Permalink
Browse files

add global soa-edit settings

  • Loading branch information...
1 parent 665ac8c commit ec0ded7e9772334319b3ccfbd1eefa89da84ebff @mind04 mind04 committed with mind04 Oct 13, 2015
Showing with 43 additions and 6 deletions.
  1. +2 −0 pdns/common_startup.cc
  2. +17 −0 pdns/dbdnsseckeeper.cc
  3. +1 −0 pdns/dnsseckeeper.hh
  4. +10 −0 pdns/pdns.conf-dist
  5. +8 −1 pdns/pdnssec.cc
  6. +3 −3 pdns/rfc2136handler.cc
  7. +1 −1 pdns/serialtweaker.cc
  8. +1 −1 pdns/tcpreceiver.cc
@@ -138,6 +138,8 @@ void declareArguments()
::arg().set("soa-refresh-default","Default SOA refresh")="10800";
::arg().set("soa-retry-default","Default SOA retry")="3600";
::arg().set("soa-expire-default","Default SOA expire")="604800";
+ ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
+ ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")="";
::arg().set("slave-renotify", "If we should send out notifications for slaved updates")="no";
@@ -212,6 +212,23 @@ void DNSSECKeeper::getFromMeta(const std::string& zname, const std::string& key,
}
}
+void DNSSECKeeper::getSoaEdit(const std::string& zname, std::string& value)
+{
+ static const string soaEdit(::arg()["default-soa-edit"]);
+ static const string soaEditSigned(::arg()["default-soa-edit-signed"]);
+
+ getFromMeta(zname, "SOA-EDIT", value);
+
+ if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty() && !isPresigned(zname)) {
+ if (!soaEditSigned.empty() && isSecuredZone(zname))
+ value=soaEditSigned;
+ if (value.empty())
+ value=soaEdit;
+ }
+
+ return;
+}
+
uint64_t DNSSECKeeper::dbdnssecCacheSizes(const std::string& str)
{
if(str=="meta-cache-size") {
@@ -106,6 +106,7 @@ public:
}
void getFromMeta(const std::string& zname, const std::string& key, std::string& value);
+ void getSoaEdit(const std::string& zname, std::string& value);
private:
View
@@ -85,6 +85,16 @@
# default-ksk-size=0
#################################
+# default-soa-edit Default SOA-EDIT value
+#
+# default-soa-edit=
+
+#################################
+# default-soa-edit-signed Default SOA-EDIT value for signed zones
+#
+# default-soa-edit-signed=
+
+#################################
# default-soa-mail mail address to insert in the SOA record if none set in the backend
#
# default-soa-mail=
View
@@ -133,6 +133,8 @@ void loadMainConfig(const std::string& configdir)
::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
::arg().set("default-zsk-algorithms","Default ZSK algorithms")="rsasha256";
::arg().set("default-zsk-size","Default KSK size (0 means default)")="0";
+ ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
+ ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a zone")="100000";
::arg().set("module-dir","Default directory for modules")=PKGLIBDIR;
::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom";
@@ -665,9 +667,14 @@ int increaseSerial(const string& zone, DNSSECKeeper &dk)
cout<<"No SOA for zone '"<<zone<<"'"<<endl;
return -1;
}
+
+ if (dk.isPresigned(zone)) {
+ cerr<<"Serial increase of presigned zone '"<<zone<<"' is not allowed."<<endl;
+ return -1;
+ }
string soaEditKind;
- dk.getFromMeta(zone, "SOA-EDIT", soaEditKind);
+ dk.getSoaEdit(zone, soaEditKind);
sd.db->lookup(QType(QType::SOA), zone);
vector<DNSResourceRecord> rrs;
@@ -955,13 +955,13 @@ void PacketHandler::increaseSerial(const string &msgPrefix, const DomainInfo *di
if (!soaEdit2136Setting.empty()) {
soaEdit2136 = soaEdit2136Setting[0];
if (pdns_iequals(soaEdit2136, "SOA-EDIT") || pdns_iequals(soaEdit2136,"SOA-EDIT-INCREASE") ){
- vector<string> soaEditSetting;
- B.getDomainMetadata(di->zone, "SOA-EDIT", soaEditSetting);
+ string soaEditSetting;
+ d_dk.getSoaEdit(di->zone, soaEditSetting);
if (soaEditSetting.empty()) {
L<<Logger::Error<<msgPrefix<<"Using "<<soaEdit2136<<" for SOA-EDIT-DNSUPDATE increase on DNS update, but SOA-EDIT is not set for domain \""<< di->zone <<"\". Using DEFAULT for SOA-EDIT-DNSUPDATE"<<endl;
soaEdit2136 = "DEFAULT";
} else
- soaEdit = soaEditSetting[0];
+ soaEdit = soaEditSetting;
}
}
@@ -42,7 +42,7 @@ bool editSOA(DNSSECKeeper& dk, const string& qname, DNSPacket* dp)
BOOST_FOREACH(DNSResourceRecord& rr, rrs) {
if(rr.qtype.getCode() == QType::SOA && pdns_iequals(rr.qname,qname)) {
string kind;
- dk.getFromMeta(qname, "SOA-EDIT", kind);
+ dk.getSoaEdit(qname, kind);
return editSOARecord(rr, kind);
}
}
View
@@ -1021,7 +1021,7 @@ int TCPNameserver::doIXFR(shared_ptr<DNSPacket> q, int outsock)
}
string soaedit;
- dk.getFromMeta(target, "SOA-EDIT", soaedit);
+ dk.getSoaEdit(target, soaedit);
if (!rfc1982LessThan(serial, calculateEditSOA(sd, soaedit))) {
TSIGRecordContent trc;
string tsigkeyname, tsigsecret;

0 comments on commit ec0ded7

Please sign in to comment.