}
bool GSQLBackend::updateDNSSECOrderAndAuth(uint32_t domain_id, const std::string& zonename, const std::string& qname, bool auth)
+{
+ string ins=toLower(labelReverse(makeRelative(qname, zonename)));
+ return this->updateDNSSECOrderAndAuthAbsolute(domain_id, qname, ins, auth);
+}
+
+bool GSQLBackend::updateDNSSECOrderAndAuthAbsolute(uint32_t domain_id, const std::string& qname, const std::string& ordername, bool auth)
{
char output[1024];
// ordername='%s',auth=%d where name='%s' and domain_id='%d'
- string ins=toLower(labelReverse(makeRelative(qname, zonename)));
- snprintf(output, sizeof(output)-1, d_setOrderAuthQuery.c_str(), sqlEscape(ins).c_str(), auth, sqlEscape(qname).c_str(), domain_id);
+ snprintf(output, sizeof(output)-1, d_setOrderAuthQuery.c_str(), sqlEscape(ordername).c_str(), auth, sqlEscape(qname).c_str(), domain_id);
cerr<<"sql: '"<<output<<"'\n";
d_db->doCommand(output);
-
return true;
}
-
-
bool GSQLBackend::getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string& qname, std::string& before, std::string& after)
{
cerr<<"gsql before/after called for id="<<id<<", qname="<<qname<<endl;
void setNotified(uint32_t domain_id, uint32_t serial);
virtual bool getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string& qname, std::string& before, std::string& after);
bool updateDNSSECOrderAndAuth(uint32_t domain_id, const std::string& zonename, const std::string& qname, bool auth);
+ virtual bool updateDNSSECOrderAndAuthAbsolute(uint32_t domain_id, const std::string& qname, const std::string& ordername, bool auth);
+
private:
string d_qname;
return false;
}
+ virtual bool updateDNSSECOrderAndAuthAbsolute(uint32_t domain_id, const std::string& qname, const std::string& ordername, bool auth)
+ {
+ return false;
+ }
+
+
//! Initiates a list of the specified domain
/** Once initiated, DNSResourceRecord objects can be retrieved using get(). Should return false
if the backend does not consider itself responsible for the id passed.
r->addRecord(rr);
}
+void PacketHandler::emitNSEC3(NSEC3PARAMRecordContent *ns3rc, const std::string& auth, const std::string& begin, const std::string& end, const std::string& toNSEC3, DNSPacket *r, int mode)
+{
+ cerr<<"We should emit NSEC3 '"<<toBase32Hex(begin)<<"' - ('"<<toNSEC3<<"') - '"<<toBase32Hex(end)<<"'"<<endl;
+ NSEC3RecordContent n3rc;
+ n3rc.d_set.insert(QType::RRSIG);
+ n3rc.d_set.insert(QType::NSEC3);
+ n3rc.d_salt=ns3rc->d_salt;
+ n3rc.d_iterations = ns3rc->d_iterations;
+ n3rc.d_algorithm = 1;
+
+ DNSResourceRecord rr;
+ B.lookup(QType(QType::ANY), begin);
+ while(B.get(rr)) {
+ n3rc.d_set.insert(rr.qtype.getCode());
+ }
+
+ n3rc.d_nexthash=end;
+
+ rr.qname=dotConcat(toBase32Hex(begin), auth);
+ rr.ttl=3600;
+ rr.qtype=QType::NSEC3;
+ rr.content=n3rc.getZoneRepresentation();
+ cerr<<"nsec3: '"<<rr.content<<"'"<<endl;
+ rr.d_place = (mode == 2 ) ? DNSResourceRecord::ANSWER: DNSResourceRecord::AUTHORITY;
+ rr.auth = true;
+ r->addRecord(rr);
+}
+
cerr<<"NSEC3 generator called!"<<endl;
cerr<<nsec3param.content<<endl;
NSEC3PARAMRecordContent *ns3rc=dynamic_cast<NSEC3PARAMRecordContent*>(DNSRecordContent::mastermake(QType::NSEC3PARAM, 1, nsec3param.content));
- cerr<<"NSEC3 hash, "<<ns3rc->d_iterations<<" iterations, salt '"<<makeHexDump(ns3rc->d_salt)<<"': "<<toBase32Hex(hashQNameWithSalt(ns3rc->d_iterations, ns3rc->d_salt, p->qdomain))<<endl;
-
+ string hashed=toBase32Hex(hashQNameWithSalt(ns3rc->d_iterations, ns3rc->d_salt, p->qdomain));
+ cerr<<"NSEC3 hash, "<<ns3rc->d_iterations<<" iterations, salt '"<<makeHexDump(ns3rc->d_salt)<<"': "<<hashed<<endl;
+
+ SOAData sd;
+ sd.db = (DNSBackend*)-1;
+ if(!B.getSOA(auth, sd)) {
+ cerr<<"Could not get SOA for domain in NSEC3\n";
+ return;
+ }
+
+ string before,after;
+ cerr<<"Calling getBeforeandAfterAbsolute!"<<endl;
+ sd.db->getBeforeAndAfterNamesAbsolute(sd.domain_id, hashed, before, after);
+ cerr<<"Done calling, before='"<<before<<"', after='"<<after<<"'"<<endl;
+ emitNSEC3( ns3rc, auth, fromBase32Hex(before), fromBase32Hex(after), target, r, mode);
}
void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, const string& auth, int mode)
a complete reply.
*/
+class NSEC3PARAMRecordContent;
class PacketHandler
{
void addNSEC(DNSPacket *p, DNSPacket* r, const string &target, const std::string& auth, int mode);
void addNSEC3(DNSPacket *p, DNSPacket* r, const string &target, const std::string& auth, const DNSResourceRecord& nsec3param, int mode);
void emitNSEC(const std::string& before, const std::string& after, const std::string& toNSEC, DNSPacket *r, int mode);
+ void emitNSEC3(NSEC3PARAMRecordContent *ns3rc, const std::string& auth, const std::string& begin, const std::string& end, const std::string& toNSEC3, DNSPacket *r, int mode);
+
void synthesiseRRSIGs(DNSPacket* p, DNSPacket* r);
void makeNXDomain(DNSPacket* p, DNSPacket* r, const std::string& target, SOAData& sd);
void makeNOError(DNSPacket* p, DNSPacket* r, const std::string& target, SOAData& sd);
salt.assign(tmp, 2);
BOOST_FOREACH(const string& qname, qnames)
{
-
- cerr<<"'"<<qname<<"' -> '"<<toBase32Hex(hashQNameWithSalt(100, salt, qname)) <<"'"<<endl;
- sd.db->updateDNSSECOrderAndAuth(sd.domain_id, zone, qname, true);
+ string hashed=toBase32Hex(hashQNameWithSalt(100, salt, qname));
+ cerr<<"'"<<qname<<"' -> '"<< hashed <<"'"<<endl;
+ sd.db->updateDNSSECOrderAndAuthAbsolute(sd.domain_id, qname, hashed, true);
+ // sd.db->updateDNSSECOrderAndAuth(sd.domain_id, zone, qname, true);
}
cerr<<"Done listing"<<endl;
}
projects / pdns / commitdiff