From: Kees Monshouwer Date: Tue, 15 Feb 2022 19:09:20 +0000 (+0100) Subject: auth: make it possible to completely disable LUA records X-Git-Tag: auth-4.8.0-alpha0~61^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F11350%2Fhead;p=thirdparty%2Fpdns.git auth: make it possible to completely disable LUA records --- diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 7459ec82ed..be09f07087 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -629,12 +629,27 @@ void PacketHandler::emitNSEC(std::unique_ptr& r, const DNSName& name, } DNSZoneRecord rr; +#ifdef HAVE_LUA_RECORDS + bool first{true}; + bool doLua{false}; +#endif B.lookup(QType(QType::ANY), name, d_sd.domain_id); while(B.get(rr)) { #ifdef HAVE_LUA_RECORDS - if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.qname)) + if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.qname)) { + first = false; + doLua = g_doLuaRecord; + if (!doLua) { + string val; + d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val); + doLua = (val == "1"); + } + } + + if (rr.dr.d_type == QType::LUA && doLua) { nrc.set(getRR(rr.dr)->d_type); + } else #endif if (d_doExpandALIAS && rr.dr.d_type == QType::ALIAS) { @@ -699,11 +714,27 @@ void PacketHandler::emitNSEC3(std::unique_ptr& r, const NSEC3PARAMRec } } +#ifdef HAVE_LUA_RECORDS + bool first{true}; + bool doLua{false}; +#endif + B.lookup(QType(QType::ANY), name, d_sd.domain_id); while(B.get(rr)) { #ifdef HAVE_LUA_RECORDS - if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.qname)) + if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.qname)) { + first = false; + doLua = g_doLuaRecord; + if (!doLua) { + string val; + d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val); + doLua = (val == "1"); + } + } + + if (rr.dr.d_type == QType::LUA && doLua) { n3rc.set(getRR(rr.dr)->d_type); + } else #endif if (d_doExpandALIAS && rr.dr.d_type == QType::ALIAS) {