return variant;
}
-void AuthZoneCache::setZoneVariant(std::unique_ptr<DNSPacket>& packet)
+void AuthZoneCache::setZoneVariant(DNSPacket& packet)
{
- Netmask net = packet->getRealRemote();
+ Netmask net = packet.getRealRemote();
string view = getViewFromNetwork(&net);
- packet->qdomainzone = ZoneName(packet->qdomain);
- string variant = getVariantFromView(packet->qdomainzone, view);
- packet->qdomainzone.setVariant(variant);
+ packet.qdomainzone = ZoneName(packet.qdomain);
+ string variant = getVariantFromView(packet.qdomainzone, view);
+ packet.qdomainzone.setVariant(variant);
}
#endif // ] PDNS_AUTH
// Variant lookup
std::string getVariantFromView(const ZoneName& zone, const std::string& view);
- void setZoneVariant(std::unique_ptr<DNSPacket>& packet);
+ void setZoneVariant(DNSPacket& packet);
size_t size() { return *d_statnumentries; } //!< number of entries in the cache
uint32_t calculateEditSOA(uint32_t old_serial, DNSSECKeeper& dsk, const ZoneName& zonename);
uint32_t calculateEditSOA(uint32_t old_serial, const string& kind, const ZoneName& zonename);
// for SOA-EDIT-DNSUPDATE/API
-bool increaseSOARecord(DNSResourceRecord& dr, const string& increaseKind, const string& editKind);
+bool increaseSOARecord(DNSResourceRecord& rr, const string& increaseKind, const string& editKind, const ZoneName& zonename);
bool makeIncreasedSOARecord(SOAData& sd, const string& increaseKind, const string& editKind, DNSResourceRecord& rrout);
DNSZoneRecord makeEditedDNSZRFromSOAData(DNSSECKeeper& dk, const SOAData& sd, DNSResourceRecord::Place place=DNSResourceRecord::ANSWER);
if(!ret.empty()) {
return;
}
- if(subdomain.countLabels()) {
+ if(subdomain.countLabels() != 0) {
prefix.appendRawLabel(subdomain.getRawLabels()[0]); // XXX DNSName pain this feels wrong
}
if(subdomain == d_sd.qname()) { // stop at SOA
std::unique_ptr<DNSPacket> PacketHandler::opcodeUpdate(DNSPacket& pkt, bool /* noCache */)
{
+ if (g_views) {
+ // Make this variant-aware without performing the complete UeberBackend::getAuth work
+ g_zoneCache.setZoneVariant(pkt);
+ }
+ else {
+ pkt.qdomainzone = ZoneName(pkt.qdomain);
+ }
+
S.inc("dnsupdate-queries");
int res=processUpdate(pkt);
if (res == RCode::Refused) {
if (rrType == QType::NSEC3PARAM) {
g_log<<Logger::Notice<<msgPrefix<<"Deleting NSEC3PARAM from zone, resetting ordernames."<<endl;
- if (rr->d_class == QClass::ANY)
- d_dk.unsetNSEC3PARAM(ZoneName(rr->d_name));
+ // Be sure to use a ZoneName with a variant matching the domain we are
+ // working on, for the sake of unsetNSEC3PARAM.
+ ZoneName zonename(rr->d_name, di->zone.getVariant());
+ if (rr->d_class == QClass::ANY) {
+ d_dk.unsetNSEC3PARAM(zonename);
+ }
else if (rr->d_class == QClass::NONE) {
NSEC3PARAMRecordContent nsec3rr(rr->getContent()->getZoneRepresentation(), di->zone);
if (*haveNSEC3 && ns3pr->getZoneRepresentation() == nsec3rr.getZoneRepresentation())
- d_dk.unsetNSEC3PARAM(ZoneName(rr->d_name));
+ d_dk.unsetNSEC3PARAM(zonename);
else
return 0;
} else
int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, const DomainInfo& di) {
vector<string> forward;
- B.getDomainMetadata(ZoneName(p.qdomain), "FORWARD-DNSUPDATE", forward);
+ B.getDomainMetadata(p.qdomainzone, "FORWARD-DNSUPDATE", forward);
if (forward.size() == 0 && ! ::arg().mustDo("forward-dnsupdate")) {
g_log << Logger::Notice << msgPrefix << "Not configured to forward to primary, returning Refused." << endl;
if (! ::arg().mustDo("dnsupdate"))
return RCode::Refused;
- ZoneName zonename(packet.qdomain);
- string msgPrefix="UPDATE (" + std::to_string(packet.d.id) + ") from " + packet.getRemoteString() + " for " + zonename.toLogString() + ": ";
+ string msgPrefix="UPDATE (" + std::to_string(packet.d.id) + ") from " + packet.getRemoteString() + " for " + packet.qdomainzone.toLogString() + ": ";
g_log<<Logger::Info<<msgPrefix<<"Processing started."<<endl;
// if there is policy, we delegate all checks to it
// Check permissions - IP based
vector<string> allowedRanges;
- B.getDomainMetadata(zonename, "ALLOW-DNSUPDATE-FROM", allowedRanges);
+ B.getDomainMetadata(packet.qdomainzone, "ALLOW-DNSUPDATE-FROM", allowedRanges);
if (! ::arg()["allow-dnsupdate-from"].empty())
stringtok(allowedRanges, ::arg()["allow-dnsupdate-from"], ", \t" );
// Check permissions - TSIG based.
vector<string> tsigKeys;
- B.getDomainMetadata(zonename, "TSIG-ALLOW-DNSUPDATE", tsigKeys);
+ B.getDomainMetadata(packet.qdomainzone, "TSIG-ALLOW-DNSUPDATE", tsigKeys);
if (tsigKeys.size() > 0) {
bool validKey = false;
DomainInfo di;
di.backend=nullptr;
- if(!B.getDomainInfo(zonename, di) || (di.backend == nullptr)) {
- g_log<<Logger::Error<<msgPrefix<<"Can't determine backend for domain '"<<zonename<<"' (or backend does not support DNS update operation)"<<endl;
+ if(!B.getDomainInfo(packet.qdomainzone, di) || (di.backend == nullptr)) {
+ g_log<<Logger::Error<<msgPrefix<<"Can't determine backend for domain '"<<packet.qdomainzone<<"' (or backend does not support DNS update operation)"<<endl;
return RCode::NotAuth;
}
std::lock_guard<std::mutex> l(s_rfc2136lock); //TODO: i think this lock can be per zone, not for everything
g_log<<Logger::Info<<msgPrefix<<"starting transaction."<<endl;
- if (!di.backend->startTransaction(zonename, UnknownDomainID)) { // Not giving the domain_id means that we do not delete the existing records.
- g_log<<Logger::Error<<msgPrefix<<"Backend for domain "<<zonename<<" does not support transaction. Can't do Update packet."<<endl;
+ if (!di.backend->startTransaction(packet.qdomainzone, UnknownDomainID)) { // Not giving the domain_id means that we do not delete the existing records.
+ g_log<<Logger::Error<<msgPrefix<<"Backend for domain "<<packet.qdomainzone<<" does not support transaction. Can't do Update packet."<<endl;
return RCode::NotImp;
}
// Notify secondaries
if (di.kind == DomainInfo::Primary) {
vector<string> notify;
- B.getDomainMetadata(zonename, "NOTIFY-DNSUPDATE", notify);
+ B.getDomainMetadata(packet.qdomainzone, "NOTIFY-DNSUPDATE", notify);
if (!notify.empty() && notify.front() == "1") {
Communicator.notifyDomain(di.zone, &B);
}
*
* @return true if changes may have been made
*/
-bool increaseSOARecord(DNSResourceRecord& rr, const string& increaseKind, const string& editKind) {
+bool increaseSOARecord(DNSResourceRecord& rr, const string& increaseKind, const string& editKind, const ZoneName& zonename) { // NOLINT(readability-identifier-length)
if (increaseKind.empty())
return false;
SOAData sd;
+ sd.zonename = zonename;
fillSOAData(rr.content, sd);
- sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, ZoneName(rr.qname));
+ sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, zonename);
rr.content = makeSOAContent(sd)->getZoneRepresentation(true);
return true;
}
if(packet->qtype.getCode()==QType::AXFR) {
packet->d_xfr=true;
- g_zoneCache.setZoneVariant(packet);
+ g_zoneCache.setZoneVariant(*packet);
doAXFR(packet->qdomainzone, packet, fd);
continue;
}
if(packet->qtype.getCode()==QType::IXFR) {
packet->d_xfr=true;
- g_zoneCache.setZoneVariant(packet);
+ g_zoneCache.setZoneVariant(*packet);
doIXFR(packet, fd);
continue;
}
for (DNSResourceRecord& resourceRecord : new_records) {
resourceRecord.domain_id = static_cast<int>(domainInfo.id);
if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename.operator const DNSName&()) {
- soa_edit_done = increaseSOARecord(resourceRecord, soa_edit_api_kind, soa_edit_kind);
+ soa_edit_done = increaseSOARecord(resourceRecord, soa_edit_api_kind, soa_edit_kind, zonename);
}
}
checkNewRecords(new_records, zonename);
projects / thirdparty / pdns.git / commitdiff
