From adf1a785cfeedef83f61568e38de48ad363f7830 Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Tue, 1 Sep 2020 16:17:54 +0200 Subject: [PATCH] auth: replace full zone rectifies with rectifyZone() in the rfc2136 code --- pdns/rfc2136handler.cc | 83 ++++-------------------------------------- 1 file changed, 8 insertions(+), 75 deletions(-) diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc index bd8388fe24..d43e370444 100644 --- a/pdns/rfc2136handler.cc +++ b/pdns/rfc2136handler.cc @@ -127,43 +127,10 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, d_dk.setNSEC3PARAM(di->zone, *ns3pr, (*narrow)); *haveNSEC3 = true; - vector rrs; - set qnames, nssets, dssets; - di->backend->list(di->zone, di->id); - while (di->backend->get(rec)) { - qnames.insert(rec.qname); - if(rec.qtype.getCode() == QType::NS && rec.qname != di->zone) - nssets.insert(rec.qname); - if(rec.qtype.getCode() == QType::DS) - dssets.insert(rec.qname); - } - - DNSName shorter; - for(const auto& qname: qnames) { - shorter = qname; - int ddepth = 0; - do { - if(qname == di->zone) - break; - if(nssets.count(shorter)) - ++ddepth; - } while(shorter.chopOff()); - - DNSName ordername = DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, qname))); - if (! *narrow && (ddepth == 0 || (ddepth == 1 && nssets.count(qname)))) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, (ddepth == 0 )); - - if (nssets.count(qname)) { - if (ns3pr->d_flags) - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::NS ); - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::AAAA); - } - } else { - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), (ddepth == 0)); - } - if (ddepth == 1 || dssets.count(qname)) // FIXME400 && ? - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, false, QType::DS); + string error; + string info; + if (!d_dk.rectifyZone(di->zone, error, info, false)) { + throw PDNSException("Failed to rectify '" + di->zone.toLogString() + "': " + error); } return 1; } @@ -411,44 +378,10 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, *haveNSEC3 = false; *narrow = false; - vector rrs; - set qnames, nssets, dssets, ents; - di->backend->list(di->zone, di->id); - while (di->backend->get(rec)) { - qnames.insert(rec.qname); - if(rec.qtype.getCode() == QType::NS && rec.qname != di->zone) - nssets.insert(rec.qname); - if(rec.qtype.getCode() == QType::DS) - dssets.insert(rec.qname); - if(!rec.qtype.getCode()) - ents.insert(rec.qname); - } - - DNSName shorter; - string hashed; - for(const DNSName& qname : qnames) { - shorter = qname; - int ddepth = 0; - do { - if(qname == di->zone) - break; - if(nssets.count(shorter)) - ++ddepth; - } while(shorter.chopOff()); - - DNSName ordername=qname.makeRelative(di->zone); - if (!ents.count(qname) && (ddepth == 0 || (ddepth == 1 && nssets.count(qname)))) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, (ddepth == 0)); - - if (nssets.count(qname)) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::AAAA); - } - } else { - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), (ddepth == 0)); - } - if (ddepth == 1 || dssets.count(qname)) - di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, true, QType::DS); + string error; + string info; + if (!d_dk.rectifyZone(di->zone, error, info, false)) { + throw PDNSException("Failed to rectify '" + di->zone.toLogString() + "': " + error); } return 1; } // end of NSEC3PARAM delete block -- 2.47.2