From: Kees Monshouwer Date: Sun, 15 Jun 2014 22:23:00 +0000 (+0200) Subject: reinstate, optional, bindbackend hybrid mode operation X-Git-Tag: auth-3.4.0-rc1~113^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aebddbd23ba64803b3f664ea25e06b481762eb87;p=thirdparty%2Fpdns.git reinstate, optional, bindbackend hybrid mode operation --- diff --git a/modules/bindbackend/bindbackend2.cc b/modules/bindbackend/bindbackend2.cc index f174d7ed96..20556208f5 100644 --- a/modules/bindbackend/bindbackend2.cc +++ b/modules/bindbackend/bindbackend2.cc @@ -421,7 +421,12 @@ void Bind2Backend::alsoNotifies(const string &domain, set *ips) void Bind2Backend::parseZoneFile(BB2DomainInfo *bbd) { NSEC3PARAMRecordContent ns3pr; - bool nsec3zone=getNSEC3PARAM(bbd->d_name, &ns3pr); + bool nsec3zone; + if (d_hybrid) { + DNSSECKeeper dk; + nsec3zone=dk.getNSEC3PARAM(bbd->d_name, &ns3pr); + } else + nsec3zone=getNSEC3PARAM(bbd->d_name, &ns3pr); bbd->d_records = shared_ptr(new recordstorage_t()); @@ -588,8 +593,12 @@ Bind2Backend::Bind2Backend(const string &suffix, bool loadZones) { setArgPrefix("bind"+suffix); d_logprefix="[bind"+suffix+"backend]"; + d_hybrid=mustDo("hybrid"); s_ignore_broken_records=mustDo("ignore-broken-records"); + if (!loadZones && d_hybrid) + return; + Lock l(&s_startup_lock); d_transaction_id=0; @@ -914,7 +923,14 @@ bool Bind2Backend::getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string NSEC3PARAMRecordContent ns3pr; string auth=bbd.d_name; - if(!getNSEC3PARAM(auth, &ns3pr)) { + bool nsec3zone; + if (d_hybrid) { + DNSSECKeeper dk; + nsec3zone=dk.getNSEC3PARAM(auth, &ns3pr); + } else + nsec3zone=getNSEC3PARAM(auth, &ns3pr); + + if(!nsec3zone) { //cerr<<"in bind2backend::getBeforeAndAfterAbsolute: no nsec3 for "< d_dnssecdb; + bool d_hybrid; bool getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* ns3p); class handle { diff --git a/modules/bindbackend/binddnssec.cc b/modules/bindbackend/binddnssec.cc index bc50a3283f..ecbd59d32d 100644 --- a/modules/bindbackend/binddnssec.cc +++ b/modules/bindbackend/binddnssec.cc @@ -34,7 +34,7 @@ void Bind2Backend::setupDNSSEC() } bool Bind2Backend::doesDNSSEC() -{ return false; } +{ return d_hybrid; } bool Bind2Backend::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* ns3p) { return false; } @@ -55,7 +55,7 @@ bool Bind2Backend::removeDomainKey(const string& name, unsigned int id) { return false; } int Bind2Backend::addDomainKey(const string& name, const KeyData& key) -{ return false; } +{ return -1; } bool Bind2Backend::activateDomainKey(const string& name, unsigned int id) { return false; } @@ -80,7 +80,7 @@ bool Bind2Backend::getTSIGKeys(std::vector< struct TSIGKey > &keys) void Bind2Backend::setupDNSSEC() { // cerr<<"Settting up dnssec db.. "<(new SSQLite3(getArg("dnssec-db"))); @@ -95,11 +95,14 @@ void Bind2Backend::setupDNSSEC() bool Bind2Backend::doesDNSSEC() { - return true; + return d_dnssecdb || d_hybrid; } bool Bind2Backend::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* ns3p) { + if(!d_dnssecdb || d_hybrid) + return false; + string value; vector meta; getDomainMetadata(zname, "NSEC3PARAM", meta); @@ -120,7 +123,7 @@ bool Bind2Backend::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordConte bool Bind2Backend::getAllDomainMetadata(const string& name, std::map >& meta) { - if(!d_dnssecdb) + if(!d_dnssecdb || d_hybrid) return false; // cerr<<"Asked to get metadata for zone '"<& meta) { - if(!d_dnssecdb) + if(!d_dnssecdb || d_hybrid) return false; // cerr<<"Asked to get metadata for zone '"<& meta) { - if(!d_dnssecdb) + if(!d_dnssecdb || d_hybrid) return false; boost::format fmt("delete from domainmetadata where domain='%s' and kind='%s'"); @@ -184,7 +187,7 @@ bool Bind2Backend::setDomainMetadata(const string& name, const std::string& kind bool Bind2Backend::getDomainKeys(const string& name, unsigned int kind, std::vector& keys) { // cerr<<"Asked to get keys for zone '"< &keys) { - if(!d_dnssecdb) + if(!d_dnssecdb || d_hybrid) return false; try { diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index 53d1ba6f49..e9b65f1bb8 100644 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -13464,8 +13464,9 @@ $ pdnssec rectify-zone powerdnssec.org
PowerDNSSEC hybrid BIND-mode operation - This mode is only supported in 3.0 and 3.0.1! In 3.1 and up, the bindbackend - always does its own key storage. + This mode is only supported in 3.0, 3.0.1 and 3.4 and up! In 3.1 to 3.3.1, the bindbackend + always did its own key storage. + In 3.4 and up hybrid bind mode operation is optional and enabled with the bindbackend hybrid config option. @@ -19898,10 +19899,10 @@ VALUES (:zoneid, :ip) SlaveYes SuperslaveExperimental AutoserialNo - DNSSECYes, but no key storage + DNSSECYes Disabled dataNo CommentsNo - Module namenone (built in) + Module namebind Launchbind @@ -19950,6 +19951,22 @@ VALUES (:zoneid, :ip) + + bind-dnssec-db= + + + Filename to store and access our DNSSEC metadatabase, empty for none. + + + + + bind-hybrid= + + + Store DNSSEC keys and metadata storage in an other backend. + + +