auth: Speedup presigned signature lookups.

There was an unnecessary soa lookup which resulted in a large number of extra backend queries.

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 14e1cd253f2d9cd88ec3c7e32f0ab7120b812850..de27cd0176e2330f72c048cd75ab3e048657fe29 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -605,29 +605,30 @@ bool DNSSECKeeper::checkKeys(const DNSName& zone, vector<string>* errorMessages)
   return retval;
 }
 
-bool DNSSECKeeper::getPreRRSIGs(UeberBackend& db, const DNSName& signer, const DNSName& qname,
-        const DNSName& wildcardname, const QType& qtype,
-        DNSResourceRecord::Place signPlace, vector<DNSZoneRecord>& rrsigs, uint32_t signTTL)
-{
-  // cerr<<"Doing DB lookup for precomputed RRSIGs for '"<<(wildcardname.empty() ? qname : wildcardname)<<"'"<<endl;
-        SOAData sd;
-        if(!db.getSOAUncached(signer, sd)) {
-                DLOG(g_log<<"Could not get SOA for domain"<<endl);
-                return false;
-        }
-        db.lookup(QType(QType::RRSIG), wildcardname.countLabels() ? wildcardname : qname, sd.domain_id);
-        DNSZoneRecord rr;
-        while(db.get(rr)) {
-          auto rrsig = getRR<RRSIGRecordContent>(rr.dr);
-          if(rrsig->d_type == qtype.getCode() && rrsig->d_signer==signer) {
-            if (wildcardname.countLabels())
-              rr.dr.d_name = qname;
-            rr.dr.d_place = signPlace;
-            rr.dr.d_ttl = signTTL;
-            rrsigs.push_back(rr);
-          }
-        }
-        return true;
+void DNSSECKeeper::getPreRRSIGs(UeberBackend& db, vector<DNSZoneRecord>& rrs, uint32_t signTTL)
+{
+  if(rrs.empty()) {
+    return;
+  }
+
+  const auto& rr = *rrs.rbegin();
+
+  DNSZoneRecord dzr;
+  std::shared_ptr<RRSIGRecordContent> rrsig;
+
+  db.lookup(QType(QType::RRSIG), !rr.wildcardname.empty() ? rr.wildcardname : rr.dr.d_name, rr.domain_id);
+  while(db.get(dzr)) {
+    rrsig = std::move(getRR<RRSIGRecordContent>(dzr.dr));
+    if(rrsig->d_type == rr.dr.d_type) {
+      if(!rr.wildcardname.empty()) {
+        dzr.dr.d_name = rr.dr.d_name;
+      }
+      dzr.dr.d_place = rr.dr.d_place;
+      dzr.dr.d_ttl = signTTL;
+
+      rrs.emplace_back(std::move(dzr));
+    }
+  }
 }
 
 bool DNSSECKeeper::TSIGGrantsAccess(const DNSName& zone, const DNSName& keyname)

diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh
index 56ddc226d844c9d5e862ab898d610af59b89c674..9f758cf7f56adb5e1f5b1d43c1ddc21398ca6494 100644 (file)
--- a/pdns/dnsseckeeper.hh
+++ b/pdns/dnsseckeeper.hh
@@ -209,7 +209,7 @@ public:
   bool checkNSEC3PARAM(const NSEC3PARAMRecordContent& ns3p, string& msg);
   bool setNSEC3PARAM(const DNSName& zname, const NSEC3PARAMRecordContent& n3p, const bool& narrow=false);
   bool unsetNSEC3PARAM(const DNSName& zname);
-  bool getPreRRSIGs(UeberBackend& db, const DNSName& signer, const DNSName& qname, const DNSName& wildcardname, const QType& qtype, DNSResourceRecord::Place, vector<DNSZoneRecord>& rrsigs, uint32_t signTTL);
+  void getPreRRSIGs(UeberBackend& db, vector<DNSZoneRecord>& rrs, uint32_t signTTL);
   bool isPresigned(const DNSName& zname, bool useCache=true);
   bool setPresigned(const DNSName& zname);
   bool unsetPresigned(const DNSName& zname);

diff --git a/pdns/dnssecsigner.cc b/pdns/dnssecsigner.cc
index 3bb27930c8b183ac4c408ab731ea5b54825f27e0..2a9eb764d7f0e7b0ecb26ae6198024cf2758cff2 100644 (file)
--- a/pdns/dnssecsigner.cc
+++ b/pdns/dnssecsigner.cc
@@ -142,7 +142,7 @@ static void addSignature(DNSSECKeeper& dk, UeberBackend& db, const DNSName& sign
   vector<RRSIGRecordContent> rrcs;
   if(dk.isPresigned(signer)) {
     //cerr<<"Doing presignatures"<<endl;
-    dk.getPreRRSIGs(db, signer, signQName, wildcardname, QType(signQType), signPlace, outsigned, origTTL); // does it all
+    dk.getPreRRSIGs(db, outsigned, origTTL); // does it all
   }
   else {
     if(getRRSIGsForRRSET(dk, signer, wildcardname.countLabels() ? wildcardname : signQName, signQType, signTTL, toSign, rrcs) < 0)  {