From: Michael Tremer Date: Mon, 8 Dec 2025 16:59:54 +0000 (+0000) Subject: dnsbl: Add ZONEMD records to the exported zones X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cecfd1a4a7edc7b7c4d9967f175f36f729d06ab9;p=dbl.git dnsbl: Add ZONEMD records to the exported zones Signed-off-by: Michael Tremer --- diff --git a/src/dnsbl/exporters.py b/src/dnsbl/exporters.py index 731feb8..ca24ba1 100644 --- a/src/dnsbl/exporters.py +++ b/src/dnsbl/exporters.py @@ -121,6 +121,9 @@ class RPZExporter(Exporter): # Create a new zone zone = dns.zone.Zone(origin) + # Make the serial + serial = self.list.updated_at.strftime("%s") + # Create the SOA soa = dns.rdataset.from_text( dns.rdataclass.IN, @@ -129,7 +132,7 @@ class RPZExporter(Exporter): " ".join(( "master.lwldns.net.", "hostmaster.ipfire.org.", - self.list.updated_at.strftime("%s"), + serial, "3600", "600", "3600000", @@ -143,11 +146,38 @@ class RPZExporter(Exporter): # Write all domains for domain in self.list.domains: zone.replace_rdataset( - dns.name.from_text("%s.%s" % (domain, self.list.zone)), + dns.name.from_text("%s.%s" % (domain, self.list.zone), origin=origin), dns.rdataset.from_text( dns.rdataclass.IN, dns.rdatatype.CNAME, ttl, rpz_action, ), ) + # Add ZONEMD + self.add_zonemd(zone, ttl) + # Write the zone to file zone.to_file(f) + + def add_zonemd(self, zone, ttl): + """ + Adds ZONEMD records to the zone + """ + # Create a new ZONEMD record + rrset = dns.rdataset.Rdataset( + dns.rdataclass.IN, dns.rdatatype.ZONEMD, ttl=ttl, + ) + + # Compute the digest for SHA-512 and SHA-384 + algorithms = ( + dns.zone.DigestHashAlgorithm.SHA512, + dns.zone.DigestHashAlgorithm.SHA384, + ) + + # Compute the digests + for algorithm in algorithms: + rrset.add( + zone.compute_digest(algorithm), + ) + + # Add the ZONEMD record + zone.replace_rdataset(zone.origin, rrset)