From: Peter van Dijk Date: Wed, 3 Oct 2012 17:21:21 +0000 (+0000) Subject: add no-DNSSEC ENT support, patch by Kees Monshouwer X-Git-Tag: auth-3.2-rc1~150 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ece45ffbf50044a09e2dbd15149dec289693f400;p=pdns add no-DNSSEC ENT support, patch by Kees Monshouwer git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2732 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/modules/gmysqlbackend/gmysqlbackend.cc b/modules/gmysqlbackend/gmysqlbackend.cc index 86ca233aa..315e7a30b 100644 --- a/modules/gmysqlbackend/gmysqlbackend.cc +++ b/modules/gmysqlbackend/gmysqlbackend.cc @@ -63,6 +63,10 @@ public: declare(suffix,"wildcard-any-id-query","Wildcard ANY with ID query","select content,ttl,prio,type,domain_id,name from records where name like '%s' and domain_id='%d'"); declare(suffix,"list-query","AXFR query", "select content,ttl,prio,type,domain_id,name from records where domain_id='%d'"); + + declare(suffix,"remove-empty-non-terminals-from-zone-query", "remove all empty non-terminals from zone", "delete from records where domain_id='%d' and type is null"); + declare(suffix,"insert-empty-non-terminal-query", "insert empty non-terminal in zone", "insert into records (domain_id,name,type) values ('%d','%s',null)"); + declare(suffix,"delete-empty-non-terminal-query", "delete empty non-terminal from zone", "delete from records where domain_id='%d' and name='%s' and type is null"); // and now with auth declare(suffix,"basic-query-auth","Basic query","select content,ttl,prio,type,domain_id,name, auth from records where type='%s' and name='%s'"); @@ -76,6 +80,8 @@ public: declare(suffix,"wildcard-any-id-query-auth","Wildcard ANY with ID query","select content,ttl,prio,type,domain_id,name, auth from records where name like '%s' and domain_id='%d'"); declare(suffix,"list-query-auth","AXFR query", "select content,ttl,prio,type,domain_id,name, auth from records where domain_id='%d' order by name, type"); + + declare(suffix,"insert-empty-non-terminal-query-auth", "insert empty non-terminal in zone", "insert into records (domain_id,name,type,auth) values ('%d','%s',null,'1')"); declare(suffix,"master-zone-query","Data", "select master from domains where name='%s' and type='SLAVE'"); @@ -94,9 +100,6 @@ public: declare(suffix,"set-order-and-auth-query", "DNSSEC set ordering query", "update records set ordername='%s',auth=%d where name='%s' and domain_id='%d'"); declare(suffix,"nullify-ordername-query", "DNSSEC nullify ordername query", "update records set ordername=NULL where domain_id='%d' and name='%s' and type is null"); declare(suffix,"nullify-ordername-and-auth-query", "DNSSEC nullify ordername and auth query", "update records set ordername=NULL,auth=0 where name='%s' and type='%s' and domain_id='%d'"); - declare(suffix,"remove-empty-non-terminals-from-zone-query", "remove all empty non-terminals from zone", "delete from records where domain_id='%d' and type is null"); - declare(suffix,"insert-empty-non-terminal-query", "insert empty non-terminal in zone", "insert into records (domain_id,name,type,auth) values ('%d','%s',null,'1')"); - declare(suffix,"delete-empty-non-terminal-query", "delete empty non-terminal from zone", "delete from records where domain_id='%d' and name='%s' and type is null"); declare(suffix,"update-serial-query","", "update domains set notified_serial=%d where id=%d"); declare(suffix,"update-lastcheck-query","", "update domains set last_check=%d where id=%d"); diff --git a/modules/gpgsqlbackend/gpgsqlbackend.cc b/modules/gpgsqlbackend/gpgsqlbackend.cc index ad6f760e9..7a2bd3814 100644 --- a/modules/gpgsqlbackend/gpgsqlbackend.cc +++ b/modules/gpgsqlbackend/gpgsqlbackend.cc @@ -60,6 +60,10 @@ public: declare(suffix,"wildcard-any-id-query","Wildcard ANY with ID query","select content,ttl,prio,type,domain_id,name from records where name like E'%s' and domain_id='%d'"); declare(suffix,"list-query","AXFR query", "select content,ttl,prio,type,domain_id,name from records where domain_id='%d'"); + + declare(suffix,"remove-empty-non-terminals-from-zone-query", "remove all empty non-terminals from zone", "delete from records where domain_id='%d' and type is null"); + declare(suffix,"insert-empty-non-terminal-query", "insert empty non-terminal in zone", "insert into records (domain_id,name,type) values ('%d','%s',null)"); + declare(suffix,"delete-empty-non-terminal-query", "delete empty non-terminal from zone", "delete from records where domain_id='%d' and name='%s' and type is null"); // and now with auth declare(suffix,"basic-query-auth","Basic query","select content,ttl,prio,type,domain_id,name, case when auth then 1 else 0 end as auth from records where type='%s' and name=E'%s'"); @@ -73,6 +77,8 @@ public: declare(suffix,"wildcard-any-id-query-auth","Wildcard ANY with ID query","select content,ttl,prio,type,domain_id,name, case when auth then 1 else 0 end as auth from records where name like E'%s' and domain_id='%d'"); declare(suffix,"list-query-auth","AXFR query", "select content,ttl,prio,type,domain_id,name, case when auth then 1 else 0 end as auth from records where domain_id='%d' order by name, type"); + + declare(suffix,"insert-empty-non-terminal-query-auth", "insert empty non-terminal in zone", "insert into records (domain_id,name,type,auth) values ('%d','%s',null,true)"); declare(suffix,"master-zone-query","Data", "select master from domains where name=E'%s' and type='SLAVE'"); @@ -92,9 +98,6 @@ public: declare(suffix,"nullify-ordername-query", "DNSSEC nullify ordername query", "update records set ordername=NULL where domain_id='%d' and name='%s' and type is null"); declare(suffix,"nullify-ordername-and-auth-query", "DNSSEC nullify ordername and auth query", "update records set ordername=NULL,auth=false where name=E'%s' and type=E'%s' and domain_id='%d'"); - declare(suffix,"remove-empty-non-terminals-from-zone-query", "remove all empty non-terminals from zone", "delete from records where domain_id='%d' and type is null"); - declare(suffix,"insert-empty-non-terminal-query", "insert empty non-terminal in zone", "insert into records (domain_id,name,type,auth) values ('%d','%s',null,true)"); - declare(suffix,"delete-empty-non-terminal-query", "delete empty non-terminal from zone", "delete from records where domain_id='%d' and name='%s' and type is null"); declare(suffix,"update-serial-query","", "update domains set notified_serial=%d where id=%d"); declare(suffix,"update-lastcheck-query","", "update domains set last_check=%d where id=%d"); diff --git a/modules/gsqlite3backend/gsqlite3backend.cc b/modules/gsqlite3backend/gsqlite3backend.cc index f7692582a..f9c39e316 100644 --- a/modules/gsqlite3backend/gsqlite3backend.cc +++ b/modules/gsqlite3backend/gsqlite3backend.cc @@ -69,6 +69,10 @@ public: declare( suffix, "wildcard-any-id-query", "Wildcard ANY with ID query","select content,ttl,prio,type,domain_id,name from records where name like '%s' and domain_id=%d"); declare( suffix, "list-query", "AXFR query", "select content,ttl,prio,type,domain_id,name from records where domain_id=%d"); + + declare(suffix,"remove-empty-non-terminals-from-zone-query", "remove all empty non-terminals from zone", "delete from records where domain_id='%d' and type is null"); + declare(suffix,"insert-empty-non-terminal-query", "insert empty non-terminal in zone", "insert into records (domain_id,name,type) values ('%d','%s',null)"); + declare(suffix,"delete-empty-non-terminal-query", "delete empty non-terminal from zone", "delete from records where domain_id='%d' and name='%s' and type is null"); // and now with auth declare(suffix,"basic-query-auth","Basic query","select content,ttl,prio,type,domain_id,name, auth from records where type='%s' and name='%s'"); @@ -82,6 +86,8 @@ public: declare(suffix,"wildcard-any-id-query-auth","Wildcard ANY with ID query","select content,ttl,prio,type,domain_id,name, auth from records where name like '%s' and domain_id='%d'"); declare(suffix,"list-query-auth","AXFR query", "select content,ttl,prio,type,domain_id,name, auth from records where domain_id='%d' order by name, type"); + + declare(suffix,"insert-empty-non-terminal-query-auth", "insert empty non-terminal in zone", "insert into records (domain_id,name,type,auth) values ('%d','%s',null,'1')"); declare(suffix,"get-order-first-query","DNSSEC Ordering Query, first", "select ordername, name from records where domain_id=%d and ordername is not null order by 1 asc limit 1"); declare(suffix,"get-order-before-query","DNSSEC Ordering Query, before", "select ordername, name from records where ordername <= '%s' and domain_id=%d and ordername is not null order by 1 desc limit 1"); @@ -91,9 +97,6 @@ public: declare(suffix,"nullify-ordername-query", "DNSSEC nullify ordername query", "update records set ordername=NULL where domain_id='%d' and name='%s' and type is null"); declare(suffix,"nullify-ordername-and-auth-query", "DNSSEC nullify ordername and auth query", "update records set ordername=NULL,auth=0 where name='%s' and type='%s' and domain_id='%d'"); - declare(suffix,"remove-empty-non-terminals-from-zone-query", "remove all empty non-terminals from zone", "delete from records where domain_id='%d' and type is null"); - declare(suffix,"insert-empty-non-terminal-query", "insert empty non-terminal in zone", "insert into records (domain_id,name,type,auth) values ('%d','%s',null,'1')"); - declare(suffix,"delete-empty-non-terminal-query", "delete empty non-terminal from zone", "delete from records where domain_id='%d' and name='%s' and type is null"); declare( suffix, "master-zone-query", "Data", "select master from domains where name='%s' and type='SLAVE'"); diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc index 18e342e9b..2ea3820a8 100644 --- a/pdns/backends/gsql/gsqlbackend.cc +++ b/pdns/backends/gsql/gsqlbackend.cc @@ -279,6 +279,10 @@ GSQLBackend::GSQLBackend(const string &mode, const string &suffix) d_InfoOfAllMasterDomainsQuery=getArg("info-all-master-query"); d_DeleteZoneQuery=getArg("delete-zone-query"); d_getAllDomainsQuery=getArg("get-all-domains-query"); + + d_removeEmptyNonTerminalsFromZoneQuery = getArg("remove-empty-non-terminals-from-zone-query"); + d_insertEmptyNonTerminalQuery = getArg("insert-empty-non-terminal-query"+authswitch); + d_deleteEmptyNonTerminalQuery = getArg("delete-empty-non-terminal-query"); if (d_dnssecQueries) { @@ -289,9 +293,6 @@ GSQLBackend::GSQLBackend(const string &mode, const string &suffix) d_setOrderAuthQuery = getArg("set-order-and-auth-query"); d_nullifyOrderNameQuery = getArg("nullify-ordername-query"); d_nullifyOrderNameAndAuthQuery = getArg("nullify-ordername-and-auth-query"); - d_removeEmptyNonTerminalsFromZoneQuery = getArg("remove-empty-non-terminals-from-zone-query"); - d_insertEmptyNonTerminalQuery = getArg("insert-empty-non-terminal-query"); - d_deleteEmptyNonTerminalQuery = getArg("delete-empty-non-terminal-query"); d_AddDomainKeyQuery = getArg("add-domain-key-query"); d_ListDomainKeysQuery = getArg("list-domain-keys-query"); @@ -354,8 +355,6 @@ bool GSQLBackend::nullifyDNSSECOrderNameAndAuth(uint32_t domain_id, const std::s bool GSQLBackend::updateEmptyNonTerminals(uint32_t domain_id, const std::string& zonename, set& insert, set& erase, bool remove) { - if(!d_dnssecQueries) - return false; char output[1024]; if(remove) { @@ -396,6 +395,11 @@ bool GSQLBackend::updateEmptyNonTerminals(uint32_t domain_id, const std::string& return true; } +bool GSQLBackend::doesDNSSEC() +{ + return d_dnssecQueries; +} + bool GSQLBackend::getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string& qname, std::string& unhashed, std::string& before, std::string& after) { if(!d_dnssecQueries) diff --git a/pdns/backends/gsql/gsqlbackend.hh b/pdns/backends/gsql/gsqlbackend.hh index 08db1dce7..026e92e51 100644 --- a/pdns/backends/gsql/gsqlbackend.hh +++ b/pdns/backends/gsql/gsqlbackend.hh @@ -46,6 +46,7 @@ public: virtual bool nullifyDNSSECOrderName(uint32_t domain_id, const std::string& qname); virtual bool nullifyDNSSECOrderNameAndAuth(uint32_t domain_id, const std::string& qname, const std::string& type); virtual bool updateEmptyNonTerminals(uint32_t domain_id, const std::string& zonename, set& insert ,set& erase, bool remove); + virtual bool doesDNSSEC(); virtual bool calculateSOASerial(const string& domain, const SOAData& sd, time_t& serial); diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh index 4b8b9c464..ccc246b02 100644 --- a/pdns/dnsbackend.hh +++ b/pdns/dnsbackend.hh @@ -151,6 +151,11 @@ public: return false; } + virtual bool doesDNSSEC() + { + return false; + } + // end DNSSEC //! returns true if master ip is master for domain name. diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc index db09cef15..a5de76923 100644 --- a/pdns/pdnssec.cc +++ b/pdns/pdnssec.cc @@ -131,12 +131,17 @@ void rectifyZone(DNSSECKeeper& dk, const std::string& zone) NSEC3PARAMRecordContent ns3pr; bool narrow; bool haveNSEC3=dk.getNSEC3PARAM(zone, &ns3pr, &narrow); - if(!haveNSEC3) - cerr<<"Adding NSEC ordering information"<doesDNSSEC()) + { + if(!haveNSEC3) + cerr<<"Adding NSEC ordering information "<startTransaction("", -1); diff --git a/regression-tests/ent-any/expected_result b/regression-tests/ent-any/expected_result index baa54f615..08eb6d79d 100644 --- a/regression-tests/ent-any/expected_result +++ b/regression-tests/ent-any/expected_result @@ -1,6 +1,3 @@ -1 blah.test.com. IN NSEC 86400 b.c.test.com. NS RRSIG NSEC -1 blah.test.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ... -1 test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... 1 test.com. IN SOA 3600 ns1.test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 2 . IN OPT 32768 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 diff --git a/regression-tests/ent-any/expected_result.dnssec b/regression-tests/ent-any/expected_result.dnssec new file mode 100644 index 000000000..baa54f615 --- /dev/null +++ b/regression-tests/ent-any/expected_result.dnssec @@ -0,0 +1,7 @@ +1 blah.test.com. IN NSEC 86400 b.c.test.com. NS RRSIG NSEC +1 blah.test.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ... +1 test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... +1 test.com. IN SOA 3600 ns1.test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='c.test.com.', qtype=ANY diff --git a/regression-tests/ent-any/skip.nodnssec b/regression-tests/ent-any/skip.nodnssec deleted file mode 100644 index e69de29bb..000000000 diff --git a/regression-tests/ent-rr-enclosed-in-ent/expected_result b/regression-tests/ent-rr-enclosed-in-ent/expected_result index 720708fe5..f17c7a69f 100644 --- a/regression-tests/ent-rr-enclosed-in-ent/expected_result +++ b/regression-tests/ent-rr-enclosed-in-ent/expected_result @@ -1,6 +1,3 @@ -1 b.c.test.com. IN NSEC 86400 *.a.b.c.test.com. A RRSIG NSEC -1 b.c.test.com. IN RRSIG 86400 NSEC 8 4 86400 [expiry] [inception] [keytag] test.com. ... -1 test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... 1 test.com. IN SOA 3600 ns1.test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 2 . IN OPT 32768 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 diff --git a/regression-tests/ent-rr-enclosed-in-ent/expected_result.dnssec b/regression-tests/ent-rr-enclosed-in-ent/expected_result.dnssec new file mode 100644 index 000000000..720708fe5 --- /dev/null +++ b/regression-tests/ent-rr-enclosed-in-ent/expected_result.dnssec @@ -0,0 +1,7 @@ +1 b.c.test.com. IN NSEC 86400 *.a.b.c.test.com. A RRSIG NSEC +1 b.c.test.com. IN RRSIG 86400 NSEC 8 4 86400 [expiry] [inception] [keytag] test.com. ... +1 test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... +1 test.com. IN SOA 3600 ns1.test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='b.c.test.com.', qtype=TXT diff --git a/regression-tests/ent-rr-enclosed-in-ent/skip.nodnssec b/regression-tests/ent-rr-enclosed-in-ent/skip.nodnssec deleted file mode 100644 index e69de29bb..000000000 diff --git a/regression-tests/ent-soa/expected_result b/regression-tests/ent-soa/expected_result index 862bcffef..64ef2e63d 100644 --- a/regression-tests/ent-soa/expected_result +++ b/regression-tests/ent-soa/expected_result @@ -1,6 +1,3 @@ -1 blah.test.com. IN NSEC 86400 b.c.test.com. NS RRSIG NSEC -1 blah.test.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ... -1 test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... 1 test.com. IN SOA 3600 ns1.test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 2 . IN OPT 32768 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 diff --git a/regression-tests/ent-soa/expected_result.dnssec b/regression-tests/ent-soa/expected_result.dnssec new file mode 100644 index 000000000..862bcffef --- /dev/null +++ b/regression-tests/ent-soa/expected_result.dnssec @@ -0,0 +1,7 @@ +1 blah.test.com. IN NSEC 86400 b.c.test.com. NS RRSIG NSEC +1 blah.test.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ... +1 test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... +1 test.com. IN SOA 3600 ns1.test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='c.test.com.', qtype=SOA diff --git a/regression-tests/ent-soa/skip.nodnssec b/regression-tests/ent-soa/skip.nodnssec deleted file mode 100644 index e69de29bb..000000000 diff --git a/regression-tests/ent-wildcard-below-ent/expected_result b/regression-tests/ent-wildcard-below-ent/expected_result index 6f1d98a0e..d8c182242 100644 --- a/regression-tests/ent-wildcard-below-ent/expected_result +++ b/regression-tests/ent-wildcard-below-ent/expected_result @@ -1,7 +1,4 @@ 0 something.a.b.c.test.com. IN A 3600 8.7.6.5 -0 something.a.b.c.test.com. IN RRSIG 3600 A 8 5 3600 [expiry] [inception] [keytag] test.com. ... -1 *.a.b.c.test.com. IN NSEC 86400 counter.test.com. A RRSIG NSEC -1 *.a.b.c.test.com. IN RRSIG 86400 NSEC 8 5 86400 [expiry] [inception] [keytag] test.com. ... 2 . IN OPT 32768 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='something.a.b.c.test.com.', qtype=A diff --git a/regression-tests/ent-wildcard-below-ent/expected_result.dnssec b/regression-tests/ent-wildcard-below-ent/expected_result.dnssec new file mode 100644 index 000000000..6f1d98a0e --- /dev/null +++ b/regression-tests/ent-wildcard-below-ent/expected_result.dnssec @@ -0,0 +1,7 @@ +0 something.a.b.c.test.com. IN A 3600 8.7.6.5 +0 something.a.b.c.test.com. IN RRSIG 3600 A 8 5 3600 [expiry] [inception] [keytag] test.com. ... +1 *.a.b.c.test.com. IN NSEC 86400 counter.test.com. A RRSIG NSEC +1 *.a.b.c.test.com. IN RRSIG 86400 NSEC 8 5 86400 [expiry] [inception] [keytag] test.com. ... +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='something.a.b.c.test.com.', qtype=A diff --git a/regression-tests/ent-wildcard-below-ent/skip.nodnssec b/regression-tests/ent-wildcard-below-ent/skip.nodnssec deleted file mode 100644 index e69de29bb..000000000 diff --git a/regression-tests/ent/expected_result b/regression-tests/ent/expected_result index 4400426c6..7a707b2d0 100644 --- a/regression-tests/ent/expected_result +++ b/regression-tests/ent/expected_result @@ -1,6 +1,3 @@ -1 blah.test.com. IN NSEC 86400 b.c.test.com. NS RRSIG NSEC -1 blah.test.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ... -1 test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... 1 test.com. IN SOA 3600 ns1.test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 2 . IN OPT 32768 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 diff --git a/regression-tests/ent/expected_result.dnssec b/regression-tests/ent/expected_result.dnssec new file mode 100644 index 000000000..4400426c6 --- /dev/null +++ b/regression-tests/ent/expected_result.dnssec @@ -0,0 +1,7 @@ +1 blah.test.com. IN NSEC 86400 b.c.test.com. NS RRSIG NSEC +1 blah.test.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ... +1 test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... +1 test.com. IN SOA 3600 ns1.test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='c.test.com.', qtype=A diff --git a/regression-tests/ent/skip.nodnssec b/regression-tests/ent/skip.nodnssec deleted file mode 100644 index e69de29bb..000000000