// attodot(sd.hostmaster); FIXME
}
else
- sd.hostmaster="hostmaster."+domain;
+ sd.hostmaster=DNSName("hostmaster")+domain;
}
if(!sd.serial) { // magic time!
#include <string>
#include "dnswriter.hh"
+#include "logger.hh"
/* raw storage
in DNS label format, without trailing 0. So the root is of length 0.
}
+Logger& Logger::operator<<(const DNSName &d)
+{
+ *this<<d.toString();
+
+ return *this;
+}
#include <deque>
#include <strings.h>
// #include "dns.hh"
-#include "logger.hh"
+// #include "logger.hh"
// #include <ext/vstring.h>
};
-bool checkForCorrectTSIG(const DNSPacket* q, UeberBackend* B, string* keyname, string* secret, TSIGRecordContent* trc);
+bool checkForCorrectTSIG(const DNSPacket* q, UeberBackend* B, DNSName* keyname, string* secret, TSIGRecordContent* trc);
#endif
return *this;
}
+Logger& Logger::operator<<(const char *s)
+{
+ *this<<string(s);
+ return *this;
+}
+
Logger& Logger::operator<<(int i)
{
ostringstream tmp;
return *this;
}
-
Logger& Logger::operator<<(long i)
{
ostringstream tmp;
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#ifndef LOGGER_HH
-#define LOGGER_HH
+#pragma once
/* (C) 2002 POWERDNS.COM BV */
#include <string>
#include <pthread.h>
#include "namespaces.hh"
+#include "dnsname.hh"
//! The Logger class can be used to log messages in various ways.
class Logger
L<<"This is an informational message"<<endl; // logged AGAIN at default loglevel (Info)
\endcode
*/
+ Logger& operator<<(const char *s);
Logger& operator<<(const string &s); //!< log a string
Logger& operator<<(int); //!< log an int
Logger& operator<<(double); //!< log a double
Logger& operator<<(long); //!< log an unsigned int
Logger& operator<<(unsigned long); //!< log an unsigned int
Logger& operator<<(unsigned long long); //!< log an unsigned 64 bit int
+ Logger& operator<<(const DNSName&);
+
Logger& operator<<(Urgency); //!< set the urgency, << style
Logger& operator<<(std::ostream & (&)(std::ostream &)); //!< this is to recognise the endl, and to commit the log
#else
#define DLOG(x) ((void)0)
#endif
-
-
-#endif
return "no policy script loaded";
}
-bool AuthLua::axfrfilter(const ComboAddress& remote, const string& zone, const DNSResourceRecord& in, vector<DNSResourceRecord>& out)
+bool AuthLua::axfrfilter(const ComboAddress& remote, const DNSName& zone, const DNSResourceRecord& in, vector<DNSResourceRecord>& out)
{
return false;
}
pthread_mutex_init(&d_lock,0);
}
-bool AuthLua::axfrfilter(const ComboAddress& remote, const string& zone, const DNSResourceRecord& in, vector<DNSResourceRecord>& out)
+bool AuthLua::axfrfilter(const ComboAddress& remote, const DNSName& zone, const DNSResourceRecord& in, vector<DNSResourceRecord>& out)
{
lua_getglobal(d_lua, "axfrfilter");
if(!lua_isfunction(d_lua, -1)) {
}
lua_pushstring(d_lua, remote.toString().c_str() );
- lua_pushstring(d_lua, zone.c_str() );
+ lua_pushstring(d_lua, zone.toString().c_str() ); // FIXME expose DNSName to Lua?
lua_pushstring(d_lua, in.qname.c_str() );
lua_pushnumber(d_lua, in.qtype.getCode() );
lua_pushnumber(d_lua, in.ttl );
public:
explicit AuthLua(const std::string& fname);
// ~AuthLua();
- bool axfrfilter(const ComboAddress& remote, const string& zone, const DNSResourceRecord& in, vector<DNSResourceRecord>& out);
+ bool axfrfilter(const ComboAddress& remote, const DNSName& zone, const DNSResourceRecord& in, vector<DNSResourceRecord>& out);
DNSPacket* prequery(DNSPacket *p);
int police(DNSPacket *req, DNSPacket *resp, bool isTcp=false);
string policycmd(const vector<string>&parts);
}
if(p->d_havetsig) {
- string keyname, secret;
+ DNSName keyname;
+ string secret;
TSIGRecordContent trc;
if(!checkForCorrectTSIG(p, &B, &keyname, &secret, &trc)) {
r=p->replyPacket(); // generate an empty reply packet
class FindNS
{
public:
- vector<string> lookup(const string &name, DNSBackend *b)
+ vector<string> lookup(const DNSName &name, DNSBackend *b)
{
vector<string> addresses;
return addresses;
}
- vector<string> lookup(const string &name, UeberBackend *b)
+ vector<string> lookup(const DNSName &name, UeberBackend *b)
{
vector<string> addresses;
}
private:
- void resolve_name(vector<string>* addresses, const string& name)
+ void resolve_name(vector<string>* addresses, const DNSName& name)
{
struct addrinfo* res;
struct addrinfo hints;
hints.ai_family = n ? AF_INET : AF_INET6;
ComboAddress remote;
remote.sin4.sin_family = AF_INET6;
- if(!getaddrinfo(name.c_str(), 0, &hints, &res)) {
+ if(!getaddrinfo(name.toString().c_str(), 0, &hints, &res)) {
struct addrinfo* address = res;
do {
memcpy(&remote, address->ai_addr, address->ai_addrlen);
bool validKey = false;
TSIGRecordContent trc;
- string inputkey, message;
+ DNSName inputkey;
+ string message;
if (! p->getTSIGDetails(&trc, &inputkey, 0)) {
L<<Logger::Error<<msgPrefix<<"TSIG key required, but packet does not contain key. Sending REFUSED"<<endl;
return RCode::Refused;
}
if (!validKey) {
- L<<Logger::Error<<msgPrefix<<"TSIG key ("<<inputkey<<") required, but no matching key found in domainmetadata, tried "<<tsigKeys.size()<<". Sending REFUSED"<<endl;
+ L<<Logger::Error<<msgPrefix<<"TSIG key ("<<inputkey.toString()<<") required, but no matching key found in domainmetadata, tried "<<tsigKeys.size()<<". Sending REFUSED"<<endl;
return RCode::Refused;
}
}
DomainInfo di;
di.backend=0;
if(!B.getDomainInfo(p->qdomain, di) || !di.backend) {
- L<<Logger::Error<<msgPrefix<<"Can't determine backend for domain '"<<p->qdomain<<"' (or backend does not support DNS update operation)"<<endl;
+ L<<Logger::Error<<msgPrefix<<"Can't determine backend for domain '"<<p->qdomain.toString()<<"' (or backend does not support DNS update operation)"<<endl;
return RCode::NotAuth;
}
if (! (rr->d_place == DNSRecord::Answer || rr->d_place == DNSRecord::Nameserver))
continue;
- string label = stripDot(rr->d_label);
-
- if (!label.isPartOf(di.zone)) {
+ if (!rr->d_label.isPartOf(di.zone)) {
L<<Logger::Error<<msgPrefix<<"Received update/record out of zone, sending NotZone."<<endl;
return RCode::NotZone;
}
Lock l(&s_rfc2136lock); //TODO: i think this lock can be per zone, not for everything
L<<Logger::Info<<msgPrefix<<"starting transaction."<<endl;
if (!di.backend->startTransaction(p->qdomain, -1)) { // Not giving the domain_id means that we do not delete the existing records.
- L<<Logger::Error<<msgPrefix<<"Backend for domain "<<p->qdomain<<" does not support transaction. Can't do Update packet."<<endl;
+ L<<Logger::Error<<msgPrefix<<"Backend for domain "<<p->qdomain.toString()<<" does not support transaction. Can't do Update packet."<<endl;
return RCode::NotImp;
}
for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i != mdp.d_answers.end(); ++i) {
const DNSRecord *rr = &i->first;
if (rr->d_place == DNSRecord::Nameserver) {
- if (rr->d_class == QClass::NONE && rr->d_type == QType::NS && stripDot(rr->d_label) == di.zone)
+ if (rr->d_class == QClass::NONE && rr->d_type == QType::NS && rr->d_label == di.zone)
nsRRtoDelete.push_back(rr);
else
changedRecords += performUpdate(msgPrefix, rr, &di, isPresigned, &narrow, &haveNSEC3, &ns3pr, &updatedSerial);
S.deposit("dnsupdate-changes", changedRecords);
// Purge the records!
- DNSName zone(di.zone);
+ string zone(di.zone.toString());
zone.append("$");
PC.purge(zone);
+ seq;
}
-bool editSOA(DNSSECKeeper& dk, const string& qname, DNSPacket* dp)
+bool editSOA(DNSSECKeeper& dk, const DNSName& qname, DNSPacket* dp)
{
vector<DNSResourceRecord>& rrs = dp->getRRS();
BOOST_FOREACH(DNSResourceRecord& rr, rrs) {
using boost::scoped_ptr;
-void CommunicatorClass::addSuckRequest(const string &domain, const string &master)
+void CommunicatorClass::addSuckRequest(const DNSName &domain, const string &master)
{
Lock l(&d_lock);
SuckRequest sr;
}
}
-void CommunicatorClass::suck(const string &domain,const string &remote)
+void CommunicatorClass::suck(const DNSName &domain,const string &remote)
{
- L<<Logger::Error<<"Initiating transfer of '"<<domain<<"' from remote '"<<remote<<"'"<<endl;
+ L<<Logger::Error<<"Initiating transfer of '"<<domain.toString()<<"' from remote '"<<remote<<"'"<<endl;
UeberBackend B; // fresh UeberBackend
DomainInfo di;
DNSSECKeeper dk (&B); // reuse our UeberBackend copy for DNSSECKeeper
if(!B.getDomainInfo(domain, di) || !di.backend) { // di.backend and B are mostly identical
- L<<Logger::Error<<"Can't determine backend for domain '"<<domain<<"'"<<endl;
+ L<<Logger::Error<<"Can't determine backend for domain '"<<domain.toString()<<"'"<<endl;
return;
}
uint32_t domain_id=di.id;
- string tsigkeyname, tsigalgorithm, tsigsecret;
+ DNSName tsigkeyname, tsigalgorithm;
+ string tsigsecret;
if(dk.getTSIGForAccess(domain, remote, &tsigkeyname)) {
string tsigsecret64;
if(B.getTSIGKey(tsigkeyname, &tsigalgorithm, &tsigsecret64)) {
B64Decode(tsigsecret64, tsigsecret);
} else {
- L<<Logger::Error<<"TSIG key '"<<tsigkeyname<<"' for domain '"<<domain<<"' not found"<<endl;
+ L<<Logger::Error<<"TSIG key '"<<tsigkeyname.toString()<<"' for domain '"<<domain.toString()<<"' not found"<<endl;
return;
}
}
if(B.getDomainMetadata(domain, "LUA-AXFR-SCRIPT", scripts) && !scripts.empty()) {
try {
pdl.reset(new AuthLua(scripts[0]));
- L<<Logger::Info<<"Loaded Lua script '"<<scripts[0]<<"' to edit the incoming AXFR of '"<<domain<<"'"<<endl;
+ L<<Logger::Info<<"Loaded Lua script '"<<scripts[0]<<"' to edit the incoming AXFR of '"<<domain.toString()<<"'"<<endl;
}
catch(std::exception& e) {
- L<<Logger::Error<<"Failed to load Lua editing script '"<<scripts[0]<<"' for incoming AXFR of '"<<domain<<"': "<<e.what()<<endl;
+ L<<Logger::Error<<"Failed to load Lua editing script '"<<scripts[0]<<"' for incoming AXFR of '"<<domain.toString()<<"': "<<e.what()<<endl;
return;
}
}
if(B.getDomainMetadata(domain, "AXFR-SOURCE", localaddr) && !localaddr.empty()) {
try {
laddr = ComboAddress(localaddr[0]);
- L<<Logger::Info<<"AXFR source for domain '"<<domain<<"' set to "<<localaddr[0]<<endl;
+ L<<Logger::Info<<"AXFR source for domain '"<<domain.toString()<<"' set to "<<localaddr[0]<<endl;
}
catch(std::exception& e) {
- L<<Logger::Error<<"Failed to load AXFR source '"<<localaddr[0]<<"' for incoming AXFR of '"<<domain<<"': "<<e.what()<<endl;
+ L<<Logger::Error<<"Failed to load AXFR source '"<<localaddr[0]<<"' for incoming AXFR of '"<<domain.toString()<<"': "<<e.what()<<endl;
return;
}
} else {
bool first=true;
bool firstNSEC3=true;
unsigned int soa_serial = 0;
- set<string> nsset, qnames, secured;
+ set<DNSName> nsset, qnames, secured;
vector<DNSResourceRecord> rrs;
ComboAddress raddr(remote, 53);
- AXFRRetriever retriever(raddr, domain.c_str(), tsigkeyname, tsigalgorithm, tsigsecret, (laddr.sin4.sin_family == 0) ? NULL : &laddr);
+ AXFRRetriever retriever(raddr, domain, tsigkeyname, tsigalgorithm, tsigsecret, (laddr.sin4.sin_family == 0) ? NULL : &laddr);
Resolver::res_t recs;
while(retriever.getChunk(recs)) {
if(first) {
- L<<Logger::Error<<"AXFR started for '"<<domain<<"'"<<endl;
+ L<<Logger::Error<<"AXFR started for '"<<domain.toString()<<"'"<<endl;
first=false;
}
if(i->qtype.getCode() == QType::OPT || i->qtype.getCode() == QType::TSIG) // ignore EDNS0 & TSIG
continue;
- if(!endsOn(i->qname, domain)) {
- L<<Logger::Error<<"Remote "<<remote<<" tried to sneak in out-of-zone data '"<<i->qname.toString()<<"'|"<<i->qtype.getName()<<" during AXFR of zone '"<<domain<<"', ignoring"<<endl;
+ if(!i->qname.isPartOf(domain)) {
+ L<<Logger::Error<<"Remote "<<remote<<" tried to sneak in out-of-zone data '"<<i->qname.toString()<<"'|"<<i->qtype.getName()<<" during AXFR of zone '"<<domain.toString()<<"', ignoring"<<endl;
continue;
}
throw PDNSException("Zones with a mixture of Opt-Out NSEC3 RRs and non-Opt-Out NSEC3 RRs are not supported.");
optOutFlag = ns3rc.d_flags & 1;
if (ns3rc.d_set.count(QType::NS) && !pdns_iequals(rr.qname, domain))
- secured.insert(toLower(makeRelative(rr.qname, domain)));
+ secured.insert(toLower(makeRelative(rr.qname.toString(), domain.toString())));
continue;
}
case QType::NSEC: {
if(!isNSEC3)
L<<Logger::Info<<"Adding NSEC ordering information"<<endl;
else if(!isNarrow)
- L<<Logger::Info<<"Adding NSEC3 hashed ordering information for '"<<domain<<"'"<<endl;
+ L<<Logger::Info<<"Adding NSEC3 hashed ordering information for '"<<domain.toString()<<"'"<<endl;
else
L<<Logger::Info<<"Erasing NSEC3 ordering since we are narrow, only setting 'auth' fields"<<endl;
}
transaction=di.backend->startTransaction(domain, domain_id);
- L<<Logger::Error<<"Transaction started for '"<<domain<<"'"<<endl;
+ L<<Logger::Error<<"Transaction started for '"<<domain.toString()<<"'"<<endl;
// update the presigned flag and NSEC3PARAM
if (isDnssecZone) {
bool doent=true;
uint32_t maxent = ::arg().asNum("max-ent-entries");
- string ordername, shorter;
- set<string> rrterm;
- map<string,bool> nonterm;
+ string ordername;
+ DNSName shorter;
+ set<DNSName> rrterm;
+ map<DNSName,bool> nonterm;
BOOST_FOREACH(DNSResourceRecord& rr, rrs) {
if (pdns_iequals(shorter, domain)) // stop at apex
break;
- }while(chopOff(shorter));
+ }while(shorter.chopOff());
// Insert ents
if(doent && !rrterm.empty()) {
} else
auth=rr.auth;
- BOOST_FOREACH(const string nt, rrterm){
+ for(const auto &nt: rrterm){
if (!nonterm.count(nt))
- nonterm.insert(pair<string, bool>(nt, auth));
+ nonterm.insert(pair<DNSName, bool>(nt, auth));
else if (auth)
nonterm[nt]=true;
}
if(nonterm.size() > maxent) {
- L<<Logger::Error<<"AXFR zone "<<domain<<" has too many empty non terminals."<<endl;
+ L<<Logger::Error<<"AXFR zone "<<domain.toString()<<" has too many empty non terminals."<<endl;
nonterm.clear();
doent=false;
}
} else {
// NSEC
if (rr.auth || rr.qtype.getCode() == QType::NS) {
- ordername=toLower(labelReverse(makeRelative(rr.qname, domain)));
+ ordername=toLower(labelReverse(makeRelative(rr.qname.toString(), domain.toString())));
di.backend->feedRecord(rr, &ordername);
} else
di.backend->feedRecord(rr);
di.backend->commitTransaction();
transaction = false;
di.backend->setFresh(domain_id);
- PC.purge(domain+"$");
+ PC.purge(domain.toString()+"$");
L<<Logger::Error<<"AXFR done for '"<<domain<<"', zone committed with serial number "<<soa_serial<<endl;
if (dni.localaddr.sin4.sin_family == 0) {
return make_pair(dni.di.zone,
d_resolver.sendResolve(ComboAddress(*dni.di.masters.begin(), 53),
- dni.di.zone.c_str(),
+ dni.di.zone,
QType::SOA,
dni.dnssecOk, dni.tsigkeyname, dni.tsigalgname, dni.tsigsecret)
);
} else {
return make_pair(dni.di.zone,
d_resolver.sendResolve(ComboAddress(*dni.di.masters.begin(), 53), dni.localaddr,
- dni.di.zone.c_str(),
+ dni.di.zone,
QType::SOA,
dni.dnssecOk, dni.tsigkeyname, dni.tsigalgname, dni.tsigsecret)
);
}
}
catch(PDNSException& e) {
- throw runtime_error("While attempting to query freshness of '"+dni.di.zone+"': "+e.reason);
+ throw runtime_error("While attempting to query freshness of '"+dni.di.zone.toString()+"': "+e.reason);
}
}
DomainInfo& di(val.di);
// might've come from the packethandler
if(!di.backend && !B->getDomainInfo(di.zone, di)) {
- L<<Logger::Warning<<"Ignore domain "<< di.zone<<" since it has been removed from our backend"<<endl;
+ L<<Logger::Warning<<"Ignore domain "<< di.zone.toString()<<" since it has been removed from our backend"<<endl;
continue;
}
}
}
if(maxInception == ssr.d_freshness[di.id].theirInception && maxExpire == ssr.d_freshness[di.id].theirExpire) {
- L<<Logger::Info<<"Domain '"<< di.zone<<"' is fresh and apex RRSIGs match"<<endl;
+ L<<Logger::Info<<"Domain '"<< di.zone.toString()<<"' is fresh and apex RRSIGs match"<<endl;
di.backend->setFresh(di.id);
}
else {
if(p->qtype.getCode()!=QType::AXFR && p->qtype.getCode()!=QType::IXFR) {
if(p->d.aa) {
if(p->d.rcode==RCode::NXDomain)
- S.ringAccount("nxdomain-queries",p->qdomain+"/"+p->qtype.getName());
+ S.ringAccount("nxdomain-queries",p->qdomain.toString()+"/"+p->qtype.getName());
} else if(p->isEmpty()) {
- S.ringAccount("unauth-queries",p->qdomain+"/"+p->qtype.getName());
+ S.ringAccount("unauth-queries",p->qdomain.toString()+"/"+p->qtype.getName());
S.ringAccount("remotes-unauth",p->d_remote);
}
}
if(q->d_havetsig) { // if you have one, it must be good
TSIGRecordContent trc;
- string keyname, secret;
+ DNSName keyname;
+ string secret;
if(!checkForCorrectTSIG(q.get(), s_P->getBackend(), &keyname, &secret, &trc)) {
return false;
} else {
// cerr<<"AUTO-NS magic please!"<<endl;
DNSResourceRecord rr;
- set<string> nsset;
+ set<DNSName> nsset;
B->lookup(QType(QType::NS),q->qdomain);
while(B->get(rr))
nsset.insert(rr.content);
- for(set<string>::const_iterator j=nsset.begin();j!=nsset.end();++j) {
- vector<string> nsips=fns.lookup(*j, B);
+ for(const auto & j: nsset) {
+ vector<string> nsips=fns.lookup(j, B);
for(vector<string>::const_iterator k=nsips.begin();k!=nsips.end();++k) {
// cerr<<"got "<<*k<<" from AUTO-NS"<<endl;
if(*k == q->getRemote())
/** do the actual zone transfer. Return 0 in case of error, 1 in case of success */
-int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int outsock)
+int TCPNameserver::doAXFR(const DNSName &target, shared_ptr<DNSPacket> q, int outsock)
{
shared_ptr<DNSPacket> outpacket= getFreshAXFRPacket(q);
if(q->d_dnssecOk)
outpacket->d_dnssecOk=true; // RFC 5936, 2.2.5 'SHOULD'
- L<<Logger::Error<<"AXFR of domain '"<<target<<"' initiated by "<<q->getRemote()<<endl;
+ L<<Logger::Error<<"AXFR of domain '"<<target.toString()<<"' initiated by "<<q->getRemote()<<endl;
// determine if zone exists and AXFR is allowed using existing backend before spawning a new backend.
SOAData sd;
}
if (!canDoAXFR(q)) {
- L<<Logger::Error<<"AXFR of domain '"<<target<<"' failed: "<<q->getRemote()<<" cannot request AXFR"<<endl;
+ L<<Logger::Error<<"AXFR of domain '"<<target.toString()<<"' failed: "<<q->getRemote()<<" cannot request AXFR"<<endl;
outpacket->setRcode(9); // 'NOTAUTH'
sendPacket(outpacket,outsock);
return 0;
// canDoAXFR does all the ACL checks, and has the if(disable-axfr) shortcut, call it first.
if(!s_P->getBackend()->getSOAUncached(target, sd)) {
- L<<Logger::Error<<"AXFR of domain '"<<target<<"' failed: not authoritative"<<endl;
+ L<<Logger::Error<<"AXFR of domain '"<<target.toString()<<"' failed: not authoritative"<<endl;
outpacket->setRcode(9); // 'NOTAUTH'
sendPacket(outpacket,outsock);
return 0;
UeberBackend db;
if(!db.getSOAUncached(target, sd)) {
- L<<Logger::Error<<"AXFR of domain '"<<target<<"' failed: not authoritative in second instance"<<endl;
+ L<<Logger::Error<<"AXFR of domain '"<<target.toString()<<"' failed: not authoritative in second instance"<<endl;
outpacket->setRcode(RCode::NotAuth);
sendPacket(outpacket,outsock);
return 0;
if(dk.getNSEC3PARAM(target, &ns3pr, &narrow)) {
NSEC3Zone=true;
if(narrow) {
- L<<Logger::Error<<"Not doing AXFR of an NSEC3 narrow zone '"<<target<<"' for "<<q->getRemote()<<endl;
+ L<<Logger::Error<<"Not doing AXFR of an NSEC3 narrow zone '"<<target.toString()<<"' for "<<q->getRemote()<<endl;
noAXFRBecauseOfNSEC3Narrow=true;
}
}
if(noAXFRBecauseOfNSEC3Narrow) {
- L<<Logger::Error<<"AXFR of domain '"<<target<<"' denied to "<<q->getRemote()<<endl;
+ L<<Logger::Error<<"AXFR of domain '"<<target.toString()<<"' denied to "<<q->getRemote()<<endl;
outpacket->setRcode(RCode::Refused);
// FIXME: should actually figure out if we are auth over a zone, and send out 9 if we aren't
sendPacket(outpacket,outsock);
}
TSIGRecordContent trc;
- string tsigkeyname, tsigsecret;
+ DNSName tsigkeyname;
+ string tsigsecret;
q->getTSIGDetails(&trc, &tsigkeyname, 0);
if(!tsigkeyname.empty()) {
string tsig64;
- string algorithm=trc.d_algoName.toString(); // FIXME: check
+ DNSName algorithm=trc.d_algoName; // FIXME: check
if (algorithm == "hmac-md5.sig-alg.reg.int")
algorithm = "hmac-md5";
if (algorithm != "gss-tsig") {
outpacket->addRecord(soa);
editSOA(dk, sd.qname, outpacket.get());
if(securedZone) {
- set<string, CIStringCompare> authSet;
+ set<DNSName> authSet;
authSet.insert(target);
addRRSigs(dk, signatureDB, authSet, outpacket->getRRS());
}
BOOST_FOREACH(const DNSSECKeeper::keyset_t::value_type& value, keys) {
rr.qtype = QType(QType::DNSKEY);
rr.content = value.first.getDNSKEY().getZoneRepresentation();
- string keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : labelReverse(rr.qname);
+ string keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : labelReverse(rr.qname.toString());
NSECXEntry& ne = nsecxrepo[keyname];
ne.d_set.insert(rr.qtype.getCode());
const bool rectify = !(presignedZone || ::arg().mustDo("disable-axfr-rectify"));
- set<string> qnames, nsset, terms;
+ set<DNSName> qnames, nsset, terms;
vector<DNSResourceRecord> rrs;
while(sd.db->get(rr)) {
- if(endsOn(rr.qname, target)) {
+ if(rr.qname.isPartOf(target)) {
if (rectify) {
if (rr.qtype.getCode()) {
qnames.insert(rr.qname);
BOOST_FOREACH(DNSResourceRecord &rr, rrs) {
rr.auth=true;
if (rr.qtype.getCode() != QType::NS || !pdns_iequals(rr.qname, target)) {
- string shorter(rr.qname);
+ DNSName shorter(rr.qname);
do {
if (pdns_iequals(shorter, target)) // apex is always auth
continue;
if(nsset.count(shorter) && !(pdns_iequals(rr.qname, shorter) && rr.qtype.getCode() == QType::DS))
rr.auth=false;
- } while(chopOff(shorter));
+ } while(shorter.chopOff());
} else
continue;
}
if(NSEC3Zone) {
// ents are only required for NSEC3 zones
uint32_t maxent = ::arg().asNum("max-ent-entries");
- map<string,bool> nonterm;
+ map<DNSName,bool> nonterm;
BOOST_FOREACH(DNSResourceRecord &rr, rrs) {
- string shorter(rr.qname);
- while(!pdns_iequals(shorter, target) && chopOff(shorter)) {
+ DNSName shorter(rr.qname);
+ while(!pdns_iequals(shorter, target) && shorter.chopOff()) {
if(!qnames.count(shorter)) {
if(!(maxent)) {
L<<Logger::Warning<<"Zone '"<<target<<"' has too many empty non terminals."<<endl;
return 0;
}
if (!nonterm.count(shorter)) {
- nonterm.insert(pair<string, bool>(shorter, rr.auth));
+ nonterm.insert(pair<DNSName, bool>(shorter, rr.auth));
--maxent;
} else if (rr.auth)
nonterm[shorter]=true;
}
}
- pair<string,bool> nt;
+ pair<DNSName,bool> nt;
BOOST_FOREACH(nt, nonterm) {
DNSResourceRecord rr;
rr.qname=nt.first;
if (rr.qtype.getCode() == QType::RRSIG) {
RRSIGRecordContent rrc(rr.content);
if(presignedZone && rrc.d_type == QType::NSEC3)
- ns3rrs.insert(fromBase32Hex(makeRelative(rr.qname, target)));
+ ns3rrs.insert(fromBase32Hex(makeRelative(rr.qname.toString(), target.toString())));
continue;
}
records++;
if(securedZone && (rr.auth || rr.qtype.getCode() == QType::NS)) {
if (NSEC3Zone || rr.qtype.getCode()) {
- keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : labelReverse(rr.qname);
+ keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : labelReverse(rr.qname.toString());
NSECXEntry& ne = nsecxrepo[keyname];
ne.d_ttl = sd.default_ttl;
ne.d_auth = (ne.d_auth || rr.auth || (NSEC3Zone && (!ns3pr.d_flags || (presignedZone && ns3pr.d_flags))));
inext = nsecxrepo.begin();
}
n3rc.d_nexthash = inext->first;
- rr.qname = dotConcat(toBase32Hex(iter->first), sd.qname);
+ rr.qname = DNSName(toBase32Hex(iter->first))+DNSName(sd.qname);
rr.ttl = sd.default_ttl;
rr.content = n3rc.getZoneRepresentation();
}
}
- string target = q->qdomain;
+ DNSName target = q->qdomain;
UeberBackend db;
if(!db.getSOAUncached(target, sd)) {
- L<<Logger::Error<<"IXFR of domain '"<<target<<"' failed: not authoritative in second instance"<<endl;
+ L<<Logger::Error<<"IXFR of domain '"<<target.toString()<<"' failed: not authoritative in second instance"<<endl;
outpacket->setRcode(RCode::NotAuth);
sendPacket(outpacket,outsock);
return 0;
dk.getFromMeta(target, "SOA-EDIT", soaedit);
if (!rfc1982LessThan(serial, calculateEditSOA(sd, soaedit))) {
TSIGRecordContent trc;
- string tsigkeyname, tsigsecret;
+ DNSName tsigkeyname;
+ string tsigsecret;
q->getTSIGDetails(&trc, &tsigkeyname, 0);
if(!tsigkeyname.empty()) {
string tsig64;
- string algorithm=trc.d_algoName.toString(); // FIXME: was toLowerCanonic, compare output
+ DNSName algorithm=trc.d_algoName; // FIXME: was toLowerCanonic, compare output
if (algorithm == "hmac-md5.sig-alg.reg.int")
algorithm = "hmac-md5";
Lock l(&s_plock);
outpacket->addRecord(soa);
editSOA(dk, sd.qname, outpacket.get());
if(securedZone) {
- set<string, CIStringCompare> authSet;
+ set<DNSName> authSet;
authSet.insert(target);
addRRSigs(dk, signatureDB, authSet, outpacket->getRRS());
}
sendPacket(outpacket, outsock);
- L<<Logger::Error<<"IXFR of domain '"<<target<<"' to "<<q->getRemote()<<" finished"<<endl;
+ L<<Logger::Error<<"IXFR of domain '"<<target.toString()<<"' to "<<q->getRemote()<<" finished"<<endl;
return 1;
}
- L<<Logger::Error<<"IXFR fallback to AXFR for domain '"<<target<<"' our serial "<<sd.serial<<endl;
+ L<<Logger::Error<<"IXFR fallback to AXFR for domain '"<<target.toString()<<"' our serial "<<sd.serial<<endl;
return doAXFR(q->qdomain, q, outsock);
}
static void sendPacket(std::shared_ptr<DNSPacket> p, int outsock);
static int readLength(int fd, ComboAddress *remote);
static void getQuestion(int fd, char *mesg, int pktlen, const ComboAddress& remote);
- static int doAXFR(const string &target, std::shared_ptr<DNSPacket> q, int outsock);
+ static int doAXFR(const DNSName &target, std::shared_ptr<DNSPacket> q, int outsock);
static int doIXFR(std::shared_ptr<DNSPacket> q, int outsock);
static bool canDoAXFR(std::shared_ptr<DNSPacket> q);
static void *doConnection(void *data);
DNSSECKeeper dk;
jdi.SetObject();
// id is the canonical lookup key, which doesn't actually match the name (in some cases)
- string zoneId = apiZoneNameToId(di.zone);
+ string zoneId = apiZoneNameToId(di.zone.toString());
Value jzoneId(zoneId.c_str(), doc.GetAllocator()); // copy
jdi.AddMember("id", jzoneId, doc.GetAllocator());
string url = "/servers/localhost/zones/" + zoneId;
Value jurl(url.c_str(), doc.GetAllocator()); // copy
jdi.AddMember("url", jurl, doc.GetAllocator());
- jdi.AddMember("name", di.zone.c_str(), doc.GetAllocator());
+ jdi.AddMember("name", di.zone.toString().c_str(), doc.GetAllocator());
jdi.AddMember("kind", di.getKindString(), doc.GetAllocator());
jdi.AddMember("dnssec", dk.isSecuredZone(di.zone), doc.GetAllocator());
jdi.AddMember("account", di.account.c_str(), doc.GetAllocator());
Value object;
object.SetObject();
- Value jname(rr.qname.c_str(), doc.GetAllocator()); // copy
+ Value jname(rr.qname.toString().c_str(), doc.GetAllocator()); // copy
object.AddMember("name", jname, doc.GetAllocator());
Value jtype(rr.qtype.getName().c_str(), doc.GetAllocator()); // copy
object.AddMember("type", jtype, doc.GetAllocator());
if(rr.qtype.getCode() == QType::SOA)
seenSOA=true;
- rr.qname = stripDot(rr.qname);
+ // rr.qname = stripDot(rr.qname);
new_records.push_back(rr);
}
}
sd.nameserver = arg()["default-soa-name"];
if (!arg().isEmpty("default-soa-mail")) {
sd.hostmaster = arg()["default-soa-mail"];
- attodot(sd.hostmaster);
+ // attodot(sd.hostmaster); FIXME
} else {
sd.hostmaster = "hostmaster." + zonename;
}
case QType::CNAME:
case QType::NS:
case QType::AFSDB:
- content = rr.content.toString()
+ content = rr.content;
break;
default:
break;
else if (changetype == "REPLACE") {
// we only validate for REPLACE, as DELETE can be used to "fix" out of zone records.
if (!iends_with(qname, dotsuffix) && !pdns_iequals(qname, zonename))
- throw ApiException("RRset "+qname.toString()+" IN "+qtype.getName()+": Name is out of zone");
+ throw ApiException("RRset "+qname+" IN "+qtype.getName()+": Name is out of zone");
new_records.clear();
new_comments.clear();
rr.domain_id = di.id;
if (rr.qname != qname || rr.qtype != qtype)
- throw ApiException("Record "+rr.qname.toString()+"/"+rr.qtype+" "+rr.content+": Record wrongly bundled with RRset " + qname.toString() + "/" + qtype.getName());
+ throw ApiException("Record "+rr.qname.toString()+"/"+rr.qtype.getName()+" "+rr.content+": Record wrongly bundled with RRset " + qname + "/" + qtype.getName());
if (rr.qtype.getCode() == QType::SOA && pdns_iequals(rr.qname, zonename)) {
soa_edit_done = increaseSOARecord(rr, soa_edit_api_kind, soa_edit_kind);
throw ApiException("PTR-Hosting backend for "+rr.qname.toString()+"/"+rr.qtype.getName()+" does not support editing records.");
}
sd.db->commitTransaction();
- PC.purge(rr.qname);
+ PC.purge(rr.qname.toString());
}
// success
projects / thirdparty / pdns.git / commitdiff
