDone = weRedirected = weHaveUnauth = false;
while(B.get(rr)) {
weRedirected=1;
if(DP && rr.qtype.getCode() == QType::ALIAS) {
- haveAlias=rr.content;
+ haveAlias=DNSName(rr.content);
}
// Filter out all SOA's and add them in later
}
- DLOG(L<<"After first ANY query for '"<<target<<"', id="<<sd.domain_id<<": weDone="<<weDone<<", weHaveUnauth="<<weHaveUnauth<<", weRedirected="<<weRedirected<<", haveAlias='"<<haveAlias<<"'"<<endl);
+ DLOG(L<<"After first ANY query for '"<<target.toString()<<"', id="<<sd.domain_id<<": weDone="<<weDone<<", weHaveUnauth="<<weHaveUnauth<<", weRedirected="<<weRedirected<<", haveAlias='"<<haveAlias.toString()<<"'"<<endl);
if(p->qtype.getCode() == QType::DS && weHaveUnauth && !weDone && !weRedirected && d_dk.isSecuredZone(sd.qname)) {
DLOG(L<<"Q for DS of a name for which we do have NS, but for which we don't have on a zone with DNSSEC need to provide an AUTH answer that proves we don't"<<endl);
makeNOError(p, r, target, "", sd, 1);
}
if(!haveAlias.empty() && !weDone) {
- DLOG(L<<Logger::Warning<<"Found nothing that matched for '"<<target<<"', but did get alias to '"<<haveAlias<<"', referring"<<endl);
+ DLOG(L<<Logger::Warning<<"Found nothing that matched for '"<<target.toString()<<"', but did get alias to '"<<haveAlias.toString()<<"', referring"<<endl);
DP->completePacket(r, haveAlias, target);
return 0;
}
DLOG(L<<Logger::Warning<<"Found nothing in the by-name ANY, but let's try wildcards.."<<endl);
bool wereRetargeted(false), nodata(false);
- string wildcard;
+ DNSName wildcard;
if(tryWildcard(p, r, sd, target, wildcard, wereRetargeted, nodata)) {
if(wereRetargeted) {
if(!retargetcount) r->qdomainwild=wildcard;
if(tryReferral(p, r, sd, target, retargetcount))
goto sendit;
// check whether this could be fixed easily
- if (*(rr.qname.rbegin()) == '.') {
-
L<<Logger::Error<<"Should not get here ("<<p->qdomain<<"|"<<p->qtype.getCode()<<"): you have a trailing dot, this could be the problem (or run pdnssec rectify-zone " <<sd.qname<<")"<<endl;
- } else {
- L<<Logger::Error<<"Should not get here ("<<p->qdomain<<"|"<<p->qtype.getCode()<<"): please run pdnssec rectify-zone "<<sd.qname<<endl;
- }
+ // if (*(rr.qname.rbegin()) == '.') {
+
// L<<Logger::Error<<"Should not get here ("<<p->qdomain.toString()<<"|"<<p->qtype.getCode()<<"): you have a trailing dot, this could be the problem (or run pdnssec rectify-zone " <<sd.qname<<")"<<endl;
+ // } else {
+ L<<Logger::Error<<"Should not get here ("<<p->qdomain.toString()<<"|"<<p->qtype.getCode()<<"): please run pdnssec rectify-zone "<<sd.qname.toString()<<endl;
+ // }
}
else {
DLOG(L<<"Have some data, but not the right data"<<endl);
r=p->replyPacket(); // generate an empty reply packet
r->setRcode(RCode::ServFail);
S.inc("servfail-packets");
- S.ringAccount("servfail-queries",p->qdomain);
+ S.ringAccount("servfail-queries",p->qdomain.toString());
}
catch(PDNSException &e) {
L<<Logger::Error<<"Backend reported permanent error which prevented lookup ("+e.reason+"), aborting"<<endl;
r=p->replyPacket(); // generate an empty reply packet
r->setRcode(RCode::ServFail);
S.inc("servfail-packets");
- S.ringAccount("servfail-queries",p->qdomain);
+ S.ringAccount("servfail-queries",p->qdomain.toString());
}
return r;
void addNSEC(DNSPacket *p, DNSPacket* r, const DNSName &target, const DNSName &wildcard, const DNSName& auth, int mode);
void addNSEC3(DNSPacket *p, DNSPacket* r, const DNSName &target, const DNSName &wildcard, const DNSName& auth, const NSEC3PARAMRecordContent& nsec3param, bool narrow, int mode);
void emitNSEC(const DNSName& before, const DNSName& after, const DNSName& toNSEC, const SOAData& sd, DNSPacket *r, int mode);
- void emitNSEC3(const NSEC3PARAMRecordContent &ns3rc, const SOAData& sd, const DNSName& unhashed, const DNSName& begin, const DNSName& end, const DNSName& toNSEC3, DNSPacket *r, int mode);
+ void emitNSEC3(const NSEC3PARAMRecordContent &ns3rc, const SOAData& sd, const DNSName& unhashed, /* FIXME should this be DNSName? */ const string& begin, const string& end, const DNSName& toNSEC3, DNSPacket *r, int mode);
int processUpdate(DNSPacket *p);
int forwardPacket(const string &msgPrefix, DNSPacket *p, DomainInfo *di);
uint performUpdate(const string &msgPrefix, const DNSRecord *rr, DomainInfo *di, bool isPresigned, bool* narrow, bool* haveNSEC3, NSEC3PARAMRecordContent *ns3pr, bool *updatedSerial);
UeberBackend B; // every thread an own instance
DNSSECKeeper d_dk; // B is shared with DNSSECKeeper
};
-bool getNSEC3Hashes(bool narrow, DNSBackend* db, int id, const std::string& hashed, bool decrement, string& unhashed, string& before, string& after, int mode=0);
+bool getNSEC3Hashes(bool narrow, DNSBackend* db, int id, const std::string& hashed, bool decrement, DNSName& unhashed, string& before, string& after, int mode=0);
#endif /* PACKETHANDLER */
}
uint16_t Resolver::sendResolve(const ComboAddress& remote, const ComboAddress& local,
- const char *domain, int type, bool dnssecOK,
- const string& tsigkeyname, const string& tsigalgorithm,
+ const DNSName &domain, int type, bool dnssecOK,
+ const DNSName& tsigkeyname, const DNSName& tsigalgorithm,
const string& tsigsecret)
{
uint16_t randomid;
return randomid;
}
-uint16_t Resolver::sendResolve(const ComboAddress& remote, const char *domain,
+uint16_t Resolver::sendResolve(const ComboAddress& remote, const DNSName &domain,
int type, bool dnssecOK,
- const string& tsigkeyname, const string& tsigalgorithm,
+ const DNSName& tsigkeyname, const DNSName& tsigalgorithm,
const string& tsigsecret)
{
ComboAddress local;
return this->sendResolve(remote, local, domain, type, dnssecOK, tsigkeyname, tsigalgorithm, tsigsecret);
}
-static int parseResult(MOADNSParser& mdp, const std::string& origQname, uint16_t origQtype, uint16_t id, Resolver::res_t* result)
+static int parseResult(MOADNSParser& mdp, const DNSName& origQname, uint16_t origQtype, uint16_t id, Resolver::res_t* result)
{
result->clear();
if(mdp.d_header.rcode)
return mdp.d_header.rcode;
- if(!origQname.empty()) { // not AXFR
+ if(origQname.countLabels()) { // not AXFR
if(mdp.d_header.id != id)
throw ResolverException("Remote nameserver replied with wrong id");
if(mdp.d_header.qdcount != 1)
throw ResolverException("resolver: received answer with wrong number of questions ("+itoa(mdp.d_header.qdcount)+")");
- if(mdp.d_qname != origQname+".")
- throw ResolverException(string("resolver: received an answer to another question (")+mdp.d_qname+"!="+ origQname+".)");
+ if(mdp.d_qname != origQname)
+ throw ResolverException(string("resolver: received an answer to another question (")+mdp.d_qname.toString()+"!="+ origQname.toString()+".)");
}
vector<DNSResourceRecord> ret;
DNSResourceRecord rr;
for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i!=mdp.d_answers.end(); ++i) {
rr.qname = i->first.d_label;
- if(!rr.qname.empty())
- boost::erase_tail(rr.qname, 1); // strip .
rr.qtype = i->first.d_type;
rr.ttl = i->first.d_ttl;
rr.content = i->first.d_content->getZoneRepresentation();
return 0;
}
-bool Resolver::tryGetSOASerial(string* domain, uint32_t *theirSerial, uint32_t *theirInception, uint32_t *theirExpire, uint16_t* id)
+bool Resolver::tryGetSOASerial(DNSName *domain, uint32_t *theirSerial, uint32_t *theirInception, uint32_t *theirExpire, uint16_t* id)
{
struct pollfd *fds = new struct pollfd[locals.size()];
size_t i = 0, k;
MOADNSParser mdp((char*)buf, err);
*id=mdp.d_header.id;
- *domain = stripDot(mdp.d_qname);
+ *domain = mdp.d_qname;
if(mdp.d_answers.empty())
- throw ResolverException("Query to '" + fromaddr.toStringWithPort() + "' for SOA of '" + *domain + "' produced no results (RCode: " + RCode::to_s(mdp.d_header.rcode) + ")");
+ throw ResolverException("Query to '" + fromaddr.toStringWithPort() + "' for SOA of '" + domain->toString() + "' produced no results (RCode: " + RCode::to_s(mdp.d_header.rcode) + ")");
if(mdp.d_qtype != QType::SOA)
- throw ResolverException("Query to '" + fromaddr.toStringWithPort() + "' for SOA of '" + *domain + "' returned wrong record type");
+ throw ResolverException("Query to '" + fromaddr.toStringWithPort() + "' for SOA of '" + domain->toString() + "' returned wrong record type");
*theirInception = *theirExpire = 0;
bool gotSOA=false;
}
}
if(!gotSOA)
- throw ResolverException("Query to '" + fromaddr.toString() + "' for SOA of '" + *domain + "' did not return a SOA");
+ throw ResolverException("Query to '" + fromaddr.toString() + "' for SOA of '" + domain->toString() + "' did not return a SOA");
return true;
}
-int Resolver::resolve(const string &ipport, const char *domain, int type, Resolver::res_t* res, const ComboAddress &local)
+int Resolver::resolve(const string &ipport, const DNSName &domain, int type, Resolver::res_t* res, const ComboAddress &local)
{
try {
ComboAddress to(ipport, 53);
return -1;
}
-int Resolver::resolve(const string &ipport, const char *domain, int type, Resolver::res_t* res) {
+int Resolver::resolve(const string &ipport, const DNSName &domain, int type, Resolver::res_t* res) {
ComboAddress local;
local.sin4.sin_family = 0;
return resolve(ipport, domain, type, res, local);
}
-void Resolver::getSoaSerial(const string &ipport, const string &domain, uint32_t *serial)
+void Resolver::getSoaSerial(const string &ipport, const DNSName &domain, uint32_t *serial)
{
vector<DNSResourceRecord> res;
- int ret = resolve(ipport, domain.c_str(), QType::SOA, &res);
+ int ret = resolve(ipport, domain, QType::SOA, &res);
if(ret || res.empty())
- throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain + "' produced no answers");
+ throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced no answers");
if(res[0].qtype.getCode() != QType::SOA)
- throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain + "' produced a "+res[0].qtype.getName()+" record");
+ throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced a "+res[0].qtype.getName()+" record");
vector<string>parts;
stringtok(parts, res[0].content);
if(parts.size()<3)
- throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain + "' produced an unparseable response");
+ throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable response");
*serial=(uint32_t)atol(parts[2].c_str());
}
AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
- const string& domain,
- const string& tsigkeyname,
- const string& tsigalgorithm,
+ const DNSName& domain,
+ const DNSName& tsigkeyname,
+ const DNSName& tsigalgorithm,
const string& tsigsecret,
const ComboAddress* laddr)
: d_tsigkeyname(tsigkeyname), d_tsigsecret(tsigsecret), d_tsigPos(0), d_nonSignedMessages(0)
if (checkTSIG) {
if (theirMac.empty())
- throw ResolverException("No TSIG on AXFR response from "+d_remote.toStringWithPort()+" , should be signed with TSIG key '"+d_tsigkeyname+"'");
+ throw ResolverException("No TSIG on AXFR response from "+d_remote.toStringWithPort()+" , should be signed with TSIG key '"+d_tsigkeyname.toString()+"'");
string message;
if (!d_prevMac.empty()) {
// ourMac[0]++; // sabotage == for testing :-)
if(ourMac != theirMac) {
- throw ResolverException("Signature failed to validate on AXFR response from "+d_remote.toStringWithPort()+" signed with TSIG key '"+d_tsigkeyname+"'");
+ throw ResolverException("Signature failed to validate on AXFR response from "+d_remote.toStringWithPort()+" signed with TSIG key '"+d_tsigkeyname.toString()+"'");
}
}
typedef vector<DNSResourceRecord> res_t;
//! synchronously resolve domain|type at IP, store result in result, rcode in ret
- int resolve(const string &ip, const char *domain, int type, res_t* result, const ComboAddress& local);
+ int resolve(const string &ip, const DNSName &domain, int type, res_t* result, const ComboAddress& local);
- int resolve(const string &ip, const char *domain, int type, res_t* result);
+ int resolve(const string &ip, const DNSName &domain, int type, res_t* result);
//! only send out a resolution request
- uint16_t sendResolve(const ComboAddress& remote, const ComboAddress& local, const char *domain, int type, bool dnssecOk=false,
- const string& tsigkeyname="", const string& tsigalgorithm="", const string& tsigsecret="");
+ uint16_t sendResolve(const ComboAddress& remote, const ComboAddress& local, const DNSName &domain, int type, bool dnssecOk=false,
+ const DNSName& tsigkeyname=DNSName(), const DNSName& tsigalgorithm=DNSName(), const string& tsigsecret="");
- uint16_t sendResolve(const ComboAddress& remote, const char *domain, int type, bool dnssecOk=false,
- const string& tsigkeyname="", const string& tsigalgorithm="", const string& tsigsecret="");
+ uint16_t sendResolve(const ComboAddress& remote, const DNSName &domain, int type, bool dnssecOk=false,
+ const DNSName& tsigkeyname=DNSName(), const DNSName& tsigalgorithm=DNSName(), const string& tsigsecret="");
//! see if we got a SOA response from our sendResolve
- bool tryGetSOASerial(string* theirDomain, uint32_t* theirSerial, uint32_t* theirInception, uint32_t* theirExpire, uint16_t* id);
+ bool tryGetSOASerial(DNSName *theirDomain, uint32_t* theirSerial, uint32_t* theirInception, uint32_t* theirExpire, uint16_t* id);
//! convenience function that calls resolve above
- void getSoaSerial(const string &, const string &, uint32_t *);
+ void getSoaSerial(const string &, const DNSName &, uint32_t *);
private:
std::map<std::string, int> locals;
{
public:
AXFRRetriever(const ComboAddress& remote,
- const string& zone,
- const string& tsigkeyname=string(),
- const string& tsigalgorithm=string(),
+ const DNSName& zone,
+ const DNSName& tsigkeyname=DNSName(),
+ const DNSName& tsigalgorithm=DNSName(),
const string& tsigsecret=string(),
const ComboAddress* laddr = NULL);
~AXFRRetriever();
int d_soacount;
ComboAddress d_remote;
- string d_tsigkeyname;
+ DNSName d_tsigkeyname;
string d_tsigsecret;
string d_prevMac; // RFC2845 4.4
string d_signData;
if ( (rr->d_class == QClass::NONE || rr->d_class == QClass::ANY) && rr->d_clen != 0)
return RCode::FormErr;
- string rrLabel = stripDot(rr->d_label);
-
bool foundRecord=false;
DNSResourceRecord rec;
- di->backend->lookup(QType(QType::ANY), rrLabel);
+ di->backend->lookup(QType(QType::ANY), rr->d_label);
while(di->backend->get(rec)) {
if (!rec.qtype.getCode())
continue;
// Implements section 3.4.2 of RFC2136
uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, DomainInfo *di, bool isPresigned, bool* narrow, bool* haveNSEC3, NSEC3PARAMRecordContent *ns3pr, bool *updatedSerial) {
- string rrLabel = stripDot(rr->d_label);
- rrLabel = toLower(rrLabel);
QType rrType = QType(rr->d_type);
if (rrType == QType::NSEC || rrType == QType::NSEC3) {
- L<<Logger::Warning<<msgPrefix<<"Trying to add/update/delete "<<rrLabel<<"|"<<rrType.getName()<<". These are generated records, ignoring!"<<endl;
+ L<<Logger::Warning<<msgPrefix<<"Trying to add/update/delete "<<rr->d_label.toString()<<"|"<<rrType.getName()<<". These are generated records, ignoring!"<<endl;
return 0;
}
if (!isPresigned && ((!::arg().mustDo("direct-dnskey") && rrType == QType::DNSKEY) || rrType == QType::RRSIG)) {
- L<<Logger::Warning<<msgPrefix<<"Trying to add/update/delete "<<rrLabel<<"|"<<rrType.getName()<<" in non-presigned zone, ignoring!"<<endl;
+ L<<Logger::Warning<<msgPrefix<<"Trying to add/update/delete "<<rr->d_label.toString()<<"|"<<rrType.getName()<<" in non-presigned zone, ignoring!"<<endl;
return 0;
}
- if ((rrType == QType::NSEC3PARAM || rrType == QType::DNSKEY) && rrLabel != di->zone) {
- L<<Logger::Warning<<msgPrefix<<"Trying to add/update/delete "<<rrLabel<<"|"<<rrType.getName()<<", "<<rrType.getName()<<" must be at zone apex, ignoring!"<<endl;
+ if ((rrType == QType::NSEC3PARAM || rrType == QType::DNSKEY) && rr->d_label != di->zone) {
+ L<<Logger::Warning<<msgPrefix<<"Trying to add/update/delete "<<rr->d_label.toString()<<"|"<<rrType.getName()<<", "<<rrType.getName()<<" must be at zone apex, ignoring!"<<endl;
return 0;
}
if (rr->d_class == QClass::IN) { // 3.4.2.2 QClass::IN means insert or update
- DLOG(L<<msgPrefix<<"Add/Update record (QClass == IN) "<<rrLabel<<"|"<<rrType.getName()<<endl);
+ DLOG(L<<msgPrefix<<"Add/Update record (QClass == IN) "<<rr->d_label.toString()<<"|"<<rrType.getName()<<endl);
if (rrType == QType::NSEC3PARAM) {
L<<Logger::Notice<<msgPrefix<<"Adding/updating NSEC3PARAM for zone, resetting ordernames."<<endl;
- NSEC3PARAMRecordContent nsec3param(rr->d_content->getZoneRepresentation(), di->zone);
+ NSEC3PARAMRecordContent nsec3param(rr->d_content->getZoneRepresentation(), di->zone.toString() /* FIXME huh */);
*narrow = false; // adding a NSEC3 will cause narrow mode to be dropped, as you cannot specify that in a NSEC3PARAM record
d_dk.setNSEC3PARAM(di->zone, nsec3param, (*narrow));
*haveNSEC3 = d_dk.getNSEC3PARAM(di->zone, ns3pr, narrow);
vector<DNSResourceRecord> rrs;
- set<string> qnames, nssets, dssets;
+ set<DNSName> qnames, nssets, dssets;
di->backend->list(di->zone, di->id);
while (di->backend->get(rec)) {
qnames.insert(rec.qname);
dssets.insert(rec.qname);
}
- string shorter, hashed;
- BOOST_FOREACH(const string& qname, qnames) {
+ DNSName shorter;
+ string hashed;
+ for(const auto& qname: qnames) {
shorter = qname;
int ddepth = 0;
do {
break;
if(nssets.count(shorter))
++ddepth;
- } while(chopOff(shorter));
+ } while(shorter.chopOff());
if (! *narrow && (ddepth == 0 || (ddepth == 1 && nssets.count(qname)))) {
hashed = toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, qname));
bool foundRecord = false;
- di->backend->lookup(rrType, rrLabel);
+ di->backend->lookup(rrType, rr->d_label);
while (di->backend->get(rec)) {
rrset.push_back(rec);
foundRecord = true;
di->backend->replaceRRSet(di->id, oldRec->qname, oldRec->qtype, rrset);
*updatedSerial = true;
changedRecords++;
- L<<Logger::Notice<<msgPrefix<<"Replacing record "<<rrLabel<<"|"<<rrType.getName()<<endl;
+ L<<Logger::Notice<<msgPrefix<<"Replacing record "<<rr->d_label.toString()<<"|"<<rrType.getName()<<endl;
} else {
L<<Logger::Notice<<msgPrefix<<"Provided serial ("<<sdUpdate.serial<<") is older than the current serial ("<<sdOld.serial<<"), ignoring SOA update."<<endl;
}
}
}
if (changedCNames > 0) {
- di->backend->replaceRRSet(di->id, rrLabel, rrType, rrset);
- L<<Logger::Notice<<msgPrefix<<"Replacing record "<<rrLabel<<"|"<<rrType.getName()<<endl;
+ di->backend->replaceRRSet(di->id, rr->d_label, rrType, rrset);
+ L<<Logger::Notice<<msgPrefix<<"Replacing record "<<rr->d_label.toString()<<"|"<<rrType.getName()<<endl;
changedRecords += changedCNames;
} else {
- L<<Logger::Notice<<msgPrefix<<"Replace for record "<<rrLabel<<"|"<<rrType.getName()<<" requested, but no changes made."<<endl;
+ L<<Logger::Notice<<msgPrefix<<"Replace for record "<<rr->d_label.toString()<<"|"<<rrType.getName()<<" requested, but no changes made."<<endl;
}
// In any other case, we must check if the TYPE and RDATA match to provide an update (which effectily means a update of TTL)
}
}
if (updateTTL > 0) {
- di->backend->replaceRRSet(di->id, rrLabel, rrType, rrset);
- L<<Logger::Notice<<msgPrefix<<"Replacing record "<<rrLabel<<"|"<<rrType.getName()<<endl;
+ di->backend->replaceRRSet(di->id, rr->d_label, rrType, rrset);
+ L<<Logger::Notice<<msgPrefix<<"Replacing record "<<rr->d_label.toString()<<"|"<<rrType.getName()<<endl;
changedRecords += updateTTL;
} else {
- L<<Logger::Notice<<msgPrefix<<"Replace for record "<<rrLabel<<"|"<<rrType.getName()<<" requested, but no changes made."<<endl;
+ L<<Logger::Notice<<msgPrefix<<"Replace for record "<<rr->d_label.toString()<<"|"<<rrType.getName()<<" requested, but no changes made."<<endl;
}
}
if(*haveNSEC3) {
string hashed;
if(! *narrow)
- hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, rrLabel));
+ hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, rr->d_label));
if (*narrow)
- di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, rrLabel, auth);
+ di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, rr->d_label, auth);
else
- di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, rrLabel, hashed, auth);
+ di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, rr->d_label, hashed, auth);
if(!auth || rrType == QType::DS) {
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "NS");
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "A");
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "AAAA");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "NS");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "A");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "AAAA");
}
} else { // NSEC
- di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, rrLabel, auth);
+ di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, rr->d_label, auth);
if(!auth || rrType == QType::DS) {
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "A");
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "AAAA");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "A");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "AAAA");
}
}
}
// If we haven't found a record that matches, we must add it.
if (! foundRecord) {
- L<<Logger::Notice<<msgPrefix<<"Adding record "<<rrLabel<<"|"<<rrType.getName()<<endl;
- delnonterm.insert(rrLabel); // always remove any ENT's in the place where we're going to add a record.
+ L<<Logger::Notice<<msgPrefix<<"Adding record "<<rr->d_label.toString()<<"|"<<rrType.getName()<<endl;
+ delnonterm.insert(rr->d_label); // always remove any ENT's in the place where we're going to add a record.
DNSResourceRecord newRec(*rr);
newRec.domain_id = di->id;
- newRec.auth = (rrLabel == di->zone || rrType.getCode() != QType::NS);
+ newRec.auth = (rr->d_label == di->zone || rrType.getCode() != QType::NS);
di->backend->feedRecord(newRec);
changedRecords++;
// because we added a record, we need to fix DNSSEC data.
- DNSName shorter(rrLabel);
+ DNSName shorter(rr->d_label);
bool auth=newRec.auth;
bool fixDS = (rrType == QType::DS);
bool foundShorter = false;
di->backend->lookup(QType(QType::ANY), shorter);
while (di->backend->get(rec)) {
- if (pdns_iequals(rec.qname, rrLabel) && rec.qtype == QType::DS)
+ if (pdns_iequals(rec.qname, rr->d_label) && rec.qtype == QType::DS)
fixDS = true;
- if ( ! pdns_iequals(shorter, rrLabel) )
+ if ( ! pdns_iequals(shorter, rr->d_label) )
foundShorter = true;
if (rec.qtype == QType::NS) // are we inserting below a delegate?
auth=false;
}
- if (!foundShorter && auth && !pdns_iequals(shorter, rrLabel)) // haven't found any record at current level, insert ENT.
+ if (!foundShorter && auth && !pdns_iequals(shorter, rr->d_label)) // haven't found any record at current level, insert ENT.
insnonterm.insert(shorter);
if (foundShorter)
break; // if we find a shorter record, we can stop searching
{
string hashed;
if(! *narrow)
- hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, rrLabel));
+ hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, rr->d_label));
if (*narrow)
- di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, rrLabel, auth);
+ di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, rr->d_label, auth);
else
- di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, rrLabel, hashed, auth);
+ di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, rr->d_label, hashed, auth);
if (fixDS)
- di->backend->setDNSSECAuthOnDsRecord(di->id, rrLabel);
+ di->backend->setDNSSECAuthOnDsRecord(di->id, rr->d_label);
if(!auth)
{
if (ns3pr->d_flags)
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "NS");
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "A");
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "AAAA");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "NS");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "A");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "AAAA");
}
}
else // NSEC
{
- di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, rrLabel, auth);
+ di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, rr->d_label, auth);
if (fixDS) {
- di->backend->setDNSSECAuthOnDsRecord(di->id, rrLabel);
+ di->backend->setDNSSECAuthOnDsRecord(di->id, rr->d_label);
}
if(!auth) {
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "A");
- di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "AAAA");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "A");
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rr->d_label, "AAAA");
}
}
// If we insert an NS, all the records below it become non auth - so, we're inserting a delegate.
- // Auth can only be false when the rrLabel is not the zone
+ // Auth can only be false when the rr->d_label is not the zone
if (auth == false && rrType == QType::NS) {
- DLOG(L<<msgPrefix<<"Going to fix auth flags below "<<rrLabel<<endl);
+ DLOG(L<<msgPrefix<<"Going to fix auth flags below "<<rr->d_label.toString()<<endl);
insnonterm.clear(); // No ENT's are needed below delegates (auth=0)
- vector<string> qnames;
- di->backend->listSubZone(rrLabel, di->id);
+ vector<DNSName> qnames;
+ di->backend->listSubZone(rr->d_label, di->id);
while(di->backend->get(rec)) {
- if (rec.qtype.getCode() && rec.qtype.getCode() != QType::DS && !pdns_iequals(rrLabel, rec.qname)) // Skip ENT, DS and our already corrected record.
+ if (rec.qtype.getCode() && rec.qtype.getCode() != QType::DS && !pdns_iequals(rr->d_label, rec.qname)) // Skip ENT, DS and our already corrected record.
qnames.push_back(rec.qname);
}
- for(vector<string>::const_iterator qname=qnames.begin(); qname != qnames.end(); ++qname) {
+ for(vector<DNSName>::const_iterator qname=qnames.begin(); qname != qnames.end(); ++qname) {
if(*haveNSEC3) {
string hashed;
if(! *narrow)
hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, *qname));
if (*narrow)
- di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, rrLabel, auth);
+ di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, rr->d_label, auth);
else
di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, *qname, hashed, auth);
// Delete records - section 3.4.2.3 and 3.4.2.4 with the exception of the 'always leave 1 NS rule' as that's handled by
// the code that calls this performUpdate().
if ((rr->d_class == QClass::ANY || rr->d_class == QClass::NONE) && rrType != QType::SOA) { // never delete a SOA.
- DLOG(L<<msgPrefix<<"Deleting records: "<<rrLabel<<"; QClasse:"<<rr->d_class<<"; rrType: "<<rrType.getName()<<endl);
+ DLOG(L<<msgPrefix<<"Deleting records: "<<rr->d_label.toString()<<"; QClasse:"<<rr->d_class<<"; rrType: "<<rrType.getName()<<endl);
if (rrType == QType::NSEC3PARAM) {
L<<Logger::Notice<<msgPrefix<<"Deleting NSEC3PARAM from zone, resetting ordernames."<<endl;
if (rr->d_class == QClass::ANY)
- d_dk.unsetNSEC3PARAM(rrLabel);
+ d_dk.unsetNSEC3PARAM(rr->d_label);
else if (rr->d_class == QClass::NONE) {
- NSEC3PARAMRecordContent nsec3rr(rr->d_content->getZoneRepresentation(), di->zone);
+ NSEC3PARAMRecordContent nsec3rr(rr->d_content->getZoneRepresentation(), di->zone.toString() /* FIXME huh */);
if (ns3pr->getZoneRepresentation() == nsec3rr.getZoneRepresentation())
- d_dk.unsetNSEC3PARAM(rrLabel);
+ d_dk.unsetNSEC3PARAM(rr->d_label);
else
return 0;
} else
*haveNSEC3 = d_dk.getNSEC3PARAM(di->zone, ns3pr, narrow);
vector<DNSResourceRecord> rrs;
- set<string> qnames, nssets, dssets, ents;
+ set<DNSName> qnames, nssets, dssets, ents;
di->backend->list(di->zone, di->id);
while (di->backend->get(rec)) {
qnames.insert(rec.qname);
ents.insert(rec.qname);
}
- string shorter, hashed;
- BOOST_FOREACH(const string& qname, qnames) {
+ DNSName shorter;
+ string hashed;
+ BOOST_FOREACH(const DNSName& qname, qnames) {
shorter = qname;
int ddepth = 0;
do {
break;
if(nssets.count(shorter))
++ddepth;
- } while(chopOff(shorter));
+ } while(shorter.chopOff());
if (!ents.count(qname) && (ddepth == 0 || (ddepth == 1 && nssets.count(qname)))) {
di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, qname, (ddepth == 0));
} // end of NSEC3PARAM delete block
- di->backend->lookup(rrType, rrLabel);
+ di->backend->lookup(rrType, rr->d_label);
while(di->backend->get(rec)) {
if (rr->d_class == QClass::ANY) { // 3.4.2.3
if (rec.qname == di->zone && (rec.qtype == QType::NS || rec.qtype == QType::SOA)) // Never delete all SOA and NS's
}
if (recordsToDelete.size()) {
- di->backend->replaceRRSet(di->id, rrLabel, rrType, rrset);
- L<<Logger::Notice<<msgPrefix<<"Deleting record "<<rrLabel<<"|"<<rrType.getName()<<endl;
+ di->backend->replaceRRSet(di->id, rr->d_label, rrType, rrset);
+ L<<Logger::Notice<<msgPrefix<<"Deleting record "<<rr->d_label.toString()<<"|"<<rrType.getName()<<endl;
changedRecords += recordsToDelete.size();
// If we've removed a delegate, we need to reset ordername/auth for some records.
- if (rrType == QType::NS && rrLabel != di->zone) {
+ if (rrType == QType::NS && rr->d_label != di->zone) {
vector<DNSName> belowOldDelegate, nsRecs, updateAuthFlag;
- di->backend->listSubZone(rrLabel, di->id);
+ di->backend->listSubZone(rr->d_label, di->id);
while (di->backend->get(rec)) {
if (rec.qtype.getCode()) // skip ENT records, they are always auth=false
belowOldDelegate.push_back(rec.qname);
- if (rec.qtype.getCode() == QType::NS && rec.qname != rrLabel)
+ if (rec.qtype.getCode() == QType::NS && rec.qname != rr->d_label)
nsRecs.push_back(rec.qname);
}
for(auto &belowOldDel: belowOldDelegate)
{
bool isBelowDelegate = false;
- for(vector<string>::const_iterator ns=nsRecs.begin(); ns!= nsRecs.end(); ns++) {
- if (endsOn(*ns, *belowOldDel)) {
+ for(const auto & ns: nsRecs) {
+ if (ns.isPartOf(belowOldDel)) {
isBelowDelegate=true;
break;
}
}
if (!isBelowDelegate)
- updateAuthFlag.push_back(*belowOldDel);
+ updateAuthFlag.push_back(belowOldDel);
}
- for (vector<string>::const_iterator changeRec=updateAuthFlag.begin(); changeRec!=updateAuthFlag.end(); ++changeRec) {
+ for (const auto &changeRec:updateAuthFlag) {
if(*haveNSEC3) {
string hashed;
if(! *narrow)
- hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, *changeRec));
+ hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, changeRec));
- di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, *changeRec, hashed, true);
+ di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, changeRec, hashed, true);
}
else // NSEC
- di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, *changeRec, true);
+ di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, changeRec, true);
}
}
// on that level. If so, we must insert an ENT record.
// We take extra care here to not 'include' the record that we just deleted. Some backends will still return it as they only reload on a commit.
bool foundDeeper = false, foundOtherWithSameName = false;
- di->backend->listSubZone(rrLabel, di->id);
+ di->backend->listSubZone(rr->d_label, di->id);
while (di->backend->get(rec)) {
- if (rec.qname == rrLabel && !count(recordsToDelete.begin(), recordsToDelete.end(), rec))
+ if (rec.qname == rr->d_label && !count(recordsToDelete.begin(), recordsToDelete.end(), rec))
foundOtherWithSameName = true;
- if (rec.qname != rrLabel && rec.qtype.getCode() != QType::NS) //Skip NS records, as this would be a delegate that we can ignore as this does not require us to create a ENT
+ if (rec.qname != rr->d_label && rec.qtype.getCode() != QType::NS) //Skip NS records, as this would be a delegate that we can ignore as this does not require us to create a ENT
foundDeeper = true;
}
if (foundDeeper && !foundOtherWithSameName) {
- insnonterm.insert(rrLabel);
+ insnonterm.insert(rr->d_label);
} else if (!foundOtherWithSameName) {
// If we didn't have to insert an ENT, we might have deleted a record at very deep level
// and we must then clean up the ENT's above the deleted record.
- DNSName shorter(rrLabel);
+ DNSName shorter(rr->d_label);
while (shorter != di->zone) {
shorter.chopOff();
bool foundRealRR = false;
}
}
} else { // if (recordsToDelete.size())
- L<<Logger::Notice<<msgPrefix<<"Deletion for record "<<rrLabel<<"|"<<rrType.getName()<<" requested, but not found."<<endl;
+ L<<Logger::Notice<<msgPrefix<<"Deletion for record "<<rr->d_label.toString()<<"|"<<rrType.getName()<<" requested, but not found."<<endl;
}
} // (End of delete block d_class == ANY || d_class == NONE
if (insnonterm.size() > 0 || delnonterm.size() > 0) {
DLOG(L<<msgPrefix<<"Updating ENT records - "<<insnonterm.size()<<"|"<<delnonterm.size()<<endl);
di->backend->updateEmptyNonTerminals(di->id, di->zone, insnonterm, delnonterm, false);
- for (set<string>::const_iterator i=insnonterm.begin(); i!=insnonterm.end(); i++) {
+ for (const auto &i: insnonterm) {
string hashed;
- if(*haveNSEC3)
+ if(haveNSEC3)
{
string hashed;
if(! *narrow)
- hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, *i));
- di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, *i, hashed, true);
+ hashed=toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, i));
+ di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, i, hashed, true);
}
}
}
if (! ::arg().mustDo("experimental-dnsupdate"))
return RCode::Refused;
- string msgPrefix="UPDATE (" + itoa(p->d.id) + ") from " + p->getRemote() + " for " + p->qdomain + ": ";
+ string msgPrefix="UPDATE (" + itoa(p->d.id) + ") from " + p->getRemote() + " for " + p->qdomain.toString() + ": ";
L<<Logger::Info<<msgPrefix<<"Processing started."<<endl;
// Check permissions - IP based
string label = stripDot(rr->d_label);
- if (!endsOn(label, di.zone)) {
+ if (!label.isPartOf(di.zone)) {
L<<Logger::Error<<msgPrefix<<"Received update/record out of zone, sending NotZone."<<endl;
return RCode::NotZone;
}
}
// 3.2.3 - Prerequisite check - this is outside of updatePrequisitesCheck because we check an RRSet and not the RR.
- typedef pair<string, QType> rrSetKey_t;
+ typedef pair<DNSName, QType> rrSetKey_t;
typedef vector<DNSResourceRecord> rrVector_t;
typedef std::map<rrSetKey_t, rrVector_t> RRsetMap_t;
RRsetMap_t preReqRRsets;
return RCode::FormErr;
if (rr->d_class == QClass::IN) {
- rrSetKey_t key = make_pair(stripDot(rr->d_label), QType(rr->d_type));
+ rrSetKey_t key = make_pair(rr->d_label, QType(rr->d_type));
rrVector_t *vec = &preReqRRsets[key];
vec->push_back(DNSResourceRecord(*rr));
}
S.deposit("dnsupdate-changes", changedRecords);
// Purge the records!
- string zone(di.zone);
+ DNSName zone(di.zone);
zone.append("$");
PC.purge(zone);
vector<string> soaEditSetting;
B.getDomainMetadata(di->zone, "SOA-EDIT", soaEditSetting);
if (soaEditSetting.empty()) {
- L<<Logger::Error<<msgPrefix<<"Using "<<soaEdit2136<<" for SOA-EDIT-DNSUPDATE increase on DNS update, but SOA-EDIT is not set for domain \""<< di->zone <<"\". Using DEFAULT for SOA-EDIT-DNSUPDATE"<<endl;
+ L<<Logger::Error<<msgPrefix<<"Using "<<soaEdit2136<<" for SOA-EDIT-DNSUPDATE increase on DNS update, but SOA-EDIT is not set for domain \""<< di->zone.toString() <<"\". Using DEFAULT for SOA-EDIT-DNSUPDATE"<<endl;
soaEdit2136 = "DEFAULT";
} else
soaEdit = soaEditSetting[0];
return 0;
}
-ChunkedSigningPipe::ChunkedSigningPipe(const string& signerName, bool mustSign, const string& servers, unsigned int workers)
+ChunkedSigningPipe::ChunkedSigningPipe(const DNSName& signerName, bool mustSign, const pdns::string& servers, unsigned int workers)
: d_queued(0), d_outstanding(0), d_signer(signerName), d_maxchunkrecords(100), d_numworkers(workers), d_tids(d_numworkers),
d_mustSign(mustSign), d_final(false), d_submitted(0)
{
break;
if(res < 0)
unixDie("reading object pointer to sign from pdns");
- set<string, CIStringCompare> authSet;
+ set<DNSName> authSet;
authSet.insert(d_signer);
addRRSigs(dk, db, authSet, *chunk);
++d_signed;
typedef vector<DNSResourceRecord> rrset_t;
typedef rrset_t chunk_t; // for now
- ChunkedSigningPipe(const string& signerName, bool mustSign, const string& servers=string(), unsigned int numWorkers=3);
+ ChunkedSigningPipe(const DNSName& signerName, bool mustSign, /* FIXME servers is unused? */ const pdns::string& servers=pdns::string(), unsigned int numWorkers=3);
~ChunkedSigningPipe();
bool submit(const DNSResourceRecord& rr);
chunk_t getChunk(bool final=false);
static void* helperWorker(void* p);
rrset_t* d_rrsetToSign;
std::deque< std::vector<DNSResourceRecord> > d_chunks;
- string d_signer;
+ DNSName d_signer;
chunk_t::size_type d_maxchunkrecords;
continue;
if(!endsOn(i->qname, domain)) {
- L<<Logger::Error<<"Remote "<<remote<<" tried to sneak in out-of-zone data '"<<i->qname<<"'|"<<i->qtype.getName()<<" during AXFR of zone '"<<domain<<"', ignoring"<<endl;
+ L<<Logger::Error<<"Remote "<<remote<<" tried to sneak in out-of-zone data '"<<i->qname.toString()<<"'|"<<i->qtype.getName()<<" during AXFR of zone '"<<domain<<"', ignoring"<<endl;
continue;
}
DomainInfo di;
bool dnssecOk;
ComboAddress localaddr;
- string tsigkeyname, tsigalgname, tsigsecret;
+ DNSName tsigkeyname, tsigalgname;
+ string tsigsecret;
};
}
struct SlaveSenderReceiver
{
- typedef pair<string, uint16_t> Identifier;
+ typedef pair<DNSName, uint16_t> Identifier;
struct Answer {
uint32_t theirSerial;
}
rrs.push_back(rr);
} else {
- L<<Logger::Warning<<"Zone '"<<target<<"' contains out-of-zone data '"<<rr.qname<<"'|"<<rr.qtype.getName()<<"', ignoring"<<endl;
+ L<<Logger::Warning<<"Zone '"<<target<<"' contains out-of-zone data '"<<rr.qname.toString()<<"'|"<<rr.qtype.getName()<<"', ignoring"<<endl;
continue;
}
}
rr.disabled = boolFromJson(record, "disabled");
if (rr.qtype.getCode() == 0) {
- throw ApiException("Record "+rr.qname+"/"+stringFromJson(record, "type")+" is of unknown type");
+ throw ApiException("Record "+rr.qname.toString()+"/"+stringFromJson(record, "type")+" is of unknown type");
}
try {
}
catch(std::exception& e)
{
- throw ApiException("Record "+rr.qname+"/"+rr.qtype.getName()+" '"+rr.content+"': "+e.what());
+ throw ApiException("Record "+rr.qname.toString()+"/"+rr.qtype.getName()+" '"+rr.content+"': "+e.what());
}
if ((rr.qtype.getCode() == QType::A || rr.qtype.getCode() == QType::AAAA) &&
SOAData sd;
fakePacket.qtype = QType::PTR;
if (!B.getAuth(&fakePacket, &sd, ptr.qname))
- throw ApiException("Could not find domain for PTR '"+ptr.qname+"' requested for '"+ptr.content+"'");
+ throw ApiException("Could not find domain for PTR '"+ptr.qname.toString()+"' requested for '"+ptr.content+"'");
ptr.domain_id = sd.domain_id;
new_ptrs.push_back(ptr);
DNSResourceRecord rr;
BOOST_FOREACH(rr, new_records) {
- if (!iends_with(rr.qname, dotsuffix) && !pdns_iequals(rr.qname, zonename))
- throw ApiException("RRset "+rr.qname+" IN "+rr.qtype.getName()+": Name is out of zone");
+ if (!rr.qname.isPartOf(dotsuffix) && !pdns_iequals(rr.qname, zonename))
+ throw ApiException("RRset "+rr.qname.toString()+" IN "+rr.qtype.getName()+": Name is out of zone");
if (rr.qtype.getCode() == QType::SOA && pdns_iequals(rr.qname, zonename)) {
have_soa = true;
else if (changetype == "REPLACE") {
// we only validate for REPLACE, as DELETE can be used to "fix" out of zone records.
if (!iends_with(qname, dotsuffix) && !pdns_iequals(qname, zonename))
- throw ApiException("RRset "+qname+" IN "+qtype.getName()+": Name is out of zone");
+ throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Name is out of zone");
new_records.clear();
new_comments.clear();
rr.domain_id = di.id;
if (rr.qname != qname || rr.qtype != qtype)
- throw ApiException("Record "+rr.qname+"/"+rr.qtype.getName()+" "+rr.content+": Record wrongly bundled with RRset " + qname.toString() + "/" + qtype.getName());
+ throw ApiException("Record "+rr.qname.toString()+"/"+rr.qtype+" "+rr.content+": Record wrongly bundled with RRset " + qname.toString() + "/" + qtype.getName());
if (rr.qtype.getCode() == QType::SOA && pdns_iequals(rr.qname, zonename)) {
soa_edit_done = increaseSOARecord(rr, soa_edit_api_kind, soa_edit_kind);
fakePacket.qtype = QType::PTR;
if (!B.getAuth(&fakePacket, &sd, rr.qname))
- throw ApiException("Could not find domain for PTR '"+rr.qname+"' requested for '"+rr.content+"' (while saving)");
+ throw ApiException("Could not find domain for PTR '"+rr.qname.toString()+"' requested for '"+rr.content+"' (while saving)");
sd.db->startTransaction(rr.qname);
if (!sd.db->replaceRRSet(sd.domain_id, rr.qname, rr.qtype, vector<DNSResourceRecord>(1, rr))) {
sd.db->abortTransaction();
- throw ApiException("PTR-Hosting backend for "+rr.qname+"/"+rr.qtype.getName()+" does not support editing records.");
+ throw ApiException("PTR-Hosting backend for "+rr.qname.toString()+"/"+rr.qtype.getName()+" does not support editing records.");
}
sd.db->commitTransaction();
PC.purge(rr.qname);
Comment comment;
BOOST_FOREACH(const DomainInfo& di, domains) {
- string zoneId = apiZoneNameToId(di.zone);
+ string zoneId = apiZoneNameToId(di.zone.toString());
- if (pdns_ci_find(di.zone, q) != string::npos) {
+ if (pdns_ci_find(di.zone.toString(), q) != string::npos) {
Value object;
object.SetObject();
object.AddMember("type", "zone", doc.GetAllocator());
Value jzoneId(zoneId.c_str(), doc.GetAllocator()); // copy
object.AddMember("zone_id", jzoneId, doc.GetAllocator());
- Value jzoneName(di.zone.c_str(), doc.GetAllocator()); // copy
+ Value jzoneName(di.zone.toString().c_str(), doc.GetAllocator()); // copy
object.AddMember("name", jzoneName, doc.GetAllocator());
doc.PushBack(object, doc.GetAllocator());
}
projects / pdns / commitdiff