dsAnchors[name].insert(keys[name].second);
}
-int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut)
+int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut, boost::optional<time_t> now)
{
if (type == QType::DS) {
auth.chopOff();
setLWResult(res, 0, true, false, true);
if (addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER)) {
- addRRSIG(keys, res->d_records, auth, 300);
+ addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now);
}
else {
addRecordToLW(res, auth, QType::SOA, "foo. bar. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400);
const auto it = keys.find(auth);
if (it != keys.cend()) {
/* sign the SOA */
- addRRSIG(keys, res->d_records, auth, 300);
+ addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now);
/* add a NSEC denying the DS */
std::set<uint16_t> types = { QType::NSEC };
if (proveCut) {
}
addNSECRecordToLW(domain, DNSName("z") + domain, types, 600, res->d_records);
- addRRSIG(keys, res->d_records, auth, 300);
+ addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now);
}
}
void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest, testkeysset_t& keys, map<DNSName,dsmap_t>& dsAnchors);
-int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut=true);
+int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut=true, boost::optional<time_t> now=boost::none);
int basicRecordsForQnameMinimization(LWResult* res, const DNSName& domain, int type);
generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::SHA384, keys, luaconfsCopy.dsAnchors);
g_luaconfs.setState(luaconfsCopy);
- sr->setAsyncCallback([&queriesCount,target,targetAddr,nsAddr,authZone,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, LWResult* res, bool* chained) {
+ /* make sure that the signature inception and validity times are computed
+ based on the SyncRes time, not the current one, in case the function
+ takes too long. */
+ const time_t fixedNow = sr->getNow().tv_sec;
+
+ sr->setAsyncCallback([&queriesCount,target,targetAddr,nsAddr,authZone,keys,fixedNow](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, LWResult* res, bool* chained) {
queriesCount++;
if (type == QType::DS || type == QType::DNSKEY) {
- return genericDSAndDNSKEYHandler(res, domain, DNSName("."), type, keys, domain == authZone);
+ return genericDSAndDNSKEYHandler(res, domain, DNSName("."), type, keys, domain == authZone, fixedNow);
}
if (ip == ComboAddress(nsAddr.toString(), 53) && domain == target) {
projects / pdns / commitdiff