::arg().set("default-zsk-algorithm","Default ZSK algorithm")="";
::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0";
::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
+ ::arg().set("default-publish-cdnskey","Default value for PUBLISH-CDNSKEY")="";
+ ::arg().set("default-publish-cds","Default value for PUBLISH-CDS")="";
::arg().set("include-dir","Include *.conf files from this directory");
::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
return d_keymetadb->setDomainMetadata(zname, "PUBLISH-CDS", meta);
}
+void DNSSECKeeper::getPublishCDS(const DNSName& zname, std::string& value)
+{
+ getFromMetaOrDefault(zname, "PUBLISH-CDS", value, ::arg()["default-publish-cds"]);
+}
+
/**
* Remove domainmetadata to stop publishing CDS records for zone zname
*
return d_keymetadb->setDomainMetadata(zname, "PUBLISH-CDNSKEY", meta);
}
+void DNSSECKeeper::getPublishCDNSKEY(const DNSName& zname, std::string& value)
+{
+ getFromMetaOrDefault(zname, "PUBLISH-CDNSKEY", value, ::arg()["default-publish-cdnskey"]);
+}
+
/**
* Remove domainmetadata to stop publishing CDNSKEY records for zone zname
*
bool setPresigned(const DNSName& zname);
bool unsetPresigned(const DNSName& zname);
bool setPublishCDNSKEY(const DNSName& zname);
+ void getPublishCDNSKEY(const DNSName& zname, std::string& value);
bool unsetPublishCDNSKEY(const DNSName& zname);
bool setPublishCDS(const DNSName& zname, const string& digestAlgos);
+ void getPublishCDS(const DNSName& zname, std::string& value);
bool unsetPublishCDS(const DNSName& zname);
bool TSIGGrantsAccess(const DNSName& zone, const DNSName& keyname);
bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr<DNSPacket>& r, const SOAData& sd)
{
string publishCDNSKEY;
- d_dk.getFromMeta(p.qdomain, "PUBLISH-CDNSKEY", publishCDNSKEY);
+ d_dk.getPublishCDNSKEY(p.qdomain,publishCDNSKEY);
if (publishCDNSKEY != "1")
return false;
bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr<DNSPacket>& r, const SOAData& sd)
{
string publishCDS;
- d_dk.getFromMeta(p.qdomain, "PUBLISH-CDS", publishCDS);
+ d_dk.getPublishCDS(p.qdomain, publishCDS);
if (publishCDS.empty())
return false;
nrc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
nrc.set(QType::DNSKEY);
string publishCDNSKEY;
- d_dk.getFromMeta(name, "PUBLISH-CDNSKEY", publishCDNSKEY);
+ d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
if (publishCDNSKEY == "1")
nrc.set(QType::CDNSKEY);
string publishCDS;
- d_dk.getFromMeta(name, "PUBLISH-CDS", publishCDS);
+ d_dk.getPublishCDS(name, publishCDS);
if (! publishCDS.empty())
nrc.set(QType::CDS);
}
n3rc.set(QType::NSEC3PARAM);
n3rc.set(QType::DNSKEY);
string publishCDNSKEY;
- d_dk.getFromMeta(name, "PUBLISH-CDNSKEY", publishCDNSKEY);
+ d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
if (publishCDNSKEY == "1")
n3rc.set(QType::CDNSKEY);
string publishCDS;
- d_dk.getFromMeta(name, "PUBLISH-CDS", publishCDS);
+ d_dk.getPublishCDS(name, publishCDS);
if (! publishCDS.empty())
n3rc.set(QType::CDS);
}