*/
#include "packetcache.hh"
#include "utility.hh"
+#include "base32.hh"
#include <string>
#include <sys/types.h>
#include <boost/algorithm/string.hpp>
r->addRecord(rr);
}
+
+
+
/* mode 0 = no error -> an NSEC that starts with 'target', in authority section
mode 1 = NXDOMAIN -> an NSEC from auth to first + a covering NSEC
mode 2 = ANY or direct NSEC request -> an NSEC that starts with 'target'
mode 3 = a covering NSEC in the authority section (like 1, except for first)
*/
+void PacketHandler::addNSECX(DNSPacket *p, DNSPacket *r, const string& target, const string& auth, int mode)
+{
+ cerr<<"Doing NSEC3PARAM lookup for '"<<auth<<"'"<<endl;
+ B.lookup(QType(QType::NSEC3PARAM), auth, p);
+ DNSResourceRecord rr, nsec3param;
+ while(B.get(rr)) {
+ nsec3param = rr;
+ }
+ if(!nsec3param.qname.empty())
+ addNSEC3(p, r, target, auth, nsec3param, mode);
+ else
+ addNSEC(p, r, target, auth, mode);
+}
+
+void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, const string& auth, const DNSResourceRecord& nsec3param, int mode)
+{
+ cerr<<"NSEC3 generator called!"<<endl;
+ cerr<<nsec3param.content<<endl;
+ NSEC3PARAMRecordContent *ns3rc=dynamic_cast<NSEC3PARAMRecordContent*>(DNSRecordContent::mastermake(QType::NSEC3PARAM, 1, nsec3param.content));
+ cerr<<"NSEC3 hash, "<<ns3rc->d_iterations<<" iterations, salt '"<<makeHexDump(ns3rc->d_salt)<<"': "<<toBase32Hex(hashQNameWithSalt(ns3rc->d_iterations, ns3rc->d_salt, p->qdomain))<<endl;
+
+}
void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, const string& auth, int mode)
{
}
if(!sawDS && p->qtype.getCode() == QType::NS && p->d_dnssecOk && rfound) {
- addNSEC(p, r, p->qdomain, "", 2); // make it 'official' that we have no DS
+ addNSECX(p, r, p->qdomain, "", 2); // make it 'official' that we have no DS
}
if(hits && !relevantNS && !found && !rfound && shortcut ) { // XXX FIXME !numloops. we found matching qnames but not a qtype
rr.d_place=DNSResourceRecord::AUTHORITY;
r->addRecord(rr);
- if(p->d_dnssecOk)
- addNSEC(p, r, target, sd.qname, 1);
+ if(p->d_dnssecOk)
+ addNSECX(p, r, target, sd.qname, 1);
r->setRcode(RCode::NXDomain);
S.ringAccount("nxdomain-queries",p->qdomain+"/"+p->qtype.getName());
}
r->addRecord(rr);
if(p->d_dnssecOk)
- addNSEC(p, r, target, sd.qname, 0);
+ addNSECX(p, r, target, sd.qname, 0);
S.ringAccount("noerror-queries",p->qdomain+"/"+p->qtype.getName());
}
r->setA(false);
if(!addDSforNS(p, r, sd, rrset.begin()->qname))
- addNSEC(p, r, rrset.begin()->qname, sd.qname, 0);
+ addNSECX(p, r, rrset.begin()->qname, sd.qname, 0);
return true;
}
if(!p->d_dnssecOk)
cerr<<"Need to add all the RRSIGs too for '"<<target<<"', should do this manually since DNSSEC was not requested"<<endl;
// cerr<<"Need to add all the NSEC too.."<<endl; /// XXX FIXME THE ABOVE IF IS WEIRD
- addNSEC(p, r, target, sd.qname, 2);
+ addNSECX(p, r, target, sd.qname, 2);
}
bool PacketHandler::tryWildcard(DNSPacket *p, DNSPacket*r, SOAData& sd, string &target, bool& retargeted)
}
if(p->d_dnssecOk) {
- addNSEC(p, r, p->qdomain, sd.qname, 3);
+ addNSECX(p, r, p->qdomain, sd.qname, 3);
}
return true;
}
bool getTLDAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId);
int doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r);
bool doDNSSECProcessing(DNSPacket* p, DNSPacket *r);
+ void addNSECX(DNSPacket *p, DNSPacket* r, const string &target, const std::string& auth, int mode);
void addNSEC(DNSPacket *p, DNSPacket* r, const string &target, const std::string& auth, int mode);
+ void addNSEC3(DNSPacket *p, DNSPacket* r, const string &target, const std::string& auth, const DNSResourceRecord& nsec3param, int mode);
void emitNSEC(const std::string& before, const std::string& after, const std::string& toNSEC, DNSPacket *r, int mode);
void synthesiseRRSIGs(DNSPacket* p, DNSPacket* r);
void makeNXDomain(DNSPacket* p, DNSPacket* r, const std::string& target, SOAData& sd);
#include "dnsseckeeper.hh"
#include "dnssecinfra.hh"
#include "statbag.hh"
+#include "base32.hh"
#include <boost/foreach.hpp>
#include <boost/program_options.hpp>
#include "dnsbackend.hh"
if(!B->getSOA(zone, sd)) {
cerr<<"No SOA!"<<endl;
+ return;
}
cerr<<"ID: "<<sd.domain_id<<endl;
sd.db->list(zone, sd.domain_id);
qnames.insert(rr.qname);
}
+ string salt;
+ char tmp[]={0xab, 0xcd};
+ salt.assign(tmp, 2);
BOOST_FOREACH(const string& qname, qnames)
{
+
+ cerr<<"'"<<qname<<"' -> '"<<toBase32Hex(hashQNameWithSalt(100, salt, qname)) <<"'"<<endl;
sd.db->updateDNSSECOrderAndAuth(sd.domain_id, zone, qname, true);
}
cerr<<"Done listing"<<endl;