auth: lmdb-backend avoid duplicate NSEC3 records in presigned zones

author Kees Monshouwer <mind04@monshouwer.org>

Sun, 27 Jan 2019 21:36:00 +0000 (22:36 +0100)

committer mind04 <mind04@monshouwer.org>

Fri, 8 Feb 2019 20:12:57 +0000 (21:12 +0100)
author Kees Monshouwer <mind04@monshouwer.org>
Sun, 27 Jan 2019 21:36:00 +0000 (22:36 +0100)
committer mind04 <mind04@monshouwer.org>
Fri, 8 Feb 2019 20:12:57 +0000 (21:12 +0100)
diff --git a/modules/bindbackend/bindbackend2.cc b/modules/bindbackend/bindbackend2.cc

index 0f4e70f9199689b27c489a0f45e7fd4aa3f80ed7..69d0450fc9999bbb8e2ecdc36a77ce9f85e97482 100644 (file)
--- a/modules/bindbackend/bindbackend2.cc
+++ b/modules/bindbackend/bindbackend2.cc
@@ -251,7 +251,7 @@ bool Bind2Backend::abortTransaction()
    return true;
  }
  
-bool Bind2Backend::feedRecord(const DNSResourceRecord &rr, const DNSName &ordername)
+bool Bind2Backend::feedRecord(const DNSResourceRecord &rr, const DNSName &ordername, bool ordernameIsNSEC3)
  {
    BB2DomainInfo bbd;
    if (!safeGetBBDomainInfo(d_transaction_id, &bbd))
diff --git a/modules/bindbackend/bindbackend2.hh b/modules/bindbackend/bindbackend2.hh

index 76ce499089b23be5c164f9e59013ab8b2bbc73dd..424c5683b0865b39599b4624b5b474c31d6c3e2c 100644 (file)
--- a/modules/bindbackend/bindbackend2.hh
+++ b/modules/bindbackend/bindbackend2.hh
@@ -206,7 +206,7 @@ public:
    void setFresh(uint32_t domain_id) override;
    void setNotified(uint32_t id, uint32_t serial) override;
    bool startTransaction(const DNSName &qname, int id) override;
-  bool feedRecord(const DNSResourceRecord &rr, const DNSName &ordername) override;
+  bool feedRecord(const DNSResourceRecord &rr, const DNSName &ordername, bool ordernameIsNSEC3=false) override;
    bool commitTransaction() override;
    bool abortTransaction() override;
    void alsoNotifies(const DNSName &domain, set<string> *ips) override;
diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc

index 9ca3e29e62ffe0f139d5d5e19eeb31366e44de78..8b9ca2bc67b1cc25f4259d9b1ef85323f071ab23 100644 (file)
--- a/modules/lmdbbackend/lmdbbackend.cc
+++ b/modules/lmdbbackend/lmdbbackend.cc
@@ -182,6 +182,7 @@ std::string serToString(const DNSResourceRecord& rr)
    ret += rr.content;
    ret.append((const char*)&rr.ttl, 4);
    ret.append(1, (char)rr.auth);
+  ret.append(1, (char)false);
    ret.append(1, (char)rr.disabled);
    return ret;
  }
@@ -193,7 +194,7 @@ void serFromString(const string_view& str, DNSResourceRecord& rr)
    memcpy(&len, &str[0], 2);
    rr.content.assign(&str[2], len);    // len bytes
    memcpy(&rr.ttl, &str[2] + len, 4);
-  rr.auth = str[str.size()-2];
+  rr.auth = str[str.size()-3];
    rr.disabled = str[str.size()-1];
    rr.wildcardname.clear();
  }
@@ -302,19 +303,22 @@ bool LMDBBackend::abortTransaction()
  }
  
  // d_rwtxn must be set here
-bool LMDBBackend::feedRecord(const DNSResourceRecord &r, const DNSName &ordername)
+bool LMDBBackend::feedRecord(const DNSResourceRecord &r, const DNSName &ordername, bool ordernameIsNSEC3)
  {
    DNSResourceRecord rr(r);
    rr.qname.makeUsRelative(d_transactiondomain);
    rr.content = serializeContent(rr.qtype.getCode(), r.qname, rr.content);
+  rr.disabled = false;
  
    compoundOrdername co;
    d_rwtxn->txn.put(d_rwtxn->db->dbi, co(r.domain_id, rr.qname, rr.qtype.getCode()), serToString(rr));
  
-  if(!ordername.empty()) {
+  if(ordernameIsNSEC3 && !ordername.empty()) {
+    MDBOutVal val;
+    if(d_rwtxn->txn.get(d_rwtxn->db->dbi, co(r.domain_id, rr.qname, QType::NSEC3), val)) {
        rr.ttl = 0;
-      rr.auth = 0;
        rr.content=rr.qname.toDNSStringLC();
+      rr.auth = 0;
        string ser = serToString(rr);
        d_rwtxn->txn.put(d_rwtxn->db->dbi, co(r.domain_id, ordername, QType::NSEC3), ser);
  
@@ -322,6 +326,7 @@ bool LMDBBackend::feedRecord(const DNSResourceRecord &r, const DNSName &ordernam
        rr.content = ordername.toDNSString();
        ser = serToString(rr);
        d_rwtxn->txn.put(d_rwtxn->db->dbi, co(r.domain_id, rr.qname, QType::NSEC3), ser);
+    }
    }
    return true;
  }
@@ -334,8 +339,9 @@ bool LMDBBackend::feedEnts(int domain_id, map<DNSName,bool>& nonterm)
    for(const auto& nt: nonterm) {
      rr.qname = nt.first.makeRelative(d_transactiondomain);
      rr.auth = nt.second;
-    std::string ser = serToString(rr);
+    rr.disabled = true;
  
+    std::string ser = serToString(rr);
      d_rwtxn->txn.put(d_rwtxn->db->dbi, co(domain_id, rr.qname, 0), ser);
    }
    return true;
@@ -343,6 +349,7 @@ bool LMDBBackend::feedEnts(int domain_id, map<DNSName,bool>& nonterm)
  
  bool LMDBBackend::feedEnts3(int domain_id, const DNSName &domain, map<DNSName,bool> &nonterm, const NSEC3PARAMRecordContent& ns3prc, bool narrow)
  {
+  string ser;
    DNSName ordername;
    DNSResourceRecord rr;
    compoundOrdername co;
@@ -350,14 +357,14 @@ bool LMDBBackend::feedEnts3(int domain_id, const DNSName &domain, map<DNSName,bo
      rr.qname = nt.first.makeRelative(domain);
      rr.ttl = 0;
      rr.auth = nt.second;
-    rr.disabled = true;
-    string ser = serToString(rr);
-
+    rr.disabled = nt.second;
+    ser = serToString(rr);
      d_rwtxn->txn.put(d_rwtxn->db->dbi, co(domain_id, rr.qname, 0), ser);
  
      if(!narrow && rr.auth) {
-      rr.auth=0;
-      rr.content=rr.qname.toDNSString();
+      rr.content = rr.qname.toDNSString();
+      rr.auth = false;
+      rr.disabled = false;
        ser = serToString(rr);
  
        ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3prc, nt.first)));
diff --git a/modules/lmdbbackend/lmdbbackend.hh b/modules/lmdbbackend/lmdbbackend.hh

index 14cd5499a8ef6c3872366d5bd17a5fb05717e54d..fa51d0d83fd1e5a96c066ed2fdc19ebc02f83ff9 100644 (file)
--- a/modules/lmdbbackend/lmdbbackend.hh
+++ b/modules/lmdbbackend/lmdbbackend.hh
@@ -45,7 +45,7 @@ public:
    bool startTransaction(const DNSName &domain, int domain_id=-1) override;
    bool commitTransaction() override;
    bool abortTransaction() override;
-  bool feedRecord(const DNSResourceRecord &r, const DNSName &ordername) override;
+  bool feedRecord(const DNSResourceRecord &r, const DNSName &ordername, bool ordernameIsNSEC3=false) override;
    bool feedEnts(int domain_id, map<DNSName,bool>& nonterm) override;
    bool feedEnts3(int domain_id, const DNSName &domain, map<DNSName,bool> &nonterm, const NSEC3PARAMRecordContent& ns3prc, bool narrow) override;
    bool replaceRRSet(uint32_t domain_id, const DNSName& qname, const QType& qt, const vector<DNSResourceRecord>& rrset) override;
diff --git a/modules/luabackend/luabackend.hh b/modules/luabackend/luabackend.hh

index 2d7c4d2ff2d223540f8e26dd85b3ec57aa70f955..38971a4f546eb14f5aa89f398bd32fbe0e851380 100644 (file)
--- a/modules/luabackend/luabackend.hh
+++ b/modules/luabackend/luabackend.hh
@@ -75,7 +75,7 @@ public:
      bool startTransaction(const DNSName &qname, int id) override;
      bool commitTransaction() override;
      bool abortTransaction() override;
-    bool feedRecord(const DNSResourceRecord &rr, const DNSName &ordername) override;
+    bool feedRecord(const DNSResourceRecord &rr, const DNSName &ordername, bool ordernameIsNSEC3=false) override;
  
  
  //  SUPERMASTER BACKEND
diff --git a/modules/luabackend/slave.cc b/modules/luabackend/slave.cc

index 1d61fff00a3b63d537493ea1eef6ce0399a68024..ff90067c7cf8c8adf966f69bad31863864195918 100644 (file)
--- a/modules/luabackend/slave.cc
+++ b/modules/luabackend/slave.cc
@@ -33,7 +33,7 @@
     virtual bool startTransaction(const string &qname, int id);
     virtual bool commitTransaction();
     virtual bool abortTransaction();
-   virtual bool feedRecord(const DNSResourceRecord &rr, DNSName &ordername);
+   virtual bool feedRecord(const DNSResourceRecord &rr, DNSName &ordername, bool ordernameIsNSEC3);
  
     virtual bool getDomainInfo(const string &domain, DomainInfo &di);
     virtual void getUnfreshSlaveInfos(vector<DomainInfo>* domains);
@@ -135,7 +135,7 @@ bool LUABackend::abortTransaction() {
      return ok;
  }
  
-bool LUABackend::feedRecord(const DNSResourceRecord &rr, const DNSName &ordername) {
+bool LUABackend::feedRecord(const DNSResourceRecord &rr, const DNSName &ordername, bool ordernameIsNSEC3) {
  
      if (f_lua_feedrecord == 0)
          return false;
diff --git a/modules/opendbxbackend/odbxbackend.cc b/modules/opendbxbackend/odbxbackend.cc

index 2ffd7cebe97088f19009b3fce4901bf457b834c0..d9d8a5c03e76e3a771a0aaf2cfa47b2d09701d4e 100644 (file)
--- a/modules/opendbxbackend/odbxbackend.cc
+++ b/modules/opendbxbackend/odbxbackend.cc
@@ -629,7 +629,7 @@ bool OdbxBackend::createSlaveDomain( const string& ip, const DNSName& domain, co
  
  
  
-bool OdbxBackend::feedRecord( const DNSResourceRecord& rr, const DNSName& ordername )
+bool OdbxBackend::feedRecord( const DNSResourceRecord& rr, const DNSName& ordername, bool ordernameIsNSEC3 )
  {
          try
          {
diff --git a/modules/opendbxbackend/odbxbackend.hh b/modules/opendbxbackend/odbxbackend.hh

index bcf115019e4f900113abecef67416bd2fa063503..4a8b910aa1917aabc39452101d4626743fca13b5 100644 (file)
--- a/modules/opendbxbackend/odbxbackend.hh
+++ b/modules/opendbxbackend/odbxbackend.hh
@@ -86,7 +86,7 @@ public:
          bool abortTransaction() override;
  
          bool getDomainInfo( const DNSName& domain, DomainInfo& di, bool getSerial=true ) override;
-        bool feedRecord( const DNSResourceRecord& rr, const DNSName& ordername ) override;
+        bool feedRecord( const DNSResourceRecord& rr, const DNSName& ordername, bool ordernameIsNSEC3=false ) override;
          bool createSlaveDomain( const string& ip, const DNSName& domain, const string &nameserver, const string& account ) override;
          bool superMasterBackend( const string& ip, const DNSName& domain, const vector<DNSResourceRecord>& nsset, string *nameserver, string* account, DNSBackend** ddb ) override;
  
diff --git a/modules/remotebackend/remotebackend.cc b/modules/remotebackend/remotebackend.cc

index 068562e62456c066fc2ef7c8be9e0be9ba7b8d8c..e90ac21f078011f9a9e1d586e15682c1ef584dca 100644 (file)
--- a/modules/remotebackend/remotebackend.cc
+++ b/modules/remotebackend/remotebackend.cc
@@ -699,7 +699,7 @@ bool RemoteBackend::replaceRRSet(uint32_t domain_id, const DNSName& qname, const
     return true;
  }
  
-bool RemoteBackend::feedRecord(const DNSResourceRecord &rr, const DNSName &ordername) {
+bool RemoteBackend::feedRecord(const DNSResourceRecord &rr, const DNSName &ordername, bool ordernameIsNSEC3) {
     Json query = Json::object{
       { "method", "feedRecord" },
       { "parameters", Json::object{
diff --git a/modules/remotebackend/remotebackend.hh b/modules/remotebackend/remotebackend.hh

index 5747ef298983e3f819d60dd430de9dc7c0093558..7972e1ced6ac2d9291120944260227f404c6fda6 100644 (file)
--- a/modules/remotebackend/remotebackend.hh
+++ b/modules/remotebackend/remotebackend.hh
@@ -173,7 +173,7 @@ class RemoteBackend : public DNSBackend
    bool superMasterBackend(const string &ip, const DNSName& domain, const vector<DNSResourceRecord>&nsset, string *nameserver, string *account, DNSBackend **ddb) override;
    bool createSlaveDomain(const string &ip, const DNSName& domain, const string& nameserver, const string &account) override;
    bool replaceRRSet(uint32_t domain_id, const DNSName& qname, const QType& qt, const vector<DNSResourceRecord>& rrset) override;
-  bool feedRecord(const DNSResourceRecord &r, const DNSName &ordername) override;
+  bool feedRecord(const DNSResourceRecord &r, const DNSName &ordername, bool ordernameIsNSEC3=false) override;
    bool feedEnts(int domain_id, map<DNSName,bool>& nonterm) override;
    bool feedEnts3(int domain_id, const DNSName& domain, map<DNSName,bool>& nonterm, const NSEC3PARAMRecordContent& ns3prc, bool narrow) override;
    bool startTransaction(const DNSName& domain, int domain_id) override;
diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc

index 74864b0047acae38ecd7f0857d4f4186b8ef58da..f010a1728b1371041b9d3ee48ed2bba18856256b 100644 (file)
--- a/pdns/backends/gsql/gsqlbackend.cc
+++ b/pdns/backends/gsql/gsqlbackend.cc
@@ -1334,7 +1334,7 @@ bool GSQLBackend::replaceRRSet(uint32_t domain_id, const DNSName& qname, const Q
    return true;
  }
  
-bool GSQLBackend::feedRecord(const DNSResourceRecord &r, const DNSName &ordername)
+bool GSQLBackend::feedRecord(const DNSResourceRecord &r, const DNSName &ordername, bool ordernameIsNSEC3)
  {
    int prio=0;
    string content(r.content);
diff --git a/pdns/backends/gsql/gsqlbackend.hh b/pdns/backends/gsql/gsqlbackend.hh

index 7f27100fc981346101094e2067968cbb460d9133..be25db1c15e1fb69b142749cfab259d0a1ab2a58 100644 (file)
--- a/pdns/backends/gsql/gsqlbackend.hh
+++ b/pdns/backends/gsql/gsqlbackend.hh
@@ -187,7 +187,7 @@ public:
    bool startTransaction(const DNSName &domain, int domain_id=-1) override;
    bool commitTransaction() override;
    bool abortTransaction() override;
-  bool feedRecord(const DNSResourceRecord &r, const DNSName &ordername) override;
+  bool feedRecord(const DNSResourceRecord &r, const DNSName &ordername, bool ordernameIsNSEC3=false) override;
    bool feedEnts(int domain_id, map<DNSName,bool>& nonterm) override;
    bool feedEnts3(int domain_id, const DNSName &domain, map<DNSName,bool> &nonterm, const NSEC3PARAMRecordContent& ns3prc, bool narrow) override;
    bool createDomain(const DNSName &domain) override {
diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh

index d5f26945ed9926ab74a76c0741177c381cd98235..4fe4208b622f718ef010a0b234ecb7af49f73c2e 100644 (file)
--- a/pdns/dnsbackend.hh
+++ b/pdns/dnsbackend.hh
@@ -270,7 +270,7 @@ public:
    }
  
    //! feeds a record to a zone, needs a call to startTransaction first
-  virtual bool feedRecord(const DNSResourceRecord &rr, const DNSName &ordername)
+  virtual bool feedRecord(const DNSResourceRecord &rr, const DNSName &ordername, bool ordernameIsNSEC3=false)
    {
      return false; // no problem!
    }
diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc

index 43c074362f017ef70db67ca8149eb0d6f9cc0730..190488faf5d74c2493ba6937597bd806c6695bb5 100644 (file)
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -560,7 +560,7 @@ void CommunicatorClass::suck(const DNSName &domain, const ComboAddress& remote)
            // NSEC3
            ordername=DNSName(toBase32Hex(hashQNameWithSalt(zs.ns3pr, rr.qname)));
            if(!zs.isNarrow && (rr.auth || (rr.qtype.getCode() == QType::NS && (!zs.optOutFlag || zs.secured.count(ordername))))) {
-            di.backend->feedRecord(rr, ordername);
+            di.backend->feedRecord(rr, ordername, true);
            } else
              di.backend->feedRecord(rr, DNSName());
          } else {
author	Kees Monshouwer <mind04@monshouwer.org>
	Sun, 27 Jan 2019 21:36:00 +0000 (22:36 +0100)
committer	mind04 <mind04@monshouwer.org>
	Fri, 8 Feb 2019 20:12:57 +0000 (21:12 +0100)
modules/bindbackend/bindbackend2.cc		patch \| blob \| blame \| history
modules/bindbackend/bindbackend2.hh		patch \| blob \| blame \| history
modules/lmdbbackend/lmdbbackend.cc		patch \| blob \| blame \| history
modules/lmdbbackend/lmdbbackend.hh		patch \| blob \| blame \| history
modules/luabackend/luabackend.hh		patch \| blob \| blame \| history
modules/luabackend/slave.cc		patch \| blob \| blame \| history
modules/opendbxbackend/odbxbackend.cc		patch \| blob \| blame \| history
modules/opendbxbackend/odbxbackend.hh		patch \| blob \| blame \| history
modules/remotebackend/remotebackend.cc		patch \| blob \| blame \| history
modules/remotebackend/remotebackend.hh		patch \| blob \| blame \| history
pdns/backends/gsql/gsqlbackend.cc		patch \| blob \| blame \| history
pdns/backends/gsql/gsqlbackend.hh		patch \| blob \| blame \| history
pdns/dnsbackend.hh		patch \| blob \| blame \| history
pdns/slavecommunicator.cc		patch \| blob \| blame \| history