From: Peter van Dijk Date: Thu, 28 Nov 2019 14:34:50 +0000 (+0100) Subject: auth: add default-publish-{cds|cdnskey} options, fixes #6466 X-Git-Tag: auth-4.3.0-beta1~10^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c70945512c49523e670a4f8cf186721307310b64;p=thirdparty%2Fpdns.git auth: add default-publish-{cds|cdnskey} options, fixes #6466 --- diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 9ad7459e21..0b48246b32 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -207,6 +207,8 @@ void declareArguments() ::arg().set("default-zsk-algorithm","Default ZSK algorithm")=""; ::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0"; ::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3 + ::arg().set("default-publish-cdnskey","Default value for PUBLISH-CDNSKEY")=""; + ::arg().set("default-publish-cds","Default value for PUBLISH-CDS")=""; ::arg().set("include-dir","Include *.conf files from this directory"); ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com."; diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc index 1324240cbb..8500eae5a8 100644 --- a/pdns/dbdnsseckeeper.cc +++ b/pdns/dbdnsseckeeper.cc @@ -388,6 +388,11 @@ bool DNSSECKeeper::setPublishCDS(const DNSName& zname, const string& digestAlgos return d_keymetadb->setDomainMetadata(zname, "PUBLISH-CDS", meta); } +void DNSSECKeeper::getPublishCDS(const DNSName& zname, std::string& value) +{ + getFromMetaOrDefault(zname, "PUBLISH-CDS", value, ::arg()["default-publish-cds"]); +} + /** * Remove domainmetadata to stop publishing CDS records for zone zname * @@ -414,6 +419,11 @@ bool DNSSECKeeper::setPublishCDNSKEY(const DNSName& zname) return d_keymetadb->setDomainMetadata(zname, "PUBLISH-CDNSKEY", meta); } +void DNSSECKeeper::getPublishCDNSKEY(const DNSName& zname, std::string& value) +{ + getFromMetaOrDefault(zname, "PUBLISH-CDNSKEY", value, ::arg()["default-publish-cdnskey"]); +} + /** * Remove domainmetadata to stop publishing CDNSKEY records for zone zname * diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh index 848f5bcbdb..4bc773940a 100644 --- a/pdns/dnsseckeeper.hh +++ b/pdns/dnsseckeeper.hh @@ -205,8 +205,10 @@ public: bool setPresigned(const DNSName& zname); bool unsetPresigned(const DNSName& zname); bool setPublishCDNSKEY(const DNSName& zname); + void getPublishCDNSKEY(const DNSName& zname, std::string& value); bool unsetPublishCDNSKEY(const DNSName& zname); bool setPublishCDS(const DNSName& zname, const string& digestAlgos); + void getPublishCDS(const DNSName& zname, std::string& value); bool unsetPublishCDS(const DNSName& zname); bool TSIGGrantsAccess(const DNSName& zone, const DNSName& keyname); diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index f1d4f28738..917b9b5709 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -108,7 +108,7 @@ PacketHandler::~PacketHandler() bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr& r, const SOAData& sd) { string publishCDNSKEY; - d_dk.getFromMeta(p.qdomain, "PUBLISH-CDNSKEY", publishCDNSKEY); + d_dk.getPublishCDNSKEY(p.qdomain,publishCDNSKEY); if (publishCDNSKEY != "1") return false; @@ -187,7 +187,7 @@ bool PacketHandler::addDNSKEY(DNSPacket& p, std::unique_ptr& r, const bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr& r, const SOAData& sd) { string publishCDS; - d_dk.getFromMeta(p.qdomain, "PUBLISH-CDS", publishCDS); + d_dk.getPublishCDS(p.qdomain, publishCDS); if (publishCDS.empty()) return false; @@ -497,11 +497,11 @@ void PacketHandler::emitNSEC(std::unique_ptr& r, const SOAData& sd, c nrc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table nrc.set(QType::DNSKEY); string publishCDNSKEY; - d_dk.getFromMeta(name, "PUBLISH-CDNSKEY", publishCDNSKEY); + d_dk.getPublishCDNSKEY(name, publishCDNSKEY); if (publishCDNSKEY == "1") nrc.set(QType::CDNSKEY); string publishCDS; - d_dk.getFromMeta(name, "PUBLISH-CDS", publishCDS); + d_dk.getPublishCDS(name, publishCDS); if (! publishCDS.empty()) nrc.set(QType::CDS); } @@ -546,11 +546,11 @@ void PacketHandler::emitNSEC3(std::unique_ptr& r, const SOAData& sd, n3rc.set(QType::NSEC3PARAM); n3rc.set(QType::DNSKEY); string publishCDNSKEY; - d_dk.getFromMeta(name, "PUBLISH-CDNSKEY", publishCDNSKEY); + d_dk.getPublishCDNSKEY(name, publishCDNSKEY); if (publishCDNSKEY == "1") n3rc.set(QType::CDNSKEY); string publishCDS; - d_dk.getFromMeta(name, "PUBLISH-CDS", publishCDS); + d_dk.getPublishCDS(name, publishCDS); if (! publishCDS.empty()) n3rc.set(QType::CDS); }