exit(99);
}
+ // keep this ABOVE loadRecursorLuaConfig!
+ if(::arg()["dnssec"]=="off")
+ g_dnssecmode=DNSSECMode::Off;
+ else if(::arg()["dnssec"]=="process-no-validate")
+ g_dnssecmode=DNSSECMode::ProcessNoValidate;
+ else if(::arg()["dnssec"]=="process")
+ g_dnssecmode=DNSSECMode::Process;
+ else if(::arg()["dnssec"]=="validate")
+ g_dnssecmode=DNSSECMode::ValidateAll;
+ else if(::arg()["dnssec"]=="log-fail")
+ g_dnssecmode=DNSSECMode::ValidateForLog;
+ else {
+ L<<Logger::Error<<"Unknown DNSSEC mode "<<::arg()["dnssec"]<<endl;
+ exit(1);
+ }
+
+ g_dnssecLogBogus = ::arg().mustDo("dnssec-log-bogus");
+
loadRecursorLuaConfig(::arg()["lua-config-file"]);
parseACLs();
setupDelegationOnly();
g_outgoingEDNSBufsize=::arg().asNum("edns-outgoing-bufsize");
- if(::arg()["dnssec"]=="off")
- g_dnssecmode=DNSSECMode::Off;
- else if(::arg()["dnssec"]=="process-no-validate")
- g_dnssecmode=DNSSECMode::ProcessNoValidate;
- else if(::arg()["dnssec"]=="process")
- g_dnssecmode=DNSSECMode::Process;
- else if(::arg()["dnssec"]=="validate")
- g_dnssecmode=DNSSECMode::ValidateAll;
- else if(::arg()["dnssec"]=="log-fail")
- g_dnssecmode=DNSSECMode::ValidateForLog;
- else {
- L<<Logger::Error<<"Unknown DNSSEC mode "<<::arg()["dnssec"]<<endl;
- exit(1);
- }
-
- g_dnssecLogBogus = ::arg().mustDo("dnssec-log-bogus");
-
if(::arg()["trace"]=="fail") {
SyncRes::setDefaultLogMode(SyncRes::Store);
}
#include "base64.hh"
#include "remote_logger.hh"
#include "validate.hh"
+#include "validate-recursor.hh"
#include "root-dnssec.hh"
GlobalStateHolder<LuaConfigItems> g_luaconfs;
});
Lua.writeFunction("addDS", [&lci](const std::string& who, const std::string& what) {
+ warnIfDNSSECDisabled("Warning: adding Trust Anchor for DNSSEC (addDS), but dnssec is set to 'off'!");
DNSName zone(who);
auto ds = unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
lci.dsAnchors[zone].insert(*ds);
});
Lua.writeFunction("clearDS", [&lci](boost::optional<string> who) {
+ warnIfDNSSECDisabled("Warning: removing Trust Anchor for DNSSEC (clearDS), but dnssec is set to 'off'!");
if(who)
lci.dsAnchors.erase(DNSName(*who));
else
});
Lua.writeFunction("addNTA", [&lci](const std::string& who, const boost::optional<std::string> why) {
+ warnIfDNSSECDisabled("Warning: adding Negative Trust Anchor for DNSSEC (addNTA), but dnssec is set to 'off'!");
if(why)
lci.negAnchors[DNSName(who)] = static_cast<string>(*why);
else
});
Lua.writeFunction("clearNTA", [&lci](boost::optional<string> who) {
+ warnIfDNSSECDisabled("Warning: removing Negative Trust Anchor for DNSSEC (clearNTA), but dnssec is set to 'off'!");
if(who)
lci.negAnchors.erase(DNSName(*who));
else
int d_queries{0};
};
+void warnIfDNSSECDisabled(const string& msg) {
+ if(g_dnssecmode == DNSSECMode::Off)
+ L<<Logger::Warning<<msg<<endl;
+}
+
inline vState increaseDNSSECStateCounter(const vState& state)
{
g_stats.dnssecResults[state]++;
#include "dnsparser.hh"
#include "namespaces.hh"
#include "validate.hh"
+#include "logger.hh"
vState validateRecords(const vector<DNSRecord>& recs);
enum class DNSSECMode { Off, Process, ProcessNoValidate, ValidateForLog, ValidateAll };
extern DNSSECMode g_dnssecmode;
extern bool g_dnssecLogBogus;
+
+void warnIfDNSSECDisabled(const string& msg);
projects / thirdparty / pdns.git / commitdiff
