From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 12 Oct 2018 10:12:57 +0000 (+0200)
Subject: rec: add `addTA` and `clearTA` for Lua config
X-Git-Tag: dnsdist-1.3.3~23^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=190e0d9ae84b24f6ee8cf7d9efae1af3d05e57b1;p=thirdparty%2Fpdns.git

rec: add `addTA` and `clearTA` for Lua config

These will replace `addDS` and `clearDS` in the future.
---

diff --git a/pdns/rec-lua-conf.cc b/pdns/rec-lua-conf.cc
index 1679a1a0f8..3b5284dde1 100644
--- a/pdns/rec-lua-conf.cc
+++ b/pdns/rec-lua-conf.cc
@@ -358,14 +358,33 @@ void loadRecursorLuaConfig(const std::string& fname, luaConfigDelayedThreads& de
 		      }
 		    });
 
+  Lua.writeFunction("addTA", [&lci](const std::string& who, const std::string& what) {
+      warnIfDNSSECDisabled("Warning: adding Trust Anchor for DNSSEC (addTA), but dnssec is set to 'off'!");
+      DNSName zone(who);
+      auto ds = unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
+      lci.dsAnchors[zone].insert(*ds);
+  });
+
+  Lua.writeFunction("clearTA", [&lci](boost::optional<string> who) {
+      warnIfDNSSECDisabled("Warning: removing Trust Anchor for DNSSEC (clearTA), but dnssec is set to 'off'!");
+      if(who)
+        lci.dsAnchors.erase(DNSName(*who));
+      else
+        lci.dsAnchors.clear();
+    });
+
+  /* Remove in 4.3 */
   Lua.writeFunction("addDS", [&lci](const std::string& who, const std::string& what) {
       warnIfDNSSECDisabled("Warning: adding Trust Anchor for DNSSEC (addDS), but dnssec is set to 'off'!");
+      g_log<<Logger::Warning<<"addDS is deprecated and will be removed in the future, switch to addTA"<<endl;
       DNSName zone(who);
       auto ds = unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
       lci.dsAnchors[zone].insert(*ds);
   });
 
+  /* Remove in 4.3 */
   Lua.writeFunction("clearDS", [&lci](boost::optional<string> who) {
+      g_log<<Logger::Warning<<"clearDS is deprecated and will be removed in the future, switch to clearTA"<<endl;
       warnIfDNSSECDisabled("Warning: removing Trust Anchor for DNSSEC (clearDS), but dnssec is set to 'off'!");
       if(who)
         lci.dsAnchors.erase(DNSName(*who));
diff --git a/pdns/recursordist/docs/dnssec.rst b/pdns/recursordist/docs/dnssec.rst
index fcf2b5650f..2e6d456c6f 100644
--- a/pdns/recursordist/docs/dnssec.rst
+++ b/pdns/recursordist/docs/dnssec.rst
@@ -86,15 +86,17 @@ The PowerDNS Recursor ships with the DNSSEC Root key built-in.
 
 **Note**: it has no support for :rfc:`5011` key rollover and does not persist a changed root trust anchor to disk.
 
-Configuring DNSSEC key material must be done in the :ref:`setting-lua-config-file`, using :func:`addDS`.
+Configuring DNSSEC key material must be done in the :ref:`setting-lua-config-file`, using :func:`addTA`.
 This function takes 2 arguments: the node in the DNS-tree and the data of the corresponding DS record.
 
 To e.g. add a trust anchor for the root and powerdns.com, use the following config in the Lua file:
 
 .. code:: Lua
 
-    addDS('.', "63149 13 1 a59da3f5c1b97fcd5fa2b3b2b0ac91d38a60d33a") -- This is not an ICANN root
-    addDS('powerdns.com', "44030 8 2 D4C3D5552B8679FAEEBC317E5F048B614B2E5F607DC57F1553182D49 AB2179F7")
+    addTA('.', "63149 13 1 a59da3f5c1b97fcd5fa2b3b2b0ac91d38a60d33a") -- This is not an ICANN root
+    addTA('powerdns.com', "44030 8 2 D4C3D5552B8679FAEEBC317E5F048B614B2E5F607DC57F1553182D49 AB2179F7")
+
+For PowerDNS Recursor 4.1.x and below, use the :func:`addDS` function instead.
 
 Now (re)start the recursor to load these trust anchors.
 
diff --git a/pdns/recursordist/docs/lua-config/dnssec.rst b/pdns/recursordist/docs/lua-config/dnssec.rst
index 837f1bddc5..20c75ccd0a 100644
--- a/pdns/recursordist/docs/lua-config/dnssec.rst
+++ b/pdns/recursordist/docs/lua-config/dnssec.rst
@@ -4,8 +4,20 @@ The DNSSEC Trust Anchors and Negative Trust Anchors must be stored in the Lua Co
 See the :doc:`../dnssec` for all information about DNSSEC in the PowerDNS Recursor.
 This page only documents the Lua functions for DNSSEC configuration
 
+.. function:: addTA(name, dscontent)
+
+  .. versionadded:: 4.2.0
+
+  Adds Trust Anchor to the list of DNSSEC anchors.
+
+  :param str name: The name in the DNS tree from where this Trust Anchor should be used
+  :param str dsrecord: The DS Record content associated with ``name``
+
 .. function:: addDS(name, dscontent)
 
+  .. deprecated:: 4.2.0
+    Please use :func:`addTA` instead
+
   Adds a DS record (Trust Anchor) to the configuration
 
   :param str name: The name in the DNS tree from where this Trust Anchor should be used