]>
Commit | Line | Data |
---|---|---|
1 | #include "validate.hh" | |
2 | #include "validate-recursor.hh" | |
3 | #include "syncres.hh" | |
4 | #include "logger.hh" | |
5 | #include "rec-lua-conf.hh" | |
6 | #include "dnssecinfra.hh" | |
7 | #include "dnsseckeeper.hh" | |
8 | #include "zoneparser-tng.hh" | |
9 | ||
10 | DNSSECMode g_dnssecmode{DNSSECMode::ProcessNoValidate}; | |
11 | bool g_dnssecLogBogus; | |
12 | ||
13 | bool checkDNSSECDisabled() { | |
14 | return warnIfDNSSECDisabled(""); | |
15 | } | |
16 | ||
17 | bool warnIfDNSSECDisabled(const string& msg) { | |
18 | if(g_dnssecmode == DNSSECMode::Off) { | |
19 | if (!msg.empty()) | |
20 | g_log<<Logger::Warning<<msg<<endl; | |
21 | return true; | |
22 | } | |
23 | return false; | |
24 | } | |
25 | ||
26 | vState increaseDNSSECStateCounter(const vState& state) | |
27 | { | |
28 | g_stats.dnssecResults[state]++; | |
29 | return state; | |
30 | } | |
31 | ||
32 | // Returns true if dsAnchors were modified | |
33 | bool updateTrustAnchorsFromFile(const std::string &fname, map<DNSName, dsmap_t> &dsAnchors) { | |
34 | map<DNSName,dsmap_t> newDSAnchors; | |
35 | try { | |
36 | auto zp = ZoneParserTNG(fname); | |
37 | DNSResourceRecord rr; | |
38 | DNSRecord dr; | |
39 | while(zp.get(rr)) { | |
40 | dr = DNSRecord(rr); | |
41 | if (rr.qtype == QType::DS) { | |
42 | auto dsr = getRR<DSRecordContent>(dr); | |
43 | if (dsr == nullptr) { | |
44 | throw PDNSException("Unable to parse DS record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() + "'"); | |
45 | } | |
46 | newDSAnchors[rr.qname].insert(*dsr); | |
47 | } | |
48 | if (rr.qtype == QType::DNSKEY) { | |
49 | auto dnskeyr = getRR<DNSKEYRecordContent>(dr); | |
50 | if (dnskeyr == nullptr) { | |
51 | throw PDNSException("Unable to parse DNSKEY record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() +"'"); | |
52 | } | |
53 | auto dsr = makeDSFromDNSKey(rr.qname, *dnskeyr, DNSSECKeeper::SHA256); | |
54 | newDSAnchors[rr.qname].insert(dsr); | |
55 | } | |
56 | } | |
57 | if (dsAnchors == newDSAnchors) { | |
58 | g_log<<Logger::Debug<<"Read Trust Anchors from file, no changes detected"<<endl; | |
59 | return false; | |
60 | } | |
61 | g_log<<Logger::Info<<"Read changed Trust Anchors from file, updating"<<endl; | |
62 | dsAnchors = newDSAnchors; | |
63 | return true; | |
64 | } | |
65 | catch (const std::exception &e) { | |
66 | throw PDNSException("Error while reading Trust Anchors from file '" + fname + "': " + e.what()); | |
67 | } | |
68 | catch (...) { | |
69 | throw PDNSException("Error while reading Trust Anchors from file '" + fname + "'"); | |
70 | } | |
71 | } |