pdns/validate-recursor.cc

   1 #include "validate.hh"
   2 #include "validate-recursor.hh"
   3 #include "syncres.hh"
   4 #include "logger.hh"
   5 #include "rec-lua-conf.hh"
   6 #include "dnssecinfra.hh"
   7 #include "dnsseckeeper.hh"
   8 #include "zoneparser-tng.hh"
   9
  10 DNSSECMode g_dnssecmode{DNSSECMode::ProcessNoValidate};
  11 bool g_dnssecLogBogus;
  12
  13 bool checkDNSSECDisabled() {
  14   return warnIfDNSSECDisabled("");
  15 }
  16
  17 bool warnIfDNSSECDisabled(const string& msg) {
  18   if(g_dnssecmode == DNSSECMode::Off) {
  19     if (!msg.empty())
  20       g_log<<Logger::Warning<<msg<<endl;
  21     return true;
  22   }
  23   return false;
  24 }
  25
  26 vState increaseDNSSECStateCounter(const vState& state)
  27 {
  28   g_stats.dnssecResults[state]++;
  29   return state;
  30 }
  31
  32 // Returns true if dsAnchors were modified
  33 bool updateTrustAnchorsFromFile(const std::string &fname, map<DNSName, dsmap_t> &dsAnchors) {
  34   map<DNSName,dsmap_t> newDSAnchors;
  35   try {
  36     auto zp = ZoneParserTNG(fname);
  37     DNSResourceRecord rr;
  38     DNSRecord dr;
  39     while(zp.get(rr)) {
  40       dr = DNSRecord(rr);
  41       if (rr.qtype == QType::DS) {
  42         auto dsr = getRR<DSRecordContent>(dr);
  43         if (dsr == nullptr) {
  44           throw PDNSException("Unable to parse DS record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() + "'");
  45         }
  46         newDSAnchors[rr.qname].insert(*dsr);
  47       }
  48       if (rr.qtype == QType::DNSKEY) {
  49         auto dnskeyr = getRR<DNSKEYRecordContent>(dr);
  50         if (dnskeyr == nullptr) {
  51           throw PDNSException("Unable to parse DNSKEY record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() +"'");
  52         }
  53         auto dsr = makeDSFromDNSKey(rr.qname, *dnskeyr, DNSSECKeeper::SHA256);
  54         newDSAnchors[rr.qname].insert(dsr);
  55       }
  56     }
  57     if (dsAnchors == newDSAnchors) {
  58       g_log<<Logger::Debug<<"Read Trust Anchors from file, no changes detected"<<endl;
  59       return false;
  60     }
  61     g_log<<Logger::Info<<"Read changed Trust Anchors from file, updating"<<endl;
  62     dsAnchors = newDSAnchors;
  63     return true;
  64   }
  65   catch (const std::exception &e) {
  66     throw PDNSException("Error while reading Trust Anchors from file '" + fname + "': " + e.what());
  67   }
  68   catch (...) {
  69     throw PDNSException("Error while reading Trust Anchors from file '" + fname + "'");
  70   }
  71 }