From bd7ea680cf9e86fefe243a179a7f8734e8dbd15c Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Tue, 3 Jun 2014 10:24:28 +0200 Subject: [PATCH] put lmdb-backend dnssec support behind lmdb-experimental-dnssec switch --- modules/lmdbbackend/lmdbbackend.cc | 60 ++++++++++++++++++--------- modules/lmdbbackend/lmdbbackend.hh | 3 ++ regression-tests/backends/lmdb-master | 2 +- 3 files changed, 45 insertions(+), 20 deletions(-) diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc index 04cfbd535..9820493a3 100644 --- a/modules/lmdbbackend/lmdbbackend.cc +++ b/modules/lmdbbackend/lmdbbackend.cc @@ -32,6 +32,12 @@ LMDBBackend::LMDBBackend(const string &suffix) { setArgPrefix("lmdb"+suffix); + try { + d_doDnssec = mustDo("experimental-dnssec"); + } + catch (ArgException e) { + d_doDnssec = false; + } open_db(); } @@ -49,7 +55,7 @@ void LMDBBackend::open_db() { if( (rc = mdb_env_create(&env)) ) throw PDNSException("Couldn't open LMDB database " + path + ": mdb_env_create() returned " + mdb_strerror(rc)); - if( (rc = mdb_env_set_maxdbs( env, 5 )) ) + if( (rc = mdb_env_set_maxdbs( env, d_doDnssec ? 5 : 3)) ) throw PDNSException("Couldn't open LMDB database " + path + ": mdb_env_set_maxdbs() returned " + mdb_strerror(rc)); if( (rc = mdb_env_open(env, path.c_str(), MDB_RDONLY, 0)) ) @@ -73,16 +79,18 @@ void LMDBBackend::open_db() { if( ( rc = mdb_cursor_open(txn, data_extended_db, &data_extended_cursor)) ) throw PDNSException("Couldn't open cursor on LMDB data_extended database " + path + ": mdb_cursor_open() returned " + mdb_strerror(rc)); - if( (rc = mdb_dbi_open(txn, "rrsig", MDB_DUPSORT, &rrsig_db) )) - throw PDNSException("Couldn't open LMDB rrsig database " + path + ": mdb_dbi_open() returned " + mdb_strerror(rc)); - if( ( rc = mdb_cursor_open(txn, rrsig_db, &rrsig_cursor)) ) - throw PDNSException("Couldn't open cursor on LMDB rrsig database " + path + ": mdb_cursor_open() returned " + mdb_strerror(rc)); - - if( (rc = mdb_dbi_open(txn, "nsecx", 0, &nsecx_db) )) - throw PDNSException("Couldn't open LMDB nsecx database " + path + ": mdb_dbi_open() returned " + mdb_strerror(rc)); - if( ( rc = mdb_cursor_open(txn, nsecx_db, &nsecx_cursor)) ) - throw PDNSException("Couldn't open cursor on LMDB nsecx database " + path + ": mdb_cursor_open() returned " + mdb_strerror(rc)); - + if(d_doDnssec) { + DEBUGLOG("Experimental dnssec support enabled"<& meta) { + if (!d_doDnssec) + return false; + if (kind == "PRESIGNED" || kind == "NSEC3PARAM") { int rc; MDB_val key, data; @@ -145,6 +158,9 @@ bool LMDBBackend::getDomainMetadata(const string& name, const std::string& kind, bool LMDBBackend::getDirectNSECx(uint32_t id, const string &hashed, const QType &qtype, string &before, DNSResourceRecord &rr) { + if (!d_doDnssec) + return false; + MDB_val key, data; string key_str, cur_key, cur_value; vector keyparts, valparts; @@ -212,6 +228,9 @@ hasnsecx: bool LMDBBackend::getDirectRRSIGs(const string &signer, const string &qname, const QType &qtype, vector &rrsigs) { + if (!d_doDnssec) + return false; + int rc; MDB_val key, data; string key_str, cur_value; @@ -266,8 +285,10 @@ bool LMDBBackend::getAuthZone( string &rev_zone ) mdb_cursor_renew( txn, zone_cursor ); mdb_cursor_renew( txn, data_cursor ); mdb_cursor_renew( txn, data_extended_cursor ); - mdb_cursor_renew( txn, rrsig_cursor ); - mdb_cursor_renew( txn, nsecx_cursor ); + if (d_doDnssec) { + mdb_cursor_renew( txn, rrsig_cursor ); + mdb_cursor_renew( txn, nsecx_cursor ); + } // Find the nearest record, or the last record if none if( mdb_cursor_get(zone_cursor, &key, &data, MDB_SET_RANGE) ) @@ -277,7 +298,7 @@ bool LMDBBackend::getAuthZone( string &rev_zone ) /* Only skip this bit if we got an exact hit on the SOA or if the key is a shoter * version of rev_zone. Otherwise we have to go back to the previous record */ - if( orig.compare( rev_zone ) != 0 ) { + if( orig.compare( rev_zone ) != 0 ) { // FIXME detect shorter version /* Skip back 1 entry to what should be a substring of what was searched * for (or a totally different entry) */ if( mdb_cursor_get(zone_cursor, &key, &data, MDB_PREV) ) { @@ -307,7 +328,7 @@ bool LMDBBackend::getAuthData( SOAData &soa, DNSPacket *p ) vectorparts; stringtok(parts,data,"\t"); - if(parts.size() < 3 ) + if(parts.size() < 3) throw PDNSException("Invalid record in zone table: " + data ); fillSOAData( parts[2], soa ); @@ -500,6 +521,7 @@ public: void declareArguments(const string &suffix="") { declare(suffix,"datapath","Path to the directory containing the lmdb files","/etc/pdns/data"); + declare(suffix,"experimental-dnssec","Enable experimental DNSSEC processing","no"); } DNSBackend *make(const string &suffix="") { diff --git a/modules/lmdbbackend/lmdbbackend.hh b/modules/lmdbbackend/lmdbbackend.hh index 1e540088e..52367717e 100644 --- a/modules/lmdbbackend/lmdbbackend.hh +++ b/modules/lmdbbackend/lmdbbackend.hh @@ -24,6 +24,9 @@ private: // Is this the first call to ::get() ? bool d_first; + // Is dnssec enabled ? + bool d_doDnssec; + // Current domain ID being queried for int d_domain_id; diff --git a/regression-tests/backends/lmdb-master b/regression-tests/backends/lmdb-master index f1183791d..53a9e45e1 100644 --- a/regression-tests/backends/lmdb-master +++ b/regression-tests/backends/lmdb-master @@ -77,7 +77,7 @@ case $context in --no-shuffle --launch=lmdb \ --send-root-referral \ --cache-ttl=$cachettl --experimental-dname-processing --no-config \ - --lmdb-datapath=./ & + --lmdb-datapath=./ --lmdb-experimental-dnssec & skipreasons="noent nodyndns nometa lmdb" -- 2.49.0