From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 5 Jan 2016 16:24:34 +0000 (+0100)
Subject: Add the CAA record
X-Git-Tag: dnsdist-1.0.0-beta1~98^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f75f6821e55235b15d3140521e693620a48291cd;p=pdns

Add the CAA record
---

diff --git a/docs/markdown/types.md b/docs/markdown/types.md
index 653b371cd..66b1684e9 100644
--- a/docs/markdown/types.md
+++ b/docs/markdown/types.md
@@ -31,6 +31,11 @@ mechanisms on a zone's apex. See the [howto](authoritative/howtos.md#using-alias
 for information on how to configure PowerDNS to serve records synthesized from
 ALIAS records.
 
+## CAA
+Since 4.0.0. The "Certification Authority Authorization" record, specified in
+[RFC 6844](https://tools.ietf.org/html/rfc6844), is used to specify Certificate
+Authorities that may issue certificates for a domain.
+
 ## CERT
 Specialised record type for storing certificates, defined in
 [RFC 2538](http://tools.ietf.org/html/rfc2538).
diff --git a/pdns/dnsrecords.cc b/pdns/dnsrecords.cc
index d1c156668..86ff4078a 100644
--- a/pdns/dnsrecords.cc
+++ b/pdns/dnsrecords.cc
@@ -486,6 +486,12 @@ boilerplate_conv(URI, QType::URI,
                  conv.xfrText(d_target, true, false);
                  )
 
+boilerplate_conv(CAA, QType::CAA,
+                 conv.xfr8BitInt(d_flags);
+                 conv.xfrUnquotedText(d_tag, true);
+                 conv.xfrText(d_value, true, false); /* no lenField */
+                )
+
 static uint16_t makeTag(const std::string& data)
 {
   const unsigned char* key=(const unsigned char*)data.c_str();
@@ -608,6 +614,7 @@ void reportOtherTypes()
    EUI64RecordContent::report();
    MINFORecordContent::report();
    URIRecordContent::report();
+   CAARecordContent::report();
 }
 
 void reportAllTypes()
diff --git a/pdns/dnsrecords.hh b/pdns/dnsrecords.hh
index fc4a6bc00..43aa74527 100644
--- a/pdns/dnsrecords.hh
+++ b/pdns/dnsrecords.hh
@@ -638,6 +638,14 @@ class URIRecordContent : public DNSRecordContent {
     string d_target;
 };
 
+class CAARecordContent : public DNSRecordContent {
+  public:
+    includeboilerplate(CAA)
+  private:
+    uint8_t d_flags;
+    string d_tag, d_value;
+};
+
 #define boilerplate(RNAME, RTYPE)                                                                         \
 RNAME##RecordContent::DNSRecordContent* RNAME##RecordContent::make(const DNSRecord& dr, PacketReader& pr) \
 {                                                                                                  \
diff --git a/pdns/qtype.hh b/pdns/qtype.hh
index ad121333b..888713eef 100644
--- a/pdns/qtype.hh
+++ b/pdns/qtype.hh
@@ -128,6 +128,7 @@ public:
     MAILA=254,
     ANY=255,
     URI=256,
+    CAA=257,
     DLV=32769,
     ADDR=65400,
     ALIAS=65401
@@ -218,6 +219,7 @@ private:
       qtype_insert("MAILA", 254);
       qtype_insert("ANY", 255);
       qtype_insert("URI", 256);
+      qtype_insert("CAA", 257);
       qtype_insert("DLV", 32769);
       qtype_insert("ADDR", 65400);
       qtype_insert("ALIAS", 65401);
diff --git a/pdns/test-dnsrecords_cc.cc b/pdns/test-dnsrecords_cc.cc
index a5002f8ee..f8da82f04 100644
--- a/pdns/test-dnsrecords_cc.cc
+++ b/pdns/test-dnsrecords_cc.cc
@@ -167,6 +167,7 @@ BOOST_AUTO_TEST_CASE(test_record_types) {
      (CASE_S(QType::DLV, "20642 8 2 04443abe7e94c3985196beae5d548c727b044dda5151e60d7cd76a9fd931d00e", "\x50\xa2\x08\x02\x04\x44\x3a\xbe\x7e\x94\xc3\x98\x51\x96\xbe\xae\x5d\x54\x8c\x72\x7b\x04\x4d\xda\x51\x51\xe6\x0d\x7c\xd7\x6a\x9f\xd9\x31\xd0\x0e",false))
      (CASE_S(QType::URI, "10 1 \"ftp://ftp1.example.com/public\"", "\x0a\x01\x66\x74\x70\x3a\x2f\x2f\x66\x74\x70\x31\x2e\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d\x2f\x70\x75\x62\x6c\x69\x63", false))
      (CASE_S(QType::URI, "10 1 \"ftp://ftp1.example.com/public/with/a/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/very/long/url\"", "\x0a\x01\x66\x74\x70\x3a\x2f\x2f\x66\x74\x70\x31\x2e\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d\x2f\x70\x75\x62\x6c\x69\x63\x2f\x77\x69\x74\x68\x2f\x61\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x76\x65\x72\x79\x2f\x6c\x6f\x6e\x67\x2f\x75\x72\x6c", false))
+     (CASE_S(QType::CAA, "0 issue \"example.net\"", "\x00\x05\x69\x73\x73\x75\x65\x65\x78\x61\x6d\x70\x6c\x65\x2e\x6e\x65\x74",false))
      (CASE_S((QType::typeenum)65226,"\\# 3 414243","\x41\x42\x43",false))
 ;