From: d-wibowo <d.wibowo@samsung.com>
Date: Fri, 23 Aug 2024 06:30:23 +0000 (+0700)
Subject: auth: added a new config for direct queries of dnskey signature
X-Git-Tag: dnsdist-2.0.0-alpha1~154^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=141ded72f4da92408bad7df2b08c81a76e9fd624;p=thirdparty%2Fpdns.git

auth: added a new config for direct queries of dnskey signature
---

diff --git a/pdns/auth-main.cc b/pdns/auth-main.cc
index 691242143f..722ae7e860 100644
--- a/pdns/auth-main.cc
+++ b/pdns/auth-main.cc
@@ -295,6 +295,7 @@ static void declareArguments()
 
   ::arg().setSwitch("traceback-handler", "Enable the traceback handler (Linux only)") = "yes";
   ::arg().setSwitch("direct-dnskey", "Fetch DNSKEY, CDS and CDNSKEY RRs from backend during DNSKEY or CDS/CDNSKEY synthesis") = "no";
+  ::arg().setSwitch("direct-dnskey-signature", "Fetch signature of DNSKEY RRs from backend directly") = "no";
   ::arg().set("default-ksk-algorithm", "Default KSK algorithm") = "ecdsa256";
   ::arg().set("default-ksk-size", "Default KSK size (0 means default)") = "0";
   ::arg().set("default-zsk-algorithm", "Default ZSK algorithm") = "";
diff --git a/pdns/dnssecsigner.cc b/pdns/dnssecsigner.cc
index 0e122c11a3..041a642a50 100644
--- a/pdns/dnssecsigner.cc
+++ b/pdns/dnssecsigner.cc
@@ -151,7 +151,7 @@ static void addSignature(DNSSECKeeper& dk, UeberBackend& db, const DNSName& sign
   if(toSign.empty())
     return;
   vector<RRSIGRecordContent> rrcs;
-  if(dk.isPresigned(signer)) {
+  if(dk.isPresigned(signer) || (::arg().mustDo("direct-dnskey-signature") && signQType == QType::DNSKEY)) {
     //cerr<<"Doing presignatures"<<endl;
     dk.getPreRRSIGs(db, outsigned, origTTL, packet); // does it all
   }