rec: fix the zoneToCache regression introduced by SA 2024-01

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Tue, 13 Feb 2024 15:55:10 +0000 (16:55 +0100)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Wed, 14 Feb 2024 11:39:44 +0000 (12:39 +0100)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Tue, 13 Feb 2024 15:55:10 +0000 (16:55 +0100)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Wed, 14 Feb 2024 11:39:44 +0000 (12:39 +0100)
diff --git a/pdns/recursordist/rec-zonetocache.cc b/pdns/recursordist/rec-zonetocache.cc

index 8d4ab260bf47499c6b59bcb0033cb60d1b410559..415933ca4bc701e767a5660a142749fdf2eb7b34 100644 (file)
--- a/pdns/recursordist/rec-zonetocache.cc
+++ b/pdns/recursordist/rec-zonetocache.cc
@@ -275,7 +275,7 @@ vState ZoneData::dnssecValidate(pdns::ZoneMD& zonemd, size_t& zonemdCount) const
    }
  
    skeyset_t validKeys;
-  vState dnsKeyState = validateDNSKeysAgainstDS(d_now, d_zone, dsmap, dnsKeys, records, zonemd.getRRSIGs(), validKeys, std::nullopt, validationContext);
+  vState dnsKeyState = validateDNSKeysAgainstDS(d_now, d_zone, dsmap, dnsKeys, records, zonemd.getRRSIGs(QType::DNSKEY), validKeys, std::nullopt, validationContext);
    if (dnsKeyState != vState::Secure) {
      return dnsKeyState;
    }
@@ -306,7 +306,7 @@ vState ZoneData::dnssecValidate(pdns::ZoneMD& zonemd, size_t& zonemdCount) const
        for (const auto& rec : zonemd.getNSEC3Params()) {
          records.emplace(rec);
        }
-      nsecValidationStatus = validateWithKeySet(d_now, d_zone, records, zonemd.getRRSIGs(), validKeys, std::nullopt, validationContext);
+      nsecValidationStatus = validateWithKeySet(d_now, d_zone, records, zonemd.getRRSIGs(QType::NSEC3PARAM), validKeys, std::nullopt, validationContext);
        if (nsecValidationStatus != vState::Secure) {
          d_log->info(Logr::Warning, "NSEC3PARAMS records did not validate");
          return nsecValidationStatus;
@@ -339,7 +339,7 @@ vState ZoneData::dnssecValidate(pdns::ZoneMD& zonemd, size_t& zonemdCount) const
    for (const auto& rec : zonemdRecords) {
      records.emplace(rec);
    }
-  return validateWithKeySet(d_now, d_zone, records, zonemd.getRRSIGs(), validKeys, std::nullopt, validationContext);
+  return validateWithKeySet(d_now, d_zone, records, zonemd.getRRSIGs(QType::ZONEMD), validKeys, std::nullopt, validationContext);
  }
  
  void ZoneData::ZoneToCache(const RecZoneToCache::Config& config)
diff --git a/pdns/zonemd.cc b/pdns/zonemd.cc

index c3274f4f22fc8a23c9ceefdb9b2d1a9c813a29cb..e427f41e80542e0f7c68158cbf3b24cc36664a9f 100644 (file)
--- a/pdns/zonemd.cc
+++ b/pdns/zonemd.cc
@@ -77,7 +77,7 @@ void pdns::ZoneMD::processRecord(const DNSRecord& record)
        if (rrsig == nullptr) {
          throw PDNSException("Invalid RRSIG record");
        }
-      d_rrsigs.emplace_back(rrsig);
+      d_rrsigs[rrsig->d_type].emplace_back(rrsig);
        if (rrsig->d_type == QType::NSEC) {
          d_nsecs.signatures.emplace_back(rrsig);
        }
diff --git a/pdns/zonemd.hh b/pdns/zonemd.hh

index e941a951f5bb9e1f1aaa0b09904a150a4d546af4..bb5a75f1582dcac2e98f31d8cc6572841f7b6155 100644 (file)
--- a/pdns/zonemd.hh
+++ b/pdns/zonemd.hh
@@ -66,9 +66,12 @@ public:
    }
  
    // Return the zone's apex RRSIGs
-  [[nodiscard]] const std::vector<shared_ptr<const RRSIGRecordContent>>& getRRSIGs() const
+  [[nodiscard]] const std::vector<shared_ptr<const RRSIGRecordContent>>& getRRSIGs(QType requestedType)
    {
-    return d_rrsigs;
+    if (d_rrsigs.count(requestedType) == 0) {
+      d_rrsigs[requestedType] = {};
+    }
+    return d_rrsigs[requestedType];
    }
  
    // Return the zone's apex ZONEMDs
@@ -140,7 +143,7 @@ private:
  
    std::shared_ptr<const SOARecordContent> d_soaRecordContent;
    std::set<shared_ptr<const DNSKEYRecordContent>> d_dnskeys;
-  std::vector<shared_ptr<const RRSIGRecordContent>> d_rrsigs;
+  std::map<QType, std::vector<shared_ptr<const RRSIGRecordContent>>> d_rrsigs;
    std::vector<shared_ptr<const NSEC3PARAMRecordContent>> d_nsec3params;
    ContentSigPair d_nsecs;
    map<DNSName, ContentSigPair> d_nsec3s;
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Tue, 13 Feb 2024 15:55:10 +0000 (16:55 +0100)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Wed, 14 Feb 2024 11:39:44 +0000 (12:39 +0100)
pdns/recursordist/rec-zonetocache.cc		patch \| blob \| blame \| history
pdns/zonemd.cc		patch \| blob \| blame \| history
pdns/zonemd.hh		patch \| blob \| blame \| history