Add CDS and CDNSKEY records to AXFR

author Pieter Lexis <pieter.lexis@powerdns.com>

Wed, 22 Jul 2015 18:05:41 +0000 (20:05 +0200)

committer Pieter Lexis <pieter.lexis@powerdns.com>

Fri, 2 Oct 2015 08:57:21 +0000 (10:57 +0200)
author Pieter Lexis <pieter.lexis@powerdns.com>
Wed, 22 Jul 2015 18:05:41 +0000 (20:05 +0200)
committer Pieter Lexis <pieter.lexis@powerdns.com>
Fri, 2 Oct 2015 08:57:21 +0000 (10:57 +0200)
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc

index 42de1d6e44b2fd5db22842049212d05ee202efc2..41064d9ced78e0d1b633d72030b6a3143d3adcc3 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -661,6 +661,11 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
    rr.ttl = sd.default_ttl;
    rr.auth = 1; // please sign!
  
+  string publishCDNSKEY, publishCDS;
+  dk.getFromMeta(q->qdomain, "PUBLISH_CDNSKEY", publishCDNSKEY);
+  dk.getFromMeta(q->qdomain, "PUBLISH_CDS", publishCDS);
+  vector<DNSResourceRecord> cds, cdnskey;
+
    BOOST_FOREACH(const DNSSECKeeper::keyset_t::value_type& value, keys) {
      rr.qtype = QType(QType::DNSKEY);
      rr.content = value.first.getDNSKEY().getZoneRepresentation();
@@ -670,6 +675,25 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
      ne.d_set.insert(rr.qtype.getCode());
      ne.d_ttl = sd.default_ttl;
      csp.submit(rr);
+
+    // generate CDS and CDNSKEY records
+    if(value.second.keyOrZone){
+      if(publishCDNSKEY == "1") {
+        rr.qtype=QType(QType::CDNSKEY);
+        rr.content = value.first.getDNSKEY().getZoneRepresentation();
+        cdnskey.push_back(rr);
+      }
+
+      if(!publishCDS.empty()){
+        rr.qtype=QType(QType::CDS);
+        vector<string> digestAlgos;
+        stringtok(digestAlgos, publishCDS, ", ");
+        for(auto digestAlgo : digestAlgos) {
+          rr.content=makeDSFromDNSKey(target, value.first.getDNSKEY(), lexical_cast<int>(digestAlgo)).getZoneRepresentation();
+          cds.push_back(rr);
+        }
+      }
+    }
    }
    
    if(::arg().mustDo("direct-dnskey")) {
@@ -708,6 +732,13 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
    set<DNSName> qnames, nsset, terms;
    vector<DNSResourceRecord> rrs;
  
+  // Add the CDNSKEY and CDS records we created earlier
+  for (auto const rr : cds)
+    rrs.push_back(rr);
+
+  for (auto const rr : cdnskey)
+    rrs.push_back(rr);
+
    while(sd.db->get(rr)) {
      if(rr.qname.isPartOf(target)) {
        if (rectify) {
@@ -792,9 +823,9 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
        continue;
      }
  
-    // only skip the DNSKEY if direct-dnskey is enabled, to avoid changing behaviour
+    // only skip the DNSKEY, CDNSKEY and CDS if direct-dnskey is enabled, to avoid changing behaviour
      // when it is not enabled.
-    if(::arg().mustDo("direct-dnskey") && rr.qtype.getCode() == QType::DNSKEY)
+    if(::arg().mustDo("direct-dnskey") && (rr.qtype.getCode() == QType::DNSKEY || rr.qtype.getCode() == QType::CDNSKEY || rr.qtype.getCode() == QType::CDS))
        continue;
  
      records++;
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Wed, 22 Jul 2015 18:05:41 +0000 (20:05 +0200)
committer	Pieter Lexis <pieter.lexis@powerdns.com>
	Fri, 2 Oct 2015 08:57:21 +0000 (10:57 +0200)