From 92d36b68f33742f82eceeedf34df562e205cd9f6 Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Tue, 15 Feb 2022 20:09:20 +0100 Subject: [PATCH] auth: make it possible to completely disable LUA records --- pdns/packethandler.cc | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 7459ec82ed..be09f07087 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -629,12 +629,27 @@ void PacketHandler::emitNSEC(std::unique_ptr& r, const DNSName& name, } DNSZoneRecord rr; +#ifdef HAVE_LUA_RECORDS + bool first{true}; + bool doLua{false}; +#endif B.lookup(QType(QType::ANY), name, d_sd.domain_id); while(B.get(rr)) { #ifdef HAVE_LUA_RECORDS - if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.qname)) + if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.qname)) { + first = false; + doLua = g_doLuaRecord; + if (!doLua) { + string val; + d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val); + doLua = (val == "1"); + } + } + + if (rr.dr.d_type == QType::LUA && doLua) { nrc.set(getRR(rr.dr)->d_type); + } else #endif if (d_doExpandALIAS && rr.dr.d_type == QType::ALIAS) { @@ -699,11 +714,27 @@ void PacketHandler::emitNSEC3(std::unique_ptr& r, const NSEC3PARAMRec } } +#ifdef HAVE_LUA_RECORDS + bool first{true}; + bool doLua{false}; +#endif + B.lookup(QType(QType::ANY), name, d_sd.domain_id); while(B.get(rr)) { #ifdef HAVE_LUA_RECORDS - if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.qname)) + if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.qname)) { + first = false; + doLua = g_doLuaRecord; + if (!doLua) { + string val; + d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val); + doLua = (val == "1"); + } + } + + if (rr.dr.d_type == QType::LUA && doLua) { n3rc.set(getRR(rr.dr)->d_type); + } else #endif if (d_doExpandALIAS && rr.dr.d_type == QType::ALIAS) { -- 2.47.3