bool haveCNAME = false;
#ifdef HAVE_LUA_RECORDS
- bool doLua=g_doLuaRecord;
- if(!doLua) {
- doLua = d_dk.isMetadataOne(d_sd.zonename, "ENABLE-LUA-RECORDS", true);
- }
+ bool doLua = doLuaRecords();
#endif
wildcard=subdomain;
continue;
}
#ifdef HAVE_LUA_RECORDS
- if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.zonename)) {
+ if (rr.dr.d_type == QType::LUA && !isPresigned()) {
if(!doLua) {
DLOG(g_log<<"Have a wildcard Lua match, but not doing Lua record for this zone"<<endl);
continue;
nrc.set(QType::RRSIG);
if(d_sd.qname() == name) {
nrc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
- if(!d_dk.isPresigned(d_sd.zonename)) {
+ if(!isPresigned()) {
auto keyset = d_dk.getKeys(d_sd.zonename);
for(const auto& value: keyset) {
if (value.second.published) {
B.lookup(QType(QType::ANY), name, d_sd.domain_id);
while(B.get(rr)) {
#ifdef HAVE_LUA_RECORDS
- if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.zonename)) {
+ if (rr.dr.d_type == QType::LUA && first && !isPresigned()) {
first = false;
- doLua = g_doLuaRecord;
- if (!doLua) {
- doLua = d_dk.isMetadataOne(d_sd.zonename, "ENABLE-LUA-RECORDS", true);
- }
+ doLua = doLuaRecords();
}
if (rr.dr.d_type == QType::LUA && doLua) {
// does not falsely deny the type for this name.
// This does NOT add the ALIAS to the bitmap, as that record cannot
// be requested.
- if (!d_dk.isPresigned(d_sd.zonename)) {
+ if (!isPresigned()) {
nrc.set(QType::A);
nrc.set(QType::AAAA);
}
}
- else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(d_sd.zonename) && !::arg().mustDo("direct-dnskey")) {
+ else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !isPresigned() && !::arg().mustDo("direct-dnskey")) {
continue;
}
else if(rr.dr.d_type == QType::NS || rr.auth) {
if (d_sd.qname() == name) {
n3rc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
n3rc.set(QType::NSEC3PARAM);
- if(!d_dk.isPresigned(d_sd.zonename)) {
+ if(!isPresigned()) {
auto keyset = d_dk.getKeys(d_sd.zonename);
for(const auto& value: keyset) {
if (value.second.published) {
B.lookup(QType(QType::ANY), name, d_sd.domain_id);
while(B.get(rr)) {
#ifdef HAVE_LUA_RECORDS
- if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.zonename)) {
+ if (rr.dr.d_type == QType::LUA && first && !isPresigned()) {
first = false;
- doLua = g_doLuaRecord;
- if (!doLua) {
- doLua = d_dk.isMetadataOne(d_sd.zonename, "ENABLE-LUA-RECORDS", true);
- }
+ doLua = doLuaRecords();
}
if (rr.dr.d_type == QType::LUA && doLua) {
// does not falsely deny the type for this name.
// This does NOT add the ALIAS to the bitmap, as that record cannot
// be requested.
- if (!d_dk.isPresigned(d_sd.zonename)) {
+ if (!isPresigned()) {
n3rc.set(QType::A);
n3rc.set(QType::AAAA);
}
}
- else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(d_sd.zonename) && !::arg().mustDo("direct-dnskey")) {
+ else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !isPresigned() && !::arg().mustDo("direct-dnskey")) {
continue;
}
else if(rr.dr.d_type && (rr.dr.d_type == QType::NS || rr.auth)) {
if(!retargeted)
r->setA(false);
- if(d_dk.isSecuredZone(d_sd.zonename) && !addDSforNS(p, r, name) && d_dnssec) {
+ if(isSecuredZone() && !addDSforNS(p, r, name) && d_dnssec) {
addNSECX(p, r, name, DNSName(), 1);
}
{
addNSECX(p, r, target, DNSName(), 5);
if(d_sd.qname() == p.qdomain) {
- if(!d_dk.isPresigned(d_sd.zonename)) {
+ if(!isPresigned()) {
addDNSKEY(p, r);
addCDNSKEY(p, r);
addCDS(p, r);
}
// Check that we're doing online signing in narrow mode (as we don't know next owner names)
- if(!d_dk.isSecuredZone(d_sd.zonename) || d_dk.isPresigned(d_sd.zonename)) {
+ if(!isSecuredZone() || isPresigned()) {
g_log << Logger::Warning << "Signaling zone '" << d_sd.zonename << "' must be secured (but not presigned!); synthesis disabled (" << target << "/" << p.qtype << " from " << p.getRemoteString() << ")" << endl;
return false;
}
bool PacketHandler::opcodeQueryInner2(DNSPacket& pkt, queryState &state, bool retargeted)
{
DNSZoneRecord zrr;
-#ifdef HAVE_LUA_RECORDS
- bool doLua=g_doLuaRecord;
-#endif
if (retargeted && !d_doResolveAcrossZones && !state.target.isPartOf(state.r->qdomainzone)) {
// We are following a retarget outside the initial zone (and do not need to check getAuth to know this). Config asked us not to do that.
return true;
}
+ // Reset possibly dangling data associated to d_sd.
+ d_ispresigned.reset();
+ d_issecuredzone.reset();
+
if(!B.getAuth(ZoneName(state.target), pkt.qtype, &d_sd, pkt.getRealRemote(), true, &pkt)) {
DLOG(g_log<<Logger::Error<<"We have no authority over zone '"<<state.target<<"'"<<endl);
if (!retargeted) {
}
state.authSet.insert(d_sd.zonename);
- d_dnssec=(pkt.d_dnssecOk && d_dk.isSecuredZone(d_sd.zonename));
+ d_dnssec=(pkt.d_dnssecOk && isSecuredZone());
state.doSigs |= d_dnssec;
if(d_sd.qname()==pkt.qdomain) {
- if(!d_dk.isPresigned(d_sd.zonename)) {
+ if(!isPresigned()) {
switch (pkt.qtype.getCode()) {
case QType::DNSKEY:
if(addDNSKEY(pkt, state.r)) {
DLOG(g_log<<"Got no referrals, trying ANY"<<endl);
#ifdef HAVE_LUA_RECORDS
- if(!doLua) {
- doLua = d_dk.isMetadataOne(d_sd.zonename, "ENABLE-LUA-RECORDS", true);
- }
+ bool doLua = doLuaRecords();
#endif
// see what we get..
while(B.get(zrr)) {
#ifdef HAVE_LUA_RECORDS
- if (zrr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.zonename)) {
+ if (zrr.dr.d_type == QType::LUA && !isPresigned()) {
if(!doLua) {
continue;
}
weRedirected=true;
}
- if (DP && zrr.dr.d_type == QType::ALIAS && (pkt.qtype.getCode() == QType::A || pkt.qtype.getCode() == QType::AAAA || pkt.qtype.getCode() == QType::ANY) && !d_dk.isPresigned(d_sd.zonename)) {
+ if (DP && zrr.dr.d_type == QType::ALIAS && (pkt.qtype.getCode() == QType::A || pkt.qtype.getCode() == QType::AAAA || pkt.qtype.getCode() == QType::ANY) && !isPresigned()) {
if (!d_doExpandALIAS) {
g_log<<Logger::Info<<"ALIAS record found for "<<state.target<<", but ALIAS expansion is disabled."<<endl;
continue;
}
else if(weDone) {
bool haveRecords = false;
- bool presigned = d_dk.isPresigned(d_sd.zonename);
+ bool presigned = isPresigned();
for(const auto& loopRR: rrset) {
if (loopRR.dr.d_type == QType::ENT) {
continue;
return false;
}
}
+
+bool PacketHandler::doLuaRecords()
+{
+#ifdef HAVE_LUA_RECORDS
+ if (g_doLuaRecord) {
+ return true;
+ }
+ if (!d_doLua) {
+ d_doLua = d_dk.isMetadataOne(d_sd.zonename, "ENABLE-LUA-RECORDS", true);
+ }
+ return *d_doLua;
+#endif
+ return false;
+}
+
+bool PacketHandler::isPresigned()
+{
+ if (!d_ispresigned) {
+ d_ispresigned = d_dk.isPresigned(d_sd.zonename);
+ }
+ return *d_ispresigned;
+}
+
+bool PacketHandler::isSecuredZone()
+{
+ if (!d_issecuredzone) {
+ d_issecuredzone = d_dk.isSecuredZone(d_sd.zonename);
+ }
+ return *d_issecuredzone;
+}
projects / thirdparty / pdns.git / commitdiff
