get RRSIGs direct from backend and use it for lmdb-backend

diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc
index 68e9c8c5ef0b73a086f4c22b306685e47a113890..141c05f577c7309ffca0bb8ee59ef84d4c2afe71 100644 (file)
--- a/modules/lmdbbackend/lmdbbackend.cc
+++ b/modules/lmdbbackend/lmdbbackend.cc
@@ -145,7 +145,7 @@ bool LMDBBackend::getDirectNSECx(uint32_t id, const string &hashed, string &befo
 
     // is the key a full match or does the id part match our zone?
     // if it does we have a valid answer.
-    if (!key_str.compare(cur_key) || atoi(keyparts[0].c_str()) == (int) id) // FIXME need atoui
+    if (!key_str.compare(cur_key) || atoi(keyparts[0].c_str()) == (int) id) // FIXME we need atoui
       goto hasnsecx;
   }
   // no match, now we look for the last record in the NSECx chain.
@@ -153,7 +153,7 @@ bool LMDBBackend::getDirectNSECx(uint32_t id, const string &hashed, string &befo
   key.mv_data = (char *)key_str.c_str();
   key.mv_size = key_str.length();
 
-  if(!mdb_cursor_get(nsecx_cursor, &key, &data, MDB_SET_RANGE)) {
+  if(!mdb_cursor_get(nsecx_cursor, &key, &data, MDB_NEXT_NODUP )) {
     cur_key.assign((const char *)key.mv_data, key.mv_size);
     cur_value.assign((const char *)data.mv_data, data.mv_size);
     stringtok(keyparts,cur_key,"\t");
@@ -178,11 +178,51 @@ hasnsecx:
   rr.qtype=DNSRecordContent::TypeToNumber(valparts[2]);
   rr.content=valparts[3];
   rr.d_place=DNSResourceRecord::AUTHORITY;
+  rr.domain_id=id;
   rr.auth=true;
 
   return true;
 }
 
+bool LMDBBackend::getDirectRRSIGs(const string &signer, const string &qname, const QType &qtype, vector<DNSResourceRecord> &rrsigs)
+{
+  int rc;
+  MDB_val key, data;
+  string key_str, cur_value;
+  vector<string> valparts;
+
+  key_str=signer+"\t"+makeRelative(qname, signer)+"\t"+qtype.getName();
+  key.mv_data = (char *)key_str.c_str();
+  key.mv_size = key_str.length();
+
+  if ((rc = mdb_cursor_get(rrsig_cursor, &key, &data, MDB_SET_KEY)) == 0) {
+    DNSResourceRecord rr;
+    rr.qname=qname;
+    rr.qtype=QType::RRSIG;
+    //rr.d_place = (DNSResourceRecord::Place) signPlace;
+    rr.auth=false;
+
+    do {
+      cur_value.assign((const char *)data.mv_data, data.mv_size);
+      stringtok(valparts,cur_value,"\t");
+
+      if( valparts.size() != 2 ) {
+        throw PDNSException("Invalid record in rrsig table: qname: '" + qname + "'; value: "+ cur_value);
+      }
+
+      rr.ttl=atoi(valparts[0].c_str());
+      rr.content = valparts[1];
+      rrsigs.push_back(rr);
+
+    } while (mdb_cursor_get(rrsig_cursor, &key, &data, MDB_NEXT_DUP) == 0);
+  }
+
+  if (rc == MDB_NOTFOUND)
+    DEBUGLOG("RRSIG records for qname: '"<<qname"'' with type: '"<<qtype.getName()<<"' not found"<<endl);
+
+  return true;
+}
+
 // Get the zone name and value of the requested zone (reversed) OR the entry
 // just before where it should have been
 bool LMDBBackend::getAuthZone( string &rev_zone )

diff --git a/modules/lmdbbackend/lmdbbackend.hh b/modules/lmdbbackend/lmdbbackend.hh
index 7ddd277954790c4b5485c2bc42f17fb1f6843712..ff5ce46b558b545d8bfa062872f59b19f4635ae9 100644 (file)
--- a/modules/lmdbbackend/lmdbbackend.hh
+++ b/modules/lmdbbackend/lmdbbackend.hh
@@ -11,7 +11,7 @@ class LMDBBackend : public DNSReversedBackend
 private:
 
     MDB_env *env;
-    MDB_dbi data_db, zone_db, data_extended_db, rrsig_db, nsecx_db,;
+    MDB_dbi data_db, zone_db, data_extended_db, rrsig_db, nsecx_db;
     MDB_txn *txn;
     MDB_cursor *data_cursor, *zone_cursor, *data_extended_cursor, *rrsig_cursor, *nsecx_cursor;
 
@@ -47,6 +47,7 @@ public:
 
     bool getDomainMetadata(const string& name, const std::string& kind, std::vector<std::string>& meta);
     bool getDirectNSECx(uint32_t id, const string &hashed, string &before, DNSResourceRecord &rr);
+    bool getDirectRRSIGs(const string &signer, const string &qname, const QType &qtype, vector<DNSResourceRecord> &rrsigs);
 
     bool getAuthZone( string &rev_zone );
     bool getAuthData( SOAData &, DNSPacket *);

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index b7eada4bf5aae9f1b50bb5997a0f5021f87bc7dc..3ef4206852ed39715617b705567a819ae7189a9a 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -355,10 +355,22 @@ bool DNSSECKeeper::secureZone(const std::string& name, int algorithm, int size)
   return addKey(name, true, algorithm, size);
 }
 
-bool DNSSECKeeper::getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, 
-        const std::string& wildcardname, const QType& qtype, 
+bool DNSSECKeeper::getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname,
+        const std::string& wildcardname, const QType& qtype,
         DNSPacketWriter::Place signPlace, vector<DNSResourceRecord>& rrsigs, uint32_t signTTL)
 {
+  vector<DNSResourceRecord> sigs;
+  if(db.getDirectRRSIGs(toLower(signer), toLower(wildcardname.empty() ? qname : wildcardname), qtype, sigs)) {
+    BOOST_FOREACH(DNSResourceRecord &rr, sigs) {
+      if (!wildcardname.empty())
+        rr.qname = toLower(qname);
+      rr.d_place = (DNSResourceRecord::Place)signPlace;
+      rr.ttl = signTTL;
+      rrsigs.push_back(rr);
+    }
+    return true;
+  }
+
   // cerr<<"Doing DB lookup for precomputed RRSIGs for '"<<(wildcardname.empty() ? qname : wildcardname)<<"'"<<endl;
         SOAData sd;
         sd.db=(DNSBackend *)-1; // force uncached answer

diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh
index b035d83e5a81fcdcadec7b63ba17ca4a05525319..8b46204a03708600d79f3107857d5aef70129f43 100644 (file)
--- a/pdns/dnsbackend.hh
+++ b/pdns/dnsbackend.hh
@@ -369,7 +369,7 @@ public:
     return false;
   }
   //! called to get RRSIG record(s) from backend
-  virtual bool getDirectRRSIGs(uint32_t id, const string &qname, const QType &qtype, const vector<DNSResourceRecord>&rrs)
+  virtual bool getDirectRRSIGs(const string &signer, const string &qname, const QType &qtype, vector<DNSResourceRecord> &rrsigs)
   {
     return false;
   }

diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc
index 37098f2fe059bb1c654a4ae80907e1dea57ac83c..19b6e14801bfeb3064c24dee04eb344a841e9413 100644 (file)
--- a/pdns/ueberbackend.cc
+++ b/pdns/ueberbackend.cc
@@ -244,10 +244,10 @@ bool UeberBackend::getDirectNSECx(uint32_t id, const string &hashed, string &bef
   return false;
 }
 
-bool UeberBackend::getDirectRRSIGs(uint32_t id, const string &qname, const QType &qtype, const vector<DNSResourceRecord>&rrs)
+bool UeberBackend::getDirectRRSIGs(const string &signer, const string &qname, const QType &qtype, vector<DNSResourceRecord> &rrsigs)
 {
   BOOST_FOREACH(DNSBackend* db, backends) {
-    if(db->getDirectRRSIGs(id, qname, qtype, rrs))
+    if(db->getDirectRRSIGs(signer, qname, qtype, rrsigs))
       return true;
   }
   return false;

diff --git a/pdns/ueberbackend.hh b/pdns/ueberbackend.hh
index 23bea196dae7a24011946247048825939956a4bd..7039f22853ada33ff2938a005103530e5bc6cb0f 100644 (file)
--- a/pdns/ueberbackend.hh
+++ b/pdns/ueberbackend.hh
@@ -145,7 +145,7 @@ public:
   bool deactivateDomainKey(const string& name, unsigned int id);
 
   bool getDirectNSECx(uint32_t id, const string &hashed, string &before, DNSResourceRecord &rr);
-  bool getDirectRRSIGs(uint32_t id, const string &qname, const QType &qtype, const vector<DNSResourceRecord>&rrs);
+  bool getDirectRRSIGs(const string &signer, const string &qname, const QType &qtype, vector<DNSResourceRecord> &rrsigs);
 
   bool getTSIGKey(const string& name, string* algorithm, string* content);
   bool setTSIGKey(const string& name, const string& algorithm, const string& content);

diff --git a/pdns/zone2lmdb.cc b/pdns/zone2lmdb.cc
index a7d84c4e4f658af541d57324393ebd44f7391e08..97684072fdd18bb2a235ba01c29788b38b8dab25 100644 (file)
--- a/pdns/zone2lmdb.cc
+++ b/pdns/zone2lmdb.cc
@@ -100,12 +100,14 @@ void emitData(string zone, ZoneParserTNG &zpt){
       sd.ttl=rr.ttl;
       continue;
     }
+    if (rr.qtype == QType::NSEC3PARAM)
+      continue; // TODO set metadata
 
     string keyStr, dataStr;
 
     if (rr.qtype == QType::RRSIG) {
       RRSIGRecordContent rrc(rr.content);
-      keyStr=stripDot(rr.qname)+"\t"+DNSRecordContent::NumberToType(rrc.d_type)+"\t"+itoa(g_numZones+1);
+      keyStr=zone+"\t"+makeRelative(stripDot(rr.qname), zone)+"\t"+DNSRecordContent::NumberToType(rrc.d_type);
       dataStr=itoa(rr.ttl)+"\t"+rr.content;
 
       key.mv_data = (char*)keyStr.c_str();
@@ -122,7 +124,7 @@ void emitData(string zone, ZoneParserTNG &zpt){
         keyStr=stripDot(rr.qname)+"\t"+itoa(g_numZones+1);
       else
         keyStr=itoa(g_numZones+1)+"\t"+toBase32Hex(bitFlip(fromBase32Hex(makeRelative(stripDot(rr.qname), zone))));
-      dataStr=rr.qname+"\t"+itoa(rr.ttl)+"\t"+rr.qtype.getName()+"\t"+rr.content;
+      dataStr=stripDot(rr.qname)+"\t"+itoa(rr.ttl)+"\t"+rr.qtype.getName()+"\t"+rr.content;
 
       key.mv_data = (char*)keyStr.c_str();
       key.mv_size = keyStr.length();

diff --git a/regression-tests/.gitignore b/regression-tests/.gitignore
index 5e3f3e6470959cd29b1ab75ffb0b620bd453d171..2457641ce7527ad569a1a7b37ce9af65bf0c323a 100644 (file)
--- a/regression-tests/.gitignore
+++ b/regression-tests/.gitignore
@@ -14,6 +14,7 @@
 /pdns-*.conf
 /*.sqlite3*
 /named-slave.conf
+/named-lmdb.conf
 /bulktest.results
 /recursor-bulktest/
 /recursor.log

diff --git a/regression-tests/backends/lmdb-master b/regression-tests/backends/lmdb-master
index fd159240327fa5f3182a5eae1c0ab81917643c24..f1183791d3b798f2acaa13bac5044bf6e4941641 100644 (file)
--- a/regression-tests/backends/lmdb-master
+++ b/regression-tests/backends/lmdb-master
@@ -1,14 +1,11 @@
 case $context in
-       lmdb-nodnssec | lmdb | lmdb-nsec3 | lmdb-nsec3-optout | lmdb-nodnssec-zone | lmdb-zone | lmdb-nsec3-zone | lmdb-nsec3-optout-zone)
+       lmdb-nodnssec | lmdb | lmdb-nsec3 | lmdb-nsec3-optout | lmdb-zone | lmdb-nsec3-zone | lmdb-nsec3-optout-zone)
 
                if [ "${context: -5}" = "-zone" ]
                then
                        orgcontext=$context
 
                        case $context in
-                               lmdb-nodnssec-zone)
-                                       context=bind
-                                       ;;
                                lmdb-zone)
                                        context=bind-dnssec
                                        ;;
@@ -22,25 +19,66 @@ case $context in
 
                        source ./backends/bind-master
 
+                       rm -f named-lmdb.conf zones/*.signed
+
                        for zone in $(grep 'zone ' named.conf  | cut -f2 -d\")
                        do
                                ../pdns/saxfr 127.0.0.1 $port $zone showdetails showflags > zones/$zone.signed
+
+                               echo "" >> named-lmdb.conf
+                               echo "zone \"${zone}\" {" >> named-lmdb.conf
+                               echo "  type master;" >> named-lmdb.conf
+                               echo "  file \"zones/${zone}.signed\";" >> named-lmdb.conf
+                               echo "};" >> named-lmdb.conf
                        done
-                       kill $(cat pdns*.pid)
-                       sleep 2
+
+                       pids=$(cat pdns*.pid)
+
+                       if [ -n "$pids" ]
+                       then
+                               kill $pids
+                               set +e
+                               loopcount=0
+                               done=0
+                               while [ $loopcount -lt 10 ] && [ $done -eq 0 ]
+                               do
+                                       done=1
+                                       for pid in $pids
+                                       do
+                                               kill -0 $pid > /dev/null 2>&1
+                                               if [ $? -eq 0 ];
+                                               then
+                                                       done=0
+                                               fi
+                                       done
+                                       let loopcount=loopcount+1
+                                       sleep 1
+                               done
+
+                               kill -9 $pids
+                               set -e
+                       fi
+                       rm pdns*.pid
+
                        context=${orgcontext%-zone}
                fi
 
-               ${MAKE} -C ../pdns zone2sql > /dev/null
+               ${MAKE} -C ../pdns zone2lmdb > /dev/null
                rm -f data.mdb lock.mdb
-               ../pdns/zone2lmdb --named-conf=./named.conf
 
-               $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
+               if [ $context = lmdb-nodnssec ]
+               then
+                       ../pdns/zone2lmdb --named-conf=./named.conf
+               else
+                       ../pdns/zone2lmdb --named-conf=./named-lmdb.conf
+               fi
+
+               $RUNWRAPPER $PDNS --daemon=no --local-port=$port --config-name=lmdb --socket-dir=./  \
                        --no-shuffle --launch=lmdb \
                        --send-root-referral \
                        --cache-ttl=$cachettl --experimental-dname-processing --no-config \
                        --lmdb-datapath=./ &
-               
+
                skipreasons="noent nodyndns nometa lmdb"
 
                if [ $context = lmdb-nsec3 ]

diff --git a/regression-tests/tests/axfr/skip.lmdb b/regression-tests/tests/axfr/skip.lmdb
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/regression-tests/tests/ds-at-unsecure-zone-cut/skip.lmdb b/regression-tests/tests/ds-at-unsecure-zone-cut/skip.lmdb
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/regression-tests/tests/verify-dnssec-zone/skip.lmdb b/regression-tests/tests/verify-dnssec-zone/skip.lmdb
new file mode 100644 (file)
index 0000000..e69de29