string msg=getMessageForRRSET(signQName, rrc, toSign); // this is what we will hash & sign
pair<string, string> lookup(rc->getPubKeyHash(), pdns_md5sum(msg));
+ bool doCache=1;
+ if(doCache)
{
Lock l(&g_signatures_lock);
if(g_signatures.count(lookup)) {
rrc.d_signature = rc->sign(msg);
//cerr<<dt.udiff()<<endl;
- Lock l(&g_signatures_lock);
- g_signatures[lookup] = rrc.d_signature;
+ if(doCache) {
+ Lock l(&g_signatures_lock);
+ g_signatures[lookup] = rrc.d_signature;
+ }
}
static bool rrsigncomp(const DNSResourceRecord& a, const DNSResourceRecord& b)
AtomicCounter ChunkedSigningPipe::s_workerid;
void* ChunkedSigningPipe::helperWorker(void* p)
+try
{
ChunkedSigningPipe* us = (ChunkedSigningPipe*)p;
us->worker();
return 0;
}
+catch(std::exception& e) {
+ cerr<<"Signing thread died with error "<<e.what()<<endl;
+}
ChunkedSigningPipe::ChunkedSigningPipe(DNSSECKeeper& dk, UeberBackend& db, const std::string& signerName, bool mustSign, unsigned int workers)
: d_dk(dk), d_db(db), d_signer(signerName), d_chunkrecords(100), d_outstanding(0), d_numworkers(workers), d_tids(d_numworkers),
ChunkedSigningPipe csp(dk, signatureDB, target, securedZone, ::arg().asNum("signing-threads"));
- typedef map<string, NSECXEntry, CanonicalCompare> nsecxrepo_t;
+ typedef map<string, NSECXEntry> nsecxrepo_t;
nsecxrepo_t nsecxrepo;
// this is where the DNSKEYs go in
rr.ttl = sd.default_ttl;
rr.auth = 1; // please sign!
rr.content = value.first.getDNSKEY().getZoneRepresentation();
- string keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : rr.qname;
+ string keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : labelReverse(rr.qname);
NSECXEntry& ne = nsecxrepo[keyname];
ne.d_set.insert(rr.qtype.getCode());
string keyname;
+ int records=0;
while(sd.db->get(rr)) {
- if(securedZone && (rr.auth || rr.qtype.getCode() == QType::NS || rr.qtype.getCode() == QType::DS)) {
- keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : rr.qname;
+ records++;
+ if(securedZone && (rr.auth || rr.qtype.getCode() == QType::NS || rr.qtype.getCode() == QType::DS)) { // this is probably NSEC specific, NSEC3 is different
+ keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : labelReverse(rr.qname);
NSECXEntry& ne = nsecxrepo[keyname];
ne.d_set.insert(rr.qtype.getCode());
ne.d_ttl = rr.ttl;
outpacket=getFreshAXFRPacket(q);
}
}
-
if(securedZone) {
if(NSEC3Zone) {
for(nsecxrepo_t::const_iterator iter = nsecxrepo.begin(); iter != nsecxrepo.end(); ++iter) {
nrc.d_set.insert(QType::RRSIG);
nrc.d_set.insert(QType::NSEC);
if(boost::next(iter) != nsecxrepo.end()) {
- nrc.d_next = boost::next(iter)->first;
+ nrc.d_next = labelReverse(boost::next(iter)->first);
}
else
- nrc.d_next=nsecxrepo.begin()->first;
+ nrc.d_next=labelReverse(nsecxrepo.begin()->first);
- rr.qname = iter->first;
+ rr.qname = labelReverse(iter->first);
rr.ttl = iter->second.d_ttl;
rr.content = nrc.getZoneRepresentation();
}
}
}
-
- outpacket->getRRS() = csp.getChunk(true); // final
- if(!outpacket->getRRS().empty()) {
- sendPacket(outpacket, outsock);
- outpacket=getFreshAXFRPacket(q);
+
+ for(;;) {
+ outpacket->getRRS() = csp.getChunk(true); // flush the pipe
+ if(!outpacket->getRRS().empty()) {
+ sendPacket(outpacket, outsock);
+ outpacket=getFreshAXFRPacket(q);
+ }
+ else
+ break;
}
DLOG(L<<"Done writing out records"<<endl);
projects / thirdparty / pdns.git / commitdiff
