Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth: add support for dnssec removal to CDS/CDNSKEY #9631

Merged
merged 1 commit into from Oct 26, 2020
Merged

auth: add support for dnssec removal to CDS/CDNSKEY #9631

merged 1 commit into from Oct 26, 2020

Conversation

mind04
Copy link
Contributor

@mind04 mind04 commented Oct 21, 2020
edited

Short description

PUBLISH-CDNSKEY = 0 and PUBLISH-CDS = 0 now create a dnssec delete cds/cdnskey

"pdnsutil set-publish-cdnskey ZONE delete" and "pdnsutil set-publish-cds ZONE 0" can be used to create these metadata items.

Closes: #8545

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@Habbie Habbie added this to the auth-4.4.0-alpha2 milestone Oct 21, 2020
@crami
Copy link

crami commented Oct 22, 2020

Would it also be possible to integrate this into a potential 4.3.x release?

pieterlexis
pieterlexis approved these changes Oct 22, 2020
View reviewed changes
Copy link
Contributor

@pieterlexis pieterlexis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

look (very) good to me, 1 nit. An API test would be nice.

pdns/packethandler.cc Outdated

if (publishCDNSKEY == "0") { // delete DS via CDNSKEY
rr.dr.d_content=std::make_shared<DNSKEYRecordContent>("0 3 0 AA==");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"0 3 0 AA==" and "0 0 0 00" are candidates to become two const static string

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with https://www.rfc-editor.org/errata/eid5049 in a comment near them

@mind04
Copy link
Contributor Author

mind04 commented Oct 22, 2020

look (very) good to me, 1 nit. An API test would be nice.

From API perspective (PUBLISH-)CDNSKEY/(PUBLISH-)CDS is not special, it is just metadata. Metadata modification is already covered by the current API tests.

@Habbie Habbie merged commit 13b86de into PowerDNS:master Oct 26, 2020
@mind04 mind04 deleted the pdns-cds-cdnskey branch October 26, 2020 10:58
@peterthomassen peterthomassen mentioned this pull request Jul 22, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Habbie Habbie Habbie left review comments

@pieterlexis pieterlexis pieterlexis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auth feature request: ability to publish RFC8078 "DELETE" CDS/CDNSKEY records
4 participants
@mind04 @crami @Habbie @pieterlexis