::arg().set("soa-refresh-default","Default SOA refresh")="10800";
::arg().set("soa-retry-default","Default SOA retry")="3600";
::arg().set("soa-expire-default","Default SOA expire")="604800";
+ ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
+ ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")="";
::arg().set("slave-renotify", "If we should send out notifications for slaved updates")="no";
}
}
+void DNSSECKeeper::getSoaEdit(const std::string& zname, std::string& value)
+{
+ static const string soaEdit(::arg()["default-soa-edit"]);
+ static const string soaEditSigned(::arg()["default-soa-edit-signed"]);
+
+ getFromMeta(zname, "SOA-EDIT", value);
+
+ if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty() && !isPresigned(zname)) {
+ if (!soaEditSigned.empty() && isSecuredZone(zname))
+ value=soaEditSigned;
+ if (value.empty())
+ value=soaEdit;
+ }
+
+ return;
+}
+
uint64_t DNSSECKeeper::dbdnssecCacheSizes(const std::string& str)
{
if(str=="meta-cache-size") {
}
void getFromMeta(const std::string& zname, const std::string& key, std::string& value);
+ void getSoaEdit(const std::string& zname, std::string& value);
private:
#
# default-ksk-size=0
+#################################
+# default-soa-edit Default SOA-EDIT value
+#
+# default-soa-edit=
+
+#################################
+# default-soa-edit-signed Default SOA-EDIT value for signed zones
+#
+# default-soa-edit-signed=
+
#################################
# default-soa-mail mail address to insert in the SOA record if none set in the backend
#
::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
::arg().set("default-zsk-algorithms","Default ZSK algorithms")="rsasha256";
::arg().set("default-zsk-size","Default KSK size (0 means default)")="0";
+ ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
+ ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a zone")="100000";
::arg().set("module-dir","Default directory for modules")=PKGLIBDIR;
::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom";
cout<<"No SOA for zone '"<<zone<<"'"<<endl;
return -1;
}
+
+ if (dk.isPresigned(zone)) {
+ cerr<<"Serial increase of presigned zone '"<<zone<<"' is not allowed."<<endl;
+ return -1;
+ }
string soaEditKind;
- dk.getFromMeta(zone, "SOA-EDIT", soaEditKind);
+ dk.getSoaEdit(zone, soaEditKind);
sd.db->lookup(QType(QType::SOA), zone);
vector<DNSResourceRecord> rrs;
if (!soaEdit2136Setting.empty()) {
soaEdit2136 = soaEdit2136Setting[0];
if (pdns_iequals(soaEdit2136, "SOA-EDIT") || pdns_iequals(soaEdit2136,"SOA-EDIT-INCREASE") ){
- vector<string> soaEditSetting;
- B.getDomainMetadata(di->zone, "SOA-EDIT", soaEditSetting);
+ string soaEditSetting;
+ d_dk.getSoaEdit(di->zone, soaEditSetting);
if (soaEditSetting.empty()) {
L<<Logger::Error<<msgPrefix<<"Using "<<soaEdit2136<<" for SOA-EDIT-DNSUPDATE increase on DNS update, but SOA-EDIT is not set for domain \""<< di->zone <<"\". Using DEFAULT for SOA-EDIT-DNSUPDATE"<<endl;
soaEdit2136 = "DEFAULT";
} else
- soaEdit = soaEditSetting[0];
+ soaEdit = soaEditSetting;
}
}
BOOST_FOREACH(DNSResourceRecord& rr, rrs) {
if(rr.qtype.getCode() == QType::SOA && pdns_iequals(rr.qname,qname)) {
string kind;
- dk.getFromMeta(qname, "SOA-EDIT", kind);
+ dk.getSoaEdit(qname, kind);
return editSOARecord(rr, kind);
}
}
}
string soaedit;
- dk.getFromMeta(target, "SOA-EDIT", soaedit);
+ dk.getSoaEdit(target, soaedit);
if (!rfc1982LessThan(serial, calculateEditSOA(sd, soaedit))) {
TSIGRecordContent trc;
string tsigkeyname, tsigsecret;
projects / pdns / commitdiff