declare(suffix,"set-order-and-auth-query", "DNSSEC set ordering query", "update records set ordername='%s',auth=%d where name='%s' and domain_id='%d'");
declare(suffix,"nullify-ordername-and-update-auth-query", "DNSSEC nullify ordername and update auth query", "update records set ordername=NULL,auth=%d where domain_id='%d' and name='%s'");
declare(suffix,"nullify-ordername-and-auth-query", "DNSSEC nullify ordername and auth query", "update records set ordername=NULL,auth=0 where name='%s' and type='%s' and domain_id='%d'");
+ declare(suffix,"nullify-ordername-and-auth-ent-query", "DNSSEC nullify ordername and auth for ENT records with name.", "update records set ordername=NULL, auth=NULL where name='%s' AND type IS NULL and domain_id='%d'");
declare(suffix,"set-auth-on-ds-record-query", "DNSSEC set auth on a DS record", "update records set auth=1 where domain_id='%d' and name='%s' and type='DS'");
declare(suffix,"update-serial-query","", "update domains set notified_serial=%d where id=%d");
declare(suffix,"nullify-ordername-and-update-auth-query", "DNSSEC nullify ordername and update auth query", "update records set ordername=NULL,auth=(%d = 1) where domain_id='%d' and name='%s'");
declare(suffix,"nullify-ordername-and-auth-query", "DNSSEC nullify ordername and auth query", "update records set ordername=NULL,auth=false where name=E'%s' and type=E'%s' and domain_id='%d'");
+ declare(suffix,"nullify-ordername-and-auth-ent-query", "DNSSEC nullify ordername and auth for ENT records with name.", "update records set ordername=NULL, auth=NULL where name=E'%s' AND type IS NULL and domain_id='%d'");
declare(suffix,"update-serial-query","", "update domains set notified_serial=%d where id=%d");
declare(suffix,"update-lastcheck-query","", "update domains set last_check=%d where id=%d");
declare(suffix,"nullify-ordername-and-update-auth-query", "DNSSEC nullify ordername and update auth query", "update records set ordername=NULL,auth=%d where domain_id='%d' and name='%s'");
declare(suffix,"nullify-ordername-and-auth-query", "DNSSEC nullify ordername and auth query", "update records set ordername=NULL,auth=0 where name='%s' and type='%s' and domain_id='%d'");
+ declare(suffix,"nullify-ordername-and-auth-ent-query", "DNSSEC nullify ordername and auth for ENT records with name.", "update records set ordername=NULL, auth=NULL where name='%s' AND type IS NULL and domain_id='%d'");
declare(suffix,"set-auth-on-ds-record-query", "DNSSEC set auth on a DS record", "update records set auth=1 where domain_id='%d' and name='%s' and type='DS'");
declare( suffix, "master-zone-query", "Data", "select master from domains where name='%s' and type='SLAVE'");
d_setOrderAuthQuery = getArg("set-order-and-auth-query");
d_nullifyOrderNameAndUpdateAuthQuery = getArg("nullify-ordername-and-update-auth-query");
d_nullifyOrderNameAndAuthQuery = getArg("nullify-ordername-and-auth-query");
+ d_nullifyOrderNameAndAuthENTQuery = getArg("nullify-ordername-and-auth-ent-query");
d_setAuthOnDsRecordQuery = getArg("set-auth-on-ds-record-query");
d_AddDomainKeyQuery = getArg("add-domain-key-query");
if(!d_dnssecQueries)
return false;
char output[1024];
-
snprintf(output, sizeof(output)-1, d_nullifyOrderNameAndUpdateAuthQuery.c_str(), auth, domain_id, sqlEscape(qname).c_str());
try {
d_db->doCommand(output);
if(!d_dnssecQueries)
return false;
char output[1024];
-
- snprintf(output, sizeof(output)-1, d_nullifyOrderNameAndAuthQuery.c_str(), sqlEscape(qname).c_str(), sqlEscape(type).c_str(), domain_id);
+ if (type == "TYPE0")
+ snprintf(output, sizeof(output)-1, d_nullifyOrderNameAndAuthENTQuery.c_str(), sqlEscape(qname).c_str(), domain_id);
+ else
+ snprintf(output, sizeof(output)-1, d_nullifyOrderNameAndAuthQuery.c_str(), sqlEscape(qname).c_str(), sqlEscape(type).c_str(), domain_id);
try {
d_db->doCommand(output);
}
string d_setOrderAuthQuery;
string d_nullifyOrderNameAndUpdateAuthQuery;
string d_nullifyOrderNameAndAuthQuery;
+ string d_nullifyOrderNameAndAuthENTQuery;
string d_setAuthOnDsRecordQuery;
string d_removeEmptyNonTerminalsFromZoneQuery;
string d_insertEmptyNonTerminalQuery;
DLOG(L<<msgPrefix<<"Add/Update record (QClass == IN) "<<rrLabel<<"|"<<rrType.getName()<<endl);
if (rrType == QType::NSEC3PARAM) {
- L<<Logger::Notice<<msgPrefix<<"Setting NSEC3PARAM for zone, resetting ordernames and auth flags."<<endl;
+ L<<Logger::Notice<<msgPrefix<<"Adding NSEC3PARAM for zone, resetting ordernames."<<endl;
NSEC3PARAMRecordContent nsec3param(rr->d_content->getZoneRepresentation(), di->zone);
d_dk.setNSEC3PARAM(di->zone, nsec3param, (*narrow));
*haveNSEC3 = d_dk.getNSEC3PARAM(di->zone, ns3pr, narrow);
di->backend->list(di->zone, di->id);
vector<DNSResourceRecord> rrs;
while (di->backend->get(rec)) {
- rrs.push_back(rec);
+ if (rec.qtype.getCode())
+ rrs.push_back(rec);
}
for (vector<DNSResourceRecord>::const_iterator i = rrs.begin(); i != rrs.end(); i++) {
- if (*narrow) {
+ string hashed;
+
+ if (*haveNSEC3)
+ hashed=toLower(toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, i->qname)));
+ di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, i->qname, hashed, i->auth);
+
+ if (*narrow)
di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, i->qname, i->auth);
- } else {
- string hashed=toLower(toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, i->qname)));
- di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, i->qname, hashed, i->auth);
- }
}
return 1;
}
} else
return 0;
- *haveNSEC3 = d_dk.getNSEC3PARAM(di->zone, ns3pr, narrow); // still update, as other records in this update packet need to use it as well.
+ // We retrieve new values, other RR's in this update package might need it as well.
+ *haveNSEC3 = d_dk.getNSEC3PARAM(di->zone, ns3pr, narrow);
+
+ // Remove the Order and Aath field
di->backend->list(di->zone, di->id);
vector<DNSResourceRecord> rrs;
- while (di->backend->get(rec)) {
+ while (di->backend->get(rec))
rrs.push_back(rec);
- }
for (vector<DNSResourceRecord>::const_iterator i = rrs.begin(); i != rrs.end(); i++) {
- di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, i->qname, i->auth);
+ if (!i->qtype.getCode()) {// for ENT records, we want to reset things as they have ordername=NULL and auth=NULL
+ di->backend->nullifyDNSSECOrderNameAndAuth(di->id, i->qname, i->qtype.getName());
+ di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, i->qname, i->auth);
+ } else // all other records are simply updated.
+ di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, i->qname, i->auth);
}
return 1;
}