[thirdparty/pdns.git] / pdns / validate-recursor.cc

#include "validate.hh"
#include "validate-recursor.hh"
#include "syncres.hh"
#include "logger.hh"
#include "rec-lua-conf.hh"
#include "dnssecinfra.hh"
#include "dnsseckeeper.hh"
#include "zoneparser-tng.hh"

DNSSECMode g_dnssecmode{DNSSECMode::ProcessNoValidate};
bool g_dnssecLogBogus;

bool checkDNSSECDisabled() {
  return warnIfDNSSECDisabled("");
}

bool warnIfDNSSECDisabled(const string& msg) {
  if(g_dnssecmode == DNSSECMode::Off) {
    if (!msg.empty())
      g_log<<Logger::Warning<<msg<<endl;
    return true;
  }
  return false;
}

vState increaseDNSSECStateCounter(const vState& state)
{
  g_stats.dnssecResults[state]++;
  return state;
}

// Returns true if dsAnchors were modified
bool updateTrustAnchorsFromFile(const std::string &fname, map<DNSName, dsmap_t> &dsAnchors) {
  map<DNSName,dsmap_t> newDSAnchors;
  try {
    auto zp = ZoneParserTNG(fname);
    DNSResourceRecord rr;
    DNSRecord dr;
    while(zp.get(rr)) {
      dr = DNSRecord(rr);
      if (rr.qtype == QType::DS) {
        auto dsr = getRR<DSRecordContent>(dr);
        if (dsr == nullptr) {
          throw PDNSException("Unable to parse DS record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() + "'");
        }
        newDSAnchors[rr.qname].insert(*dsr);
      }
      if (rr.qtype == QType::DNSKEY) {
        auto dnskeyr = getRR<DNSKEYRecordContent>(dr);
        if (dnskeyr == nullptr) {
          throw PDNSException("Unable to parse DNSKEY record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() +"'");
        }
        auto dsr = makeDSFromDNSKey(rr.qname, *dnskeyr, DNSSECKeeper::SHA256);
        newDSAnchors[rr.qname].insert(dsr);
      }
    }
    if (dsAnchors == newDSAnchors) {
      g_log<<Logger::Debug<<"Read Trust Anchors from file, no changes detected"<<endl;
      return false;
    }
    g_log<<Logger::Info<<"Read changed Trust Anchors from file, updating"<<endl;
    dsAnchors = newDSAnchors;
    return true;
  }
  catch (const std::exception &e) {
    throw PDNSException("Error while reading Trust Anchors from file '" + fname + "': " + e.what());
  }
  catch (...) {
    throw PDNSException("Error while reading Trust Anchors from file '" + fname + "'");
  }
}
Commit	Line	Data
b3f0ed10	1	#include "validate.hh"
	2	#include "validate-recursor.hh"
	3	#include "syncres.hh"
3e9c6c0a	4	#include "logger.hh"
e4ae55e5 PL	5	#include "rec-lua-conf.hh"
	6	#include "dnssecinfra.hh"
	7	#include "dnsseckeeper.hh"
	8	#include "zoneparser-tng.hh"
b3f0ed10	9
a6415142	10	DNSSECMode g_dnssecmode{DNSSECMode::ProcessNoValidate};
c87e1876	11	bool g_dnssecLogBogus;
12ce523e	12
4865b6cb PL	13	bool checkDNSSECDisabled() {
	14	return warnIfDNSSECDisabled("");
	15	}
	16
	17	bool warnIfDNSSECDisabled(const string& msg) {
	18	if(g_dnssecmode == DNSSECMode::Off) {
	19	if (!msg.empty())
e6a9dde5	20	g_log<<Logger::Warning<<msg<<endl;
4865b6cb PL	21	return true;
	22	}
	23	return false;
e48c6b8a PL	24	}
e48c6b8a PL	25
0c43f455	26	vState increaseDNSSECStateCounter(const vState& state)
849fe8d2 PL	27	{
	28	g_stats.dnssecResults[state]++;
	29	return state;
	30	}
e4ae55e5 PL	31
	32	// Returns true if dsAnchors were modified
	33	bool updateTrustAnchorsFromFile(const std::string &fname, map<DNSName, dsmap_t> &dsAnchors) {
	34	map<DNSName,dsmap_t> newDSAnchors;
	35	try {
	36	auto zp = ZoneParserTNG(fname);
	37	DNSResourceRecord rr;
	38	DNSRecord dr;
	39	while(zp.get(rr)) {
	40	dr = DNSRecord(rr);
	41	if (rr.qtype == QType::DS) {
	42	auto dsr = getRR<DSRecordContent>(dr);
	43	if (dsr == nullptr) {
	44	throw PDNSException("Unable to parse DS record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() + "'");
	45	}
	46	newDSAnchors[rr.qname].insert(*dsr);
	47	}
	48	if (rr.qtype == QType::DNSKEY) {
	49	auto dnskeyr = getRR<DNSKEYRecordContent>(dr);
	50	if (dnskeyr == nullptr) {
	51	throw PDNSException("Unable to parse DNSKEY record '" + rr.qname.toString() + " " + rr.getZoneRepresentation() +"'");
	52	}
	53	auto dsr = makeDSFromDNSKey(rr.qname, *dnskeyr, DNSSECKeeper::SHA256);
	54	newDSAnchors[rr.qname].insert(dsr);
	55	}
	56	}
	57	if (dsAnchors == newDSAnchors) {
	58	g_log<<Logger::Debug<<"Read Trust Anchors from file, no changes detected"<<endl;
	59	return false;
	60	}
	61	g_log<<Logger::Info<<"Read changed Trust Anchors from file, updating"<<endl;
	62	dsAnchors = newDSAnchors;
	63	return true;
	64	}
	65	catch (const std::exception &e) {
	66	throw PDNSException("Error while reading Trust Anchors from file '" + fname + "': " + e.what());
	67	}
	68	catch (...) {
	69	throw PDNSException("Error while reading Trust Anchors from file '" + fname + "'");
	70	}
	71	}