From d499f521f4e684dff458ed9b91c36559f5f151f4 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Mon, 15 Mar 2021 14:01:11 +0100
Subject: [PATCH] pdnsutil: some consistency checks for SVCB

---
 pdns/dnsrecords.cc | 19 +++++++++++++++++++
 pdns/dnsrecords.hh |  4 ++++
 pdns/pdnsutil.cc   | 22 ++++++++++++++++++++++
 3 files changed, 45 insertions(+)

diff --git a/pdns/dnsrecords.cc b/pdns/dnsrecords.cc
index 1258583b71..2a3560f3eb 100644
--- a/pdns/dnsrecords.cc
+++ b/pdns/dnsrecords.cc
@@ -764,6 +764,25 @@ bool SVCBBaseRecordContent::hasParams() const {
   return d_params.size() > 0;
 }
 
+bool SVCBBaseRecordContent::hasParam(const SvcParam::SvcParamKey &key) const {
+  auto p = std::find_if(d_params.begin(), d_params.end(),
+      [&key](const SvcParam &param) {
+        return param.getKey() == key;
+      });
+  return p != d_params.end();
+}
+
+SvcParam SVCBBaseRecordContent::getParam(const SvcParam::SvcParamKey &key) const {
+  auto p = std::find_if(d_params.begin(), d_params.end(),
+      [&key](const SvcParam &param) {
+        return param.getKey() == key;
+      });
+  if (p == d_params.end()) {
+    throw std::out_of_range("No param with key " + SvcParam::keyToString(key));
+  }
+  return *p;
+}
+
 /* SVCB end */
 
 boilerplate_conv(TKEY,
diff --git a/pdns/dnsrecords.hh b/pdns/dnsrecords.hh
index 9c62981121..03936e161a 100644
--- a/pdns/dnsrecords.hh
+++ b/pdns/dnsrecords.hh
@@ -510,6 +510,10 @@ class SVCBBaseRecordContent : public DNSRecordContent
     void removeParam(const SvcParam::SvcParamKey &key);
     // Whether or not there are any param
     bool hasParams() const;
+    // Whether or not the param of |key| exists
+    bool hasParam(const SvcParam::SvcParamKey &key) const;
+    // Get the parameter with |key|, will throw out_of_range if param isn't there
+    SvcParam getParam(const SvcParam::SvcParamKey &key) const;
 
   protected:
     uint16_t d_priority;
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index c51ff6bb6c..53e468f1df 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -422,6 +422,28 @@ static int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, con
         numwarnings++;
       }
 
+      if(svcbrc->getPriority() != 0) {
+        // Service Form
+        if (svcbrc->hasParam(SvcParam::no_default_alpn) && !svcbrc->hasParam(SvcParam::alpn)) {
+          /* draft-ietf-dnsop-svcb-https-03 section 6.1
+           *  When "no-default-alpn" is specified in an RR, "alpn" must
+           *  also be specified in order for the RR to be "self-consistent
+           *  (Section 2.4.3).
+           */
+          cout<<"[Warning] "<<rr.qname<<"|"<<rr.qtype.getName()<<" is not self-consistent: 'no-default-alpn' parameter without 'alpn' parameter"<<endl;
+          numwarnings++;
+        }
+        if (svcbrc->hasParam(SvcParam::mandatory)) {
+          auto keys = svcbrc->getParam(SvcParam::mandatory).getMandatory();
+          for (auto const &k: keys) {
+            if (!svcbrc->hasParam(k)) {
+              cout<<"[Warning] "<<rr.qname<<"|"<<rr.qtype.getName()<<" is not self-consistent: 'mandatory' parameter lists '"+ SvcParam::keyToString(k) +"', but that parameter does not exist"<<endl;
+              numwarnings++;
+            }
+          }
+        }
+      }
+
       switch (rr.qtype.getCode()) {
       case QType::SVCB:
         if (svcbrc->getPriority() == 0) {
-- 
2.47.2