qname = rr.qname.toString();
}
else if (rr.qname.isPartOf(d_transaction_qname)) {
- if (rr.qname == d_transaction_qname) {
+ if (rr.qname == d_transaction_qname.operator const DNSName&()) {
qname = "@";
}
else {
if (!skip && nsec3zone && iter->qtype != QType::RRSIG && (iter->auth || (iter->qtype == QType::NS && (ns3pr.d_flags == 0u)) || (dssets.count(iter->qname) != 0u))) {
Bind2DNSRecord bdr = *iter;
- bdr.nsec3hash = toBase32Hex(hashQNameWithSalt(ns3pr, bdr.qname + zoneName));
+ bdr.nsec3hash = toBase32Hex(hashQNameWithSalt(ns3pr, bdr.qname + zoneName.operator const DNSName&()));
records->replace(iter, bdr);
}
rr.ttl = 0;
for (auto& nt : nonterm) {
string hashed;
- rr.qname = nt.first + zoneName;
+ rr.qname = nt.first + zoneName.operator const DNSName&();
if (nsec3zone && nt.second)
hashed = toBase32Hex(hashQNameWithSalt(ns3pr, rr.qname));
insertRecord(records, zoneName, rr.qname, rr.qtype, rr.content, rr.ttl, hashed, &nt.second);
iter = --hashindex.end();
before = DNSName(iter->nsec3hash);
}
- unhashed = iter->qname + bbd.d_name;
+ unhashed = iter->qname + bbd.d_name.operator const DNSName&();
return true;
}
}
}
else {
- domain = qname;
+ domain = ZoneName(qname);
do {
found = safeGetBBDomainInfo(domain, &bbd);
} while (!found && qtype != QType::SOA && domain.chopOff());
}
DLOG(g_log << "Bind2Backend get() returning a rr with a " << QType(d_iter->qtype).getCode() << endl);
- r.qname = qname.empty() ? domain : (qname + domain);
+ const DNSName& domainName(domain);
+ r.qname = qname.empty() ? domainName : (qname + domainName);
r.domain_id = id;
r.content = (d_iter)->content;
// r.domain_id=(d_iter)->domain_id;
bool Bind2Backend::handle::get_list(DNSResourceRecord& r)
{
if (d_qname_iter != d_qname_end) {
- r.qname = d_qname_iter->qname.empty() ? domain : (d_qname_iter->qname + domain);
+ const DNSName& domainName(domain);
+ r.qname = d_qname_iter->qname.empty() ? domainName : (d_qname_iter->qname + domainName);
r.domain_id = id;
r.content = (d_qname_iter)->content;
r.qtype = (d_qname_iter)->qtype;
shared_ptr<const recordstorage_t> rhandle = h.d_records.get();
for (recordstorage_t::const_iterator ri = rhandle->begin(); result.size() < maxResults && ri != rhandle->end(); ri++) {
- DNSName name = ri->qname.empty() ? i.d_name : (ri->qname + i.d_name);
+ const DNSName& domainName(i.d_name);
+ DNSName name = ri->qname.empty() ? domainName : (ri->qname + domainName);
if (sm.match(name) || sm.match(ri->content)) {
DNSResourceRecord r;
r.qname = std::move(name);
{
try {
dom.id = domainID;
- dom.domain = DNSName(domain["domain"].as<string>());
+ dom.domain = ZoneName(domain["domain"].as<string>());
dom.ttl = domain["ttl"].as<int>();
for (auto recs = domain["records"].begin(); recs != domain["records"].end(); recs++) {
- DNSName qname = DNSName(recs->first.as<string>());
+ ZoneName qname = ZoneName(recs->first.as<string>());
vector<GeoIPDNSResourceRecord> rrs;
for (auto item = recs->second.begin(); item != recs->second.end(); item++) {
GeoIPDNSResourceRecord rr;
rr.domain_id = static_cast<int>(dom.id);
rr.ttl = dom.ttl;
- rr.qname = qname;
+ rr.qname = qname.operator const DNSName&();
if (rec->first.IsNull()) {
rr.qtype = QType(0);
}
rr.auth = true;
rrs.push_back(rr);
}
- std::swap(dom.records[qname], rrs);
+ std::swap(dom.records[qname.operator const DNSName&()], rrs);
}
setupNetmasks(domain, dom);
{
try {
d_in_list = true;
- d_qname = target;
+ d_qname = target.operator const DNSName&();
d_qtype = QType::ANY;
d_results_cache.clear();
}
}
+ template <class Archive>
+ void save(Archive& arc, const ZoneName& zone, const unsigned int /* version */)
+ {
+ // Because ZoneName is an object containing a single DNSName field,
+ // we can't naively write
+ // arc & zone.operator const DNSName&();
+ // because the serialization actually writes the class version number in
+ // front of our provided serialization, thus causing it to be larger than
+ // the DNSName serialization. In order to remain interoperable with
+ // existing serializations, we skip the DNSName's own version number and
+ // directly serialize its contents.
+ const DNSName& name = zone.operator const DNSName&();
+ if (name.empty()) {
+ arc& std::string(); // it's arc.operator& but clang-format is confused here
+ }
+ else {
+ arc & name.toDNSStringLC();
+ }
+ }
+
+ template <class Archive>
+ void load(Archive& arc, ZoneName& zone, const unsigned int /* version */)
+ {
+ // Similarly to save() above, we can't write
+ // DNSName tmp;
+ // arc & tmp;
+ // zone = ZoneName(tmp);
+ // but have to reconstruct a DNSName from a string.
+ string tmp;
+ arc & tmp;
+ if (tmp.empty()) {
+ zone = ZoneName();
+ }
+ else {
+ zone = ZoneName(DNSName(tmp.c_str(), tmp.size(), 0, false));
+ }
+ }
+
template <class Archive>
void save(Archive& ar, const QType& g, const unsigned int /* version */)
{
} // namespace boost
BOOST_SERIALIZATION_SPLIT_FREE(DNSName);
+BOOST_SERIALIZATION_SPLIT_FREE(ZoneName);
BOOST_SERIALIZATION_SPLIT_FREE(QType);
BOOST_SERIALIZATION_SPLIT_FREE(LMDBBackend::KeyDataDB);
BOOST_SERIALIZATION_SPLIT_FREE(DomainInfo);
d_includedisabled = include_disabled;
- DNSName hunt(qdomain);
+ ZoneName hunt(qdomain);
DomainInfo di;
if (zoneId < 0) {
auto rotxn = d_tdomains->getROTransaction();
zr.disabled = lrr.disabled;
if (!zr.disabled || d_includedisabled) {
- zr.dr.d_name = compoundOrdername::getQName(key) + d_lookupdomain;
+ zr.dr.d_name = compoundOrdername::getQName(key) + d_lookupdomain.operator const DNSName&();
zr.domain_id = compoundOrdername::getDomainID(key);
zr.dr.d_type = compoundOrdername::getQType(key).getCode();
zr.dr.d_ttl = lrr.ttl;
}
if (di.kind == DomainInfo::Producer) {
- catalogs.insert(di.zone);
+ catalogs.insert(di.zone.operator const DNSName&());
catalogHashes[di.zone].process("\0");
return false; // Producer fresness check is performed elsewhere
}
}
}
before = co.getQName(key.getNoStripHeader<StringView>());
- unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone;
+ unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone.operator const DNSName&();
// now to find after .. at the beginning of the zone
if (cursor.lower_bound(co(id), key, val)) {
}
}
before = co.getQName(key.getNoStripHeader<StringView>());
- unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone;
+ unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone.operator const DNSName&();
// cout <<"Should still find 'after'!"<<endl;
// for 'after', we need to find the first hash of this zone
++count;
}
before = co.getQName(key.getNoStripHeader<StringView>());
- unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone;
+ unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone.operator const DNSName&();
// cout<<"Went backwards, found "<<before<<endl;
// return us to starting point
while (count--)
// cout << "Hit end of database, bummer"<<endl;
cursor.last(key, val);
if (compoundOrdername::getDomainID(key.getNoStripHeader<string_view>()) == domainId) {
- before = co.getQName(key.getNoStripHeader<string_view>()) + zonename;
- after = zonename;
+ before = co.getQName(key.getNoStripHeader<string_view>()) + zonename.operator const DNSName&();
+ after = zonename.operator const DNSName&();
}
// else
// cout << "We were at end of database, but this zone is not there?!"<<endl;
if (compoundOrdername::getQType(key.getNoStripHeader<string_view>()).getCode() != 0 && compoundOrdername::getDomainID(key.getNoStripHeader<string_view>()) == domainId && compoundOrdername::getQName(key.getNoStripHeader<string_view>()) == qname2) { // don't match ENTs
// cout << "Had an exact match!"<<endl;
- before = qname2 + zonename;
+ before = qname2 + zonename.operator const DNSName&();
int rc;
for (;;) {
rc = cursor.next(key, val);
}
if (rc != 0 || compoundOrdername::getDomainID(key.getNoStripHeader<string_view>()) != domainId) {
// cout << "We hit the end of the zone or database. 'after' is apex" << endl;
- after = zonename;
+ after = zonename.operator const DNSName&();
return false;
}
- after = co.getQName(key.getNoStripHeader<string_view>()) + zonename;
+ after = co.getQName(key.getNoStripHeader<string_view>()) + zonename.operator const DNSName&();
return true;
}
if (compoundOrdername::getDomainID(key.getNoStripHeader<string_view>()) != domainId) {
// cout << "Ended up in next zone, 'after' is zonename" <<endl;
- after = zonename;
+ after = zonename.operator const DNSName&();
// cout << "Now hunting for previous" << endl;
int rc;
for (;;) {
break;
}
- before = co.getQName(key.getNoStripHeader<string_view>()) + zonename;
+ before = co.getQName(key.getNoStripHeader<string_view>()) + zonename.operator const DNSName&();
// cout<<"Found: "<< before<<endl;
return true;
}
LMDBResourceRecord lrr;
deserializeFromBuffer(val.get<StringView>(), lrr);
if (co.getQType(key.getNoStripHeader<string_view>()).getCode() && (lrr.auth || co.getQType(key.getNoStripHeader<string_view>()).getCode() == QType::NS)) {
- after = co.getQName(key.getNoStripHeader<string_view>()) + zonename;
+ after = co.getQName(key.getNoStripHeader<string_view>()) + zonename.operator const DNSName&();
// cout <<"Found auth ("<<lrr.auth<<") or an NS record "<<after<<", type: "<<co.getQType(key.getNoStripHeader<string_view>()).toString()<<", ttl = "<<lrr.ttl<<endl;
// cout << makeHexDump(val.get<string>()) << endl;
break;
++skips;
if (rc != 0 || compoundOrdername::getDomainID(key.getNoStripHeader<string_view>()) != domainId) {
// cout << " oops, hit end of database or zone. This means after is apex" <<endl;
- after = zonename;
+ after = zonename.operator const DNSName&();
break;
}
}
// cout << "We hit the beginning of the zone or database.. now what" << endl;
return false;
}
- before = co.getQName(key.getNoStripHeader<string_view>()) + zonename;
+ before = co.getQName(key.getNoStripHeader<string_view>()) + zonename.operator const DNSName&();
LMDBResourceRecord lrr;
deserializeFromBuffer(val.get<string_view>(), lrr);
// cout<<"And before to "<<before<<", auth = "<<rr.auth<<endl;
return ret;
}
+template <class T, typename std::enable_if<std::is_same<T, ZoneName>::value, T>::type* = nullptr>
+std::string keyConv(const T& t)
+{
+ return keyConv(t.operator const DNSName&());
+}
+
class LMDBBackend : public DNSBackend
{
public:
throw PDNSException("list attempted while another was running");
logCall("list", "target=" << target << ",domain_id=" << domain_id);
- list_result_t result = f_list(target, domain_id);
+ list_result_t result = f_list(target.operator const DNSName&(), domain_id);
if (result.which() == 0)
return false;
}
logCall("get_domaininfo", "domain=" << domain);
- get_domaininfo_result_t result = f_get_domaininfo(domain);
+ get_domaininfo_result_t result = f_get_domaininfo(domain.operator const DNSName&());
if (result.which() == 0)
return false;
logCall("get_all_domains", "");
for (const auto& row : f_get_all_domains()) {
DomainInfo di;
- di.zone = row.first;
+ di.zone = ZoneName(row.first);
logResult(di.zone);
parseDomainInfo(row.second, di);
domains->push_back(di);
return false;
logCall("get_all_domain_metadata", "name=" << name);
- get_all_domain_metadata_result_t result = f_get_all_domain_metadata(name);
+ get_all_domain_metadata_result_t result = f_get_all_domain_metadata(name.operator const DNSName&());
if (result.which() == 0)
return false;
return false;
logCall("get_domain_metadata", "name=" << name << ",kind=" << kind);
- get_domain_metadata_result_t result = f_get_domain_metadata(name, kind);
+ get_domain_metadata_result_t result = f_get_domain_metadata(name.operator const DNSName&(), kind);
if (result.which() == 0)
return false;
return false;
logCall("get_domain_keys", "name=" << name);
- get_domain_keys_result_t result = f_get_domain_keys(name);
+ get_domain_keys_result_t result = f_get_domain_keys(name.operator const DNSName&());
if (result.which() == 0)
return false;
bool getDomainKeys(const ZoneName& name, std::vector<DNSBackend::KeyData>& keys) override;
bool getTSIGKey(const DNSName& name, DNSName& algorithm, std::string& content) override;
bool getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qname, DNSName& unhashed, DNSName& before, DNSName& after) override;
- bool setDomainMetadata(const DNSName& name, const string& kind, const std::vector<std::basic_string<char>>& meta) override;
+ bool setDomainMetadata(const ZoneName& name, const string& kind, const std::vector<std::basic_string<char>>& meta) override;
bool removeDomainKey(const ZoneName& name, unsigned int keyId) override;
bool addDomainKey(const ZoneName& name, const KeyData& key, int64_t& keyId) override;
bool activateDomainKey(const ZoneName& name, unsigned int keyId) override;
DNSZoneRecord CatalogInfo::getCatalogVersionRecord(const ZoneName& zone)
{
DNSZoneRecord dzr;
- dzr.dr.d_name = DNSName("version") + zone;
+ dzr.dr.d_name = DNSName("version") + zone.operator const DNSName&();
dzr.dr.d_ttl = 0;
dzr.dr.d_type = QType::TXT;
dzr.dr.setContent(std::make_shared<TXTRecordContent>("2"));
else {
prefix = d_unique;
}
- prefix += DNSName("zones") + zone;
+ prefix += DNSName("zones") + zone.operator const DNSName&();
DNSZoneRecord dzr;
dzr.dr.d_name = prefix;
void setType(CatalogType type) { d_type = type; }
void updateHash(CatalogHashMap& hashes, const DomainInfo& di) const;
- DNSName getUnique() const { return DNSName(toBase32Hex(hashQNameWithSalt(std::to_string(d_id), 0, d_zone))); } // salt with domain id to detect recreated zones
+ DNSName getUnique() const { return DNSName(toBase32Hex(hashQNameWithSalt(std::to_string(d_id), 0, DNSName(d_zone)))); } // salt with domain id to detect recreated zones
static DNSZoneRecord getCatalogVersionRecord(const ZoneName& zone);
void toDNSZoneRecords(const ZoneName& zone, vector<DNSZoneRecord>& dzrs) const;
try {
if (d_onlyNotify.size()) {
- B->lookup(QType(QType::NS), di.zone, di.id);
+ B->lookup(QType(QType::NS), di.zone.operator const DNSName&(), di.id);
while (B->get(rr))
nsset.insert(getRR<NSRecordContent>(rr.dr)->getNS());
std::string metaHash;
std::string mapHash;
for (auto& ch : catalogHashes) {
- if (!catalogs.count(ch.first)) {
+ if (!catalogs.count(ch.first.operator const DNSName&())) {
g_log << Logger::Warning << "orphaned member zones found with catalog '" << ch.first << "'" << endl;
continue;
}
DNSResourceRecord rr;
makeIncreasedSOARecord(sd, "EPOCH", "", rr);
- di.backend->startTransaction(sd.qname, -1);
+ di.backend->startTransaction(ZoneName(sd.qname), -1);
if (!di.backend->replaceRRSet(di.id, rr.qname, rr.qtype, vector<DNSResourceRecord>(1, rr))) {
di.backend->abortTransaction();
throw PDNSException("backend hosting producer zone '" + sd.qname.toLogString() + "' does not support editing records");
}
for (auto& di : cmdomains) {
- purgeAuthCachesExact(di.zone);
+ purgeAuthCachesExact(di.zone.operator const DNSName&());
g_zoneCache.add(di.zone, di.id);
queueNotifyDomain(di, B);
di.backend->setNotified(di.id, di.serial);
g_log << Logger::Warning << "Received unsuccessful notification report for '" << p.qdomain << "' from " << from.toStringWithPort() << ", error: " << RCode::to_s(p.d.rcode) << endl;
}
- if (d_nq.removeIf(from, p.d.id, p.qdomain)) {
+ if (d_nq.removeIf(from, p.d.id, ZoneName(p.qdomain))) {
g_log << Logger::Notice << "Removed from notification list: '" << p.qdomain << "' to " << from.toStringWithPort() << " " << (p.d.rcode ? RCode::to_s(p.d.rcode) : "(was acknowledged)") << endl;
}
else {
}
vector<uint8_t> packet;
- DNSPacketWriter pw(packet, domain, QType::SOA, 1, Opcode::Notify);
+ DNSPacketWriter pw(packet, domain.operator const DNSName&(), QType::SOA, 1, Opcode::Notify);
pw.getHeader()->id = notificationId;
pw.getHeader()->aa = true;
CatalogInfo ci;
ci.fromJson(d.options, CatalogInfo::CatalogType::Consumer);
- if (di.zone != d.catalog && di.zone == ci.d_coo) {
+ if (di.zone != d.catalog && di.zone.operator const DNSName&() == ci.d_coo) {
if (ciCreate.d_unique == ci.d_unique) {
g_log << Logger::Warning << logPrefix << "zone '" << d.zone << "' owner change without state reset, old catalog '" << d.catalog << "', new catalog '" << di.zone << "'" << endl;
DNSName rel;
DNSName unique;
for (auto& rr : rrs) {
- if (di.zone == rr.qname) {
+ if (di.zone.operator const DNSName&() == rr.qname) {
if (rr.qtype == QType::SOA) {
hasSOA = true;
continue;
}
}
- else if (rr.qname == DNSName("version") + di.zone && rr.qtype == QType::TXT) {
+ else if (rr.qname == DNSName("version") + di.zone.operator const DNSName&() && rr.qtype == QType::TXT) {
if (hasVersion) {
g_log << Logger::Warning << logPrefix << "zone '" << di.zone << "', multiple version records found, aborting" << endl;
return false;
}
}
- else if (rr.qname.isPartOf(DNSName("zones") + di.zone)) {
+ else if (rr.qname.isPartOf(DNSName("zones") + di.zone.operator const DNSName&())) {
if (rel.empty() && !hasVersion) {
g_log << Logger::Warning << logPrefix << "zone '" << di.zone << "', catalog zone schema version missing, aborting" << endl;
return false;
}
- rel = rr.qname.makeRelative(DNSName("zones") + di.zone);
+ rel = rr.qname.makeRelative(DNSName("zones") + di.zone.operator const DNSName&());
if (rel.countLabels() == 1 && rr.qtype == QType::PTR) {
if (!unique.empty()) {
ci = {};
ci.setType(CatalogInfo::CatalogType::Consumer);
- ci.d_zone = DNSName(rr.content);
+ ci.d_zone = ZoneName(rr.content);
ci.d_unique = unique;
if (!dupcheck.insert(ci.d_zone).second) {
soatimes drsoa_soatimes = {di.serial, 0, 0, 0, 0};
DNSRecord drsoa;
drsoa.setContent(std::make_shared<SOARecordContent>(g_rootdnsname, g_rootdnsname, drsoa_soatimes));
- auto deltas = getIXFRDeltas(remote, domain, drsoa, xfrTimeout, false, tsig, laddr.sin4.sin_family != 0 ? &laddr : nullptr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024);
+ auto deltas = getIXFRDeltas(remote, domain.operator const DNSName&(), drsoa, xfrTimeout, false, tsig, laddr.sin4.sin_family != 0 ? &laddr : nullptr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024);
status.numDeltas = deltas.size();
// cout<<"Got "<<deltas.size()<<" deltas from serial "<<di.serial<<", applying.."<<endl;
map<pair<ZoneName, uint16_t>, pair<vector<DNSRecord>, vector<DNSRecord>>> grouped;
for (const auto& x : remove)
- grouped[{x.d_name, x.d_type}].first.push_back(x);
+ grouped[{ZoneName(x.d_name), x.d_type}].first.push_back(x);
for (const auto& x : add)
- grouped[{x.d_name, x.d_type}].second.push_back(x);
+ grouped[{ZoneName(x.d_name), x.d_type}].second.push_back(x);
di.backend->startTransaction(domain, -1);
for (const auto& g : grouped) {
vector<DNSRecord> rrset;
{
DNSZoneRecord zrr;
- di.backend->lookup(QType(g.first.second), g.first.first + domain, di.id);
+ di.backend->lookup(QType(g.first.second), g.first.first.operator const DNSName&() + domain.operator const DNSName&(), di.id);
while (di.backend->get(zrr)) {
zrr.dr.d_name.makeUsRelative(domain);
rrset.push_back(zrr.dr);
vector<DNSResourceRecord> replacement;
for (const auto& dr : rrset) {
auto rr = DNSResourceRecord::fromWire(dr);
- rr.qname += domain;
+ rr.qname += domain.operator const DNSName&();
rr.domain_id = di.id;
if (dr.d_type == QType::SOA) {
// cout<<"New SOA: "<<x.d_content->getZoneRepresentation()<<endl;
replacement.push_back(rr);
}
- di.backend->replaceRRSet(di.id, g.first.first + domain, QType(g.first.second), replacement);
+ di.backend->replaceRRSet(di.id, g.first.first.operator const DNSName&() + domain.operator const DNSName&(), QType(g.first.second), replacement);
}
di.backend->commitTransaction();
}
{
uint16_t axfr_timeout = ::arg().asNum("axfr-fetch-timeout");
vector<DNSResourceRecord> rrs;
- AXFRRetriever retriever(raddr, domain, tt, (laddr.sin4.sin_family == 0) ? nullptr : &laddr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024, axfr_timeout);
+ AXFRRetriever retriever(raddr, ZoneName(domain), tt, (laddr.sin4.sin_family == 0) ? nullptr : &laddr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024, axfr_timeout);
Resolver::res_t recs;
bool first = true;
bool firstNSEC3{true};
rrs.reserve(axfr.size());
for (const auto& dr : axfr) {
auto rr = DNSResourceRecord::fromWire(dr);
- (rr.qname += domain).makeUsLowerCase();
+ rr.qname += domain.operator const DNSName&();
+ rr.qname.makeUsLowerCase();
rr.domain_id = zs.domain_id;
- if (!processRecordForZS(domain, firstNSEC3, rr, zs))
+ if (!processRecordForZS(domain.operator const DNSName&(), firstNSEC3, rr, zs))
continue;
if (dr.d_type == QType::SOA) {
auto sd = getRR<SOARecordContent>(dr);
if (rrs.empty()) {
g_log << Logger::Notice << logPrefix << "starting AXFR" << endl;
- rrs = doAxfr(remote, domain, tt, laddr, pdl, zs);
+ rrs = doAxfr(remote, domain.operator const DNSName&(), tt, laddr, pdl, zs);
logPrefix = "A" + logPrefix; // XFR -> AXFR
g_log << Logger::Notice << logPrefix << "retrieval finished" << endl;
}
if (zs.nsset.count(shorter) && rr.qtype.getCode() != QType::DS)
rr.auth = false;
- if (shorter == domain) // stop at apex
+ if (shorter == domain.operator const DNSName&()) // stop at apex
break;
} while (shorter.chopOff());
// Insert empty non-terminals
if (doent && !nonterm.empty()) {
if (zs.isNSEC3) {
- di.backend->feedEnts3(zs.domain_id, domain, nonterm, zs.ns3pr, zs.isNarrow);
+ di.backend->feedEnts3(zs.domain_id, domain.operator const DNSName&(), nonterm, zs.ns3pr, zs.isNarrow);
}
else
di.backend->feedEnts(zs.domain_id, nonterm);
{
shuffle(dni.di.primaries.begin(), dni.di.primaries.end(), pdns::dns_random_engine());
try {
- return {dni.di.zone,
+ return {dni.di.zone.operator const DNSName&(),
*dni.di.primaries.begin(),
d_resolver.sendResolve(*dni.di.primaries.begin(),
dni.localaddr,
- dni.di.zone,
+ dni.di.zone.operator const DNSName&(),
QType::SOA,
nullptr,
dni.dnssecOk, dni.tsigkeyname, dni.tsigalgname, dni.tsigsecret)};
SOAData sd;
try {
// Use UeberBackend cache for SOA. Cache gets cleared after AXFR/IXFR.
- B->lookup(QType(QType::SOA), di.zone, di.id, nullptr);
+ B->lookup(QType(QType::SOA), di.zone.operator const DNSName&(), di.id, nullptr);
DNSZoneRecord zr;
hasSOA = B->get(zr);
if (hasSOA) {
else if (hasSOA && theirserial == ourserial) {
uint32_t maxExpire = 0, maxInception = 0;
if (checkSignatures && dk.isPresigned(di.zone)) {
- B->lookup(QType(QType::RRSIG), di.zone, di.id); // can't use DK before we are done with this lookup!
+ B->lookup(QType(QType::RRSIG), di.zone.operator const DNSName&(), di.id); // can't use DK before we are done with this lookup!
DNSZoneRecord zr;
while (B->get(zr)) {
auto rrsig = getRR<RRSIGRecordContent>(zr.dr);
d_soacount = 0;
vector<uint8_t> packet;
- DNSPacketWriter pw(packet, domain, QType::AXFR);
+ DNSPacketWriter pw(packet, DNSName(domain), QType::AXFR);
pw.getHeader()->id = dns_random_uint16();
if (!tsigConf.name.empty()) {
}
if (pdns_iequals(row[2], "PRODUCER")) {
- catalogs.insert(di.zone);
+ catalogs.insert(di.zone.operator const DNSName&());
catalogHashes[di.zone].process("\0");
continue; // Producer fresness check is performed elsewhere
}
}
return bind(name, string(""));
}
+ SSqlStatement* bind(const string& name, const ZoneName& value)
+ {
+ return bind(name, value.operator const DNSName&());
+ }
virtual SSqlStatement* bindNull(const string& name) = 0;
virtual SSqlStatement* execute() = 0;
;
if (!res.second && !res.first->second.update) {
res.first->second.update = res.first->second.auth != rr.auth || res.first->second.ordername != rr.ordername;
}
- else if ((!securedZone || narrow) && rr.qname == zone) {
+ else if ((!securedZone || narrow) && rr.qname == zone.operator const DNSName&()) {
res.first->second.update = true;
}
if (rr.qtype.getCode())
{
qnames.insert(rr.qname);
- if(rr.qtype.getCode() == QType::NS && rr.qname != zone)
+ if(rr.qtype.getCode() == QType::NS && rr.qname != zone.operator const DNSName&())
nsset.insert(rr.qname);
if(rr.qtype.getCode() == QType::DS)
dsnames.insert(rr.qname);
for (auto &loopRR: rrs) {
bool skip=false;
DNSName shorter = loopRR.qname;
- if (shorter != zone && shorter.chopOff() && shorter != zone) {
+ if (shorter != zone.operator const DNSName&() && shorter.chopOff() && shorter != zone.operator const DNSName&()) {
do {
if(nsset.count(shorter)) {
skip=true;
break;
}
- } while(shorter.chopOff() && shorter != zone);
+ } while(shorter.chopOff() && shorter != zone.operator const DNSName&());
}
shorter = loopRR.qname;
if(!skip && (loopRR.qtype.getCode() != QType::NS || !isOptOut)) {
if(!nsec3set.count(shorter)) {
nsec3set.insert(shorter);
}
- } while(shorter != zone && shorter.chopOff());
+ } while(shorter != zone.operator const DNSName&() && shorter.chopOff());
}
}
}
if(doent)
{
shorter=qname;
- while(shorter!=zone && shorter.chopOff())
+ while(shorter!=zone.operator const DNSName&() && shorter.chopOff())
{
if(!qnames.count(shorter))
{
*/
bool DNSBackend::getSOA(const ZoneName& domain, SOAData& soaData)
{
- this->lookup(QType(QType::SOA), domain, -1);
+ this->lookup(QType(QType::SOA), domain.operator const DNSName&(), -1);
S.inc("backend-queries");
DNSResourceRecord resourceRecord;
throw PDNSException("Got non-SOA record when asking for SOA, zone: '" + domain.toLogString() + "'");
}
hits++;
- soaData.qname = domain;
+ soaData.qname = domain.operator const DNSName&();
soaData.ttl = resourceRecord.ttl;
soaData.db = this;
soaData.domain_id = resourceRecord.domain_id;
{
DNSName unhashed;
bool ret = this->getBeforeAndAfterNamesAbsolute(domainId, qname.makeRelative(zonename).makeLowerCase(), unhashed, before, after);
- DNSName lczonename = zonename.makeLowerCase();
+ DNSName lczonename = zonename.makeLowerCase().operator const DNSName&();
before += lczonename;
after += lczonename;
return ret;
{
return d_position == 0;
}
+
+#if defined(PDNS_AUTH) // [
+std::ostream & operator<<(std::ostream &os, const ZoneName& d)
+{
+ return os <<d.toLogString();
+}
+
+size_t hash_value(ZoneName const& d)
+{
+ return d.hash();
+}
+
+// Sugar while ZoneName::operator DNSName are made explicit. These can't be
+// made inline in class DNSName due to chicken-and-egg declaration order
+// between DNSName and ZoneName.
+bool DNSName::isPartOf(const ZoneName& rhs) const
+{
+ return isPartOf(rhs.operator const DNSName&());
+}
+DNSName DNSName::makeRelative(const ZoneName& zone) const
+{
+ return makeRelative(zone.operator const DNSName&());
+}
+void DNSName::makeUsRelative(const ZoneName& zone)
+{
+ makeUsRelative(zone.operator const DNSName&());
+}
+#endif // ]
// - EqualityComparable
// - LessThanComparable
// - Hash
+#if defined(PDNS_AUTH)
+class ZoneName;
+#endif
class DNSName
{
public:
};
RawLabelsVisitor getRawLabelsVisitor() const;
+#if defined(PDNS_AUTH) // [
+ // Sugar while ZoneName::operator DNSName are made explicit
+ bool isPartOf(const ZoneName& rhs) const;
+ DNSName makeRelative(const ZoneName& zone) const;
+ void makeUsRelative(const ZoneName& zone);
+#endif // ]
+
private:
string_t d_storage;
extern const DNSName g_rootdnsname, g_wildcarddnsname;
// ZoneName: this is equivalent to DNSName, but intended to only store zone
-// names. For the time being, they are strictly identical.
+// names.
+#if defined(PDNS_AUTH) // [
+// Conversions between DNSName and ZoneName are allowed, but must be explicit.
+class ZoneName
+{
+public:
+ ZoneName() = default; //!< Constructs an *empty* ZoneName, NOT the root!
+ // Work around assertion in some boost versions that do not like self-assignment of boost::container::string
+ ZoneName& operator=(const ZoneName& rhs)
+ {
+ if (this != &rhs) {
+ d_name = rhs.d_name;
+ }
+ return *this;
+ }
+ ZoneName& operator=(ZoneName&& rhs) noexcept
+ {
+ if (this != &rhs) {
+ d_name = std::move(rhs.d_name);
+ }
+ return *this;
+ }
+ ZoneName(const ZoneName& a) = default;
+ ZoneName(ZoneName&& a) = default;
+
+ explicit ZoneName(std::string_view name) : d_name(name) {}
+ explicit ZoneName(const DNSName& name) : d_name(name) {}
+
+ bool isPartOf(const ZoneName& rhs) const { return d_name.isPartOf(rhs.d_name); }
+ bool isPartOf(const DNSName& rhs) const { return d_name.isPartOf(rhs); }
+ bool operator==(const ZoneName& rhs) const { return d_name == rhs.d_name; }
+ bool operator!=(const ZoneName& rhs) const { return d_name != rhs.d_name; }
+
+ std::string toString(const std::string& separator=".", const bool trailing=true) const { return d_name.toString(separator, trailing); }
+ void toString(std::string& output, const std::string& separator=".", const bool trailing=true) const { d_name.toString(output, separator, trailing); }
+ std::string toLogString() const { return d_name.toLogString(); }
+ std::string toStringNoDot() const { return d_name.toStringNoDot(); }
+ std::string toStringRootDot() const { return d_name.toStringRootDot(); }
+ std::string toDNSString() const { return d_name.toDNSString(); }
+ std::string toDNSStringLC() const { return d_name.toDNSStringLC(); }
+
+ bool chopOff() { return d_name.chopOff(); }
+ ZoneName makeRelative(const ZoneName& zone) const
+ {
+ ZoneName ret(*this);
+ ret.d_name.makeUsRelative(zone.d_name);
+ return ret;
+ }
+ ZoneName makeLowerCase() const
+ {
+ ZoneName ret(*this);
+ ret.d_name.makeUsLowerCase();
+ return ret;
+ }
+ void makeUsLowerCase() { d_name.makeUsLowerCase(); }
+ void makeUsRelative(const ZoneName& zone) { d_name.makeUsRelative(zone.d_name); }
+ bool isWildcard() const { return d_name.isWildcard(); }
+ bool isHostname() const { return d_name.isHostname(); }
+ size_t wirelength() const { return d_name.wirelength(); }
+ bool empty() const { return d_name.empty(); }
+ bool isRoot() const { return d_name.isRoot(); }
+ void clear() { d_name.clear(); }
+ void trimToLabels(unsigned int trim) { d_name.trimToLabels(trim); }
+ size_t hash(size_t init=0) const { return d_name.hash(init); }
+
+ bool operator<(const ZoneName& rhs) const { return d_name.operator<(rhs.d_name); }
+
+ bool canonCompare(const ZoneName& rhs) const { return d_name.canonCompare(rhs.d_name); }
+
+ typedef boost::container::string string_t;
+
+ const string_t& getStorage() const { return d_name.getStorage(); }
+
+ [[nodiscard]] size_t sizeEstimate() const { return d_name.sizeEstimate(); }
+
+ bool has8bitBytes() const { return d_name.has8bitBytes(); }
+
+ // Conversion from ZoneName to DNSName
+ explicit operator const DNSName&() const { return d_name; }
+ explicit operator DNSName&() { return d_name; }
+private:
+ DNSName d_name;
+};
+
+size_t hash_value(ZoneName const& d);
+
+std::ostream & operator<<(std::ostream &os, const ZoneName& d);
+namespace std {
+ template <>
+ struct hash<ZoneName> {
+ size_t operator () (const ZoneName& dn) const { return dn.hash(0); }
+ };
+}
+
+struct CanonZoneNameCompare
+{
+ bool operator()(const ZoneName& a, const ZoneName& b) const
+ {
+ return a.canonCompare(b);
+ }
+};
+#else // ] [
using ZoneName = DNSName;
using CanonZoneNameCompare = CanonDNSNameCompare;
+#endif // ]
template<typename T>
struct SuffixMatchTree
rrc.d_originalttl=signTTL;
rrc.d_siginception=startOfWeek - 7*86400; // XXX should come from zone metadata
rrc.d_sigexpire=startOfWeek + 14*86400;
- rrc.d_signer = signer;
+ rrc.d_signer = signer.operator const DNSName&();
rrc.d_tag = 0;
DNSSECKeeper::keyset_t keys = dsk.getKeys(signer);
std::string tmp(reinterpret_cast<const char*>(data), size);
boost::split(lines, tmp, boost::is_any_of("\n"));
- ZoneParserTNG zpt(lines, g_rootdnsname);
+ ZoneParserTNG zpt(lines, ZoneName(g_rootdnsname));
/* limit the number of steps for '$GENERATE' entries */
zpt.setMaxGenerateSteps(10000);
zpt.setMaxIncludes(20);
std::array<std::atomic<uint64_t>, 16> notimpStats{};
programStats progStats;
- std::map<ZoneName, perDomainStat>::iterator getRegisteredDomain(const DNSName& d) {
+ std::map<ZoneName, perDomainStat>::iterator getRegisteredDomain(const ZoneName& d) {
auto ret = domainStats.find(d);
if (ret == domainStats.end()) {
throw PDNSException("Domain '" + d.toLogString() + "' not defined in the statistics map");
{
std::vector<std::string> meta;
std::vector<uint8_t> packet;
- DNSPacketWriter packetWriter(packet, domain, QType::SOA, 1, Opcode::Notify);
+ DNSPacketWriter packetWriter(packet, domain.operator const DNSName&(), QType::SOA, 1, Opcode::Notify);
packetWriter.getHeader()->id = notificationId;
packetWriter.getHeader()->aa = true;
g_log << Logger::Warning << "Received unsuccessful notification report for '" << packet.qdomain << "' from " << from.toStringWithPort() << ", error: " << RCode::to_s(packet.d.rcode) << endl;
}
- if (g_notificationQueue.lock()->removeIf(from, packet.d.id, packet.qdomain)) {
+ if (g_notificationQueue.lock()->removeIf(from, packet.d.id, ZoneName(packet.qdomain))) {
g_log << Logger::Notice << "Removed from notification list: '" << packet.qdomain << "' to " << from.toStringWithPort() << " " << (packet.d.rcode != 0 ? RCode::to_s(packet.d.rcode) : "(was acknowledged)") << endl;
}
else {
g_log<<Logger::Info<<logPrefix<<"NOTIFY for "<<mdp.d_qname<<"|"<<QType(mdp.d_qtype).toString()<<" "<< Opcode::to_s(mdp.d_header.opcode) <<" from "<<saddr.toStringWithPort()<<endl;
- auto found = g_domainConfigs.find(mdp.d_qname);
+ auto found = g_domainConfigs.find(ZoneName(mdp.d_qname));
if (found == g_domainConfigs.end()) {
g_log<<Logger::Info<<("Domain name '" + mdp.d_qname.toLogString() + "' is not configured for notification")<<endl;
return ResponseType::RefusedQuery;
}
if (primaryFound) {
- g_notifiesReceived.lock()->insert(mdp.d_qname);
+ g_notifiesReceived.lock()->insert(ZoneName(mdp.d_qname));
if (!found->second.notify.empty()) {
for (const auto& address : found->second.notify) {
g_log << Logger::Debug << logPrefix << "Queuing notification for " << mdp.d_qname << " to " << address.toStringWithPort() << std::endl;
- g_notificationQueue.lock()->add(mdp.d_qname, address);
+ g_notificationQueue.lock()->add(ZoneName(mdp.d_qname), address);
}
}
return ResponseType::EmptyNoError;
}
{
- if (g_domainConfigs.find(mdp.d_qname) == g_domainConfigs.end()) {
+ if (g_domainConfigs.find(ZoneName(mdp.d_qname)) == g_domainConfigs.end()) {
info_msg.push_back("Domain name '" + mdp.d_qname.toLogString() + "' is not configured for distribution");
ret = ResponseType::RefusedQuery;
}
else {
- const auto zoneInfo = getCurrentZoneInfo(mdp.d_qname);
+ const auto zoneInfo = getCurrentZoneInfo(ZoneName(mdp.d_qname));
if (zoneInfo == nullptr) {
info_msg.emplace_back("Domain has not been transferred yet");
ret = ResponseType::RefusedQuery;
*/
static bool makeSOAPacket(const MOADNSParser& mdp, vector<uint8_t>& packet) {
- auto zoneInfo = getCurrentZoneInfo(mdp.d_qname);
+ auto zoneInfo = getCurrentZoneInfo(ZoneName(mdp.d_qname));
if (zoneInfo == nullptr) {
return false;
}
until we release it.
*/
- g_stats.incrementAXFRinQueries(mdp.d_qname);
+ g_stats.incrementAXFRinQueries(ZoneName(mdp.d_qname));
- auto zoneInfo = getCurrentZoneInfo(mdp.d_qname);
+ auto zoneInfo = getCurrentZoneInfo(ZoneName(mdp.d_qname));
if (zoneInfo == nullptr) {
return false;
}
until we release it.
*/
- g_stats.incrementIXFRinQueries(mdp.d_qname);
+ g_stats.incrementIXFRinQueries(ZoneName(mdp.d_qname));
- auto zoneInfo = getCurrentZoneInfo(mdp.d_qname);
+ auto zoneInfo = getCurrentZoneInfo(ZoneName(mdp.d_qname));
if (zoneInfo == nullptr) {
return false;
}
* Let's not complicate this with IXFR over UDP (and looking if we need to truncate etc).
* Just send the current SOA and let the client try over TCP
*/
- g_stats.incrementSOAinQueries(mdp.d_qname); // FIXME: this also counts IXFR queries (but the response is the same as to a SOA query)
+ g_stats.incrementSOAinQueries(ZoneName(mdp.d_qname)); // FIXME: this also counts IXFR queries (but the response is the same as to a SOA query)
makeSOAPacket(mdp, packet);
} else if (respt == ResponseType::EmptyNoError) {
makeEmptyNoErrorPacket(mdp, packet);
} else if (respt == ResponseType::RefusedQuery) {
- g_stats.incrementUnknownDomainInQueries(mdp.d_qname);
+ g_stats.incrementUnknownDomainInQueries(ZoneName(mdp.d_qname));
makeRefusedPacket(mdp, packet);
} else if (respt == ResponseType::RefusedOpcode) {
g_stats.incrementNotImplemented(mdp.d_header.opcode);
uint32_t getSerialFromPrimary(const ComboAddress& primary, const ZoneName& zone, shared_ptr<const SOARecordContent>& soarecord, const TSIGTriplet& tsig, const uint16_t timeout)
{
vector<uint8_t> packet;
- DNSPacketWriter pw(packet, zone, QType::SOA);
+ DNSPacketWriter pw(packet, zone.operator const DNSName&(), QType::SOA);
if(!tsig.algo.empty()) {
TSIGRecordContent trc;
trc.d_algoName = tsig.algo;
set_difference(before.cbegin(), before.cend(), after.cbegin(), after.cend(), back_inserter(diff), before.value_comp());
for(const auto& d : diff) {
- cout<<'-'<< (d.d_name+zone) <<" IN "<<DNSRecordContent::NumberToType(d.d_type)<<" "<<d.getContent()->getZoneRepresentation()<<endl;
+ cout<<'-'<< (d.d_name+zone.operator const DNSName&()) <<" IN "<<DNSRecordContent::NumberToType(d.d_type)<<" "<<d.getContent()->getZoneRepresentation()<<endl;
}
diff.clear();
set_difference(after.cbegin(), after.cend(), before.cbegin(), before.cend(), back_inserter(diff), before.value_comp());
for(const auto& d : diff) {
- cout<<'+'<< (d.d_name+zone) <<" IN "<<DNSRecordContent::NumberToType(d.d_type)<<" "<<d.getContent()->getZoneRepresentation()<<endl;
+ cout<<'+'<< (d.d_name+zone.operator const DNSName&()) <<" IN "<<DNSRecordContent::NumberToType(d.d_type)<<" "<<d.getContent()->getZoneRepresentation()<<endl;
}
exit(1);
}
}
cout<<"got new serial: "<<serial<<", initiating IXFR!"<<endl;
- auto deltas = getIXFRDeltas(primary, zone, ourSoa, 20, false, tt);
+ auto deltas = getIXFRDeltas(primary, zone.operator const DNSName&(), ourSoa, 20, false, tt);
cout<<"Got "<<deltas.size()<<" deltas, applying.."<<endl;
for(const auto& delta : deltas) {
bool stop=false;
for(const auto& rr : remove) {
- report<<'-'<< (rr.d_name+zone) <<" IN "<<DNSRecordContent::NumberToType(rr.d_type)<<" "<<rr.getContent()->getZoneRepresentation()<<endl;
+ report<<'-'<< (rr.d_name+zone.operator const DNSName&()) <<" IN "<<DNSRecordContent::NumberToType(rr.d_type)<<" "<<rr.getContent()->getZoneRepresentation()<<endl;
auto range = records.equal_range(std::tie(rr.d_name, rr.d_type, rr.d_class, rr.getContent()));
if(range.first == range.second) {
cout<<endl<<" !! Could not find record "<<rr.d_name<<" to remove!!"<<endl;
}
for(const auto& rr : add) {
- report<<'+'<< (rr.d_name+zone) <<" IN "<<DNSRecordContent::NumberToType(rr.d_type)<<" "<<rr.getContent()->getZoneRepresentation()<<endl;
+ report<<'+'<< (rr.d_name+zone.operator const DNSName&()) <<" IN "<<DNSRecordContent::NumberToType(rr.d_type)<<" "<<rr.getContent()->getZoneRepresentation()<<endl;
records.insert(rr);
}
if(stop) {
return *this;
}
+#if defined(PDNS_AUTH)
+Logger& Logger::operator<<(const ZoneName& d)
+{
+ *this << d.toLogString();
+
+ return *this;
+}
+#endif
+
Logger& Logger::operator<<(const ComboAddress& ca)
{
*this << ca.toLogString();
Logger& operator<<(const char* s);
Logger& operator<<(const string& s); //!< log a string
Logger& operator<<(const DNSName&);
+#if defined(PDNS_AUTH)
+ Logger& operator<<(const ZoneName&);
+#endif
Logger& operator<<(const ComboAddress&); //!< log an address
Logger& operator<<(const SockaddrWrapper&); //!< log an address
Logger& operator<<(Urgency); //!< set the urgency, << style
d_lw->registerFunction<DNSPacket, std::unordered_map<unsigned int, DNSRecord>()>("getRRS", [](DNSPacket &p){ std::unordered_map<unsigned int, DNSRecord> ret; unsigned int i = 0; for(const auto &rec: p.getRRS()) { ret.insert({i++, rec.dr}); } return ret;});
d_lw->registerMember<DNSPacket, DNSName>("qdomain", [](const DNSPacket &p) -> DNSName { return p.qdomain; }, [](DNSPacket &p, const DNSName& name) { p.qdomain = name; });
d_lw->registerMember<DNSPacket, DNSName>("qdomainwild", [](const DNSPacket &p) -> DNSName { return p.qdomainwild; }, [](DNSPacket &p, const DNSName& name) { p.qdomainwild = name; });
- d_lw->registerMember<DNSPacket, DNSName>("qdomainzone", [](const DNSPacket &p) -> DNSName { return p.qdomainzone; }, [](DNSPacket &p, const DNSName& name) { p.qdomainzone = name; });
+ d_lw->registerMember<DNSPacket, DNSName>("qdomainzone", [](const DNSPacket &p) -> DNSName { return p.qdomainzone.operator const DNSName&(); }, [](DNSPacket &p, const DNSName& name) { p.qdomainzone = ZoneName(name); });
d_lw->registerMember<DNSPacket, std::string>("d_peer_principal", [](const DNSPacket &p) -> std::string { return p.d_peer_principal; }, [](DNSPacket &p, const std::string &princ) { p.d_peer_principal = princ; });
d_lw->registerMember<DNSPacket, const std::string>("qtype", [](const DNSPacket &p) -> const std::string { return p.qtype.toString(); }, [](DNSPacket &p, const std::string &type) { p.qtype = type; });
d_lw->writeFunction("newDN", [](const std::string& dom){ return DNSName(dom); });
d_lw->registerFunction("__lt", &DNSName::operator<);
d_lw->registerFunction("canonCompare", &DNSName::canonCompare);
- d_lw->registerFunction("makeRelative", &DNSName::makeRelative);
- d_lw->registerFunction("isPartOf", &DNSName::isPartOf);
+ d_lw->registerFunction<DNSName(DNSName::*)(const DNSName&)>("makeRelative", [](const DNSName& name, const DNSName& zone) { return name.makeRelative(zone); });
+ d_lw->registerFunction<bool(DNSName::*)(const DNSName&)>("isPartOf", [](const DNSName& name, const DNSName& rhs) { return name.isPartOf(rhs); });
d_lw->registerFunction("getRawLabels", &DNSName::getRawLabels);
d_lw->registerFunction<unsigned int(DNSName::*)()>("countLabels", [](const DNSName& name) { return name.countLabels(); });
d_lw->registerFunction<size_t(DNSName::*)()>("wireLength", [](const DNSName& name) { return name.wirelength(); });
return ret;
}
- vector<DNSZoneRecord> drs = lookup(rec, qtype, soaData.domain_id);
+ vector<DNSZoneRecord> drs = lookup(rec.operator const DNSName&(), qtype, soaData.domain_id);
for (const auto& drec : drs) {
ret.push_back(drec.dr.getContent()->getZoneRepresentation());
}
#include "namespaces.hh"
class DNSName;
+#if defined(PDNS_AUTH)
+class ZoneName;
+#else
using ZoneName = DNSName;
+#endif
// Do not change to "using TSIGHashEnum ..." until you know CodeQL does not choke on it
typedef enum
inline DNSName toCanonic(const ZoneName& zone, const string& qname)
{
if(qname.size()==1 && qname[0]=='@')
- return zone;
+ return DNSName(zone);
if(isCanonical(qname))
return DNSName(qname);
- return DNSName(qname) += zone;
+ return DNSName(qname) += DNSName(zone);
}
string stripDot(const string& dom);
return match(name.toStringNoDot());
}
+#if defined(PDNS_AUTH) // [
+ bool match(const ZoneName& name) const {
+ return match(name.toStringNoDot());
+ }
+#endif // ]
+
private:
const string d_mask;
const bool d_fold;
**/
bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr<DNSPacket>& r)
{
+ ZoneName zonename(p.qdomain);
string publishCDNSKEY;
- d_dk.getPublishCDNSKEY(p.qdomain,publishCDNSKEY);
+ d_dk.getPublishCDNSKEY(zonename,publishCDNSKEY);
if (publishCDNSKEY.empty())
return false;
}
bool haveOne=false;
- for (const auto& value : d_dk.getEntryPoints(p.qdomain)) {
+ for (const auto& value : d_dk.getEntryPoints(zonename)) {
if (!value.second.published) {
continue;
}
DNSZoneRecord rr;
bool haveOne=false;
- for (const auto& value : d_dk.getKeys(p.qdomain)) {
+ for (const auto& value : d_dk.getKeys(ZoneName(p.qdomain))) {
if (!value.second.published) {
continue;
}
bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr<DNSPacket>& r)
{
string publishCDS;
- d_dk.getPublishCDS(p.qdomain, publishCDS);
+ d_dk.getPublishCDS(ZoneName(p.qdomain), publishCDS);
if (publishCDS.empty())
return false;
bool haveOne=false;
- for (const auto& value : d_dk.getEntryPoints(p.qdomain)) {
+ for (const auto& value : d_dk.getEntryPoints(ZoneName(p.qdomain))) {
if (!value.second.published) {
continue;
}
DNSZoneRecord rr;
NSEC3PARAMRecordContent ns3prc;
- if(d_dk.getNSEC3PARAM(p.qdomain, &ns3prc)) {
+ if(d_dk.getNSEC3PARAM(ZoneName(p.qdomain), &ns3prc)) {
rr.dr.d_type=QType::NSEC3PARAM;
rr.dr.d_ttl=d_sd.minimum;
rr.dr.d_name=p.qdomain;
#ifdef HAVE_LUA_RECORDS
bool doLua=g_doLuaRecord;
+ ZoneName zonename(d_sd.qname);
if(!doLua) {
string val;
- d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val);
+ d_dk.getFromMeta(zonename, "ENABLE-LUA-RECORDS", val);
doLua = (val=="1");
}
#endif
continue;
}
#ifdef HAVE_LUA_RECORDS
- if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.qname)) {
+ if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(zonename)) {
if(!doLua) {
DLOG(g_log<<"Have a wildcard Lua match, but not doing Lua record for this zone"<<endl);
continue;
void PacketHandler::emitNSEC(std::unique_ptr<DNSPacket>& r, const DNSName& name, const DNSName& next, int mode)
{
+ ZoneName zonename(d_sd.qname);
NSECRecordContent nrc;
nrc.d_next = next;
nrc.set(QType::RRSIG);
if(d_sd.qname == name) {
nrc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
- if(!d_dk.isPresigned(d_sd.qname)) {
- auto keyset = d_dk.getKeys(name);
+ if(!d_dk.isPresigned(zonename)) {
+ auto keyset = d_dk.getKeys(zonename);
for(const auto& value: keyset) {
if (value.second.published) {
nrc.set(QType::DNSKEY);
string publishCDNSKEY;
- d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
+ d_dk.getPublishCDNSKEY(zonename, publishCDNSKEY);
if (! publishCDNSKEY.empty())
nrc.set(QType::CDNSKEY);
string publishCDS;
- d_dk.getPublishCDS(name, publishCDS);
+ d_dk.getPublishCDS(zonename, publishCDS);
if (! publishCDS.empty())
nrc.set(QType::CDS);
break;
B.lookup(QType(QType::ANY), name, d_sd.domain_id);
while(B.get(rr)) {
#ifdef HAVE_LUA_RECORDS
- if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.qname)) {
+ if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(zonename)) {
first = false;
doLua = g_doLuaRecord;
if (!doLua) {
string val;
- d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val);
+ d_dk.getFromMeta(zonename, "ENABLE-LUA-RECORDS", val);
doLua = (val == "1");
}
}
// does not falsely deny the type for this name.
// This does NOT add the ALIAS to the bitmap, as that record cannot
// be requested.
- if (!d_dk.isPresigned(d_sd.qname)) {
+ if (!d_dk.isPresigned(zonename)) {
nrc.set(QType::A);
nrc.set(QType::AAAA);
}
}
- else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(d_sd.qname) && !::arg().mustDo("direct-dnskey")) {
+ else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(zonename) && !::arg().mustDo("direct-dnskey")) {
continue;
}
else if(rr.dr.d_type == QType::NS || rr.auth) {
void PacketHandler::emitNSEC3(std::unique_ptr<DNSPacket>& r, const NSEC3PARAMRecordContent& ns3prc, const DNSName& name, const string& namehash, const string& nexthash, int mode)
{
+ ZoneName zonename(d_sd.qname);
NSEC3RecordContent n3rc;
n3rc.d_algorithm = ns3prc.d_algorithm;
n3rc.d_flags = ns3prc.d_flags;
if (d_sd.qname == name) {
n3rc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
n3rc.set(QType::NSEC3PARAM);
- if(!d_dk.isPresigned(d_sd.qname)) {
- auto keyset = d_dk.getKeys(name);
+ if(!d_dk.isPresigned(zonename)) {
+ auto keyset = d_dk.getKeys(zonename);
for(const auto& value: keyset) {
if (value.second.published) {
n3rc.set(QType::DNSKEY);
string publishCDNSKEY;
- d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
+ d_dk.getPublishCDNSKEY(zonename, publishCDNSKEY);
if (! publishCDNSKEY.empty())
n3rc.set(QType::CDNSKEY);
string publishCDS;
- d_dk.getPublishCDS(name, publishCDS);
+ d_dk.getPublishCDS(zonename, publishCDS);
if (! publishCDS.empty())
n3rc.set(QType::CDS);
break;
B.lookup(QType(QType::ANY), name, d_sd.domain_id);
while(B.get(rr)) {
#ifdef HAVE_LUA_RECORDS
- if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.qname)) {
+ if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(zonename)) {
first = false;
doLua = g_doLuaRecord;
if (!doLua) {
string val;
- d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val);
+ d_dk.getFromMeta(zonename, "ENABLE-LUA-RECORDS", val);
doLua = (val == "1");
}
}
// does not falsely deny the type for this name.
// This does NOT add the ALIAS to the bitmap, as that record cannot
// be requested.
- if (!d_dk.isPresigned(d_sd.qname)) {
+ if (!d_dk.isPresigned(zonename)) {
n3rc.set(QType::A);
n3rc.set(QType::AAAA);
}
}
- else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(d_sd.qname) && !::arg().mustDo("direct-dnskey")) {
+ else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(zonename) && !::arg().mustDo("direct-dnskey")) {
continue;
}
else if(rr.dr.d_type && (rr.dr.d_type == QType::NS || rr.auth)) {
{
NSEC3PARAMRecordContent ns3rc;
bool narrow = false;
- if(d_dk.getNSEC3PARAM(d_sd.qname, &ns3rc, &narrow)) {
+ if(d_dk.getNSEC3PARAM(ZoneName(d_sd.qname), &ns3rc, &narrow)) {
if (mode != 5) // no direct NSEC3 queries, rfc5155 7.2.8
addNSEC3(p, r, target, wildcard, ns3rc, narrow, mode);
}
DLOG(g_log<<"addNSEC3() mode="<<mode<<" auth="<<d_sd.qname<<" target="<<target<<" wildcard="<<wildcard<<endl);
if (d_sd.db == nullptr) {
- if(!B.getSOAUncached(d_sd.qname, d_sd)) {
+ if(!B.getSOAUncached(ZoneName(d_sd.qname), d_sd)) {
DLOG(g_log<<"Could not get SOA for domain"<<endl);
return;
}
{
DLOG(g_log<<"addNSEC() mode="<<mode<<" auth="<<d_sd.qname<<" target="<<target<<" wildcard="<<wildcard<<endl);
+ ZoneName zonename(d_sd.qname);
if (d_sd.db == nullptr) {
- if(!B.getSOAUncached(d_sd.qname, d_sd)) {
+ if(!B.getSOAUncached(zonename, d_sd)) {
DLOG(g_log<<"Could not get SOA for domain"<<endl);
return;
}
}
DNSName before,after;
- d_sd.db->getBeforeAndAfterNames(d_sd.domain_id, d_sd.qname, target, before, after);
+ d_sd.db->getBeforeAndAfterNames(d_sd.domain_id, zonename, target, before, after);
if (mode != 5 || before == target)
emitNSEC(r, before, after, mode);
closest.chopOff();
closest.prependRawLabel("*");
}
- d_sd.db->getBeforeAndAfterNames(d_sd.domain_id, d_sd.qname, closest, before, after);
+ d_sd.db->getBeforeAndAfterNames(d_sd.domain_id, zonename, closest, before, after);
emitNSEC(r, before, after, mode);
}
return;
return RCode::Refused;
}
- if (!B.autoPrimaryBackend(remote.toString(), p.qdomain, nsset, &nameserver, &account, &db)) {
+ ZoneName zonename(p.qdomain);
+ if (!B.autoPrimaryBackend(remote.toString(), zonename, nsset, &nameserver, &account, &db)) {
g_log << Logger::Error << "Unable to find backend willing to host " << p.qdomain << " for potential autoprimary " << remote << ". Remote nameservers: " << endl;
for(const auto& rr: nsset) {
if(rr.qtype==QType::NS)
return RCode::Refused;
}
try {
- db->createSecondaryDomain(remote.toString(), p.qdomain, nameserver, account);
+ db->createSecondaryDomain(remote.toString(), zonename, nameserver, account);
DomainInfo di;
- if (!db->getDomainInfo(p.qdomain, di, false)) {
- g_log << Logger::Error << "Failed to create " << p.qdomain << " for potential autoprimary " << remote << endl;
+ if (!db->getDomainInfo(zonename, di, false)) {
+ g_log << Logger::Error << "Failed to create " << zonename << " for potential autoprimary " << remote << endl;
return RCode::ServFail;
}
- g_zoneCache.add(p.qdomain, di.id);
+ g_zoneCache.add(zonename, di.id);
if (tsigkeyname.empty() == false) {
vector<string> meta;
meta.push_back(tsigkeyname.toStringNoDot());
- db->setDomainMetadata(p.qdomain, "AXFR-MASTER-TSIG", meta);
+ db->setDomainMetadata(zonename, "AXFR-MASTER-TSIG", meta);
}
}
catch(PDNSException& ae) {
- g_log << Logger::Error << "Database error trying to create " << p.qdomain << " for potential autoprimary " << remote << ": " << ae.reason << endl;
+ g_log << Logger::Error << "Database error trying to create " << zonename << " for potential autoprimary " << remote << ": " << ae.reason << endl;
return RCode::ServFail;
}
- g_log << Logger::Warning << "Created new secondary zone '" << p.qdomain << "' from autoprimary " << remote << endl;
+ g_log << Logger::Warning << "Created new secondary zone '" << zonename << "' from autoprimary " << remote << endl;
return RCode::NoError;
}
int PacketHandler::processNotify(const DNSPacket& p)
{
+ ZoneName zonename(p.qdomain);
/* now what?
was this notification from an approved address?
was this notification approved by TSIG?
if primary is higher -> do stuff
*/
- g_log<<Logger::Debug<<"Received NOTIFY for "<<
p.qdomain<<" from "<<p.getRemoteString()<<endl;
+ g_log<<Logger::Debug<<"Received NOTIFY for "<<
zonename<<" from "<<p.getRemoteString()<<endl;
if(!::arg().mustDo("secondary") && s_forwardNotify.empty()) {
- g_log << Logger::Warning << "Received NOTIFY for " << p.qdomain << " from " << p.getRemoteString() << " but secondary support is disabled in the configuration" << endl;
+ g_log << Logger::Warning << "Received NOTIFY for " << zonename << " from " << p.getRemoteString() << " but secondary support is disabled in the configuration" << endl;
return RCode::Refused;
}
//
if(!s_allowNotifyFrom.match(p.getInnerRemote()) || p.d_havetsig) {
if (p.d_havetsig && p.getTSIGKeyname().empty() == false) {
- g_log<<Logger::Notice<<"Received secure NOTIFY for "<<
p.qdomain<<" from "<<p.getRemoteString()<<", with TSIG key '"<<p.getTSIGKeyname()<<"'"<<endl;
+ g_log<<Logger::Notice<<"Received secure NOTIFY for "<<
zonename<<" from "<<p.getRemoteString()<<", with TSIG key '"<<p.getTSIGKeyname()<<"'"<<endl;
} else {
- g_log<<Logger::Warning<<"Received NOTIFY for "<<
p.qdomain<<" from "<<p.getRemoteString()<<" but the remote is not providing a TSIG key or in allow-notify-from (Refused)"<<endl;
+ g_log<<Logger::Warning<<"Received NOTIFY for "<<
zonename<<" from "<<p.getRemoteString()<<" but the remote is not providing a TSIG key or in allow-notify-from (Refused)"<<endl;
return RCode::Refused;
}
}
if ((!::arg().mustDo("allow-unsigned-notify") && !p.d_havetsig) || p.d_havetsig) {
if (!p.d_havetsig) {
- g_log<<Logger::Warning<<"Received unsigned NOTIFY for "<<
p.qdomain<<" from "<<p.getRemoteString()<<" while a TSIG key was required (Refused)"<<endl;
+ g_log<<Logger::Warning<<"Received unsigned NOTIFY for "<<
zonename<<" from "<<p.getRemoteString()<<" while a TSIG key was required (Refused)"<<endl;
return RCode::Refused;
}
vector<string> meta;
- if (B.getDomainMetadata(p.qdomain,"AXFR-MASTER-TSIG",meta) && meta.size() > 0) {
+ if (B.getDomainMetadata(zonename,"AXFR-MASTER-TSIG",meta) && meta.size() > 0) {
DNSName expected{meta[0]};
if (p.getTSIGKeyname() != expected) {
- g_log<<Logger::Warning<<"Received secure NOTIFY for "<<
p.qdomain<<" from "<<p.getRemoteString()<<": expected TSIG key '"<<expected<<"', got '"<<p.getTSIGKeyname()<<"' (Refused)"<<endl;
+ g_log<<Logger::Warning<<"Received secure NOTIFY for "<<
zonename<<" from "<<p.getRemoteString()<<": expected TSIG key '"<<expected<<"', got '"<<p.getTSIGKeyname()<<"' (Refused)"<<endl;
return RCode::Refused;
}
}
// Domain verification
//
DomainInfo di;
- if(!B.getDomainInfo(p.qdomain, di, false) || !di.backend) {
+ if(!B.getDomainInfo(zonename, di, false) || !di.backend) {
if(::arg().mustDo("autosecondary")) {
- g_log << Logger::Warning << "Received NOTIFY for " << p.qdomain << " from " << p.getRemoteString() << " for which we are not authoritative, trying autoprimary" << endl;
+ g_log << Logger::Warning << "Received NOTIFY for " << zonename << " from " << p.getRemoteString() << " for which we are not authoritative, trying autoprimary" << endl;
return tryAutoPrimary(p, p.getTSIGKeyname());
}
- g_log<<Logger::Notice<<"Received NOTIFY for "<<
p.qdomain<<" from "<<p.getRemoteString()<<" for which we are not authoritative (Refused)"<<endl;
+ g_log<<Logger::Notice<<"Received NOTIFY for "<<
zonename<<" from "<<p.getRemoteString()<<" for which we are not authoritative (Refused)"<<endl;
return RCode::Refused;
}
if(pdns::isAddressTrustedNotificationProxy(p.getInnerRemote())) {
if (di.primaries.empty()) {
- g_log << Logger::Warning << "Received NOTIFY for " << p.qdomain << " from trusted-notification-proxy " << p.getRemoteString() << ", zone does not have any primaries defined (Refused)" << endl;
+ g_log << Logger::Warning << "Received NOTIFY for " << zonename << " from trusted-notification-proxy " << p.getRemoteString() << ", zone does not have any primaries defined (Refused)" << endl;
return RCode::Refused;
}
- g_log<<Logger::Notice<<"Received NOTIFY for "<<
p.qdomain<<" from trusted-notification-proxy "<<p.getRemoteString()<<endl;
+ g_log<<Logger::Notice<<"Received NOTIFY for "<<
zonename<<" from trusted-notification-proxy "<<p.getRemoteString()<<endl;
}
else if (::arg().mustDo("primary") && di.isPrimaryType()) {
- g_log << Logger::Warning << "Received NOTIFY for " << p.qdomain << " from " << p.getRemoteString() << " but we are primary (Refused)" << endl;
+ g_log << Logger::Warning << "Received NOTIFY for " << zonename << " from " << p.getRemoteString() << " but we are primary (Refused)" << endl;
return RCode::Refused;
}
else if (!di.isPrimary(p.getInnerRemote())) {
- g_log << Logger::Warning << "Received NOTIFY for " << p.qdomain << " from " << p.getRemoteString() << " which is not a primary (Refused)" << endl;
+ g_log << Logger::Warning << "Received NOTIFY for " << zonename << " from " << p.getRemoteString() << " which is not a primary (Refused)" << endl;
return RCode::Refused;
}
if(!s_forwardNotify.empty()) {
set<string> forwardNotify(s_forwardNotify);
for(const auto & j : forwardNotify) {
- g_log<<Logger::Notice<<"Relaying notification of domain "<<
p.qdomain<<" from "<<p.getRemoteString()<<" to "<<j<<endl;
- Communicator.notify(p.qdomain,j);
+ g_log<<Logger::Notice<<"Relaying notification of domain "<<
zonename<<" from "<<p.getRemoteString()<<" to "<<j<<endl;
+ Communicator.notify(zonename,j);
}
}
if(::arg().mustDo("secondary")) {
- g_log<<Logger::Notice<<"Received NOTIFY for "<<
p.qdomain<<" from "<<p.getRemoteString()<<" - queueing check"<<endl;
+ g_log<<Logger::Notice<<"Received NOTIFY for "<<
zonename<<" from "<<p.getRemoteString()<<" - queueing check"<<endl;
di.receivedNotify = true;
Communicator.addSecondaryCheckRequest(di, p.getInnerRemote());
}
if(!retargeted)
r->setA(false);
- if(d_dk.isSecuredZone(d_sd.qname) && !addDSforNS(p, r, name) && d_dnssec) {
+ if(d_dk.isSecuredZone(ZoneName(d_sd.qname)) && !addDSforNS(p, r, name) && d_dnssec) {
addNSECX(p, r, name, DNSName(), 1);
}
{
addNSECX(p, r, target, DNSName(), 5);
if(d_sd.qname == p.qdomain) {
- if(!d_dk.isPresigned(d_sd.qname)) {
+ if(!d_dk.isPresigned(ZoneName(d_sd.qname))) {
addDNSKEY(p, r);
addCDNSKEY(p, r);
addCDS(p, r);
return true;
}
- if(!B.getAuth(state.target, pkt.qtype, &d_sd)) {
+ if(!B.getAuth(ZoneName(state.target), pkt.qtype, &d_sd)) {
DLOG(g_log<<Logger::Error<<"We have no authority over zone '"<<state.target<<"'"<<endl);
if (!retargeted) {
state.r->setA(false); // drop AA if we never had a SOA in the first place
}
DLOG(g_log<<Logger::Error<<"We have authority, zone='"<<d_sd.qname<<"', id="<<d_sd.domain_id<<endl);
+ ZoneName zonename(d_sd.qname);
if (!retargeted) {
- state.r->qdomainzone = d_sd.qname;
- } else if (!d_doResolveAcrossZones && state.r->qdomainzone != d_sd.qname) {
+ state.r->qdomainzone = zonename;
+ } else if (!d_doResolveAcrossZones && state.r->qdomainzone.operator const DNSName&() != d_sd.qname) {
// We are following a retarget outside the initial zone. Config asked us not to do that.
return true;
}
- state.authSet.insert(d_sd.qname);
- d_dnssec=(pkt.d_dnssecOk && d_dk.isSecuredZone(d_sd.qname));
+ state.authSet.insert(zonename);
+ d_dnssec=(pkt.d_dnssecOk && d_dk.isSecuredZone(zonename));
state.doSigs |= d_dnssec;
if(d_sd.qname==pkt.qdomain) {
- if(!d_dk.isPresigned(d_sd.qname)) {
+ if(!d_dk.isPresigned(zonename)) {
switch (pkt.qtype.getCode()) {
case QType::DNSKEY:
if(addDNSKEY(pkt, state.r)) {
}
// this TRUMPS a cname!
- if(d_dnssec && pkt.qtype.getCode() == QType::NSEC && !d_dk.getNSEC3PARAM(d_sd.qname, nullptr)) {
+ if(d_dnssec && pkt.qtype.getCode() == QType::NSEC && !d_dk.getNSEC3PARAM(zonename, nullptr)) {
addNSEC(pkt, state.r, state.target, DNSName(), 5);
if (!state.r->isEmpty()) {
return true;
#ifdef HAVE_LUA_RECORDS
if(!doLua) {
string val;
- d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val);
+ d_dk.getFromMeta(zonename, "ENABLE-LUA-RECORDS", val);
doLua = (val=="1");
}
#endif
while(B.get(zrr)) {
#ifdef HAVE_LUA_RECORDS
- if (zrr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.qname)) {
+ if (zrr.dr.d_type == QType::LUA && !d_dk.isPresigned(zonename)) {
if(!doLua) {
continue;
}
weRedirected=true;
}
- if (DP && zrr.dr.d_type == QType::ALIAS && (pkt.qtype.getCode() == QType::A || pkt.qtype.getCode() == QType::AAAA || pkt.qtype.getCode() == QType::ANY) && !d_dk.isPresigned(d_sd.qname)) {
+ if (DP && zrr.dr.d_type == QType::ALIAS && (pkt.qtype.getCode() == QType::A || pkt.qtype.getCode() == QType::AAAA || pkt.qtype.getCode() == QType::ANY) && !d_dk.isPresigned(zonename)) {
if (!d_doExpandALIAS) {
g_log<<Logger::Info<<"ALIAS record found for "<<state.target<<", but ALIAS expansion is disabled."<<endl;
continue;
}
else if(weDone) {
bool haveRecords = false;
- bool presigned = d_dk.isPresigned(d_sd.qname);
+ bool presigned = d_dk.isPresigned(zonename);
for(const auto& loopRR: rrset) {
if (loopRR.dr.d_type == QType::ENT) {
continue;
struct queryState {
std::unique_ptr<DNSPacket> r{nullptr};
- set<DNSName> authSet;
+ set<ZoneName> authSet;
DNSName target;
bool doSigs{false};
bool noCache{false};
if(B.getSOAUncached(parent, sd_p)) {
bool ns=false;
DNSZoneRecord zr;
- B.lookup(QType(QType::ANY), zone, sd_p.domain_id);
+ B.lookup(QType(QType::ANY), zone.operator const DNSName&(), sd_p.domain_id);
while(B.get(zr))
ns |= (zr.dr.d_type == QType::NS);
if (!ns) {
numwarnings++;
}
- if(rr.qname==zone) {
+ if(rr.qname==zone.operator const DNSName&()) {
// apex checks
if (rr.qtype.getCode() == QType::NS) {
hasNsAtApex=true;
}
}
}
- if( ! ds_ns && rr.qtype.getCode() == QType::DS && rr.qname != zone ) {
+ if( ! ds_ns && rr.qtype.getCode() == QType::DS && rr.qname != zone.operator const DNSName&() ) {
cout << "[Warning] DS record without a delegation '" << rr.qname<<"'." << endl;
numwarnings++;
}
sd.db->startTransaction(zone, -1);
auto rrs = vector<DNSResourceRecord>{rr};
- if (!sd.db->replaceRRSet(sd.domain_id, zone, rr.qtype, rrs)) {
+ if (!sd.db->replaceRRSet(sd.domain_id, zone.operator const DNSName&(), rr.qtype, rrs)) {
cerr << "Backend did not replace SOA record. Backend might not support this operation." << endl;
sd.db->abortTransaction();
return -1;
DNSName ordername;
if(haveNSEC3) {
if(!narrow)
- ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, zone)));
+ ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, zone.operator const DNSName&())));
} else
ordername=DNSName("");
if(g_verbose)
unixDie("Editing file with: '"+cmdline+"', perhaps set EDITOR variable");
}
cmdline.clear();
- ZoneParserTNG zpt(tmpnam, g_rootdnsname);
+ ZoneParserTNG zpt(tmpnam, ZoneName(g_rootdnsname));
zpt.setMaxGenerateSteps(::arg().asNum("max-generate-steps"));
zpt.setMaxIncludes(::arg().asNum("max-include-depth"));
DNSResourceRecord zrr;
cout<<c.second;
}
if (!changed.empty()) {
- if (changed.find({zone, QType::SOA}) == changed.end()) {
+ if (changed.find({zone.operator const DNSName&(), QType::SOA}) == changed.end()) {
reAsk3:;
cout<<endl<<"You have not updated the SOA record! Would you like to increase-serial?"<<endl;
cout<<"(y)es - increase serial, (n)o - leave SOA record as is, (e)dit your changes, (q)uit: "<<std::flush;
switch(c) {
case 'y':
{
- DNSRecord oldSoaDR = grouped[{zone, QType::SOA}].at(0); // there should be only one SOA record, so we can use .at(0);
+ DNSRecord oldSoaDR = grouped[{zone.operator const DNSName&(), QType::SOA}].at(0); // there should be only one SOA record, so we can use .at(0);
ostringstream str;
str<< col.red() << "-" << oldSoaDR.d_name << " " << oldSoaDR.d_ttl << " IN " << DNSRecordContent::NumberToType(oldSoaDR.d_type) << " " <<oldSoaDR.getContent()->getZoneRepresentation(true) << col.rst() <<endl;
rr.domain_id=di.id;
bool haveSOA = false;
while(zpt.get(rr)) {
- if(!rr.qname.isPartOf(zone) && rr.qname!=zone) {
+ if(!rr.qname.isPartOf(zone) && rr.qname!=zone.operator const DNSName&()) {
cerr<<"File contains record named '"<<rr.qname<<"' which is not part of zone '"<<zone<<"'"<<endl;
return EXIT_FAILURE;
}
}
DNSResourceRecord rr;
- rr.qname = zone;
+ rr.qname = zone.operator const DNSName&();
rr.auth = true;
rr.ttl = ::arg().asNum("default-ttl");
rr.qtype = "SOA";
ZoneName zone(cmds.at(1));
DNSName name;
if (cmds.at(2) == "@")
- name=zone;
+ name=zone.operator const DNSName&();
else
- name = DNSName(cmds.at(2)) + zone;
+ name = DNSName(cmds.at(2)) + zone.operator const DNSName&();
UtilBackend B; //NOLINT(readability-identifier-length)
DomainInfo di;
DNSName name;
if(name_=="@")
- name=zone;
+ name=zone.operator const DNSName&();
else
- name=DNSName(name_)+zone;
+ name=DNSName(name_)+zone.operator const DNSName&();
QType qt(QType::chartocode(type_.c_str()));
di.backend->startTransaction(zone, -1);
static void testSpeed(const ZoneName& zone, int cores)
{
DNSResourceRecord rr;
- rr.qname=DNSName("blah")+zone;
+ rr.qname=DNSName("blah")+zone.operator const DNSName&();
rr.qtype=QType::A;
rr.ttl=3600;
rr.auth=true;
rr.content=tmp;
snprintf(tmp, sizeof(tmp), "r-%u", rnd);
- rr.qname=DNSName(tmp)+zone;
+ rr.qname=DNSName(tmp)+zone.operator const DNSName&();
DNSZoneRecord dzr;
dzr.dr=DNSRecord(rr);
if(csp.submit(dzr))
vector<DNSKEYRecordContent> keys;
DNSZoneRecord zr;
- di.backend->lookup(QType(QType::DNSKEY), zone, di.id );
+ di.backend->lookup(QType(QType::DNSKEY), zone.operator const DNSName&(), di.id );
while(di.backend->get(zr)) {
keys.push_back(*getRR<DNSKEYRecordContent>(zr.dr));
}
const std::string prefix(exportDS ? "" : "DS = ");
if (g_verbose) {
- cout<<prefix<<zone.toString()<<" IN DS "<<makeDSFromDNSKey(zone, key, DNSSECKeeper::DIGEST_SHA1).getZoneRepresentation() << " ; ( SHA1 digest )" << endl;
+ cout<<prefix<<zone.toString()<<" IN DS "<<makeDSFromDNSKey(zone.operator const DNSName&(), key, DNSSECKeeper::DIGEST_SHA1).getZoneRepresentation() << " ; ( SHA1 digest )" << endl;
}
- cout<<prefix<<zone.toString()<<" IN DS "<<makeDSFromDNSKey(zone, key, DNSSECKeeper::DIGEST_SHA256).getZoneRepresentation() << " ; ( SHA256 digest )" << endl;
+ cout<<prefix<<zone.toString()<<" IN DS "<<makeDSFromDNSKey(zone.operator const DNSName&(), key, DNSSECKeeper::DIGEST_SHA256).getZoneRepresentation() << " ; ( SHA256 digest )" << endl;
if (g_verbose) {
try {
- string output=makeDSFromDNSKey(zone, key, DNSSECKeeper::DIGEST_GOST).getZoneRepresentation();
+ string output=makeDSFromDNSKey(zone.operator const DNSName&(), key, DNSSECKeeper::DIGEST_GOST).getZoneRepresentation();
cout<<prefix<<zone.toString()<<" IN DS "<<output<< " ; ( GOST R 34.11-94 digest )" << endl;
}
catch(...)
{}
}
try {
- string output=makeDSFromDNSKey(zone, key, DNSSECKeeper::DIGEST_SHA384).getZoneRepresentation();
+ string output=makeDSFromDNSKey(zone.operator const DNSName&(), key, DNSSECKeeper::DIGEST_SHA384).getZoneRepresentation();
cout<<prefix<<zone.toString()<<" IN DS "<<output<< " ; ( SHA-384 digest )" << endl;
}
catch(...)
const auto &key = value.first.getDNSKEY();
const std::string prefix(exportDS ? "" : "DS = ");
if (g_verbose) {
- cout<<prefix<<zone.toString()<<" IN DS "<<makeDSFromDNSKey(zone, key, DNSSECKeeper::DIGEST_SHA1).getZoneRepresentation() << " ; ( SHA1 digest )" << endl;
+ cout<<prefix<<zone.toString()<<" IN DS "<<makeDSFromDNSKey(zone.operator const DNSName&(), key, DNSSECKeeper::DIGEST_SHA1).getZoneRepresentation() << " ; ( SHA1 digest )" << endl;
}
- cout<<prefix<<zone.toString()<<" IN DS "<<makeDSFromDNSKey(zone, key, DNSSECKeeper::DIGEST_SHA256).getZoneRepresentation() << " ; ( SHA256 digest )" << endl;
+ cout<<prefix<<zone.toString()<<" IN DS "<<makeDSFromDNSKey(zone.operator const DNSName&(), key, DNSSECKeeper::DIGEST_SHA256).getZoneRepresentation() << " ; ( SHA256 digest )" << endl;
if (g_verbose) {
try {
- string output=makeDSFromDNSKey(zone, key, DNSSECKeeper::DIGEST_GOST).getZoneRepresentation();
+ string output=makeDSFromDNSKey(zone.operator const DNSName&(), key, DNSSECKeeper::DIGEST_GOST).getZoneRepresentation();
cout<<prefix<<zone.toString()<<" IN DS "<<output<< " ; ( GOST R 34.11-94 digest )" << endl;
}
catch(...)
{}
}
try {
- string output=makeDSFromDNSKey(zone, key, DNSSECKeeper::DIGEST_SHA384).getZoneRepresentation();
+ string output=makeDSFromDNSKey(zone.operator const DNSName&(), key, DNSSECKeeper::DIGEST_SHA384).getZoneRepresentation();
cout<<prefix<<zone.toString()<<" IN DS "<<output<< " ; ( SHA-384 digest )" << endl;
}
catch(...)
db->startTransaction(zone, di.id);
rr.qtype=QType::SOA;
- rr.qname=zone;
+ rr.qname=zone.operator const DNSName&();
rr.ttl=86400;
rr.domain_id=di.id;
rr.auth=true;
cout<<"Committing"<<endl;
db->commitTransaction();
cout<<"Querying TXT"<<endl;
- db->lookup(QType(QType::TXT), zone, di.id);
+ db->lookup(QType(QType::TXT), zone.operator const DNSName&(), di.id);
if(db->get(rrget))
{
DNSResourceRecord rrthrowaway;
db->startTransaction(zone, di.id);
rr.qtype=QType::SOA;
- rr.qname=zone;
+ rr.qname=zone.operator const DNSName&();
rr.ttl=86400;
rr.domain_id=di.id;
rr.auth=true;
db->feedRecord(rr, DNSName());
rr.qtype=QType::A;
- rr.qname=DNSName("_underscore")+zone;
+ rr.qname=DNSName("_underscore")+zone.operator const DNSName&();
rr.content="127.0.0.1";
db->feedRecord(rr, DNSName());
- rr.qname=DNSName("bla")+zone;
+ rr.qname=DNSName("bla")+zone.operator const DNSName&();
cout<<"Committing"<<endl;
db->commitTransaction();
rectifyZone(dsk, zone);
cout<<"Checking underscore ordering"<<endl;
DNSName before, after;
- db->getBeforeAndAfterNames(di.id, zone, DNSName("z")+zone, before, after);
+ db->getBeforeAndAfterNames(di.id, zone, DNSName("z")+zone.operator const DNSName&(), before, after);
cout<<"got '"<<before.toString()<<"' < 'z."<<zone.toString()<<"' < '"<<after.toString()<<"'"<<endl;
- if(before != DNSName("_underscore")+zone)
+ if(before != DNSName("_underscore")+zone.operator const DNSName&())
{
cout<<"before is wrong, got '"<<before.toString()<<"', expected '_underscore."<<zone.toString()<<"', aborting"<<endl;
return EXIT_FAILURE;
}
- if(after != zone)
+ if(after != zone.operator const DNSName&())
{
cout<<"after is wrong, got '"<<after.toString()<<"', expected '"<<zone.toString()<<"', aborting"<<endl;
return EXIT_FAILURE;
}
if (sval.empty()) {
- sval = d_zone;
+ sval = DNSName(d_zone);
}
else if (!d_zone.empty()) {
- sval += d_zone;
+ sval += DNSName(d_zone);
}
val = std::move(sval);
}
return 0;
}
- if ((rrType == QType::NSEC3PARAM || rrType == QType::DNSKEY) && rr->d_name != di->zone) {
+ if ((rrType == QType::NSEC3PARAM || rrType == QType::DNSKEY) && rr->d_name != di->zone.operator const DNSName&()) {
g_log<<Logger::Warning<<msgPrefix<<"Trying to add/update/delete "<<rr->d_name<<"|"<<rrType.toString()<<", "<<rrType.toString()<<" must be at zone apex, ignoring!"<<endl;
return 0;
}
delnonterm.insert(rr->d_name); // always remove any ENT's in the place where we're going to add a record.
auto newRec = DNSResourceRecord::fromWire(*rr);
newRec.domain_id = di->id;
- newRec.auth = (rr->d_name == di->zone || rrType.getCode() != QType::NS);
+ newRec.auth = (rr->d_name == di->zone.operator const DNSName&() || rrType.getCode() != QType::NS);
di->backend->feedRecord(newRec, DNSName());
changedRecords++;
// because we added a record, we need to fix DNSSEC data.
- DNSName shorter(rr->d_name);
+ ZoneName shorter(rr->d_name);
bool auth=newRec.auth;
bool fixDS = (rrType == QType::DS);
break;
bool foundShorter = false;
- di->backend->lookup(QType(QType::ANY), shorter, di->id);
+ di->backend->lookup(QType(QType::ANY), shorter.operator const DNSName&(), di->id);
while (di->backend->get(rec)) {
if (rec.qname == rr->d_name && rec.qtype == QType::DS)
fixDS = true;
- if (shorter != rr->d_name)
+ if (shorter.operator const DNSName&() != rr->d_name)
foundShorter = true;
if (rec.qtype == QType::NS) // are we inserting below a delegate?
auth=false;
}
- if (!foundShorter && auth && shorter != rr->d_name) // haven't found any record at current level, insert ENT.
- insnonterm.insert(shorter);
+ if (!foundShorter && auth && shorter.operator const DNSName&() != rr->d_name) // haven't found any record at current level, insert ENT.
+ insnonterm.insert(shorter.operator const DNSName&());
if (foundShorter)
break; // if we find a shorter record, we can stop searching
} while(shorter.chopOff());
DLOG(g_log<<msgPrefix<<"Going to fix auth flags below "<<rr->d_name<<endl);
insnonterm.clear(); // No ENT's are needed below delegates (auth=0)
vector<DNSName> qnames;
- di->backend->listSubZone(rr->d_name, di->id);
+ di->backend->listSubZone(ZoneName(rr->d_name), di->id);
while(di->backend->get(rec)) {
if (rec.qtype.getCode() && rec.qtype.getCode() != QType::DS && rr->d_name != rec.qname) // Skip ENT, DS and our already corrected record.
qnames.push_back(rec.qname);
if (rrType == QType::NSEC3PARAM) {
g_log<<Logger::Notice<<msgPrefix<<"Deleting NSEC3PARAM from zone, resetting ordernames."<<endl;
if (rr->d_class == QClass::ANY)
- d_dk.unsetNSEC3PARAM(rr->d_name);
+ d_dk.unsetNSEC3PARAM(ZoneName(rr->d_name));
else if (rr->d_class == QClass::NONE) {
NSEC3PARAMRecordContent nsec3rr(rr->getContent()->getZoneRepresentation(), di->zone);
if (*haveNSEC3 && ns3pr->getZoneRepresentation() == nsec3rr.getZoneRepresentation())
- d_dk.unsetNSEC3PARAM(rr->d_name);
+ d_dk.unsetNSEC3PARAM(ZoneName(rr->d_name));
else
return 0;
} else
di->backend->lookup(rrType, rr->d_name, di->id);
while(di->backend->get(rec)) {
if (rr->d_class == QClass::ANY) { // 3.4.2.3
- if (rec.qname == di->zone && (rec.qtype == QType::NS || rec.qtype == QType::SOA)) // Never delete all SOA and NS's
+ if (rec.qname == di->zone.operator const DNSName&() && (rec.qtype == QType::NS || rec.qtype == QType::SOA)) // Never delete all SOA and NS's
rrset.push_back(rec);
else
recordsToDelete.push_back(rec);
// If we've removed a delegate, we need to reset ordername/auth for some records.
- if (rrType == QType::NS && rr->d_name != di->zone) {
+ if (rrType == QType::NS && rr->d_name != di->zone.operator const DNSName&()) {
vector<DNSName> belowOldDelegate, nsRecs, updateAuthFlag;
- di->backend->listSubZone(rr->d_name, di->id);
+ di->backend->listSubZone(ZoneName(rr->d_name), di->id);
while (di->backend->get(rec)) {
if (rec.qtype.getCode()) // skip ENT records, they are always auth=false
belowOldDelegate.push_back(rec.qname);
// on that level. If so, we must insert an ENT record.
// We take extra care here to not 'include' the record that we just deleted. Some backends will still return it as they only reload on a commit.
bool foundDeeper = false, foundOtherWithSameName = false;
- di->backend->listSubZone(rr->d_name, di->id);
+ di->backend->listSubZone(ZoneName(rr->d_name), di->id);
while (di->backend->get(rec)) {
if (rec.qname == rr->d_name && !count(recordsToDelete.begin(), recordsToDelete.end(), rec))
foundOtherWithSameName = true;
} else if (!foundOtherWithSameName) {
// If we didn't have to insert an ENT, we might have deleted a record at very deep level
// and we must then clean up the ENT's above the deleted record.
- DNSName shorter(rr->d_name);
+ ZoneName shorter(rr->d_name);
while (shorter != di->zone) {
shorter.chopOff();
bool foundRealRR = false;
}
if (!foundRealRR) {
if (foundEnt) // only delete the ENT if we actually found one.
- delnonterm.insert(shorter);
+ delnonterm.insert(shorter.operator const DNSName&());
} else
break;
}
int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, const DomainInfo& di) {
vector<string> forward;
- B.getDomainMetadata(p.qdomain, "FORWARD-DNSUPDATE", forward);
+ B.getDomainMetadata(ZoneName(p.qdomain), "FORWARD-DNSUPDATE", forward);
if (forward.size() == 0 && ! ::arg().mustDo("forward-dnsupdate")) {
g_log << Logger::Notice << msgPrefix << "Not configured to forward to primary, returning Refused." << endl;
if (! ::arg().mustDo("dnsupdate"))
return RCode::Refused;
- string msgPrefix="UPDATE (" + std::to_string(packet.d.id) + ") from " + packet.getRemoteString() + " for " + packet.qdomain.toLogString() + ": ";
+ ZoneName zonename(packet.qdomain);
+ string msgPrefix="UPDATE (" + std::to_string(packet.d.id) + ") from " + packet.getRemoteString() + " for " + zonename.toLogString() + ": ";
g_log<<Logger::Info<<msgPrefix<<"Processing started."<<endl;
// if there is policy, we delegate all checks to it
// Check permissions - IP based
vector<string> allowedRanges;
- B.getDomainMetadata(packet.qdomain, "ALLOW-DNSUPDATE-FROM", allowedRanges);
+ B.getDomainMetadata(zonename, "ALLOW-DNSUPDATE-FROM", allowedRanges);
if (! ::arg()["allow-dnsupdate-from"].empty())
stringtok(allowedRanges, ::arg()["allow-dnsupdate-from"], ", \t" );
// Check permissions - TSIG based.
vector<string> tsigKeys;
- B.getDomainMetadata(packet.qdomain, "TSIG-ALLOW-DNSUPDATE", tsigKeys);
+ B.getDomainMetadata(zonename, "TSIG-ALLOW-DNSUPDATE", tsigKeys);
if (tsigKeys.size() > 0) {
bool validKey = false;
DomainInfo di;
di.backend=nullptr;
- if(!B.getDomainInfo(packet.qdomain, di) || (di.backend == nullptr)) {
- g_log<<Logger::Error<<msgPrefix<<"Can't determine backend for domain '"<<packet.qdomain<<"' (or backend does not support DNS update operation)"<<endl;
+ if(!B.getDomainInfo(zonename, di) || (di.backend == nullptr)) {
+ g_log<<Logger::Error<<msgPrefix<<"Can't determine backend for domain '"<<zonename<<"' (or backend does not support DNS update operation)"<<endl;
return RCode::NotAuth;
}
std::lock_guard<std::mutex> l(s_rfc2136lock); //TODO: i think this lock can be per zone, not for everything
g_log<<Logger::Info<<msgPrefix<<"starting transaction."<<endl;
- if (!di.backend->startTransaction(packet.qdomain, -1)) { // Not giving the domain_id means that we do not delete the existing records.
- g_log<<Logger::Error<<msgPrefix<<"Backend for domain "<<packet.qdomain<<" does not support transaction. Can't do Update packet."<<endl;
+ if (!di.backend->startTransaction(zonename, -1)) { // Not giving the domain_id means that we do not delete the existing records.
+ g_log<<Logger::Error<<msgPrefix<<"Backend for domain "<<zonename<<" does not support transaction. Can't do Update packet."<<endl;
return RCode::NotImp;
}
if (dnsRecord->d_place == DNSResourceRecord::AUTHORITY) {
/* see if it's permitted by policy */
if (this->d_update_policy_lua != nullptr) {
- if (!this->d_update_policy_lua->updatePolicy(dnsRecord->d_name, QType(dnsRecord->d_type), di.zone, packet)) {
+ if (!this->d_update_policy_lua->updatePolicy(dnsRecord->d_name, QType(dnsRecord->d_type), di.zone.operator const DNSName&(), packet)) {
g_log<<Logger::Warning<<msgPrefix<<"Refusing update for " << dnsRecord->d_name << "/" << QType(dnsRecord->d_type).toString() << ": Not permitted by policy"<<endl;
continue;
} else {
}
}
- if (dnsRecord->d_class == QClass::NONE && dnsRecord->d_type == QType::NS && dnsRecord->d_name == di.zone) {
+ if (dnsRecord->d_class == QClass::NONE && dnsRecord->d_type == QType::NS && dnsRecord->d_name == di.zone.operator const DNSName&()) {
nsRRtoDelete.push_back(dnsRecord);
}
else if (dnsRecord->d_class == QClass::IN && dnsRecord->d_ttl > 0) {
if (nsRRtoDelete.size()) {
vector<DNSResourceRecord> nsRRInZone;
DNSResourceRecord rec;
- di.backend->lookup(QType(QType::NS), di.zone, di.id);
+ di.backend->lookup(QType(QType::NS), di.zone.operator const DNSName&(), di.id);
while (di.backend->get(rec)) {
nsRRInZone.push_back(rec);
}
// Notify secondaries
if (di.kind == DomainInfo::Primary) {
vector<string> notify;
- B.getDomainMetadata(packet.qdomain, "NOTIFY-DNSUPDATE", notify);
+ B.getDomainMetadata(zonename, "NOTIFY-DNSUPDATE", notify);
if (!notify.empty() && notify.front() == "1") {
Communicator.notifyDomain(di.zone, &B);
}
SOAData sd;
fillSOAData(rr.content, sd);
- sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, rr.qname);
+ sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, ZoneName(rr.qname));
rr.content = makeSOAContent(sd)->getZoneRepresentation(true);
return true;
}
if (increaseKind.empty())
return false;
- sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, sd.qname);
+ sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, ZoneName(sd.qname));
rrout.qname = sd.qname;
rrout.content = makeSOAContent(sd)->getZoneRepresentation(true);
rrout.qtype = QType::SOA;
DNSZoneRecord makeEditedDNSZRFromSOAData(DNSSECKeeper& dk, const SOAData& sd, DNSResourceRecord::Place place) {
SOAData edited = sd;
- edited.serial = calculateEditSOA(sd.serial, dk, sd.qname);
+ edited.serial = calculateEditSOA(sd.serial, dk, ZoneName(sd.qname));
DNSRecord soa;
soa.d_name = sd.qname;
if(::arg().mustDo("disable-axfr"))
return false;
- string logPrefix=string(isAXFR ? "A" : "I")+"XFR-out zone '"+q->qdomain.toLogString()+"', client '"+q->getInnerRemote().toStringWithPort()+"', ";
+ ZoneName zonename(q->qdomain);
+ string logPrefix=string(isAXFR ? "A" : "I")+"XFR-out zone '"+zonename.toLogString()+"', client '"+q->getInnerRemote().toStringWithPort()+"', ";
if(q->d_havetsig) { // if you have one, it must be good
TSIGRecordContent tsigContent;
#ifdef ENABLE_GSS_TSIG
if (g_doGssTSIG && q->d_tsig_algo == TSIG_GSS) {
vector<string> princs;
- packetHandler->getBackend()->getDomainMetadata(q->qdomain, "GSS-ALLOW-AXFR-PRINCIPAL", princs);
+ packetHandler->getBackend()->getDomainMetadata(zonename, "GSS-ALLOW-AXFR-PRINCIPAL", princs);
for(const std::string& princ : princs) {
if (q->d_peer_principal == princ) {
- g_log<<Logger::Warning<<"AXFR of domain '"<<q->qdomain<<"' allowed: TSIG signed request with authorized principal '"<<q->d_peer_principal<<"' and algorithm 'gss-tsig'"<<endl;
+ g_log<<Logger::Warning<<"AXFR of domain '"<<zonename<<"' allowed: TSIG signed request with authorized principal '"<<q->d_peer_principal<<"' and algorithm 'gss-tsig'"<<endl;
return true;
}
}
- g_log<<Logger::Warning<<"AXFR of domain '"<<q->qdomain<<"' denied: TSIG signed request with principal '"<<q->d_peer_principal<<"' and algorithm 'gss-tsig' is not permitted"<<endl;
+ g_log<<Logger::Warning<<"AXFR of domain '"<<zonename<<"' denied: TSIG signed request with principal '"<<q->d_peer_principal<<"' and algorithm 'gss-tsig' is not permitted"<<endl;
return false;
}
#endif
- if(!dk.TSIGGrantsAccess(q->qdomain, tsigkeyname)) {
+ if(!dk.TSIGGrantsAccess(zonename, tsigkeyname)) {
g_log<<Logger::Warning<<logPrefix<<"denied: key with name '"<<tsigkeyname<<"' and algorithm '"<<getTSIGAlgoName(q->d_tsig_algo)<<"' does not grant access"<<endl;
return false;
}
// cerr<<"doing per-zone-axfr-acls"<<endl;
SOAData sd;
- if(packetHandler->getBackend()->getSOAUncached(q->qdomain,sd)) {
+ if(packetHandler->getBackend()->getSOAUncached(zonename,sd)) {
// cerr<<"got backend and SOA"<<endl;
vector<string> acl;
- packetHandler->getBackend()->getDomainMetadata(q->qdomain, "ALLOW-AXFR-FROM", acl);
+ packetHandler->getBackend()->getDomainMetadata(zonename, "ALLOW-AXFR-FROM", acl);
for (const auto & i : acl) {
// cerr<<"matching against "<<*i<<endl;
if(pdns_iequals(i, "AUTO-NS")) {
extern CommunicatorClass Communicator;
- if(Communicator.justNotified(q->qdomain, q->getInnerRemote().toString())) { // we just notified this ip
+ if(Communicator.justNotified(zonename, q->getInnerRemote().toString())) { // we just notified this ip
g_log<<Logger::Notice<<logPrefix<<"allowed: client IP is from recently notified secondary"<<endl;
return true;
}
/** do the actual zone transfer. Return 0 in case of error, 1 in case of success */
int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr<DNSPacket>& q, int outsock) // NOLINT(readability-function-cognitive-complexity)
{
- string logPrefix="AXFR-out zone '"+target.toLogString()+"', client '"+q->getRemoteStringWithPort()+"', ";
+ ZoneName targetZone(target);
+ string logPrefix="AXFR-out zone '"+targetZone.toLogString()+"', client '"+q->getRemoteStringWithPort()+"', ";
std::unique_ptr<DNSPacket> outpacket= getFreshAXFRPacket(q);
if(q->d_dnssecOk)
return 0;
}
- if (!(*packetHandler)->getBackend()->getSOAUncached(target, sd)) {
+ if (!(*packetHandler)->getBackend()->getSOAUncached(targetZone, sd)) {
g_log<<Logger::Warning<<logPrefix<<"failed: not authoritative"<<endl;
outpacket->setRcode(RCode::NotAuth);
sendPacket(outpacket,outsock);
}
UeberBackend db;
- if(!db.getSOAUncached(target, sd)) {
+ if(!db.getSOAUncached(targetZone, sd)) {
g_log<<Logger::Warning<<logPrefix<<"failed: not authoritative in second instance"<<endl;
outpacket->setRcode(RCode::NotAuth);
sendPacket(outpacket,outsock);
bool narrow = false;
DomainInfo di;
- bool isCatalogZone = sd.db->getDomainInfo(target, di, false) && di.isCatalogType();
+ bool isCatalogZone = sd.db->getDomainInfo(targetZone, di, false) && di.isCatalogType();
NSEC3PARAMRecordContent ns3pr;
DNSSECKeeper dk(&db);
- DNSSECKeeper::clearCaches(target);
+ DNSSECKeeper::clearCaches(targetZone);
if (!isCatalogZone) {
- securedZone = dk.isSecuredZone(target);
- presignedZone = dk.isPresigned(target);
+ securedZone = dk.isSecuredZone(targetZone);
+ presignedZone = dk.isPresigned(targetZone);
}
- if(securedZone && dk.getNSEC3PARAM(target, &ns3pr, &narrow)) {
+ if(securedZone && dk.getNSEC3PARAM(targetZone, &ns3pr, &narrow)) {
NSEC3Zone=true;
if(narrow) {
g_log<<Logger::Warning<<logPrefix<<"failed: not doing AXFR of an NSEC3 narrow zone"<<endl;
outpacket->addRecord(DNSZoneRecord(soa));
if(securedZone && !presignedZone) {
set<ZoneName> authSet;
- authSet.insert(target);
+ authSet.insert(targetZone);
addRRSigs(dk, db, authSet, outpacket->getRRS());
}
if(securedZone && !presignedZone) { // this is where the DNSKEYs, CDNSKEYs and CDSs go in
bool doCDNSKEY = true, doCDS = true;
string publishCDNSKEY, publishCDS;
- dk.getPublishCDNSKEY(q->qdomain, publishCDNSKEY);
- dk.getPublishCDS(q->qdomain, publishCDS);
+ ZoneName zonename(q->qdomain);
+ dk.getPublishCDNSKEY(zonename, publishCDNSKEY);
+ dk.getPublishCDS(zonename, publishCDS);
set<uint32_t> entryPointIds;
- DNSSECKeeper::keyset_t entryPoints = dk.getEntryPoints(target);
+ DNSSECKeeper::keyset_t entryPoints = dk.getEntryPoints(targetZone);
for (auto const& value : entryPoints) {
entryPointIds.insert(value.second.id);
}
- DNSSECKeeper::keyset_t keys = dk.getKeys(target);
+ DNSSECKeeper::keyset_t keys = dk.getKeys(targetZone);
for(const DNSSECKeeper::keyset_t::value_type& value : keys) {
if (!value.second.published) {
continue;
zrrs.emplace_back(zrr);
}
- zrrs.emplace_back(CatalogInfo::getCatalogVersionRecord(target));
+ zrrs.emplace_back(CatalogInfo::getCatalogVersionRecord(targetZone));
vector<CatalogInfo> members;
- if (!sd.db->getCatalogMembers(target, members, CatalogInfo::CatalogType::Producer)) {
+ if (!sd.db->getCatalogMembers(targetZone, members, CatalogInfo::CatalogType::Producer)) {
g_log << Logger::Error << logPrefix << "getting catalog members failed, aborting AXFR" << endl;
outpacket->setRcode(RCode::ServFail);
sendPacket(outpacket, outsock);
return 0;
}
for (const auto& ci : members) {
- ci.toDNSZoneRecords(target, zrrs);
+ ci.toDNSZoneRecords(targetZone, zrrs);
}
if (members.empty()) {
- g_log << Logger::Warning << logPrefix << "catalog zone '" << target << "' has no members" << endl;
+ g_log << Logger::Warning << logPrefix << "catalog zone '" << targetZone << "' has no members" << endl;
}
goto send;
}
// Catalog zone end
// now start list zone
- if (!sd.db->list(target, sd.domain_id, isCatalogZone)) {
+ if (!sd.db->list(targetZone, sd.domain_id, isCatalogZone)) {
g_log<<Logger::Error<<logPrefix<<"backend signals error condition, aborting AXFR"<<endl;
outpacket->setRcode(RCode::ServFail);
sendPacket(outpacket,outsock);
typedef map<DNSName, NSECXEntry, CanonDNSNameCompare> nsecxrepo_t;
nsecxrepo_t nsecxrepo;
- ChunkedSigningPipe csp(target, (securedZone && !presignedZone), ::arg().asNum("signing-threads", 1), ::arg().mustDo("workaround-11804") ? 1 : 100);
+ ChunkedSigningPipe csp(targetZone, (securedZone && !presignedZone), ::arg().asNum("signing-threads", 1), ::arg().mustDo("workaround-11804") ? 1 : 100);
DNSName keyname;
unsigned int udiff;
int TCPNameserver::doIXFR(std::unique_ptr<DNSPacket>& q, int outsock)
{
- string logPrefix="IXFR-out zone '"+q->qdomain.toLogString()+"', client '"+q->getRemoteStringWithPort()+"', ";
+ ZoneName zonename(q->qdomain);
+ string logPrefix="IXFR-out zone '"+zonename.toLogString()+"', client '"+q->getRemoteStringWithPort()+"', ";
std::unique_ptr<DNSPacket> outpacket=getFreshAXFRPacket(q);
if(q->d_dnssecOk)
}
// canDoAXFR does all the ACL checks, and has the if(disable-axfr) shortcut, call it first.
- if(!canDoAXFR(q, false, *packetHandler) || !(*packetHandler)->getBackend()->getSOAUncached(q->qdomain, sd)) {
+ if(!canDoAXFR(q, false, *packetHandler) || !(*packetHandler)->getBackend()->getSOAUncached(zonename, sd)) {
g_log<<Logger::Warning<<logPrefix<<"failed: not authoritative"<<endl;
outpacket->setRcode(RCode::NotAuth);
sendPacket(outpacket,outsock);
}
DNSSECKeeper dk((*packetHandler)->getBackend());
- DNSSECKeeper::clearCaches(q->qdomain);
+ DNSSECKeeper::clearCaches(zonename);
bool narrow = false;
- securedZone = dk.isSecuredZone(q->qdomain);
- if(dk.getNSEC3PARAM(q->qdomain, nullptr, &narrow)) {
+ securedZone = dk.isSecuredZone(zonename);
+ if(dk.getNSEC3PARAM(zonename, nullptr, &narrow)) {
if(narrow) {
g_log<<Logger::Warning<<logPrefix<<"not doing IXFR of an NSEC3 narrow zone"<<endl;
outpacket->setRcode(RCode::Refused);
}
}
- serialPermitsIXFR = !rfc1982LessThan(serial, calculateEditSOA(sd.serial, dk, sd.qname));
+ serialPermitsIXFR = !rfc1982LessThan(serial, calculateEditSOA(sd.serial, dk, ZoneName(sd.qname)));
}
if (serialPermitsIXFR) {
- ZoneName target = q->qdomain;
+ ZoneName target = zonename;
TSIGRecordContent trc;
DNSName tsigkeyname;
string tsigsecret;
void lookup(const QType& qtype, const DNSName& qdomain, int zoneId = -1, DNSPacket *pkt_p = nullptr) override
{
d_currentScopeMask = 0;
- findZone(qdomain, zoneId, d_records, d_currentZone);
+ findZone(ZoneName(qdomain), zoneId, d_records, d_currentZone);
if (d_records) {
if (qdomain == DNSName("geo.powerdns.com.") && pkt_p != nullptr) {
}
auto& idx = records->get<OrderedNameTypeTag>();
- auto range = idx.equal_range(std::tuple(best, QType::SOA));
+ auto range = idx.equal_range(std::tuple(best.operator const DNSName&(), QType::SOA));
if (range.first == range.second) {
return false;
}
fillSOAData(range.first->d_content, *soadata);
soadata->ttl = range.first->d_ttl;
- soadata->qname = best;
+ soadata->qname = best.operator const DNSName&();
soadata->domain_id = static_cast<int>(zoneId);
return true;
}
bool UeberBackend::fillSOAFromZoneRecord(ZoneName& shorter, const int zoneId, SOAData* const soaData)
{
// Zone exists in zone cache, directly look up SOA.
- lookup(QType(QType::SOA), shorter, zoneId, nullptr);
+ lookup(QType(QType::SOA), shorter.operator const DNSName&(), zoneId, nullptr);
DNSZoneRecord zoneRecord;
if (!get(zoneRecord)) {
return false;
}
- if (zoneRecord.dr.d_name != shorter) {
+ if (zoneRecord.dr.d_name != shorter.operator const DNSName&()) {
throw PDNSException("getAuth() returned an SOA for the wrong zone. Zone '" + zoneRecord.dr.d_name.toLogString() + "' is not equal to looked up zone '" + shorter.toLogString() + "'");
}
fillSOAData(d_answers[0], *soaData);
soaData->db = backends.size() == 1 ? backends.begin()->get() : nullptr;
- soaData->qname = shorter;
+ soaData->qname = shorter.operator const DNSName&();
}
else if (cacheResult == CacheResult::NegativeMatch && d_negcache_ttl != 0U) {
DLOG(g_log << Logger::Error << "has neg cache entry: " << shorter << endl);
bestMatch->first = soaData->qname.wirelength();
bestMatch->second = *soaData;
- if (soaData->qname == shorter) {
+ if (soaData->qname == shorter.operator const DNSName&()) {
break;
}
}
if (cachedOk && g_zoneCache.isEnabled()) {
if (g_zoneCache.getEntry(shorter, zoneId)) {
if (fillSOAFromZoneRecord(shorter, zoneId, soaData)) {
- if (foundTarget(target, shorter, qtype, soaData, found)) {
+ if (foundTarget(target.operator const DNSName&(), shorter.operator const DNSName&(), qtype, soaData, found)) {
return true;
}
}
d_question.qtype = QType::SOA;
- d_question.qname = shorter;
+ d_question.qname = shorter.operator const DNSName&();
d_question.zoneId = zoneId;
// Check cache.
if (cachedOk && (d_cache_ttl != 0 || d_negcache_ttl != 0)) {
auto cacheResult = fillSOAFromCache(soaData, shorter);
if (cacheResult == CacheResult::Hit) {
- if (foundTarget(target, shorter, qtype, soaData, found)) {
+ if (foundTarget(target.operator const DNSName&(), shorter.operator const DNSName&(), qtype, soaData, found)) {
return true;
}
if (backend == backends.end()) {
if (d_negcache_ttl != 0U) {
DLOG(g_log << Logger::Error << "add neg cache entry:" << shorter << endl);
- d_question.qname = shorter;
+ d_question.qname = shorter.operator const DNSName&();
addNegCache(d_question);
}
}
}
- if (foundTarget(target, shorter, qtype, soaData, found)) {
+ if (foundTarget(target.operator const DNSName&(), shorter.operator const DNSName&(), qtype, soaData, found)) {
return true;
}
bool UeberBackend::getSOAUncached(const ZoneName& domain, SOAData& soaData)
{
d_question.qtype = QType::SOA;
- d_question.qname = domain;
+ d_question.qname = domain.operator const DNSName&();
d_question.zoneId = -1;
for (auto& backend : backends) {
if (backend->getSOA(domain, soaData)) {
- if (domain != soaData.qname) {
+ if (domain.operator const DNSName&() != soaData.qname) {
throw PDNSException("getSOA() returned an SOA for the wrong zone. Question: '" + domain.toLogString() + "', answer: '" + soaData.qname.toLogString() + "'");
}
if (d_cache_ttl != 0U) {
}
}
+#if defined(PDNS_AUTH)
+ZoneName apiNameToZoneName(const string& name)
+{
+ return ZoneName(apiNameToDNSName(name));
+}
+#endif
+
ZoneName apiZoneIdToName(const string& identifier)
{
string zonename;
void apiCheckNameAllowedCharacters(const string& name);
void apiCheckQNameAllowedCharacters(const string& name);
DNSName apiNameToDNSName(const string& name);
+#if defined(PDNS_AUTH)
+ZoneName apiNameToZoneName(const string& name);
+#endif
// To be provided by product code.
void productServerStatisticsFetch(std::map<string, string>& out);
Json::array tsig_primary_keys;
for (const auto& keyname : tsig_primary) {
- tsig_primary_keys.emplace_back(apiZoneNameToId(DNSName(keyname)));
+ tsig_primary_keys.emplace_back(apiZoneNameToId(ZoneName(keyname)));
}
doc["master_tsig_key_ids"] = tsig_primary_keys;
Json::array tsig_secondary_keys;
for (const auto& keyname : tsig_secondary) {
- tsig_secondary_keys.emplace_back(apiZoneNameToId(DNSName(keyname)));
+ tsig_secondary_keys.emplace_back(apiZoneNameToId(ZoneName(keyname)));
}
doc["slave_tsig_key_ids"] = tsig_secondary_keys;
static void extractJsonTSIGKeyIds(UeberBackend& backend, const Json& jsonArray, vector<string>& metadata)
{
for (const auto& value : jsonArray.array_items()) {
- auto keyname(apiZoneIdToName(value.string_value()));
+ DNSName keyname(apiZoneIdToName(value.string_value()));
DNSName keyAlgo;
string keyContent;
if (!backend.getTSIGKey(keyname, keyAlgo, keyContent)) {
Json::array dses;
for (const uint8_t keyid : {DNSSECKeeper::DIGEST_SHA256, DNSSECKeeper::DIGEST_SHA384}) {
try {
- string dsRecordContent = makeDSFromDNSKey(zonename, value.first.getDNSKEY(), keyid).getZoneRepresentation();
+ string dsRecordContent = makeDSFromDNSKey(zonename.operator const DNSName&(), value.first.getDNSKEY(), keyid).getZoneRepresentation();
dses.emplace_back(dsRecordContent);
}
}
- if (rec.qname == zone) {
+ if (rec.qname == zone.operator const DNSName&()) {
if (nonApexTypes.count(rec.qtype.getCode()) != 0) {
throw ApiException("Record " + rec.qname.toString() + " IN " + rec.qtype.toString() + " is not allowed at apex");
}
{
Json::object tsigkey = {
{"name", keyname.toStringNoDot()},
- {"id", apiZoneNameToId(keyname)},
+ {"id", apiZoneNameToId(ZoneName(keyname))},
{"algorithm", algo.toStringNoDot()},
{"key", content},
{"type", "TSIGKey"}};
{
public:
TSIGKeyData(HttpRequest* req) :
- keyName(apiZoneIdToName(req->parameters["id"]))
+ keyName(apiZoneIdToName(req->parameters["id"]).operator const DNSName&())
{
try {
if (!backend.getTSIGKey(keyName, algo, content)) {
DNSSECKeeper dnssecKeeper(&backend);
DomainInfo domainInfo;
const auto& document = req->json();
- ZoneName zonename = apiNameToDNSName(stringFromJson(document, "name"));
+ ZoneName zonename = apiNameToZoneName(stringFromJson(document, "name"));
apiCheckNameAllowedCharacters(zonename.toString());
zonename.makeUsLowerCase();
for (auto& resourceRecord : new_records) {
resourceRecord.qname.makeUsLowerCase();
- if (!resourceRecord.qname.isPartOf(zonename) && resourceRecord.qname != zonename) {
+ if (!resourceRecord.qname.isPartOf(zonename) && resourceRecord.qname != zonename.operator const DNSName&()) {
throw ApiException("RRset " + resourceRecord.qname.toString() + " IN " + resourceRecord.qtype.toString() + ": Name is out of zone");
}
apiCheckQNameAllowedCharacters(resourceRecord.qname.toString());
- if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename) {
+ if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename.operator const DNSName&()) {
have_soa = true;
}
- if (resourceRecord.qtype.getCode() == QType::NS && resourceRecord.qname == zonename) {
+ if (resourceRecord.qtype.getCode() == QType::NS && resourceRecord.qname == zonename.operator const DNSName&()) {
have_zone_ns = true;
}
}
// synthesize RRs as needed
DNSResourceRecord autorr;
- autorr.qname = zonename;
+ autorr.qname = zonename.operator const DNSName&();
autorr.auth = true;
autorr.ttl = ::arg().asNum("default-ttl");
if (!catalog && kind == DomainInfo::Primary) {
const auto& defaultCatalog = ::arg()["default-catalog-zone"];
if (!defaultCatalog.empty()) {
- domainInfo.backend->setCatalog(zonename, DNSName(defaultCatalog));
+ domainInfo.backend->setCatalog(zonename, ZoneName(defaultCatalog));
}
}
if (req->getvars.count("zone") != 0) {
string zone = req->getvars["zone"];
apiCheckNameAllowedCharacters(zone);
- ZoneName zonename = apiNameToDNSName(zone);
+ ZoneName zonename = apiNameToZoneName(zone);
zonename.makeUsLowerCase();
DomainInfo domainInfo;
if (backend.getDomainInfo(zonename, domainInfo)) {
for (auto& resourceRecord : new_records) {
resourceRecord.qname.makeUsLowerCase();
- if (!resourceRecord.qname.isPartOf(zoneData.zoneName) && resourceRecord.qname != zoneData.zoneName) {
+ if (!resourceRecord.qname.isPartOf(zoneData.zoneName) && resourceRecord.qname != zoneData.zoneName.operator const DNSName&()) {
throw ApiException("RRset " + resourceRecord.qname.toString() + " IN " + resourceRecord.qtype.toString() + ": Name is out of zone");
}
apiCheckQNameAllowedCharacters(resourceRecord.qname.toString());
- if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zoneData.zoneName) {
+ if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zoneData.zoneName.operator const DNSName&()) {
haveSoa = true;
}
}
for (const auto& rrset : rrsets.array_items()) {
string changetype = toUpper(stringFromJson(rrset, "changetype"));
- ZoneName qname = apiNameToDNSName(stringFromJson(rrset, "name"));
+ ZoneName qname = apiNameToZoneName(stringFromJson(rrset, "name"));
apiCheckQNameAllowedCharacters(qname.toString());
QType qtype;
qtype = stringFromJson(rrset, "type");
if (changetype == "DELETE") {
// delete all matching qname/qtype RRs (and, implicitly comments).
- if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname, qtype, vector<DNSResourceRecord>())) {
+ if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname.operator const DNSName&(), qtype, vector<DNSResourceRecord>())) {
throw ApiException("Hosting backend does not support editing records.");
}
}
if (replace_records) {
// ttl shouldn't be part of DELETE, and it shouldn't be required if we don't get new records.
uint32_t ttl = uintFromJson(rrset, "ttl");
- gatherRecords(rrset, qname, qtype, ttl, new_records);
+ gatherRecords(rrset, qname.operator const DNSName&(), qtype, ttl, new_records);
for (DNSResourceRecord& resourceRecord : new_records) {
resourceRecord.domain_id = static_cast<int>(domainInfo.id);
- if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename) {
+ if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename.operator const DNSName&()) {
soa_edit_done = increaseSOARecord(resourceRecord, soa_edit_api_kind, soa_edit_kind);
}
}
}
if (replace_comments) {
- gatherComments(rrset, qname, qtype, new_comments);
+ gatherComments(rrset, qname.operator const DNSName&(), qtype, new_comments);
for (Comment& comment : new_comments) {
comment.domain_id = static_cast<int>(domainInfo.id);
bool dname_seen = false;
bool ns_seen = false;
- domainInfo.backend->APILookup(QType(QType::ANY), qname, static_cast<int>(domainInfo.id), false);
+ domainInfo.backend->APILookup(QType(QType::ANY), qname.operator const DNSName&(), static_cast<int>(domainInfo.id), false);
DNSResourceRecord resourceRecord;
while (domainInfo.backend->get(resourceRecord)) {
if (resourceRecord.qtype.getCode() == QType::ENT) {
}
if (!new_records.empty() && ent_present) {
QType qt_ent{0};
- if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname, qt_ent, new_records)) {
+ if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname.operator const DNSName&(), qt_ent, new_records)) {
throw ApiException("Hosting backend does not support editing records.");
}
}
- if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname, qtype, new_records)) {
+ if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname.operator const DNSName&(), qtype, new_records)) {
throw ApiException("Hosting backend does not support editing records.");
}
}
if (replace_comments) {
- if (!domainInfo.backend->replaceComments(domainInfo.id, qname, qtype, new_comments)) {
+ if (!domainInfo.backend->replaceComments(domainInfo.id, qname.operator const DNSName&(), qtype, new_comments)) {
throw ApiException("Hosting backend does not support editing comments.");
}
}
static void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp)
{
- ZoneName canon = apiNameToDNSName(req->getvars["domain"]);
+ ZoneName canon = apiNameToZoneName(req->getvars["domain"]);
if (g_zoneCache.isEnabled()) {
DomainInfo domainInfo;
dn += g_zonename.toStringNoDot() + "," + g_basedn;
cout << "dn: " << dn << endl;
- if( host.countLabels() == 0 ) { host = g_zonename; }
+ if( host.countLabels() == 0 ) { host = g_zonename.operator const DNSName&(); }
if( !g_entries[dn] )
{
}
try
{
- if( i.name != g_rootdnsname && i.name != DNSName("localhost") && i.name != DNSName("0.0.127.in-addr.arpa") )
+ if( i.name != ZoneName(g_rootdnsname) && i.name != ZoneName("localhost") && i.name != ZoneName("0.0.127.in-addr.arpa") )
{
cerr << "Parsing file: " << i.filename << ", domain: " << i.name << endl;
g_zonename = i.name;
void pdns::ZoneMD::processRecord(const DNSRecord& record)
{
- if (record.d_class == QClass::IN && record.d_name == d_zone) {
+ if (record.d_class == QClass::IN && record.d_name == DNSName(d_zone)) {
switch (record.d_type) {
case QType::SOA: {
d_soaRecordContent = getRR<SOARecordContent>(record);
return;
}
d_nsec3params.emplace_back(param);
- d_nsec3label = d_zone;
- d_nsec3label.prependRawLabel(toBase32Hex(hashQNameWithSalt(param->d_salt, param->d_iterations, d_zone)));
+ d_nsec3label = DNSName(d_zone);
+ d_nsec3label.prependRawLabel(toBase32Hex(hashQNameWithSalt(param->d_salt, param->d_iterations, DNSName(d_zone))));
// Zap the NSEC3 at labels that we now know are not relevant
for (auto item = d_nsec3s.begin(); item != d_nsec3s.end();) {
if (item->first != d_nsec3label) {
void pdns::ZoneMD::readRecord(const DNSRecord& record)
{
- if (!record.d_name.isPartOf(d_zone) && record.d_name != d_zone) {
+ if (!record.d_name.isPartOf(d_zone) && record.d_name != DNSName(d_zone)) {
return;
}
if (record.d_class == QClass::IN && record.d_type == QType::SOA && d_soaRecordContent) {
for (auto& rrset : d_resourceRecordSets) {
const auto& qname = rrset.first.first;
const auto& qtype = rrset.first.second;
- if (qtype == QType::ZONEMD && qname == d_zone) {
+ if (qtype == QType::ZONEMD && qname == DNSName(d_zone)) {
continue; // the apex ZONEMD is not digested
}
for (auto& resourceRecord : rrset.second) {
if (qtype == QType::RRSIG) {
const auto rrsig = std::dynamic_pointer_cast<const RRSIGRecordContent>(resourceRecord);
- if (rrsig->d_type == QType::ZONEMD && qname == d_zone) {
+ if (rrsig->d_type == QType::ZONEMD && qname == DNSName(d_zone)) {
continue;
}
}
goto retry;
}
if(qname=="@")
- rr.qname=d_zonename;
+ rr.qname=DNSName(d_zonename);
else if(!prevqname && !isCanonical(qname))
- rr.qname += d_zonename;
+ rr.qname += DNSName(d_zonename);
d_prevqname=rr.qname;
if(d_parts.empty())
class ZoneParserTNG
{
public:
- ZoneParserTNG(const string& fname, ZoneName zname=g_rootdnsname, string reldir="", bool upgradeContent=false);
+ ZoneParserTNG(const string& fname, ZoneName zname=ZoneName(g_rootdnsname), string reldir="", bool upgradeContent=false);
ZoneParserTNG(const vector<string>& zonedata, ZoneName zname, bool upgradeContent=false);
~ZoneParserTNG();
projects / thirdparty / pdns.git / commitdiff
