]>
git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/validate-recursor.cc
2 #include "validate-recursor.hh"
5 #include "rec-lua-conf.hh"
6 #include "dnssecinfra.hh"
7 #include "dnsseckeeper.hh"
8 #include "zoneparser-tng.hh"
10 DNSSECMode g_dnssecmode
{DNSSECMode::ProcessNoValidate
};
11 bool g_dnssecLogBogus
;
13 bool checkDNSSECDisabled() {
14 return warnIfDNSSECDisabled("");
17 bool warnIfDNSSECDisabled(const string
& msg
) {
18 if(g_dnssecmode
== DNSSECMode::Off
) {
20 g_log
<<Logger::Warning
<<msg
<<endl
;
26 vState
increaseDNSSECStateCounter(const vState
& state
)
28 g_stats
.dnssecResults
[state
]++;
32 // Returns true if dsAnchors were modified
33 bool updateTrustAnchorsFromFile(const std::string
&fname
, map
<DNSName
, dsmap_t
> &dsAnchors
) {
34 map
<DNSName
,dsmap_t
> newDSAnchors
;
36 auto zp
= ZoneParserTNG(fname
);
41 if (rr
.qtype
== QType::DS
) {
42 auto dsr
= getRR
<DSRecordContent
>(dr
);
44 throw PDNSException("Unable to parse DS record '" + rr
.qname
.toString() + " " + rr
.getZoneRepresentation() + "'");
46 newDSAnchors
[rr
.qname
].insert(*dsr
);
48 if (rr
.qtype
== QType::DNSKEY
) {
49 auto dnskeyr
= getRR
<DNSKEYRecordContent
>(dr
);
50 if (dnskeyr
== nullptr) {
51 throw PDNSException("Unable to parse DNSKEY record '" + rr
.qname
.toString() + " " + rr
.getZoneRepresentation() +"'");
53 auto dsr
= makeDSFromDNSKey(rr
.qname
, *dnskeyr
, DNSSECKeeper::SHA256
);
54 newDSAnchors
[rr
.qname
].insert(dsr
);
57 if (dsAnchors
== newDSAnchors
) {
58 g_log
<<Logger::Debug
<<"Read Trust Anchors from file, no changes detected"<<endl
;
61 g_log
<<Logger::Info
<<"Read changed Trust Anchors from file, updating"<<endl
;
62 dsAnchors
= newDSAnchors
;
65 catch (const std::exception
&e
) {
66 throw PDNSException("Error while reading Trust Anchors from file '" + fname
+ "': " + e
.what());
69 throw PDNSException("Error while reading Trust Anchors from file '" + fname
+ "'");