rec: fix the zoneToCache regression introduced by SA 2024-01

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Tue, 13 Feb 2024 15:55:10 +0000 (16:55 +0100)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Mon, 26 Feb 2024 14:50:35 +0000 (15:50 +0100)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Tue, 13 Feb 2024 15:55:10 +0000 (16:55 +0100)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 26 Feb 2024 14:50:35 +0000 (15:50 +0100)
diff --git a/pdns/recursordist/rec-zonetocache.cc b/pdns/recursordist/rec-zonetocache.cc

index d75898956831c608814ac50110265294a2cf4998..8d75641b97a5fdef33f48571ad4017ebc40f97b3 100644 (file)
--- a/pdns/recursordist/rec-zonetocache.cc
+++ b/pdns/recursordist/rec-zonetocache.cc
@@ -268,7 +268,7 @@ vState ZoneData::dnssecValidate(pdns::ZoneMD& zonemd, size_t& zonemdCount) const
    }
  
    skeyset_t validKeys;
-  vState dnsKeyState = validateDNSKeysAgainstDS(d_now, d_zone, dsmap, dnsKeys, records, zonemd.getRRSIGs(), validKeys, std::nullopt, validationContext);
+  vState dnsKeyState = validateDNSKeysAgainstDS(d_now, d_zone, dsmap, dnsKeys, records, zonemd.getRRSIGs(QType::DNSKEY), validKeys, std::nullopt, validationContext);
    if (dnsKeyState != vState::Secure) {
      return dnsKeyState;
    }
@@ -299,7 +299,7 @@ vState ZoneData::dnssecValidate(pdns::ZoneMD& zonemd, size_t& zonemdCount) const
        for (const auto& rec : zonemd.getNSEC3Params()) {
          records.emplace(rec);
        }
-      nsecValidationStatus = validateWithKeySet(d_now, d_zone, records, zonemd.getRRSIGs(), validKeys, std::nullopt, validationContext);
+      nsecValidationStatus = validateWithKeySet(d_now, d_zone, records, zonemd.getRRSIGs(QType::NSEC3PARAM), validKeys, std::nullopt, validationContext);
        if (nsecValidationStatus != vState::Secure) {
          d_log->info("NSEC3PARAMS records did not validate");
          return nsecValidationStatus;
@@ -332,7 +332,7 @@ vState ZoneData::dnssecValidate(pdns::ZoneMD& zonemd, size_t& zonemdCount) const
    for (const auto& rec : zonemdRecords) {
      records.emplace(rec);
    }
-  return validateWithKeySet(d_now, d_zone, records, zonemd.getRRSIGs(), validKeys, std::nullopt, validationContext);
+  return validateWithKeySet(d_now, d_zone, records, zonemd.getRRSIGs(QType::ZONEMD), validKeys, std::nullopt, validationContext);
  }
  
  void ZoneData::ZoneToCache(const RecZoneToCache::Config& config)
diff --git a/pdns/zonemd.cc b/pdns/zonemd.cc

index dc1ee7af252456484bce85f175dfddb7d45619b1..041a9c47de6ec5eab595c29742aef2134a82f3e6 100644 (file)
--- a/pdns/zonemd.cc
+++ b/pdns/zonemd.cc
@@ -77,7 +77,7 @@ void pdns::ZoneMD::processRecord(const DNSRecord& record)
        if (rrsig == nullptr) {
          throw PDNSException("Invalid RRSIG record");
        }
-      d_rrsigs.emplace_back(rrsig);
+      d_rrsigs[rrsig->d_type].emplace_back(rrsig);
        if (rrsig->d_type == QType::NSEC) {
          d_nsecs.signatures.emplace_back(rrsig);
        }
diff --git a/pdns/zonemd.hh b/pdns/zonemd.hh

index e941a951f5bb9e1f1aaa0b09904a150a4d546af4..bb5a75f1582dcac2e98f31d8cc6572841f7b6155 100644 (file)
--- a/pdns/zonemd.hh
+++ b/pdns/zonemd.hh
@@ -66,9 +66,12 @@ public:
    }
  
    // Return the zone's apex RRSIGs
-  [[nodiscard]] const std::vector<shared_ptr<const RRSIGRecordContent>>& getRRSIGs() const
+  [[nodiscard]] const std::vector<shared_ptr<const RRSIGRecordContent>>& getRRSIGs(QType requestedType)
    {
-    return d_rrsigs;
+    if (d_rrsigs.count(requestedType) == 0) {
+      d_rrsigs[requestedType] = {};
+    }
+    return d_rrsigs[requestedType];
    }
  
    // Return the zone's apex ZONEMDs
@@ -140,7 +143,7 @@ private:
  
    std::shared_ptr<const SOARecordContent> d_soaRecordContent;
    std::set<shared_ptr<const DNSKEYRecordContent>> d_dnskeys;
-  std::vector<shared_ptr<const RRSIGRecordContent>> d_rrsigs;
+  std::map<QType, std::vector<shared_ptr<const RRSIGRecordContent>>> d_rrsigs;
    std::vector<shared_ptr<const NSEC3PARAMRecordContent>> d_nsec3params;
    ContentSigPair d_nsecs;
    map<DNSName, ContentSigPair> d_nsec3s;
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Tue, 13 Feb 2024 15:55:10 +0000 (16:55 +0100)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Mon, 26 Feb 2024 14:50:35 +0000 (15:50 +0100)
pdns/recursordist/rec-zonetocache.cc		patch \| blob \| blame \| history
pdns/zonemd.cc		patch \| blob \| blame \| history
pdns/zonemd.hh		patch \| blob \| blame \| history