struct ZoneData
{
- ZoneData(Logr::log_t log, const std::string& zone) :
+ ZoneData(const std::shared_ptr<Logr::Logger>& log, const std::string& zone) :
d_log(log),
d_zone(zone),
d_now(time(nullptr)) {}
// Maybe use a SuffixMatchTree?
std::set<DNSName> d_delegations;
- Logr::log_t d_log;
+ std::shared_ptr<Logr::Logger> d_log;
DNSName d_zone;
time_t d_now;
- bool isRRSetAuth(const DNSName& qname, QType qtype) const;
- void parseDRForCache(DNSRecord& dr);
- pdns::ZoneMD::Result getByAXFR(const RecZoneToCache::Config&, pdns::ZoneMD&);
- pdns::ZoneMD::Result processLines(const std::vector<std::string>& lines, const RecZoneToCache::Config& config, pdns::ZoneMD&);
+ [[nodiscard]] bool isRRSetAuth(const DNSName& qname, QType qtype) const;
+ void parseDRForCache(DNSRecord& resourceRecord);
+ pdns::ZoneMD::Result getByAXFR(const RecZoneToCache::Config& config, pdns::ZoneMD& zonemd);
+ pdns::ZoneMD::Result processLines(const std::vector<std::string>& lines, const RecZoneToCache::Config& config, pdns::ZoneMD& zonemd);
void ZoneToCache(const RecZoneToCache::Config& config);
- vState dnssecValidate(pdns::ZoneMD&, size_t& zonemdCount) const;
+ vState dnssecValidate(pdns::ZoneMD& zonemd, size_t& zonemdCount) const;
};
bool ZoneData::isRRSetAuth(const DNSName& qname, QType qtype) const
break;
}
delegatedZone.chopOff();
- if (delegatedZone == g_rootdnsname || delegatedZone == d_zone)
+ if (delegatedZone == g_rootdnsname || delegatedZone == d_zone) {
break;
+ }
}
return !isDelegated;
}
-void ZoneData::parseDRForCache(DNSRecord& dr)
+void ZoneData::parseDRForCache(DNSRecord& dnsRecord)
{
- if (dr.d_class != QClass::IN) {
+ if (dnsRecord.d_class != QClass::IN) {
return;
}
- const auto key = pair(dr.d_name, dr.d_type);
+ const auto key = pair(dnsRecord.d_name, dnsRecord.d_type);
- dr.d_ttl += d_now;
+ dnsRecord.d_ttl += d_now;
- switch (dr.d_type) {
+ switch (dnsRecord.d_type) {
case QType::NSEC:
case QType::NSEC3:
break;
case QType::RRSIG: {
- const auto& rr = getRR<RRSIGRecordContent>(dr);
- const auto sigkey = pair(key.first, rr->d_type);
+ const auto rrsig = getRR<RRSIGRecordContent>(dnsRecord);
+ const auto sigkey = pair(key.first, rrsig->d_type);
auto found = d_sigs.find(sigkey);
if (found != d_sigs.end()) {
- found->second.push_back(rr);
+ found->second.push_back(rrsig);
}
else {
vector<shared_ptr<const RRSIGRecordContent>> sigsrr;
- sigsrr.push_back(rr);
+ sigsrr.push_back(rrsig);
d_sigs.insert({sigkey, sigsrr});
}
break;
}
case QType::NS:
- if (dr.d_name != d_zone) {
- d_delegations.insert(dr.d_name);
+ if (dnsRecord.d_name != d_zone) {
+ d_delegations.insert(dnsRecord.d_name);
}
break;
default:
auto found = d_all.find(key);
if (found != d_all.end()) {
- found->second.push_back(dr);
+ found->second.push_back(dnsRecord);
}
else {
- vector<DNSRecord> v;
- v.push_back(dr);
- d_all.insert({key, v});
+ vector<DNSRecord> dnsRecords;
+ dnsRecords.push_back(dnsRecord);
+ d_all.insert({key, dnsRecords});
}
}
ComboAddress primary = ComboAddress(config.d_sources.at(0), 53);
uint16_t axfrTimeout = config.d_timeout;
size_t maxReceivedBytes = config.d_maxReceivedBytes;
- const TSIGTriplet tt = config.d_tt;
+ const TSIGTriplet tsigTriplet = config.d_tt;
ComboAddress local = config.d_local;
if (local == ComboAddress()) {
local = pdns::getQueryLocalAddress(primary.sin4.sin_family, 0);
}
- AXFRRetriever axfr(primary, d_zone, tt, &local, maxReceivedBytes, axfrTimeout);
+ AXFRRetriever axfr(primary, d_zone, tsigTriplet, &local, maxReceivedBytes, axfrTimeout);
Resolver::res_t nop;
vector<DNSRecord> chunk;
time_t axfrStart = time(nullptr);
time_t axfrNow = time(nullptr);
- while (axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow))) {
- for (auto& dr : chunk) {
+ while (axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow)) != 0) {
+ for (auto& dnsRecord : chunk) {
if (config.d_zonemd != pdns::ZoneMD::Config::Ignore) {
- zonemd.readRecord(dr);
+ zonemd.readRecord(dnsRecord);
}
- parseDRForCache(dr);
+ parseDRForCache(dnsRecord);
}
axfrNow = time(nullptr);
if (axfrNow < axfrStart || axfrNow - axfrStart > axfrTimeout) {
}
}
if (config.d_zonemd != pdns::ZoneMD::Config::Ignore) {
- bool validationDone, validationSuccess;
+ bool validationDone = false;
+ bool validationSuccess = false;
zonemd.verify(validationDone, validationSuccess);
d_log->info(Logr::Info, "ZONEMD digest validation", "validationDone", Logging::Loggable(validationDone),
"validationSuccess", Logging::Loggable(validationSuccess));
{
std::vector<std::string> lines;
#ifdef HAVE_LIBCURL
- MiniCurl mc;
+ MiniCurl miniCurl;
ComboAddress local = config.d_local;
- std::string reply = mc.getURL(config.d_sources.at(0), nullptr, local == ComboAddress() ? nullptr : &local, config.d_timeout, false, true);
+ std::string reply = miniCurl.getURL(config.d_sources.at(0), nullptr, local == ComboAddress() ? nullptr : &local, static_cast<int>(config.d_timeout), false, true);
if (config.d_maxReceivedBytes > 0 && reply.size() > config.d_maxReceivedBytes) {
// We should actually detect this *during* the GET
throw std::runtime_error("Retrieved data exceeds maxReceivedBytes");
zpt.setMaxIncludes(0);
while (zpt.get(drr)) {
- DNSRecord dr(drr);
+ DNSRecord dnsRecord(drr);
if (config.d_zonemd != pdns::ZoneMD::Config::Ignore) {
- zonemd.readRecord(dr);
+ zonemd.readRecord(dnsRecord);
}
- parseDRForCache(dr);
+ parseDRForCache(dnsRecord);
}
if (config.d_zonemd != pdns::ZoneMD::Config::Ignore) {
- bool validationDone, validationSuccess;
+ bool validationDone = false;
+ bool validationSuccess = false;
zonemd.verify(validationDone, validationSuccess);
d_log->info(Logr::Info, "ZONEMD digest validation", "validationDone", Logging::Loggable(validationDone),
"validationSuccess", Logging::Loggable(validationSuccess));
{
zonemdCount = 0;
- SyncRes sr({d_now, 0});
- sr.setDoDNSSEC(true);
- sr.setDNSSECValidationRequested(true);
+ SyncRes resolver({d_now, 0});
+ resolver.setDoDNSSEC(true);
+ resolver.setDNSSECValidationRequested(true);
dsmap_t dsmap; // Actually a set
- vState dsState = sr.getDSRecords(d_zone, dsmap, false, 0, "");
+ vState dsState = resolver.getDSRecords(d_zone, dsmap, false, 0, "");
if (dsState != vState::Secure) {
return dsState;
}
skeyset_t dnsKeys;
sortedRecords_t records;
- if (zonemd.getDNSKEYs().size() == 0) {
+ if (zonemd.getDNSKEYs().empty()) {
return vState::BogusUnableToGetDNSKEYs;
}
for (const auto& key : zonemd.getDNSKEYs()) {
return dnsKeyState;
}
- if (validKeys.size() == 0) {
+ if (validKeys.empty()) {
return vState::BogusNoValidDNSKEY;
}
const auto& nsec3s = zonemd.getNSEC3s();
cspmap_t csp;
- vState nsecValidationStatus;
+ vState nsecValidationStatus = vState::Indeterminate;
- if (nsecs.records.size() > 0 && nsecs.signatures.size() > 0) {
+ if (!nsecs.records.empty() && !nsecs.signatures.empty()) {
// Valdidate the NSEC
nsecValidationStatus = validateWithKeySet(d_now, d_zone, nsecs.records, nsecs.signatures, validKeys, std::nullopt);
csp.emplace(std::pair(d_zone, QType::NSEC), nsecs);
}
- else if (nsec3s.records.size() > 0 && nsec3s.signatures.size() > 0) {
+ else if (!nsec3s.records.empty() && !nsec3s.signatures.empty()) {
// Validate NSEC3PARAMS
records.clear();
for (const auto& rec : zonemd.getNSEC3Params()) {
void ZoneData::ZoneToCache(const RecZoneToCache::Config& config)
{
if (config.d_sources.size() > 1) {
- d_log->info(Logr::Notice, "Multiple sources not yet supported, using first");
+ d_log->info(Logr::Warning, "Multiple sources not yet supported, using first");
}
if (config.d_dnssec == pdns::ZoneMD::Config::Require && (g_dnssecmode == DNSSECMode::Off || g_dnssecmode == DNSSECMode::ProcessNoValidate)) {
// Validate DNSKEYs and ZONEMD, rest of records are validated on-demand by SyncRes
if (config.d_dnssec == pdns::ZoneMD::Config::Require || (g_dnssecmode != DNSSECMode::Off && g_dnssecmode != DNSSECMode::ProcessNoValidate && config.d_dnssec != pdns::ZoneMD::Config::Ignore)) {
- size_t zonemdCount;
+ size_t zonemdCount = 0;
auto validationStatus = dnssecValidate(zonemd, zonemdCount);
d_log->info(Logr::Info, "ZONEMD record related DNSSEC validation", "validationStatus", Logging::Loggable(validationStatus),
"zonemdCount", Logging::Loggable(zonemdCount));
switch (qtype) {
case QType::NSEC:
case QType::NSEC3:
- break;
case QType::RRSIG:
break;
default: {
vector<shared_ptr<const RRSIGRecordContent>> sigsrr;
- auto it = d_sigs.find(key);
- if (it != d_sigs.end()) {
- sigsrr = it->second;
+ auto iter = d_sigs.find(key);
+ if (iter != d_sigs.end()) {
+ sigsrr = iter->second;
}
bool auth = isRRSetAuth(qname, qtype);
// Same decision as updateCacheFromRecords() (we do not test for NSEC since we skip those completely)
log->info(Logr::Error, "Unable to load zone into cache, will retry", "refresh", Logging::Loggable(state.d_waittime));
}
state.d_lastrun = time(nullptr);
- return;
}
projects / thirdparty / pdns.git / commitdiff
