using namespace boost;
DNSSECKeeper::keycache_t DNSSECKeeper::s_keycache;
-DNSSECKeeper::nseccache_t DNSSECKeeper::s_nseccache;
-pthread_mutex_t DNSSECKeeper::s_nseccachelock = PTHREAD_MUTEX_INITIALIZER;
+DNSSECKeeper::metacache_t DNSSECKeeper::s_metacache;
+pthread_mutex_t DNSSECKeeper::s_metacachelock = PTHREAD_MUTEX_INITIALIZER;
pthread_mutex_t DNSSECKeeper::s_keycachelock = PTHREAD_MUTEX_INITIALIZER;
bool DNSSECKeeper::isSecuredZone(const std::string& zone)
{
if(isPresigned(zone))
- return true;
+ return true;
{
Lock l(&s_keycachelock);
vector<string> meta;
d_db.getDomainMetadata(name, "PRESIGNED", meta);
if(meta.empty())
- return false;
+ return false;
return meta[0]=="1";
}
void DNSSECKeeper::clearCaches(const std::string& name)
{
- Lock l(&s_keycachelock);
- s_keycache.erase(name);
- s_nseccache.erase(name);
+ {
+ Lock l(&s_keycachelock);
+ s_keycache.erase(name);
+ }
+ Lock l(&s_metacachelock);
+ pair<metacache_t::iterator, metacache_t::iterator> range = s_metacache.equal_range(name);
+ while(range.first != range.second)
+ s_metacache.erase(range.first++);
}
d_db.activateDomainKey(zname, id);
}
-bool DNSSECKeeper::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* ns3p, bool* narrow)
+
+void DNSSECKeeper::getFromMeta(const std::string& zname, const std::string& key, std::string& value)
{
+ value.clear();
unsigned int now = time(0);
{
- Lock l(&s_nseccachelock);
+ Lock l(&s_metacachelock);
- nseccache_t::const_iterator iter = s_nseccache.find(zname);
- if(iter != s_nseccache.end() && iter->d_ttd > now)
- {
- if(iter->d_nsec3param.empty()) // this says: no NSEC3
- return false;
-
- if(ns3p) {
- NSEC3PARAMRecordContent* tmp=dynamic_cast<NSEC3PARAMRecordContent*>(DNSRecordContent::mastermake(QType::NSEC3PARAM, 1, iter->d_nsec3param));
- *ns3p = *tmp;
- delete tmp;
- }
- if(narrow)
- *narrow = iter->d_narrow;
- return true;
+ metacache_t::const_iterator iter = s_metacache.find(tie(zname, key));
+ if(iter != s_metacache.end() && iter->d_ttd > now) {
+ value = iter->d_value;
+ return;
}
}
vector<string> meta;
- d_db.getDomainMetadata(zname, "NSEC3PARAM", meta);
-
- NSECCacheEntry nce;
+ d_db.getDomainMetadata(zname, key, meta);
+ if(!meta.empty())
+ value=*meta.begin();
+
+ METACacheEntry nce;
nce.d_domain=zname;
nce.d_ttd = now+60;
-
- if(meta.empty()) {
- nce.d_nsec3param.clear(); // store 'no nsec3'
- nce.d_narrow = false;
- Lock l(&s_nseccachelock);
- replacing_insert(s_nseccache, nce);
-
- return false;
+ nce.d_key= key;
+ nce.d_value = value;
+ {
+ Lock l(&s_metacachelock);
+ replacing_insert(s_metacache, nce);
}
- nce.d_nsec3param = *meta.begin();
-
- meta.clear();
- d_db.getDomainMetadata(zname, "NSEC3NARROW", meta);
- nce.d_narrow = !meta.empty() && meta[0]=="1";
-
- if(narrow) {
- *narrow=nce.d_narrow;
- }
-
+}
+
+bool DNSSECKeeper::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* ns3p, bool* narrow)
+{
+ string value;
+ getFromMeta(zname, "NSEC3PARAM", value);
+ if(value.empty()) // "no NSEC3"
+ return false;
+
if(ns3p) {
- string descr = nce.d_nsec3param;
- reportAllTypes();
- NSEC3PARAMRecordContent* tmp=dynamic_cast<NSEC3PARAMRecordContent*>(DNSRecordContent::mastermake(QType::NSEC3PARAM, 1, descr));
- if(!tmp) {
- cerr<<"descr: '"<<descr<<"'\n";
- return false;
- }
+ NSEC3PARAMRecordContent* tmp=dynamic_cast<NSEC3PARAMRecordContent*>(DNSRecordContent::mastermake(QType::NSEC3PARAM, 1, value));
*ns3p = *tmp;
delete tmp;
}
- Lock l(&s_nseccachelock);
- replacing_insert(s_nseccache, nce);
+ if(narrow) {
+ getFromMeta(zname, "NSEC3NARROW", value);
+ *narrow = (value=="1");
+ }
+
return true;
}
bool isPresigned(const std::string& zname);
void setPresigned(const std::string& zname);
void unsetPresigned(const std::string& zname);
-private:
+private:
+ void getFromMeta(const std::string& zname, const std::string& key, std::string& value);
+
struct KeyCacheEntry
{
typedef vector<DNSSECKeeper::keymeta_t> keys_t;
mutable keys_t d_keys;
};
- struct NSECCacheEntry
+ struct METACacheEntry
{
- NSECCacheEntry() : d_narrow(false) {}
- typedef vector<DNSSECKeeper::keymeta_t> keys_t;
-
uint32_t getTTD() const
{
return d_ttd;
string d_domain;
unsigned int d_ttd;
- mutable std::string d_nsec3param;
- mutable bool d_narrow;
+ mutable std::string d_key, d_value;
};
>
> keycache_t;
typedef multi_index_container<
- NSECCacheEntry,
+ METACacheEntry,
indexed_by<
- ordered_unique<member<NSECCacheEntry, std::string, &NSECCacheEntry::d_domain>, CIStringCompare >,
+ ordered_unique<
+ composite_key<
+ METACacheEntry,
+ member<METACacheEntry, std::string, &METACacheEntry::d_domain> ,
+ member<METACacheEntry, std::string, &METACacheEntry::d_key>
+ >, composite_key_compare<CIStringCompare, CIStringCompare> >,
sequenced<>
>
- > nseccache_t;
+ > metacache_t;
static keycache_t s_keycache;
- static nseccache_t s_nseccache;
+ static metacache_t s_metacache;
static pthread_mutex_t s_keycachelock;
- static pthread_mutex_t s_nseccachelock;
+ static pthread_mutex_t s_metacachelock;
};
#endif
projects / pdns / commitdiff