add EXPERIMENTAL direct-dnssec feature to aid in secure transfers

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2920 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 1899e360efe7b5e66137e3efa04fbd8271517c5b..16f46d3ff90b6a46639b0ce4c2f2e2cd553c7b16 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -139,6 +139,7 @@ void declareArguments()
   ::arg().set("lua-prequery-script", "Lua script with prequery handler")="";
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
+  ::arg().setSwitch("direct-dnskey","EXPERIMENTAL: fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
 }
 
 void declareStats(void)

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index b007ab2ba1f8a225c8660c73418aa1636432239d..d2c8c29bb8c61868b82a670991221e58a50197e1 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -221,6 +221,15 @@ bool PacketHandler::addDNSKEY(DNSPacket *p, DNSPacket *r, const SOAData& sd)
     r->addRecord(rr);
     haveOne=true;
   }
+
+  if(::arg().mustDo("direct-dnskey")) {
+    B.lookup(QType(QType::DNSKEY), p->qdomain, p, sd.domain_id);
+    while(B.get(rr)) {
+      r->addRecord(rr);
+      haveOne=true;
+    }
+  }
+
   return haveOne;
 }
 

diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index 4bc33843c016135e0442f8127b96cb9c95b58285..8532bd23ef50fc29b1a812ce8181631fa058fbdb 100644 (file)
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -49,6 +49,11 @@
 #
 # default-ttl=3600
 
+#################################
+# direct-dnskey        EXPERIMENTAL: fetch DNSKEY RRs from backend during DNSKEY synthesis
+#
+# direct-dnskey=no
+
 #################################
 # disable-axfr Disable zonetransfers but do allow TCP queries
 #