From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Wed, 22 Jul 2015 18:05:41 +0000 (+0200)
Subject: Add CDS and CDNSKEY records to AXFR
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~27^2~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=991a09772cea40b826b783d4e953b49ce8b7a72c;p=pdns

Add CDS and CDNSKEY records to AXFR
---

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 42de1d6e4..41064d9ce 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -661,6 +661,11 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
   rr.ttl = sd.default_ttl;
   rr.auth = 1; // please sign!
 
+  string publishCDNSKEY, publishCDS;
+  dk.getFromMeta(q->qdomain, "PUBLISH_CDNSKEY", publishCDNSKEY);
+  dk.getFromMeta(q->qdomain, "PUBLISH_CDS", publishCDS);
+  vector<DNSResourceRecord> cds, cdnskey;
+
   BOOST_FOREACH(const DNSSECKeeper::keyset_t::value_type& value, keys) {
     rr.qtype = QType(QType::DNSKEY);
     rr.content = value.first.getDNSKEY().getZoneRepresentation();
@@ -670,6 +675,25 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
     ne.d_set.insert(rr.qtype.getCode());
     ne.d_ttl = sd.default_ttl;
     csp.submit(rr);
+
+    // generate CDS and CDNSKEY records
+    if(value.second.keyOrZone){
+      if(publishCDNSKEY == "1") {
+        rr.qtype=QType(QType::CDNSKEY);
+        rr.content = value.first.getDNSKEY().getZoneRepresentation();
+        cdnskey.push_back(rr);
+      }
+
+      if(!publishCDS.empty()){
+        rr.qtype=QType(QType::CDS);
+        vector<string> digestAlgos;
+        stringtok(digestAlgos, publishCDS, ", ");
+        for(auto digestAlgo : digestAlgos) {
+          rr.content=makeDSFromDNSKey(target, value.first.getDNSKEY(), lexical_cast<int>(digestAlgo)).getZoneRepresentation();
+          cds.push_back(rr);
+        }
+      }
+    }
   }
   
   if(::arg().mustDo("direct-dnskey")) {
@@ -708,6 +732,13 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
   set<DNSName> qnames, nsset, terms;
   vector<DNSResourceRecord> rrs;
 
+  // Add the CDNSKEY and CDS records we created earlier
+  for (auto const rr : cds)
+    rrs.push_back(rr);
+
+  for (auto const rr : cdnskey)
+    rrs.push_back(rr);
+
   while(sd.db->get(rr)) {
     if(rr.qname.isPartOf(target)) {
       if (rectify) {
@@ -792,9 +823,9 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int ou
       continue;
     }
 
-    // only skip the DNSKEY if direct-dnskey is enabled, to avoid changing behaviour
+    // only skip the DNSKEY, CDNSKEY and CDS if direct-dnskey is enabled, to avoid changing behaviour
     // when it is not enabled.
-    if(::arg().mustDo("direct-dnskey") && rr.qtype.getCode() == QType::DNSKEY)
+    if(::arg().mustDo("direct-dnskey") && (rr.qtype.getCode() == QType::DNSKEY || rr.qtype.getCode() == QType::CDNSKEY || rr.qtype.getCode() == QType::CDS))
       continue;
 
     records++;