static isc_result_t
add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
- dns_rdatatype_t type, dns_diff_t *diff, dst_key_t **keys,
- unsigned int nkeys, isc_mem_t *mctx, isc_stdtime_t inception,
- isc_stdtime_t expire, bool check_ksk,
- bool keyset_kskonly)
+ dns_zone_t* zone, dns_rdatatype_t type, dns_diff_t *diff,
+ dst_key_t **keys, unsigned int nkeys, isc_mem_t *mctx,
+ isc_stdtime_t inception, isc_stdtime_t expire,
+ bool check_ksk, bool keyset_kskonly)
{
isc_result_t result;
dns_dbnode_t *node = NULL;
+ dns_stats_t* dnssecsignstats = dns_zone_getdnssecsignstats(zone);
dns_rdataset_t rdataset;
dns_rdata_t sig_rdata = DNS_RDATA_INIT;
unsigned char data[1024]; /* XXX */
CHECK(dns_dnssec_sign(name, &rdataset, keys[i],
&inception, &expire,
mctx, &buffer, &sig_rdata));
+
/* Update the database and journal with the RRSIG. */
/* XXX inefficient - will cause dataset merging */
CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADDRESIGN,
name, rdataset.ttl, &sig_rdata));
-
dns_rdata_reset(&sig_rdata);
isc_buffer_init(&buffer, data, sizeof(data));
+
+ /* Update DNSSEC sign statistics. */
+ if (dnssecsignstats != NULL) {
+ dns_dnssecsignstats_increment(dnssecsignstats,
+ dst_key_id(keys[i]));
+ }
}
failure:
break;
}
- result = add_sigs(db, version, name, covers, zonediff.diff,
- zone_keys, nkeys, zone->mctx, inception,
- expire, check_ksk, keyset_kskonly);
+ result = add_sigs(db, version, name, zone, covers,
+ zonediff.diff, zone_keys, nkeys, zone->mctx,
+ inception, expire, check_ksk, keyset_kskonly);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_resigninc:add_sigs -> %s",
* Generate maximum life time signatures so that the above loop
* termination is sensible.
*/
- result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
+ result = add_sigs(db, version, &zone->origin, zone, dns_rdatatype_soa,
zonediff.diff, zone_keys, nkeys, zone->mctx,
inception, soaexpire, check_ksk, keyset_kskonly);
if (result != ISC_R_SUCCESS) {
}
static isc_result_t
-sign_a_node(dns_db_t *db, dns_name_t *name, dns_dbnode_t *node,
- dns_dbversion_t *version, bool build_nsec3,
- bool build_nsec, dst_key_t *key,
+sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name,
+ dns_dbnode_t *node, dns_dbversion_t *version,
+ bool build_nsec3, bool build_nsec, dst_key_t *key,
isc_stdtime_t inception, isc_stdtime_t expire,
unsigned int minimum, bool is_ksk,
bool keyset_kskonly, bool is_bottom_of_zone,
dns_rdatasetiter_t *iterator = NULL;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_stats_t* dnssecsignstats = dns_zone_getdnssecsignstats(zone);
+
isc_buffer_t buffer;
unsigned char data[1024];
bool seen_soa, seen_ns, seen_rr, seen_nsec, seen_nsec3, seen_ds;
CHECK(update_one_rr(db, version, diff, DNS_DIFFOP_ADDRESIGN,
name, rdataset.ttl, &rdata));
dns_rdata_reset(&rdata);
+
+ /* Update DNSSEC sign statistics. */
+ if (dnssecsignstats != NULL) {
+ dns_dnssecsignstats_increment(dnssecsignstats,
+ dst_key_id(key));
+ }
+
(*signatures)--;
next_rdataset:
dns_rdataset_disassociate(&rdataset);
dns_result_totext(result));
return (result);
}
- result = add_sigs(db, version, &tuple->name,
+ result = add_sigs(db, version, &tuple->name, zone,
tuple->rdata.type, zonediff->diff,
zone_keys, nkeys, zone->mctx, inception,
exp, check_ksk, keyset_kskonly);
goto failure;
}
- result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
+ result = add_sigs(db, version, &zone->origin, zone, dns_rdatatype_soa,
zonediff.diff, zone_keys, nkeys, zone->mctx,
inception, soaexpire, check_ksk, keyset_kskonly);
if (result != ISC_R_SUCCESS) {
continue;
}
- CHECK(sign_a_node(db, name, node, version, build_nsec3,
- build_nsec, zone_keys[i], inception,
- expire, zone->minimum, is_ksk,
+ CHECK(sign_a_node(db, zone, name, node, version,
+ build_nsec3, build_nsec,
+ zone_keys[i], inception, expire,
+ zone->minimum, is_ksk,
(both && keyset_kskonly),
is_bottom_of_zone, zonediff.diff,
&signatures, zone->mctx));
* Generate maximum life time signatures so that the above loop
* termination is sensible.
*/
- result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
+ result = add_sigs(db, version, &zone->origin, zone, dns_rdatatype_soa,
zonediff.diff, zone_keys, nkeys, zone->mctx,
inception, soaexpire, check_ksk, keyset_kskonly);
if (result != ISC_R_SUCCESS) {
dns_result_totext(result));
goto failure;
}
- result = add_sigs(db, ver, &zone->origin, dns_rdatatype_dnskey,
- zonediff->diff, zone_keys, nkeys, zone->mctx,
- inception, keyexpire, check_ksk,
- keyset_kskonly);
+ result = add_sigs(db, ver, &zone->origin, zone,
+ dns_rdatatype_dnskey, zonediff->diff,
+ zone_keys, nkeys, zone->mctx, inception,
+ keyexpire, check_ksk, keyset_kskonly);
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR,
"sign_apex:add_sigs -> %s",
projects / thirdparty / bind9.git / commitdiff
