]>
Commit | Line | Data |
---|---|---|
b3f0ed10 | 1 | #include "validate.hh" |
2 | #include "validate-recursor.hh" | |
3 | #include "syncres.hh" | |
3e9c6c0a | 4 | #include "logger.hh" |
e4ae55e5 PL |
5 | #include "rec-lua-conf.hh" |
6 | #include "dnssecinfra.hh" | |
7 | #include "dnsseckeeper.hh" | |
8 | #include "zoneparser-tng.hh" | |
b3f0ed10 | 9 | |
a6415142 | 10 | DNSSECMode g_dnssecmode{DNSSECMode::ProcessNoValidate}; |
c87e1876 | 11 | bool g_dnssecLogBogus; |
12ce523e | 12 | |
4865b6cb PL |
13 | bool checkDNSSECDisabled() { |
14 | return warnIfDNSSECDisabled(""); | |
15 | } | |
16 | ||
17 | bool warnIfDNSSECDisabled(const string& msg) { | |
18 | if(g_dnssecmode == DNSSECMode::Off) { | |
19 | if (!msg.empty()) | |
e6a9dde5 | 20 | g_log<<Logger::Warning<<msg<<endl; |
4865b6cb PL |
21 | return true; |
22 | } | |
23 | return false; | |
e48c6b8a PL |
24 | } |
25 | ||
0c43f455 | 26 | vState increaseDNSSECStateCounter(const vState& state) |
849fe8d2 PL |
27 | { |
28 | g_stats.dnssecResults[state]++; | |
29 | return state; | |
30 | } | |
e4ae55e5 PL |
31 | |
32 | // Returns true if dsAnchors were modified | |
33 | bool updateTrustAnchorsFromFile(const std::string &fname, map<DNSName, dsmap_t> &dsAnchors) { | |
34 | map<DNSName,dsmap_t> newDSAnchors; | |
35 | try { | |
36 | auto zp = ZoneParserTNG(fname); | |
37 | DNSResourceRecord rr; | |
38 | DNSRecord dr; | |
39 | while(zp.get(rr)) { | |
40 | dr = DNSRecord(rr); | |
41 | if (rr.qtype == QType::DS) { | |
42 | auto dsr = getRR<DSRecordContent>(dr); | |
43 | if (dsr == nullptr) { | |
44 | throw PDNSException("Unable to parse DS record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() + "'"); | |
45 | } | |
46 | newDSAnchors[rr.qname].insert(*dsr); | |
47 | } | |
48 | if (rr.qtype == QType::DNSKEY) { | |
49 | auto dnskeyr = getRR<DNSKEYRecordContent>(dr); | |
50 | if (dnskeyr == nullptr) { | |
51 | throw PDNSException("Unable to parse DNSKEY record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() +"'"); | |
52 | } | |
53 | auto dsr = makeDSFromDNSKey(rr.qname, *dnskeyr, DNSSECKeeper::SHA256); | |
54 | newDSAnchors[rr.qname].insert(dsr); | |
55 | } | |
56 | } | |
57 | if (dsAnchors == newDSAnchors) { | |
58 | g_log<<Logger::Debug<<"Read Trust Anchors from file, no changes detected"<<endl; | |
59 | return false; | |
60 | } | |
61 | g_log<<Logger::Info<<"Read changed Trust Anchors from file, updating"<<endl; | |
62 | dsAnchors = newDSAnchors; | |
63 | return true; | |
64 | } | |
65 | catch (const std::exception &e) { | |
66 | throw PDNSException("Error while reading Trust Anchors from file '" + fname + "': " + e.what()); | |
67 | } | |
68 | catch (...) { | |
69 | throw PDNSException("Error while reading Trust Anchors from file '" + fname + "'"); | |
70 | } | |
71 | } |