From 07a32d18e7df4cdfa43e88e774f3123415ddff35 Mon Sep 17 00:00:00 2001 From: Chris Hofstaedtler Date: Sun, 13 Oct 2019 21:06:45 +0200 Subject: [PATCH] Support optional ?dnssec=false flag on listing zones Defaults to true, so the behaviour is unchanged in 4.x. --- pdns/ws-auth.cc | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 5d22f43921..cd1798eb9f 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -322,13 +322,13 @@ static inline string makeBackendRecordContent(const QType& qtype, const string& return makeRecordContent(qtype, content, true); } -static Json::object getZoneInfo(const DomainInfo& di) { +static Json::object getZoneInfo(const DomainInfo& di, DNSSECKeeper* dk) { string zoneId = apiZoneNameToId(di.zone); vector masters; for(const auto& m : di.masters) masters.push_back(m.toStringWithPortExcept(53)); - return Json::object { + auto obj = Json::object { // id is the canonical lookup key, which doesn't actually match the name (in some cases) { "id", zoneId }, { "url", "/api/v1/servers/localhost/zones/" + zoneId }, @@ -337,10 +337,14 @@ static Json::object getZoneInfo(const DomainInfo& di) { { "account", di.account }, { "masters", masters }, { "serial", (double)di.serial }, - { "edited_serial", (double)calculateEditSOA(di.serial, *dk, di.zone) }, { "notified_serial", (double)di.notified_serial }, { "last_check", (double)di.last_check } }; + if (dk) { + obj["dnssec"] = dk->isSecuredZone(di.zone); + obj["edited_serial"] = (double)calculateEditSOA(di.serial, *dk, di.zone); + } + return obj; } static bool shouldDoRRSets(HttpRequest* req) { @@ -358,7 +362,7 @@ static void fillZone(UeberBackend& B, const DNSName& zonename, HttpResponse* res } DNSSECKeeper dk(&B); - Json::object doc = getZoneInfo(di); + Json::object doc = getZoneInfo(di, &dk); // extra stuff getZoneInfo doesn't do for us (more expensive) string soa_edit_api; di.backend->getDomainMetadataOne(zonename, "SOA-EDIT-API", soa_edit_api); @@ -1696,9 +1700,18 @@ static void apiServerZones(HttpRequest* req, HttpResponse* resp) { } } + bool with_dnssec = true; + if (req->getvars.count("dnssec")) { + // can send ?dnssec=false to improve performance. + string dnssec_flag = req->getvars["dnssec"]; + if (dnssec_flag == "false") { + with_dnssec = false; + } + } + Json::array doc; for(const DomainInfo& di : domains) { - doc.push_back(getZoneInfo(di)); + doc.push_back(getZoneInfo(di, with_dnssec ? &dk : nullptr)); } resp->setBody(doc); } -- 2.47.2