]>
Commit | Line | Data |
---|---|---|
30ee601a | 1 | #define BOOST_TEST_DYN_LINK |
30ee601a RG |
2 | #include <boost/test/unit_test.hpp> |
3 | ||
95823c07 | 4 | #include "base32.hh" |
30ee601a | 5 | #include "lua-recursor4.hh" |
30ee601a | 6 | #include "root-dnssec.hh" |
86675669 | 7 | #include "test-syncres_cc.hh" |
30ee601a | 8 | |
30ee601a RG |
9 | RecursorStats g_stats; |
10 | GlobalStateHolder<LuaConfigItems> g_luaconfs; | |
559b6c93 PL |
11 | GlobalStateHolder<SuffixMatchNode> g_dontThrottleNames; |
12 | GlobalStateHolder<NetmaskGroup> g_dontThrottleNetmasks; | |
a7956123 | 13 | std::unique_ptr<MemRecursorCache> s_RC{nullptr}; |
30ee601a | 14 | unsigned int g_numThreads = 1; |
c1c29961 | 15 | bool g_lowercaseOutgoing = false; |
30ee601a RG |
16 | |
17 | /* Fake some required functions we didn't want the trouble to | |
18 | link with */ | |
42dcf516 | 19 | ArgvMap& arg() |
30ee601a RG |
20 | { |
21 | static ArgvMap theArg; | |
22 | return theArg; | |
23 | } | |
24 | ||
159b1242 OM |
25 | void primeRootNSZones(bool) |
26 | { | |
27 | } | |
28 | ||
5899ee54 | 29 | bool RecursorLua4::preoutquery(const ComboAddress& ns, const ComboAddress& requestor, const DNSName& query, const QType& qtype, bool isTcp, vector<DNSRecord>& res, int& ret) const |
30ee601a RG |
30 | { |
31 | return false; | |
32 | } | |
33 | ||
42dcf516 | 34 | int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstrmLoggers, const std::set<uint16_t>& exportTypes, LWResult* res, bool* chained) |
30ee601a RG |
35 | { |
36 | return 0; | |
37 | } | |
38 | ||
39 | /* primeHints() is only here for now because it | |
40 | was way too much trouble to link with the real one. | |
41 | We should fix this, empty functions are one thing, but this is | |
42 | bad. | |
43 | */ | |
44 | ||
45 | #include "root-addresses.hh" | |
46 | ||
47 | void primeHints(void) | |
48 | { | |
49 | vector<DNSRecord> nsset; | |
a7956123 OM |
50 | if (!s_RC) |
51 | s_RC = std::unique_ptr<MemRecursorCache>(new MemRecursorCache()); | |
30ee601a RG |
52 | |
53 | DNSRecord arr, aaaarr, nsrr; | |
42dcf516 OM |
54 | nsrr.d_name = g_rootdnsname; |
55 | arr.d_type = QType::A; | |
56 | aaaarr.d_type = QType::AAAA; | |
57 | nsrr.d_type = QType::NS; | |
58 | arr.d_ttl = aaaarr.d_ttl = nsrr.d_ttl = time(nullptr) + 3600000; | |
30ee601a | 59 | |
42dcf516 | 60 | for (char c = 'a'; c <= 'm'; ++c) { |
e4f772ce | 61 | char templ[40]; |
42dcf516 OM |
62 | strncpy(templ, "a.root-servers.net.", sizeof(templ) - 1); |
63 | templ[sizeof(templ) - 1] = '\0'; | |
64 | *templ = c; | |
65 | aaaarr.d_name = arr.d_name = DNSName(templ); | |
66 | nsrr.d_content = std::make_shared<NSRecordContent>(DNSName(templ)); | |
67 | arr.d_content = std::make_shared<ARecordContent>(ComboAddress(rootIps4[c - 'a'])); | |
30ee601a RG |
68 | vector<DNSRecord> aset; |
69 | aset.push_back(arr); | |
a7956123 | 70 | s_RC->replace(time(nullptr), DNSName(templ), QType(QType::A), aset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true); // auth, nuke it all |
42dcf516 OM |
71 | if (rootIps6[c - 'a'] != NULL) { |
72 | aaaarr.d_content = std::make_shared<AAAARecordContent>(ComboAddress(rootIps6[c - 'a'])); | |
30ee601a RG |
73 | |
74 | vector<DNSRecord> aaaaset; | |
75 | aaaaset.push_back(aaaarr); | |
a7956123 | 76 | s_RC->replace(time(nullptr), DNSName(templ), QType(QType::AAAA), aaaaset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true); |
30ee601a RG |
77 | } |
78 | ||
79 | nsset.push_back(nsrr); | |
80 | } | |
a7956123 | 81 | s_RC->replace(time(nullptr), g_rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), false); // and stuff in the cache |
30ee601a RG |
82 | } |
83 | ||
84 | LuaConfigItems::LuaConfigItems() | |
85 | { | |
42dcf516 OM |
86 | for (const auto& dsRecord : rootDSs) { |
87 | auto ds = std::dynamic_pointer_cast<DSRecordContent>(DSRecordContent::make(dsRecord)); | |
30ee601a RG |
88 | dsAnchors[g_rootdnsname].insert(*ds); |
89 | } | |
90 | } | |
91 | ||
92 | /* Some helpers functions */ | |
93 | ||
86675669 | 94 | void initSR(bool debug) |
30ee601a | 95 | { |
e6a9dde5 PL |
96 | g_log.setName("test"); |
97 | g_log.disableSyslog(true); | |
b4c8789a | 98 | |
30ee601a | 99 | if (debug) { |
e6a9dde5 PL |
100 | g_log.setLoglevel((Logger::Urgency)(6)); // info and up |
101 | g_log.toConsole(Logger::Info); | |
30ee601a | 102 | } |
b4c8789a | 103 | else { |
e6a9dde5 PL |
104 | g_log.setLoglevel(Logger::None); |
105 | g_log.toConsole(Logger::Error); | |
b4c8789a | 106 | } |
30ee601a | 107 | |
a7956123 | 108 | s_RC = std::unique_ptr<MemRecursorCache>(new MemRecursorCache()); |
30ee601a | 109 | |
30ee601a | 110 | SyncRes::s_maxqperq = 50; |
42dcf516 | 111 | SyncRes::s_maxtotusec = 1000 * 7000; |
30ee601a RG |
112 | SyncRes::s_maxdepth = 40; |
113 | SyncRes::s_maxnegttl = 3600; | |
b9473937 | 114 | SyncRes::s_maxbogusttl = 3600; |
30ee601a RG |
115 | SyncRes::s_maxcachettl = 86400; |
116 | SyncRes::s_packetcachettl = 3600; | |
117 | SyncRes::s_packetcacheservfailttl = 60; | |
118 | SyncRes::s_serverdownmaxfails = 64; | |
119 | SyncRes::s_serverdownthrottletime = 60; | |
120 | SyncRes::s_doIPv6 = true; | |
e9f9b8ec RG |
121 | SyncRes::s_ecsipv4limit = 24; |
122 | SyncRes::s_ecsipv6limit = 56; | |
bdceeb7e RG |
123 | SyncRes::s_ecsipv4cachelimit = 24; |
124 | SyncRes::s_ecsipv6cachelimit = 56; | |
2cbe6a45 | 125 | SyncRes::s_ecscachelimitttl = 0; |
f58c8379 | 126 | SyncRes::s_rootNXTrust = true; |
d40a915b | 127 | SyncRes::s_hardenNXD = SyncRes::HardenNXD::DNSSEC; |
d6e797b8 | 128 | SyncRes::s_minimumTTL = 0; |
5cf4b2e7 | 129 | SyncRes::s_minimumECSTTL = 0; |
648bcbd1 | 130 | SyncRes::s_serverID = "PowerDNS Unit Tests Server ID"; |
2fe3354d CH |
131 | SyncRes::clearEDNSLocalSubnets(); |
132 | SyncRes::addEDNSLocalSubnet("0.0.0.0/0"); | |
133 | SyncRes::addEDNSLocalSubnet("::/0"); | |
134 | SyncRes::clearEDNSRemoteSubnets(); | |
9065eb05 RG |
135 | SyncRes::clearEDNSDomains(); |
136 | SyncRes::clearDelegationOnly(); | |
137 | SyncRes::clearDontQuery(); | |
2fe3354d | 138 | SyncRes::setECSScopeZeroAddress(Netmask("127.0.0.1/32")); |
357d1186 | 139 | SyncRes::s_qnameminimization = false; |
648bcbd1 | 140 | |
a712cb56 | 141 | SyncRes::clearNSSpeeds(); |
690b86b7 | 142 | BOOST_CHECK_EQUAL(SyncRes::getNSSpeedsSize(), 0U); |
a712cb56 | 143 | SyncRes::clearEDNSStatuses(); |
690b86b7 | 144 | BOOST_CHECK_EQUAL(SyncRes::getEDNSStatusesSize(), 0U); |
a712cb56 | 145 | SyncRes::clearThrottle(); |
690b86b7 | 146 | BOOST_CHECK_EQUAL(SyncRes::getThrottledServersSize(), 0U); |
a712cb56 | 147 | SyncRes::clearFailedServers(); |
690b86b7 | 148 | BOOST_CHECK_EQUAL(SyncRes::getFailedServersSize(), 0U); |
a712cb56 | 149 | |
c9783016 RG |
150 | SyncRes::clearECSStats(); |
151 | ||
648bcbd1 RG |
152 | auto luaconfsCopy = g_luaconfs.getCopy(); |
153 | luaconfsCopy.dfe.clear(); | |
8455425c | 154 | luaconfsCopy.dsAnchors.clear(); |
42dcf516 OM |
155 | for (const auto& dsRecord : rootDSs) { |
156 | auto ds = std::dynamic_pointer_cast<DSRecordContent>(DSRecordContent::make(dsRecord)); | |
8455425c RG |
157 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(*ds); |
158 | } | |
159 | luaconfsCopy.negAnchors.clear(); | |
648bcbd1 RG |
160 | g_luaconfs.setState(luaconfsCopy); |
161 | ||
8455425c | 162 | g_dnssecmode = DNSSECMode::Off; |
895449a5 | 163 | g_dnssecLOG = debug; |
b7c40613 | 164 | g_maxNSEC3Iterations = 2500; |
8455425c | 165 | |
42dcf516 OM |
166 | ::arg().set("version-string", "string reported on version.pdns or version.bind") = "PowerDNS Unit Tests"; |
167 | ::arg().set("rng") = "auto"; | |
168 | ::arg().set("entropy-source") = "/dev/urandom"; | |
30ee601a RG |
169 | } |
170 | ||
86675669 | 171 | void initSR(std::unique_ptr<SyncRes>& sr, bool dnssec, bool debug, time_t fakeNow) |
30ee601a RG |
172 | { |
173 | struct timeval now; | |
d6e797b8 RG |
174 | if (fakeNow > 0) { |
175 | now.tv_sec = fakeNow; | |
176 | now.tv_usec = 0; | |
177 | } | |
178 | else { | |
179 | Utility::gettimeofday(&now, 0); | |
180 | } | |
181 | ||
86675669 | 182 | initSR(debug); |
895449a5 | 183 | |
30ee601a | 184 | sr = std::unique_ptr<SyncRes>(new SyncRes(now)); |
895449a5 | 185 | sr->setDoEDNS0(true); |
0c43f455 RG |
186 | if (dnssec) { |
187 | sr->setDoDNSSEC(dnssec); | |
188 | } | |
189 | ||
895449a5 RG |
190 | sr->setLogMode(debug == false ? SyncRes::LogNone : SyncRes::Log); |
191 | ||
a712cb56 RG |
192 | SyncRes::setDomainMap(std::make_shared<SyncRes::domainmap_t>()); |
193 | SyncRes::clearNegCache(); | |
30ee601a RG |
194 | } |
195 | ||
86675669 | 196 | void setDNSSECValidation(std::unique_ptr<SyncRes>& sr, const DNSSECMode& mode) |
0c43f455 RG |
197 | { |
198 | sr->setDNSSECValidationRequested(true); | |
199 | g_dnssecmode = mode; | |
200 | } | |
201 | ||
86675669 | 202 | void setLWResult(LWResult* res, int rcode, bool aa, bool tc, bool edns, bool validpacket) |
30ee601a RG |
203 | { |
204 | res->d_rcode = rcode; | |
205 | res->d_aabit = aa; | |
206 | res->d_tcbit = tc; | |
207 | res->d_haveEDNS = edns; | |
269ac73d | 208 | res->d_validpacket = validpacket; |
30ee601a RG |
209 | } |
210 | ||
86675669 | 211 | void addRecordToLW(LWResult* res, const DNSName& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place, uint32_t ttl) |
d6e797b8 RG |
212 | { |
213 | addRecordToList(res->d_records, name, type, content, place, ttl); | |
30ee601a RG |
214 | } |
215 | ||
86675669 | 216 | void addRecordToLW(LWResult* res, const std::string& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place, uint32_t ttl) |
30ee601a RG |
217 | { |
218 | addRecordToLW(res, DNSName(name), type, content, place, ttl); | |
219 | } | |
220 | ||
86675669 | 221 | bool isRootServer(const ComboAddress& ip) |
30ee601a | 222 | { |
8455425c RG |
223 | if (ip.isIPv4()) { |
224 | for (size_t idx = 0; idx < rootIps4Count; idx++) { | |
225 | if (ip.toString() == rootIps4[idx]) { | |
226 | return true; | |
227 | } | |
30ee601a RG |
228 | } |
229 | } | |
8455425c RG |
230 | else { |
231 | for (size_t idx = 0; idx < rootIps6Count; idx++) { | |
232 | if (ip.toString() == rootIps6[idx]) { | |
233 | return true; | |
234 | } | |
30ee601a RG |
235 | } |
236 | } | |
8455425c | 237 | |
30ee601a RG |
238 | return false; |
239 | } | |
240 | ||
c1e7b833 | 241 | void computeRRSIG(const DNSSECPrivateKey& dpk, const DNSName& signer, const DNSName& signQName, uint16_t signQType, uint32_t signTTL, uint32_t sigValidity, RRSIGRecordContent& rrc, const sortedRecords_t& toSign, boost::optional<uint8_t> algo, boost::optional<uint32_t> inception, boost::optional<time_t> now) |
8455425c | 242 | { |
1e2e06f1 RG |
243 | if (!now) { |
244 | now = time(nullptr); | |
245 | } | |
8455425c RG |
246 | DNSKEYRecordContent drc = dpk.getDNSKEY(); |
247 | const std::shared_ptr<DNSCryptoKeyEngine> rc = dpk.getKey(); | |
248 | ||
249 | rrc.d_type = signQType; | |
250 | rrc.d_labels = signQName.countLabels() - signQName.isWildcard(); | |
251 | rrc.d_originalttl = signTTL; | |
1e2e06f1 RG |
252 | rrc.d_siginception = inception ? *inception : (*now - 10); |
253 | rrc.d_sigexpire = *now + sigValidity; | |
8455425c RG |
254 | rrc.d_signer = signer; |
255 | rrc.d_tag = 0; | |
256 | rrc.d_tag = drc.getTag(); | |
3d5ebf10 | 257 | rrc.d_algorithm = algo ? *algo : drc.d_algorithm; |
8455425c RG |
258 | |
259 | std::string msg = getMessageForRRSET(signQName, rrc, toSign); | |
260 | ||
261 | rrc.d_signature = rc->sign(msg); | |
262 | } | |
263 | ||
42dcf516 | 264 | typedef std::unordered_map<DNSName, std::pair<DNSSECPrivateKey, DSRecordContent>> testkeysset_t; |
b7f378d1 | 265 | |
86675669 | 266 | bool addRRSIG(const testkeysset_t& keys, std::vector<DNSRecord>& records, const DNSName& signer, uint32_t sigValidity, bool broken, boost::optional<uint8_t> algo, boost::optional<DNSName> wildcard, boost::optional<time_t> now) |
8455425c RG |
267 | { |
268 | if (records.empty()) { | |
5374b03b | 269 | return false; |
8455425c RG |
270 | } |
271 | ||
272 | const auto it = keys.find(signer); | |
273 | if (it == keys.cend()) { | |
86f1af1c | 274 | throw std::runtime_error("No DNSKEY found for " + signer.toLogString() + ", unable to compute the requested RRSIG"); |
8455425c RG |
275 | } |
276 | ||
277 | size_t recordsCount = records.size(); | |
42dcf516 OM |
278 | const DNSName& name = records[recordsCount - 1].d_name; |
279 | const uint16_t type = records[recordsCount - 1].d_type; | |
8455425c | 280 | |
c1e7b833 | 281 | sortedRecords_t recordcontents; |
f0c604d5 | 282 | for (const auto& record : records) { |
8455425c | 283 | if (record.d_name == name && record.d_type == type) { |
c1e7b833 | 284 | recordcontents.insert(record.d_content); |
8455425c RG |
285 | } |
286 | } | |
287 | ||
288 | RRSIGRecordContent rrc; | |
42dcf516 | 289 | computeRRSIG(it->second.first, signer, wildcard ? *wildcard : records[recordsCount - 1].d_name, records[recordsCount - 1].d_type, records[recordsCount - 1].d_ttl, sigValidity, rrc, recordcontents, algo, boost::none, now); |
3d5ebf10 RG |
290 | if (broken) { |
291 | rrc.d_signature[0] ^= 42; | |
292 | } | |
8455425c RG |
293 | |
294 | DNSRecord rec; | |
dbbef467 | 295 | rec.d_type = QType::RRSIG; |
42dcf516 OM |
296 | rec.d_place = records[recordsCount - 1].d_place; |
297 | rec.d_name = records[recordsCount - 1].d_name; | |
298 | rec.d_ttl = records[recordsCount - 1].d_ttl; | |
8455425c RG |
299 | |
300 | rec.d_content = std::make_shared<RRSIGRecordContent>(rrc); | |
301 | records.push_back(rec); | |
5374b03b RG |
302 | |
303 | return true; | |
8455425c RG |
304 | } |
305 | ||
86675669 | 306 | void addDNSKEY(const testkeysset_t& keys, const DNSName& signer, uint32_t ttl, std::vector<DNSRecord>& records) |
8455425c RG |
307 | { |
308 | const auto it = keys.find(signer); | |
309 | if (it == keys.cend()) { | |
86f1af1c | 310 | throw std::runtime_error("No DNSKEY found for " + signer.toLogString()); |
8455425c RG |
311 | } |
312 | ||
313 | DNSRecord rec; | |
314 | rec.d_place = DNSResourceRecord::ANSWER; | |
315 | rec.d_name = signer; | |
316 | rec.d_type = QType::DNSKEY; | |
317 | rec.d_ttl = ttl; | |
318 | ||
b7f378d1 | 319 | rec.d_content = std::make_shared<DNSKEYRecordContent>(it->second.first.getDNSKEY()); |
8455425c RG |
320 | records.push_back(rec); |
321 | } | |
322 | ||
86675669 | 323 | bool addDS(const DNSName& domain, uint32_t ttl, std::vector<DNSRecord>& records, const testkeysset_t& keys, DNSResourceRecord::Place place) |
8455425c | 324 | { |
b7f378d1 RG |
325 | const auto it = keys.find(domain); |
326 | if (it == keys.cend()) { | |
5374b03b | 327 | return false; |
8455425c RG |
328 | } |
329 | ||
b7f378d1 RG |
330 | DNSRecord rec; |
331 | rec.d_name = domain; | |
332 | rec.d_type = QType::DS; | |
a53e8fe3 | 333 | rec.d_place = place; |
b7f378d1 RG |
334 | rec.d_ttl = ttl; |
335 | rec.d_content = std::make_shared<DSRecordContent>(it->second.second); | |
8455425c | 336 | |
b7f378d1 | 337 | records.push_back(rec); |
5374b03b | 338 | return true; |
8455425c RG |
339 | } |
340 | ||
42dcf516 | 341 | void addNSECRecordToLW(const DNSName& domain, const DNSName& next, const std::set<uint16_t>& types, uint32_t ttl, std::vector<DNSRecord>& records) |
8455425c RG |
342 | { |
343 | NSECRecordContent nrc; | |
344 | nrc.d_next = next; | |
27d4a65b RG |
345 | for (const auto& type : types) { |
346 | nrc.set(type); | |
347 | } | |
8455425c RG |
348 | |
349 | DNSRecord rec; | |
350 | rec.d_name = domain; | |
351 | rec.d_ttl = ttl; | |
352 | rec.d_type = QType::NSEC; | |
27d4a65b | 353 | rec.d_content = std::make_shared<NSECRecordContent>(std::move(nrc)); |
8455425c RG |
354 | rec.d_place = DNSResourceRecord::AUTHORITY; |
355 | ||
356 | records.push_back(rec); | |
357 | } | |
358 | ||
c1797419 | 359 | void addNSEC3RecordToLW(const DNSName& hashedName, const std::string& hashedNext, const std::string& salt, unsigned int iterations, const std::set<uint16_t>& types, uint32_t ttl, std::vector<DNSRecord>& records, bool optOut) |
95823c07 RG |
360 | { |
361 | NSEC3RecordContent nrc; | |
362 | nrc.d_algorithm = 1; | |
c1797419 | 363 | nrc.d_flags = optOut ? 1 : 0; |
95823c07 RG |
364 | nrc.d_iterations = iterations; |
365 | nrc.d_salt = salt; | |
366 | nrc.d_nexthash = hashedNext; | |
27d4a65b RG |
367 | for (const auto& type : types) { |
368 | nrc.set(type); | |
369 | } | |
95823c07 RG |
370 | |
371 | DNSRecord rec; | |
372 | rec.d_name = hashedName; | |
373 | rec.d_ttl = ttl; | |
374 | rec.d_type = QType::NSEC3; | |
27d4a65b | 375 | rec.d_content = std::make_shared<NSEC3RecordContent>(std::move(nrc)); |
95823c07 RG |
376 | rec.d_place = DNSResourceRecord::AUTHORITY; |
377 | ||
378 | records.push_back(rec); | |
379 | } | |
380 | ||
c1797419 | 381 | void addNSEC3UnhashedRecordToLW(const DNSName& domain, const DNSName& zone, const std::string& next, const std::set<uint16_t>& types, uint32_t ttl, std::vector<DNSRecord>& records, unsigned int iterations, bool optOut) |
95823c07 RG |
382 | { |
383 | static const std::string salt = "deadbeef"; | |
95823c07 RG |
384 | std::string hashed = hashQNameWithSalt(salt, iterations, domain); |
385 | ||
c1797419 | 386 | addNSEC3RecordToLW(DNSName(toBase32Hex(hashed)) + zone, next, salt, iterations, types, ttl, records, optOut); |
95823c07 RG |
387 | } |
388 | ||
c1797419 | 389 | void addNSEC3NarrowRecordToLW(const DNSName& domain, const DNSName& zone, const std::set<uint16_t>& types, uint32_t ttl, std::vector<DNSRecord>& records, unsigned int iterations, bool optOut) |
95823c07 RG |
390 | { |
391 | static const std::string salt = "deadbeef"; | |
95823c07 | 392 | std::string hashed = hashQNameWithSalt(salt, iterations, domain); |
95823c07 RG |
393 | std::string hashedNext(hashed); |
394 | incrementHash(hashedNext); | |
395 | decrementHash(hashed); | |
396 | ||
c1797419 | 397 | addNSEC3RecordToLW(DNSName(toBase32Hex(hashed)) + zone, hashedNext, salt, iterations, types, ttl, records, optOut); |
95823c07 RG |
398 | } |
399 | ||
86675669 | 400 | void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest, testkeysset_t& keys) |
8455425c RG |
401 | { |
402 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(algo)); | |
b7f378d1 | 403 | dcke->create((algo <= 10) ? 2048 : dcke->getBits()); |
8455425c RG |
404 | DNSSECPrivateKey dpk; |
405 | dpk.d_flags = 256; | |
406 | dpk.setKey(dcke); | |
8455425c | 407 | DSRecordContent ds = makeDSFromDNSKey(name, dpk.getDNSKEY(), digest); |
42dcf516 | 408 | keys[name] = std::pair<DNSSECPrivateKey, DSRecordContent>(dpk, ds); |
b7f378d1 RG |
409 | } |
410 | ||
42dcf516 | 411 | void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest, testkeysset_t& keys, map<DNSName, dsmap_t>& dsAnchors) |
b7f378d1 RG |
412 | { |
413 | generateKeyMaterial(name, algo, digest, keys); | |
414 | dsAnchors[name].insert(keys[name].second); | |
8455425c RG |
415 | } |
416 | ||
c1797419 | 417 | int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut, boost::optional<time_t> now, bool nsec3, bool optOut) |
5374b03b RG |
418 | { |
419 | if (type == QType::DS) { | |
420 | auth.chopOff(); | |
421 | ||
422 | setLWResult(res, 0, true, false, true); | |
423 | ||
424 | if (addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER)) { | |
7ced0738 | 425 | addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now); |
5374b03b RG |
426 | } |
427 | else { | |
428 | addRecordToLW(res, auth, QType::SOA, "foo. bar. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
429 | ||
430 | /* if the auth zone is signed, we need to provide a secure denial */ | |
431 | const auto it = keys.find(auth); | |
432 | if (it != keys.cend()) { | |
433 | /* sign the SOA */ | |
7ced0738 | 434 | addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now); |
5374b03b | 435 | /* add a NSEC denying the DS */ |
6850fa5d | 436 | std::set<uint16_t> types = {nsec3 ? QType::NSEC : QType::NSEC3}; |
f4de85a3 RG |
437 | if (proveCut) { |
438 | types.insert(QType::NS); | |
439 | } | |
440 | ||
c1797419 RG |
441 | if (!nsec3) { |
442 | addNSECRecordToLW(domain, DNSName("z") + domain, types, 600, res->d_records); | |
443 | } | |
444 | else { | |
445 | addNSEC3UnhashedRecordToLW(domain, auth, (DNSName("z") + domain).toString(), types, 600, res->d_records, 10, optOut); | |
446 | } | |
447 | ||
7ced0738 | 448 | addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now); |
5374b03b RG |
449 | } |
450 | } | |
451 | ||
452 | return 1; | |
453 | } | |
454 | ||
455 | if (type == QType::DNSKEY) { | |
456 | setLWResult(res, 0, true, false, true); | |
dbbef467 RG |
457 | addDNSKEY(keys, domain, 300, res->d_records); |
458 | addRRSIG(keys, res->d_records, domain, 300); | |
5374b03b RG |
459 | return 1; |
460 | } | |
461 | ||
462 | return 0; | |
463 | } | |
464 | ||
42dcf516 OM |
465 | int basicRecordsForQnameMinimization(LWResult* res, const DNSName& domain, int type) |
466 | { | |
86675669 OM |
467 | if (domain == DNSName(".") && type == QType::A) { |
468 | setLWResult(res, 0, true); | |
469 | addRecordToLW(res, DNSName("."), QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2019042400 1800 900 604800 86400", DNSResourceRecord::AUTHORITY); | |
470 | return 1; | |
648bcbd1 | 471 | } |
86675669 OM |
472 | if (domain == DNSName("com") && type == QType::A) { |
473 | setLWResult(res, 0, true); | |
474 | addRecordToLW(res, DNSName("com"), QType::NS, "ns1.com", DNSResourceRecord::AUTHORITY); | |
475 | addRecordToLW(res, DNSName("ns1.com"), QType::A, "1.2.3.4", DNSResourceRecord::ADDITIONAL); | |
476 | return 1; | |
c9783016 | 477 | } |
86675669 OM |
478 | if (domain == DNSName("ns1.com") && type == QType::A) { |
479 | setLWResult(res, 0, true); | |
480 | addRecordToLW(res, DNSName("ns1.com"), QType::A, "1.2.3.4"); | |
481 | return 1; | |
c9783016 | 482 | } |
86675669 OM |
483 | if (domain == DNSName("powerdns.com") && type == QType::A) { |
484 | setLWResult(res, 0, true); | |
485 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com", DNSResourceRecord::AUTHORITY); | |
486 | addRecordToLW(res, DNSName("ns1.powerdns.com"), QType::A, "4.5.6.7", DNSResourceRecord::ADDITIONAL); | |
487 | return 1; | |
c9783016 | 488 | } |
86675669 OM |
489 | if (domain == DNSName("powerdns.com") && type == QType::NS) { |
490 | setLWResult(res, 0, true); | |
491 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com"); | |
492 | addRecordToLW(res, DNSName("ns1.powerdns.com"), QType::A, "4.5.6.7", DNSResourceRecord::ADDITIONAL); | |
493 | return 1; | |
c9783016 | 494 | } |
86675669 | 495 | return 0; |
778bcea6 | 496 | } |