using namespace ::boost::multi_index;
-/** This struct is used within the Bind2Backend to store DNS information.
- It is almost identical to a DNSResourceRecord, but then a bit smaller and with different sorting rules, which make sure that the SOA record comes up front.
+/**
+ This struct is used within the Bind2Backend to store DNS information. It is
+ almost identical to a DNSResourceRecord, but then a bit smaller and with
+ different sorting rules, which make sure that the SOA record comes up front.
*/
+
struct Bind2DNSRecord
{
DNSName qname;
typedef multi_index_container<
Bind2DNSRecord,
indexed_by <
- ordered_non_unique<identity<Bind2DNSRecord>, Bind2DNSCompare >,
- ordered_non_unique<tag<HashedTag>, member<Bind2DNSRecord,std::string,&Bind2DNSRecord::nsec3hash> >
+ ordered_non_unique<identity<Bind2DNSRecord>, Bind2DNSCompare >,
+ ordered_non_unique<tag<HashedTag>, member<Bind2DNSRecord, std::string, &Bind2DNSRecord::nsec3hash> >
>
> recordstorage_t;
static pthread_rwlock_t s_state_lock;
void parseZoneFile(BB2DomainInfo *bbd);
- void insertRecord(BB2DomainInfo& bbd, const DNSName& qname, const QType &qtype, const string &content, int ttl, const std::string& hashed=string(), bool *auth=0);
+ void insertRecord(BB2DomainInfo& bbd, const DNSName &qname, const QType &qtype, const string &content, int ttl, const std::string& hashed=string(), bool *auth=0);
void rediscover(string *status=0);
bool isMaster(const DNSName &name, const string &ip);
static bool safeRemoveBBDomainInfo(const DNSName& name);
bool GetBBDomainInfo(int id, BB2DomainInfo** bbd);
shared_ptr<SSQLite3> d_dnssecdb;
- bool getNSEC3PARAM(const DNSName& zname, NSEC3PARAMRecordContent* ns3p);
+ bool getNSEC3PARAM(const DNSName& name, NSEC3PARAMRecordContent* ns3p);
class handle
{
public:
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
+
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "bindbackend2.hh"
-#include "pdns/dnsrecords.hh"
-#include "pdns/bind-dnssec.schema.sqlite3.sql.h"
-#include <boost/foreach.hpp>
#include "pdns/arguments.hh"
+#include "pdns/dnsrecords.hh"
#ifndef HAVE_SQLITE3
+
void Bind2Backend::setupDNSSEC()
{
if(!getArg("dnssec-db").empty())
bool Bind2Backend::doesDNSSEC()
{ return d_hybrid; }
-bool Bind2Backend::getNSEC3PARAM(const DNSName& zname, NSEC3PARAMRecordContent* ns3p)
+bool Bind2Backend::getNSEC3PARAM(const DNSName& name, NSEC3PARAMRecordContent* ns3p)
{ return false; }
bool Bind2Backend::getAllDomainMetadata(const DNSName& name, std::map<std::string, std::vector<std::string> >& meta)
bool Bind2Backend::deleteTSIGKey(const DNSName& name)
{ return false; }
-bool Bind2Backend::getTSIGKeys(std::vector< struct TSIGKey > &keys)
+bool Bind2Backend::getTSIGKeys(std::vector<struct TSIGKey> &keys)
{ return false; }
-void Bind2Backend::setupStatements()
+
+void Bind2Backend::setupStatements()
{ return; }
+
void Bind2Backend::freeStatements()
{ return; }
#else
+#include "pdns/bind-dnssec.schema.sqlite3.sql.h"
+#include "pdns/logger.hh"
#include "pdns/ssqlite3.hh"
+
void Bind2Backend::setupDNSSEC()
{
- // cerr<<"Settting up dnssec db.. "<<getArg("dnssec-db") <<endl;
if(getArg("dnssec-db").empty() || d_hybrid)
return;
try {
d_dnssecdb->setLog(::arg().mustDo("query-logging"));
}
-void Bind2Backend::setupStatements()
+void Bind2Backend::setupStatements()
{
d_getAllDomainMetadataQuery_stmt = d_dnssecdb->prepare("select kind, content from domainmetadata where domain=:domain",1);
d_getDomainMetadataQuery_stmt = d_dnssecdb->prepare("select content from domainmetadata where domain=:domain and kind=:kind",2);
*stmt = NULL;
}
-void Bind2Backend::freeStatements()
+void Bind2Backend::freeStatements()
{
- release(&d_getAllDomainMetadataQuery_stmt);
- release(&d_getDomainMetadataQuery_stmt);
- release(&d_deleteDomainMetadataQuery_stmt);
- release(&d_insertDomainMetadataQuery_stmt);
- release(&d_getDomainKeysQuery_stmt);
- release(&d_deleteDomainKeyQuery_stmt);
- release(&d_insertDomainKeyQuery_stmt);
- release(&d_activateDomainKeyQuery_stmt);
- release(&d_deactivateDomainKeyQuery_stmt);
- release(&d_getTSIGKeyQuery_stmt);
- release(&d_setTSIGKeyQuery_stmt);
- release(&d_deleteTSIGKeyQuery_stmt);
- release(&d_getTSIGKeysQuery_stmt);
+ release(&d_getAllDomainMetadataQuery_stmt);
+ release(&d_getDomainMetadataQuery_stmt);
+ release(&d_deleteDomainMetadataQuery_stmt);
+ release(&d_insertDomainMetadataQuery_stmt);
+ release(&d_getDomainKeysQuery_stmt);
+ release(&d_deleteDomainKeyQuery_stmt);
+ release(&d_insertDomainKeyQuery_stmt);
+ release(&d_activateDomainKeyQuery_stmt);
+ release(&d_deactivateDomainKeyQuery_stmt);
+ release(&d_getTSIGKeyQuery_stmt);
+ release(&d_setTSIGKeyQuery_stmt);
+ release(&d_deleteTSIGKeyQuery_stmt);
+ release(&d_getTSIGKeysQuery_stmt);
}
+
bool Bind2Backend::doesDNSSEC()
{
return d_dnssecdb || d_hybrid;
}
-bool Bind2Backend::getNSEC3PARAM(const DNSName& zname, NSEC3PARAMRecordContent* ns3p)
+bool Bind2Backend::getNSEC3PARAM(const DNSName& name, NSEC3PARAMRecordContent* ns3p)
{
if(!d_dnssecdb || d_hybrid)
return false;
string value;
vector<string> meta;
- getDomainMetadata(zname, "NSEC3PARAM", meta);
+ getDomainMetadata(name, "NSEC3PARAM", meta);
if(!meta.empty())
value=*meta.begin();
-
- if(value.empty()) { // "no NSEC3"
- return false;
- }
-
+ else
+ return false; // No NSEC3 zone
+
+ static int maxNSEC3Iterations=::arg().asNum("max-nsec3-iterations");
if(ns3p) {
NSEC3PARAMRecordContent* tmp=dynamic_cast<NSEC3PARAMRecordContent*>(DNSRecordContent::mastermake(QType::NSEC3PARAM, 1, value));
*ns3p = *tmp;
delete tmp;
}
+ if (ns3p->d_iterations > maxNSEC3Iterations) {
+ ns3p->d_iterations = maxNSEC3Iterations;
+ L<<Logger::Error<<"Number of NSEC3 iterations for zone '"<<name.toString()<<"' is above 'max-nsec3-iterations'. Value adjsted to: "<<maxNSEC3Iterations<<endl;
+ }
return true;
}
if(!d_dnssecdb || d_hybrid)
return false;
- // cerr<<"Asked to get metadata for zone '"<<name<<"'|"<<kind<<"\n";
-
try {
d_getAllDomainMetadataQuery_stmt->
bind("domain", name)->
d_getAllDomainMetadataQuery_stmt->reset();
}
catch(SSqlException& se) {
- throw PDNSException("Error accessing DNSSEC database in BIND backend: "+se.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, getAllDomainMetadata(): "+se.txtReason());
}
return true;
}
{
if(!d_dnssecdb || d_hybrid)
return false;
-
- // cerr<<"Asked to get metadata for zone '"<<name<<"'|"<<kind<<"\n";
-
+
try {
d_getDomainMetadataQuery_stmt->
bind("domain", name)->
bind("kind", kind)->
- execute();
-
+ execute();
+
SSqlStatement::row_t row;
while(d_getDomainMetadataQuery_stmt->hasNextRow()) {
d_getDomainMetadataQuery_stmt->nextRow(row);
d_getDomainMetadataQuery_stmt->reset();
}
catch(SSqlException& se) {
- throw PDNSException("Error accessing DNSSEC database in BIND backend: "+se.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, getDomainMetadata(): "+se.txtReason());
}
return true;
}
{
if(!d_dnssecdb || d_hybrid)
return false;
-
+
try {
d_deleteDomainMetadataQuery_stmt->
bind("domain", name)->
execute()->
reset();
if(!meta.empty()) {
- BOOST_FOREACH(const string& value, meta) {
+ for(const auto& value: meta) {
d_insertDomainMetadataQuery_stmt->
bind("domain", name)->
bind("kind", kind)->
}
}
catch(SSqlException& se) {
- throw PDNSException("Error accessing DNSSEC database in BIND backend: "+se.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, setDomainMetadata(): "+se.txtReason());
}
return true;
-
}
bool Bind2Backend::getDomainKeys(const DNSName& name, unsigned int kind, std::vector<KeyData>& keys)
{
- // cerr<<"Asked to get keys for zone '"<<name<<"'\n";
if(!d_dnssecdb || d_hybrid)
return false;
+
try {
d_getDomainKeysQuery_stmt->
bind("domain", name)->
execute();
+
KeyData kd;
SSqlStatement::row_t row;
while(d_getDomainKeysQuery_stmt->hasNextRow()) {
kd.content = row[3];
keys.push_back(kd);
}
+
d_getDomainKeysQuery_stmt->reset();
}
catch(SSqlException& se) {
- throw PDNSException("Error accessing DNSSEC database in BIND backend: "+se.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, getDomainKeys(): "+se.txtReason());
}
-
return true;
}
if(!d_dnssecdb || d_hybrid)
return false;
- // cerr<<"Asked to remove key "<<id<<" in zone '"<<name<<"'\n";
-
try {
d_deleteDomainKeyQuery_stmt->
bind("domain", name)->
reset();
}
catch(SSqlException& se) {
- cerr<<se.txtReason() <<endl;
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, removeDomainKeys(): "+se.txtReason());
}
-
return true;
}
{
if(!d_dnssecdb || d_hybrid)
return -1;
-
- //cerr<<"Asked to add a key to zone '"<<name<<"'\n";
-
+
try {
d_insertDomainKeyQuery_stmt->
bind("domain", name)->
reset();
}
catch(SSqlException& se) {
- throw PDNSException("Error accessing DNSSEC database in BIND backend: "+se.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, addDomainKey(): "+se.txtReason());
}
-
return true;
}
bool Bind2Backend::activateDomainKey(const DNSName& name, unsigned int id)
{
- // cerr<<"Asked to activate key "<<id<<" inzone '"<<name<<"'\n";
if(!d_dnssecdb || d_hybrid)
return false;
-
+
try {
d_activateDomainKeyQuery_stmt->
bind("domain", name)->
reset();
}
catch(SSqlException& se) {
- throw PDNSException("Error accessing DNSSEC database in BIND backend: "+se.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, activateDomainKey(): "+se.txtReason());
}
-
return true;
}
bool Bind2Backend::deactivateDomainKey(const DNSName& name, unsigned int id)
{
- // cerr<<"Asked to deactivate key "<<id<<" inzone '"<<name<<"'\n";
if(!d_dnssecdb || d_hybrid)
return false;
-
+
try {
d_deactivateDomainKeyQuery_stmt->
bind("domain", name)->
reset();
}
catch(SSqlException& se) {
- throw PDNSException("Error accessing DNSSEC database in BIND backend: "+se.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, deactivateDomainKey(): "+se.txtReason());
}
-
return true;
}
{
if(!d_dnssecdb || d_hybrid)
return false;
-
+
try {
d_getTSIGKeyQuery_stmt->
bind("key_name", name)->
execute();
+
SSqlStatement::row_t row;
content->clear();
while(d_getTSIGKeyQuery_stmt->hasNextRow()) {
d_getTSIGKeyQuery_stmt->nextRow(row);
- if(row.size() >= 2 && (algorithm->empty() || *algorithm == DNSName(row[0]))) {
+ if(row.size() >= 2 && (algorithm->empty() || *algorithm == row[0])) {
*algorithm = row[0];
*content = row[1];
}
}
+
d_getTSIGKeyQuery_stmt->reset();
}
catch (SSqlException &e) {
- throw PDNSException("BindBackend unable to retrieve named TSIG key: "+e.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, getTSIGKey(): "+e.txtReason());
}
-
return !content->empty();
}
reset();
}
catch (SSqlException &e) {
- throw PDNSException("BindBackend unable to retrieve named TSIG key: "+e.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, setTSIGKey(): "+e.txtReason());
}
-
return true;
}
reset();
}
catch (SSqlException &e) {
- throw PDNSException("BindBackend unable to retrieve named TSIG key: "+e.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, deleteTSIGKey(): "+e.txtReason());
}
-
return true;
}
try {
d_getTSIGKeysQuery_stmt->
- execute();
+ execute();
SSqlStatement::row_t row;
-
while(d_getTSIGKeysQuery_stmt->hasNextRow()) {
d_getTSIGKeysQuery_stmt->nextRow(row);
struct TSIGKey key;
d_getTSIGKeysQuery_stmt->reset();
}
catch (SSqlException &e) {
- throw PDNSException("GSQLBackend unable to retrieve all TSIG keys: "+e.txtReason());
+ throw PDNSException("Error accessing DNSSEC database in BIND backend, getTSIGKeys(): "+e.txtReason());
}
-
return !keys.empty();
}
-
#endif
projects / thirdparty / pdns.git / commitdiff
