From: Peter van Dijk <peter.van.dijk@netherlabs.nl>
Date: Fri, 23 Nov 2012 15:02:55 +0000 (+0000)
Subject: add EXPERIMENTAL direct-dnssec feature to aid in secure transfers
X-Git-Tag: auth-3.2-rc2~81
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4a6ea260e77857625d37763529ebc5d57f584eba;p=thirdparty%2Fpdns.git

add EXPERIMENTAL direct-dnssec feature to aid in secure transfers

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2920 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 1899e360ef..16f46d3ff9 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -139,6 +139,7 @@ void declareArguments()
   ::arg().set("lua-prequery-script", "Lua script with prequery handler")="";
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
+  ::arg().setSwitch("direct-dnskey","EXPERIMENTAL: fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
 }
 
 void declareStats(void)
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index b007ab2ba1..d2c8c29bb8 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -221,6 +221,15 @@ bool PacketHandler::addDNSKEY(DNSPacket *p, DNSPacket *r, const SOAData& sd)
     r->addRecord(rr);
     haveOne=true;
   }
+
+  if(::arg().mustDo("direct-dnskey")) {
+    B.lookup(QType(QType::DNSKEY), p->qdomain, p, sd.domain_id);
+    while(B.get(rr)) {
+      r->addRecord(rr);
+      haveOne=true;
+    }
+  }
+
   return haveOne;
 }
 
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index 4bc33843c0..8532bd23ef 100644
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -49,6 +49,11 @@
 #
 # default-ttl=3600
 
+#################################
+# direct-dnskey	EXPERIMENTAL: fetch DNSKEY RRs from backend during DNSKEY synthesis
+#
+# direct-dnskey=no
+
 #################################
 # disable-axfr	Disable zonetransfers but do allow TCP queries
 #