From: Kees Monshouwer Date: Sat, 22 Oct 2016 20:33:00 +0000 (+0200) Subject: ordername is now always relative in pdns core X-Git-Tag: dnsdist-1.1.0~4^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96e63d771b3d42cff95f5a8271f8d01ea10241e4;p=thirdparty%2Fpdns.git ordername is now always relative in pdns core --- diff --git a/modules/luabackend/dnssec.cc b/modules/luabackend/dnssec.cc index 9802e5a68b..6de0b67d56 100644 --- a/modules/luabackend/dnssec.cc +++ b/modules/luabackend/dnssec.cc @@ -72,7 +72,7 @@ bool LUABackend::updateDNSSECOrderAndAuth(uint32_t domain_id, const DNSName& zon return ok; } -bool LUABackend::updateDNSSECOrderNameAndAuth(unsigned int, DNSName const&, DNSName const&, DNSName const&, bool, unsigned short) +bool LUABackend::updateDNSSECOrderNameAndAuth(unsigned int, DNSName const&, DNSName const&, bool, unsigned short) { return false; } diff --git a/modules/luabackend/luabackend.hh b/modules/luabackend/luabackend.hh index 5f3c12b902..97b0c8d4bb 100644 --- a/modules/luabackend/luabackend.hh +++ b/modules/luabackend/luabackend.hh @@ -101,7 +101,7 @@ public: bool addDomainKey(const DNSName& name, const KeyData& key, int64_t& id) override ; bool updateDNSSECOrderAndAuthAbsolute(uint32_t domain_id, const DNSName& qname, const std::string& ordername, bool auth); bool getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qname, DNSName& unhashed, DNSName& before, DNSName& after) override; - bool updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& zonename, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t qtype=QType::ANY) override; + bool updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t qtype=QType::ANY) override; bool updateDNSSECOrderAndAuth(uint32_t domain_id, const DNSName& zonename, const DNSName& qname, bool auth); // OTHER void reload() override ; diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc index e1a1ab4913..8a2b716c7e 100644 --- a/pdns/backends/gsql/gsqlbackend.cc +++ b/pdns/backends/gsql/gsqlbackend.cc @@ -428,7 +428,7 @@ void GSQLBackend::getUpdatedMasters(vector *updatedDomains) } } -bool GSQLBackend::updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& zonename, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t qtype) +bool GSQLBackend::updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t qtype) { if(!d_dnssecQueries) return false; @@ -437,7 +437,7 @@ bool GSQLBackend::updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName if (qtype == QType::ANY) { try { d_updateOrderNameAndAuthQuery_stmt-> - bind("ordername", ordername.makeRelative(zonename).labelReverse().toString(" ", false))-> + bind("ordername", ordername.labelReverse().toString(" ", false))-> bind("auth", auth)-> bind("domain_id", domain_id)-> bind("qname", qname)-> @@ -450,7 +450,7 @@ bool GSQLBackend::updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName } else { try { d_updateOrderNameAndAuthTypeQuery_stmt-> - bind("ordername", ordername.makeRelative(zonename).labelReverse().toString(" ", false))-> + bind("ordername", ordername.labelReverse().toString(" ", false))-> bind("auth", auth)-> bind("domain_id", domain_id)-> bind("qname", qname)-> @@ -493,7 +493,7 @@ bool GSQLBackend::updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName return true; } -bool GSQLBackend::updateEmptyNonTerminals(uint32_t domain_id, const DNSName& zonename, set& insert, set& erase, bool remove) +bool GSQLBackend::updateEmptyNonTerminals(uint32_t domain_id, set& insert, set& erase, bool remove) { if(remove) { try { diff --git a/pdns/backends/gsql/gsqlbackend.hh b/pdns/backends/gsql/gsqlbackend.hh index 66ee09bf44..e27d350bc5 100644 --- a/pdns/backends/gsql/gsqlbackend.hh +++ b/pdns/backends/gsql/gsqlbackend.hh @@ -208,9 +208,9 @@ public: bool setAccount(const DNSName &domain, const string &account); virtual bool getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qname, DNSName& unhashed, DNSName& before, DNSName& after); - virtual bool updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& zonename, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t=QType::ANY); + virtual bool updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t=QType::ANY); - virtual bool updateEmptyNonTerminals(uint32_t domain_id, const DNSName& zonename, set& insert ,set& erase, bool remove); + virtual bool updateEmptyNonTerminals(uint32_t domain_id, set& insert ,set& erase, bool remove); virtual bool doesDNSSEC(); virtual bool calculateSOASerial(const DNSName& domain, const SOAData& sd, time_t& serial); diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh index de86ba146c..a034052c7b 100644 --- a/pdns/dnsbackend.hh +++ b/pdns/dnsbackend.hh @@ -198,12 +198,12 @@ public: virtual bool getBeforeAndAfterNames(uint32_t id, const DNSName& zonename, const DNSName& qname, DNSName& before, DNSName& after); - virtual bool updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& zonename, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t qtype=QType::ANY) + virtual bool updateDNSSECOrderNameAndAuth(uint32_t domain_id, const DNSName& qname, const DNSName& ordername, bool auth, const uint16_t qtype=QType::ANY) { return false; } - virtual bool updateEmptyNonTerminals(uint32_t domain_id, const DNSName& zonename, set& insert, set& erase, bool remove) + virtual bool updateEmptyNonTerminals(uint32_t domain_id, set& insert, set& erase, bool remove) { return false; } diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index 408ace66e9..63cea5cb1d 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -250,29 +250,29 @@ bool rectifyZone(DNSSECKeeper& dk, const DNSName& zone) if(haveNSEC3) // NSEC3 { if(!narrow && nsec3set.count(qname)) { - ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, qname))) + zone; + ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, qname))); if(!realrr) auth=true; } else if(!realrr) auth=false; } else if (realrr) // NSEC - ordername=qname; + ordername=qname.makeRelative(zone); if(g_verbose) cerr<<"'"< '"<< ordername <<"'"<updateDNSSECOrderNameAndAuth(sd.domain_id, zone, qname, ordername, auth); + sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, qname, ordername, auth); if(realrr) { if (dsnames.count(qname)) - sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, zone, qname, ordername, true, QType::DS); + sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, qname, ordername, true, QType::DS); if (!auth || nsset.count(qname)) { ordername.clear(); if(isOptOut && !dsnames.count(qname)) - sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, zone, qname, ordername, false, QType::NS); - sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, zone, qname, ordername, false, QType::A); - sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, zone, qname, ordername, false, QType::AAAA); + sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, qname, ordername, false, QType::NS); + sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, qname, ordername, false, QType::A); + sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, qname, ordername, false, QType::AAAA); } if(doent) @@ -312,7 +312,7 @@ bool rectifyZone(DNSSECKeeper& dk, const DNSName& zone) //cerr<<"Total: "<updateEmptyNonTerminals(sd.domain_id, zone, insnonterm, delnonterm, !doent); + sd.db->updateEmptyNonTerminals(sd.domain_id, insnonterm, delnonterm, !doent); } if(doent) { @@ -772,7 +772,7 @@ int increaseSerial(const DNSName& zone, DNSSECKeeper &dk) ordername=zone; if(g_verbose) cerr<<"'"< '"<< ordername <<"'"<updateDNSSECOrderNameAndAuth(sd.domain_id, zone, rrs[0].qname, ordername, true); + sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, rrs[0].qname, ordername, true); } sd.db->commitTransaction(); diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc index 9c08f8f8b3..b69dadad92 100644 --- a/pdns/rfc2136handler.cc +++ b/pdns/rfc2136handler.cc @@ -147,21 +147,21 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, ++ddepth; } while(shorter.chopOff()); - DNSName ordername = DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, qname))) + di->zone; + DNSName ordername = DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, qname))); if (! *narrow && (ddepth == 0 || (ddepth == 1 && nssets.count(qname)))) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, ordername, (ddepth == 0 )); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, (ddepth == 0 )); if (nssets.count(qname)) { if (ns3pr->d_flags) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, DNSName(), false, QType::NS ); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, DNSName(), false, QType::AAAA); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::NS ); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::A); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::AAAA); } } else { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, DNSName(), (ddepth == 0)); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), (ddepth == 0)); } if (ddepth == 1 || dssets.count(qname)) // FIXME400 && ? - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, ordername, false, QType::DS); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, false, QType::DS); } return 1; } @@ -241,23 +241,23 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, if(*haveNSEC3) { DNSName ordername; if(! *narrow) - ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, rr->d_name)))+di->zone; + ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, rr->d_name))); if (*narrow) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), auth); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), auth); else - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, ordername, auth); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, auth); if(!auth || rrType == QType::DS) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::NS); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::AAAA); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::NS); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::A); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::AAAA); } } else { // NSEC - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, rr->d_name, auth); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, rr->d_name.makeRelative(di->zone), auth); if(!auth || rrType == QType::DS) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::AAAA); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::A); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::AAAA); } } } @@ -308,33 +308,34 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, { DNSName ordername; if(! *narrow) - ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, rr->d_name)))+di->zone; + ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, rr->d_name))); if (*narrow) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), auth); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), auth); else - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, ordername, auth); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, auth); if (fixDS) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, ordername, true, QType::DS); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, true, QType::DS); if(!auth) { if (ns3pr->d_flags) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::NS); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::AAAA); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::NS); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::A); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::AAAA); } } else // NSEC { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, rr->d_name, auth); + DNSName ordername=rr->d_name.makeRelative(di->zone); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, auth); if (fixDS) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, rr->d_name, true, QType::DS); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, true, QType::DS); } if(!auth) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), false, QType::AAAA); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::A); + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::AAAA); } } @@ -354,21 +355,23 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, if(*haveNSEC3) { DNSName ordername; if(! *narrow) - ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, *qname)))+di->zone; + ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, *qname))); if (*narrow) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, rr->d_name, DNSName(), auth); // FIXME400 no *qname here? + di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), auth); // FIXME400 no *qname here? else - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, *qname, ordername, auth); + di->backend->updateDNSSECOrderNameAndAuth(di->id, *qname, ordername, auth); if (ns3pr->d_flags) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, *qname, DNSName(), false, QType::NS); + di->backend->updateDNSSECOrderNameAndAuth(di->id, *qname, DNSName(), false, QType::NS); + } + else { // NSEC + DNSName ordername=DNSName(*qname).makeRelative(di->zone); + di->backend->updateDNSSECOrderNameAndAuth(di->id, *qname, ordername, false, QType::NS); } - else // NSEC - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, *qname, *qname, false, QType::NS); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, *qname, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, *qname, DNSName(), false, QType::AAAA); + di->backend->updateDNSSECOrderNameAndAuth(di->id, *qname, DNSName(), false, QType::A); + di->backend->updateDNSSECOrderNameAndAuth(di->id, *qname, DNSName(), false, QType::AAAA); } } } @@ -421,18 +424,19 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, ++ddepth; } while(shorter.chopOff()); + DNSName ordername=qname.makeRelative(di->zone); if (!ents.count(qname) && (ddepth == 0 || (ddepth == 1 && nssets.count(qname)))) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, qname, (ddepth == 0)); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, (ddepth == 0)); if (nssets.count(qname)) { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, DNSName(), false, QType::A); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, DNSName(), false, QType::AAAA); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::A); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), false, QType::AAAA); } } else { - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, DNSName(), (ddepth == 0)); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, DNSName(), (ddepth == 0)); } if (ddepth == 1 || dssets.count(qname)) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, qname, qname, true, QType::DS); + di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, true, QType::DS); } return 1; } // end of NSEC3PARAM delete block @@ -488,12 +492,14 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, if(*haveNSEC3) { DNSName ordername; if(! *narrow) - ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, changeRec)))+di->zone; + ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, changeRec))); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, changeRec, ordername, true); + di->backend->updateDNSSECOrderNameAndAuth(di->id, changeRec, ordername, true); + } + else { // NSEC + DNSName ordername=changeRec.makeRelative(di->zone); + di->backend->updateDNSSECOrderNameAndAuth(di->id, changeRec, ordername, true); } - else // NSEC - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, changeRec, changeRec, true); } } @@ -552,15 +558,15 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, //Insert and delete ENT's if (insnonterm.size() > 0 || delnonterm.size() > 0) { DLOG(L<backend->updateEmptyNonTerminals(di->id, di->zone, insnonterm, delnonterm, false); + di->backend->updateEmptyNonTerminals(di->id, insnonterm, delnonterm, false); for (const auto &i: insnonterm) { string hashed; if(*haveNSEC3) { DNSName ordername; if(! *narrow) - ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, i)))+di->zone; - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, i, ordername, true); + ordername=DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, i))); + di->backend->updateDNSSECOrderNameAndAuth(di->id, i, ordername, true); } } } @@ -1010,14 +1016,16 @@ void PacketHandler::increaseSerial(const string &msgPrefix, const DomainInfo *di //Correct ordername + auth flag if (haveNSEC3 && narrow) - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, newRec.qname, DNSName(), true); + di->backend->updateDNSSECOrderNameAndAuth(di->id, newRec.qname, DNSName(), true); else if (haveNSEC3) { DNSName ordername; if (!narrow) - ordername = DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, newRec.qname)))+di->zone; + ordername = DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, newRec.qname))); - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, newRec.qname, ordername, true); + di->backend->updateDNSSECOrderNameAndAuth(di->id, newRec.qname, ordername, true); + } + else { // NSEC + DNSName ordername=newRec.qname.makeRelative(di->zone); + di->backend->updateDNSSECOrderNameAndAuth(di->id, newRec.qname, ordername, true); } - else // NSEC - di->backend->updateDNSSECOrderNameAndAuth(di->id, di->zone, newRec.qname, newRec.qname, true); }