Commit Diff
Diff:
37d0721c985912722d45fc68a096acdd7b8dc5e3
130ddff4bafff05bf79b9825fd84ae50411a7ae3
Commit:
130ddff4bafff05bf79b9825fd84ae50411a7ae3
Tree:
17065d5493f136dcc36102b0b685f9757320b71a
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Mon Sep 14 09:59:10 2015 UTC
Message:
Since NSEC3 records are already sorted in the zonefile (important) we exploit that fact and get the next closer RR in NXDOMAIN queries with a TAILQ by finding the next closer match and then backing up 1 record. This makes it considerable faster by 10-20 times what it was before.
blob - e628663c62606f91fc88a6bef3198fb9dc59a4ec
blob + ccf9a1b667276c4aa0ced073df499435e1227f82
--- dnssec.c
+++ dnssec.c
@@ -36,6 +36,8 @@
void init_dnssec(void);
int insert_apex(char *zonename, char *zone, int zonelen);
int insert_nsec3(char *zonename, char *domainname, char *dname, int dnamelen);
+char * find_next_closer_nsec3(char *zonename, int zonelen, char *hashname);
+char * find_match_nsec3(char *zonename, int zonelen, char *hashname);
struct domain * find_nsec(char *name, int namelen, struct domain *sd, DB *db);
struct domain * find_nsec3_match_qname(char *name, int namelen, struct domain *sd, DB *db);
struct domain * find_nsec3_match_closest(char *name, int namelen, struct domain *sd, DB *db);
@@ -59,20 +61,21 @@ extern void * find_substruct(struct domain *
SLIST_HEAD(listhead, dnssecentry) dnssechead;
+static struct nsec3entry {
+ char domainname[DNS_MAXNAME + 1];
+ char dname[DNS_MAXNAME];
+ int dnamelen;
+ TAILQ_ENTRY(nsec3entry) nsec3_entries;
+} *n3, *ns3p;
+
static struct dnssecentry {
char zonename[DNS_MAXNAME + 1];
char zone[DNS_MAXNAME];
int zonelen;
SLIST_ENTRY(dnssecentry) dnssec_entry;
- LIST_HEAD(, nsec3entry) nsec3head;
+ TAILQ_HEAD(a, nsec3entry) nsec3head;
} *dn, *dnp;
-static struct nsec3entry {
- char domainname[DNS_MAXNAME + 1];
- char dname[DNS_MAXNAME];
- int dnamelen;
- LIST_ENTRY(nsec3entry) nsec3_entries;
-} *n3, *ns3p;
void
init_dnssec(void)
@@ -99,7 +102,7 @@ insert_apex(char *zonename, char *zone, int zonelen)
memcpy(dn->zone, zone, zonelen);
dn->zonelen = zonelen;
- LIST_INIT(&dn->nsec3head);
+ TAILQ_INIT(&dn->nsec3head);
SLIST_INSERT_HEAD(&dnssechead, dn, dnssec_entry);
@@ -118,7 +121,7 @@ insert_nsec3(char *zonename, char *domainname, char *d
if (dnp == NULL)
return -1;
- n3 = calloc(1, sizeof(dnp->nsec3head));
+ n3 = calloc(1, sizeof(struct nsec3entry));
if (n3 == NULL)
return -1;
@@ -132,15 +135,91 @@ insert_nsec3(char *zonename, char *domainname, char *d
memcpy(n3->dname, dname, dnamelen);
n3->dnamelen = dnamelen;
- LIST_FOREACH(ns3p, &dnp->nsec3head, nsec3_entries)
- if (LIST_NEXT(ns3p, nsec3_entries) == NULL)
+ TAILQ_INSERT_TAIL(&dn->nsec3head, n3, nsec3_entries);
+
+ return (0);
+}
+
+char *
+find_next_closer_nsec3(char *zonename, int zonelen, char *hashname)
+{
+ int hashlen;
+
+ hashlen = strlen(hashname);
+
+ SLIST_FOREACH(dnp, &dnssechead, dnssec_entry) {
+ if (zonelen == dnp->zonelen &&
+ (memcmp(dnp->zone, zonename, zonelen) == 0))
break;
+ }
+
+ if (dnp == NULL)
+ return NULL;
+
+ /* we have found the zone, now find the next closer hash for nsec3 */
+
+ TAILQ_FOREACH(n3, &dnp->nsec3head, nsec3_entries) {
+ if (strncasecmp(hashname, n3->domainname, hashlen) <= 0) {
+ break;
+ }
+ }
- LIST_INSERT_AFTER(ns3p, n3, nsec3_entries);
+ if (n3 == NULL) {
+ return NULL;
+ }
- return (0);
+#ifdef DEBUG
+ dolog(LOG_INFO, "resolved at %s\n", n3->domainname);
+#endif
+
+ if ((ns3p = TAILQ_PREV(n3, a, nsec3_entries)) != NULL) {
+ return (ns3p->domainname);
+ } else {
+ ns3p = TAILQ_LAST(&dnp->nsec3head, a);
+ return (ns3p->domainname);
+ }
+
+ /* NOTREACHED */
+ return (NULL);
}
+char *
+find_match_nsec3(char *zonename, int zonelen, char *hashname)
+{
+ int hashlen;
+
+ hashlen = strlen(hashname);
+
+ SLIST_FOREACH(dnp, &dnssechead, dnssec_entry) {
+ if (zonelen == dnp->zonelen &&
+ (memcmp(dnp->zone, zonename, zonelen) == 0))
+ break;
+ }
+
+ if (dnp == NULL)
+ return NULL;
+
+ /* we have found the zone, now find the next closer hash for nsec3 */
+
+ TAILQ_FOREACH(n3, &dnp->nsec3head, nsec3_entries) {
+ if (strncasecmp(hashname, n3->domainname, hashlen) == 0) {
+ break;
+ }
+ }
+
+ if (n3 == NULL) {
+ return NULL;
+ }
+
+#ifdef DEBUG
+ dolog(LOG_INFO, "resolved at %s\n", n3->domainname);
+#endif
+
+ /* NOTREACHED */
+ return (n3->domainname);
+}
+
+
/* FIND_NSEC */
/* finds the right nsec domainname in a zone */
struct domain *
@@ -635,55 +714,6 @@ base32hex_encode(u_char *input, int len)
return (ret);
}
-/* COUNT_NSEC3_IN_ZONE - counts how many nsec3 records there is */
-
-int
-count_nsec3_in_zone(DB *db, struct domain *sd, struct question *question)
-{
- DBT key, data;
- DBC *cursor;
- struct domain *sd0;
- int rs, count = 0;
-
- if (db->cursor(db, NULL, &cursor, 0) != 0) {
- dolog(LOG_INFO, "cn3iz db->cursor: %s\n", strerror(errno));
- return -1;
- }
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- if (cursor->c_get(cursor, &key, &data, DB_FIRST) != 0) {
- dolog(LOG_INFO, "cn3iz cursor->c_get: %s\n", strerror(errno));
- return -1;
- }
-
- do {
- rs = data.size;
- if ((sd0 = calloc(1, rs)) == NULL) {
- dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
- return(-1);
- }
-
- memcpy((char *)sd0, (char *)data.data, data.size);
-
- if (checklabel(db, sd0, sd, question) == 1) {
- if (sd0->flags & DOMAIN_HAVE_NSEC3)
- count++;
- }
-
- free (sd0);
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- } while (cursor->c_get(cursor, &key, &data, DB_NEXT) == 0);
-
- cursor->c_close(cursor);
-
- return (count);
-}
-
/*
* FIND_NSEC3_MATCH_CLOSEST - find the closest matching encloser
*
@@ -692,24 +722,15 @@ count_nsec3_in_zone(DB *db, struct domain *sd, struct
struct domain *
find_nsec3_match_closest(char *name, int namelen, struct domain *sd, DB *db)
{
- struct domainnames {
- char name[DNS_MAXNAME + 1];
- char next[DNS_MAXNAME + 1];
- } *dn;
-
- DBC *cursor;
DBT key, data;
char *hashname;
char *backname;
- char *table, *tmp;
+ char *dname;
int backnamelen;
int rs, ret;
- int i, j;
- int count, hashnamelen;
- struct domain *sd0, *sd1;
+ struct domain *sd0;
struct domain_nsec3param *n3p;
- struct question *question;
if ((n3p = find_substruct(sd, INTERNAL_TYPE_NSEC3PARAM)) == NULL) {
return NULL;
@@ -732,112 +753,23 @@ find_nsec3_match_closest(char *name, int namelen, stru
return NULL;
}
+ free (sd0);
#if DEBUG
dolog(LOG_INFO, "hashname = %s\n", hashname);
#endif
+ dname = find_match_nsec3(sd->zone, sd->zonelen, hashname);
- /* now go through our zone and find NSEC3 domains */
- /* first pass, count the NSEC3 list */
-
- /* we need question for checklabel() */
- question = build_fake_question(sd->zone, sd->zonelen, 0);
- if (question == NULL) {
- dolog(LOG_INFO, "build_fake_question failed\n");
- free (sd0);
+ if (dname == NULL) {
return NULL;
}
-
- count = count_nsec3_in_zone(db, sd, question);
-
- /* realloc names structure to fit the NSEC3 names */
- tmp = calloc(count, sizeof(struct domainnames));
- if (tmp == NULL) {
- dolog(LOG_INFO, "realloc: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- table = tmp;
- dn = (struct domainnames *)tmp;
-
- /* second pass, fill NSEC3 list */
-
- if (db->cursor(db, NULL, &cursor, 0) != 0) {
- dolog(LOG_INFO, "find_nsec3 db->cursor: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- if (cursor->c_get(cursor, &key, &data, DB_FIRST) != 0) {
- dolog(LOG_INFO, "find_nsec3 cursor->c_get: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- i = 1;
-
- do {
- rs = data.size;
- if ((sd1 = calloc(1, rs)) == NULL) {
- dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- memcpy((char *)sd1, (char *)data.data, data.size);
-
- if (checklabel(db, sd1, sd, question) == 1) {
- if (sd1->flags & DOMAIN_HAVE_NSEC3) {
- strlcpy(dn->name, sd1->zonename, DNS_MAXNAME + 1);
- strlcpy(dn->next, "-", DNS_MAXNAME + 1);
- dn++;
- }
- }
-
- free (sd1);
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- } while (cursor->c_get(cursor, &key, &data, DB_NEXT) == 0);
-
- cursor->c_close(cursor);
- free_question(question);
-
- /* now we sort the shebang */
- qsort(table, count, sizeof(struct domainnames), nsec3_comp);
-
- hashnamelen = strlen(hashname);
- for (j = 0; j < count; j++) {
- dn = ((struct domainnames *)table) + j;
-
- if (strncasecmp(dn->name, hashname, hashnamelen) == 0)
- break;
- }
-
- if (j == count) {
- dolog(LOG_INFO, "did not find hashname %s in list\n", hashname);
- free (sd0);
- return NULL;
- }
-
/* found it, get it via db after converting it */
- /* free what we don't need */
- free (sd0);
+#ifdef DEBUG
+ dolog(LOG_INFO, "converting %s\n", dname);
+#endif
+ backname = dns_label(dname, &backnamelen);
- dolog(LOG_INFO, "converting %s\n", dn->name);
- backname = dns_label(dn->name, &backnamelen);
- free (table);
-
rs = get_record_size(db, backname, backnamelen);
if (rs < 0) {
free (backname);
@@ -869,7 +801,9 @@ find_nsec3_match_closest(char *name, int namelen, stru
memcpy(sd0, data.data, data.size);
free (backname);
+#ifdef DEBUG
dolog(LOG_INFO, "returning %s\n", sd0->zonename);
+#endif
return (sd0);
}
@@ -880,26 +814,16 @@ find_nsec3_match_closest(char *name, int namelen, stru
struct domain *
find_nsec3_wildcard_closest(char *name, int namelen, struct domain *sd, DB *db)
{
- struct domainnames {
- char name[DNS_MAXNAME + 1];
- char next[DNS_MAXNAME + 1];
- } *dn;
-
- DBC *cursor;
DBT key, data;
char *hashname;
char *backname;
- char *table, *tmp;
+ char *dname;
char wildcard[DNS_MAXNAME + 1];
int backnamelen;
int rs, ret;
- int i, j;
- int count;
- int golast = 0;
- struct domain *sd0, *sd1;
+ struct domain *sd0;
struct domain_nsec3param *n3p;
- struct question *question;
if ((n3p = find_substruct(sd, INTERNAL_TYPE_NSEC3PARAM)) == NULL) {
return NULL;
@@ -929,118 +853,17 @@ find_nsec3_wildcard_closest(char *name, int namelen, s
dolog(LOG_INFO, "hashname = %s\n", hashname);
#endif
- table = calloc(1, sizeof(struct domainnames));
- if (table == NULL) {
- free (sd0);
- return (NULL);
- }
-
- dn = (struct domainnames *)table;
- strlcpy(dn->name, hashname, DNS_MAXNAME + 1);
- strlcpy(dn->next, ".", DNS_MAXNAME + 1);
-
- /* now go through our zone and find NSEC3 domains */
- /* first pass, count the NSEC3 list */
+ dname = find_next_closer_nsec3(sd->zone, sd->zonelen, hashname);
- /* we need question for checklabel() */
- question = build_fake_question(sd->zone, sd->zonelen, 0);
- if (question == NULL) {
- dolog(LOG_INFO, "build_fake_question failed\n");
- free (sd0);
- return NULL;
- }
-
- count = count_nsec3_in_zone(db, sd, question);
- count++;
-
- /* realloc names structure to fit the NSEC3 names */
-
- tmp = realloc(table, count * sizeof(struct domainnames));
- if (tmp == NULL) {
- dolog(LOG_INFO, "realloc: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- table = tmp;
- dn = (struct domainnames *)tmp;
- dn++;
-
- /* second pass, fill NSEC3 list */
-
- if (db->cursor(db, NULL, &cursor, 0) != 0) {
- dolog(LOG_INFO, "find_nsec3 db->cursor: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- if (cursor->c_get(cursor, &key, &data, DB_FIRST) != 0) {
- dolog(LOG_INFO, "find_nsec3 cursor->c_get: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- i = 1;
-
- do {
- rs = data.size;
- if ((sd1 = calloc(1, rs)) == NULL) {
- dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- memcpy((char *)sd1, (char *)data.data, data.size);
-
- if (checklabel(db, sd1, sd, question) == 1) {
- if (sd1->flags & DOMAIN_HAVE_NSEC3) {
- strlcpy(dn->name, sd1->zonename, DNS_MAXNAME + 1);
- strlcpy(dn->next, "-", DNS_MAXNAME + 1);
- dn++;
- }
- }
-
- free (sd1);
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- } while (cursor->c_get(cursor, &key, &data, DB_NEXT) == 0);
-
- cursor->c_close(cursor);
- free_question(question);
-
- /* now we sort the shebang */
- qsort(table, count, sizeof(struct domainnames), nsec3_comp);
-
- dn = ((struct domainnames *)table);
- if (strcmp(dn->next, ".") == 0)
- golast = 1;
-
- for (j = 0; j < count; j++) {
- dn = ((struct domainnames *)table) + j;
-
- if ((! golast) && (strcmp(dn->next, ".") == 0))
- break;
- }
-
- dn = ((struct domainnames *)table) + (j - 1);
-
/* found it, get it via db after converting it */
/* free what we don't need */
free (sd0);
- dolog(LOG_INFO, "converting %s\n", dn->name);
- backname = dns_label(dn->name, &backnamelen);
- free (table);
+#ifdef DEBUG
+ dolog(LOG_INFO, "converting %s\n", dname);
+#endif
+ backname = dns_label(dname, &backnamelen);
rs = get_record_size(db, backname, backnamelen);
if (rs < 0) {
@@ -1073,7 +896,9 @@ find_nsec3_wildcard_closest(char *name, int namelen, s
memcpy(sd0, data.data, data.size);
free (backname);
+#ifdef DEBUG
dolog(LOG_INFO, "returning %s\n", sd0->zonename);
+#endif
return (sd0);
}
@@ -1084,25 +909,15 @@ find_nsec3_wildcard_closest(char *name, int namelen, s
struct domain *
find_nsec3_cover_next_closer(char *name, int namelen, struct domain *sd, DB *db)
{
- struct domainnames {
- char name[DNS_MAXNAME + 1];
- char next[DNS_MAXNAME + 1];
- } *dn;
-
- DBC *cursor;
DBT key, data;
char *hashname;
char *backname;
- char *table, *tmp;
+ char *dname;
int backnamelen;
int rs, ret;
- int i, j;
- int count;
- int golast = 0;
- struct domain *sd0, *sd1;
+ struct domain *sd0;
struct domain_nsec3param *n3p;
- struct question *question;
if ((n3p = find_substruct(sd, INTERNAL_TYPE_NSEC3PARAM)) == NULL) {
return NULL;
@@ -1129,119 +944,20 @@ find_nsec3_cover_next_closer(char *name, int namelen,
dolog(LOG_INFO, "hashname = %s\n", hashname);
#endif
- table = calloc(1, sizeof(struct domainnames));
- if (table == NULL) {
- free (sd0);
- return (NULL);
- }
+ /* free what we don't need */
+ free (sd0);
- dn = (struct domainnames *)table;
- strlcpy(dn->name, hashname, DNS_MAXNAME + 1);
- strlcpy(dn->next, ".", DNS_MAXNAME + 1);
-
- /* now go through our zone and find NSEC3 domains */
- /* first pass, count the NSEC3 list */
-
- /* we need question for checklabel() */
- question = build_fake_question(sd->zone, sd->zonelen, 0);
- if (question == NULL) {
- dolog(LOG_INFO, "build_fake_question failed\n");
- free (sd0);
+ dname = find_next_closer_nsec3(sd->zone, sd->zonelen, hashname);
+ if (dname == NULL)
return NULL;
- }
- count = count_nsec3_in_zone(db, sd, question);
- count++;
-
- /* realloc names structure to fit the NSEC3 names */
- tmp = realloc(table, count * sizeof(struct domainnames));
- if (tmp == NULL) {
- dolog(LOG_INFO, "realloc: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- table = tmp;
- dn = (struct domainnames *)tmp;
- dn++;
+#ifdef DEBUG
+ dolog(LOG_INFO, "converting %s\n", dname);
+#endif
- /* second pass, fill NSEC3 list */
-
- if (db->cursor(db, NULL, &cursor, 0) != 0) {
- dolog(LOG_INFO, "find_nsec3 db->cursor: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- if (cursor->c_get(cursor, &key, &data, DB_FIRST) != 0) {
- dolog(LOG_INFO, "find_nsec3 cursor->c_get: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- i = 1;
-
- do {
- rs = data.size;
- if ((sd1 = calloc(1, rs)) == NULL) {
- dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
- free_question(question);
- free (sd0);
- return NULL;
- }
-
- memcpy((char *)sd1, (char *)data.data, data.size);
-
- if (checklabel(db, sd1, sd, question) == 1) {
- if (sd1->flags & DOMAIN_HAVE_NSEC3) {
- strlcpy(dn->name, sd1->zonename, DNS_MAXNAME + 1);
- strlcpy(dn->next, "-", DNS_MAXNAME + 1);
- dn++;
- }
- }
-
- free (sd1);
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- } while (cursor->c_get(cursor, &key, &data, DB_NEXT) == 0);
-
- cursor->c_close(cursor);
- free_question(question);
-
- /* now we sort the shebang */
- qsort(table, count, sizeof(struct domainnames), nsec3_comp);
-
- dn = ((struct domainnames *)table);
- if (strcmp(dn->next, ".") == 0)
- golast = 1;
+ backname = dns_label(dname, &backnamelen);
- for (j = 0; j < count; j++) {
- dn = ((struct domainnames *)table) + j;
-
- if ((! golast) && (strcmp(dn->next, ".") == 0))
- break;
- }
-
- dn = ((struct domainnames *)table) + (j - 1);
-
- /* found it, get it via db after converting it */
-
- /* free what we don't need */
- free (sd0);
-
- dolog(LOG_INFO, "converting %s\n", dn->name);
- backname = dns_label(dn->name, &backnamelen);
- free (table);
-
rs = get_record_size(db, backname, backnamelen);
if (rs < 0) {
free (backname);
@@ -1273,7 +989,10 @@ find_nsec3_cover_next_closer(char *name, int namelen,
memcpy(sd0, data.data, data.size);
free (backname);
+#ifdef DEBUG
dolog(LOG_INFO, "returning %s\n", sd0->zonename);
+#endif
+
return (sd0);
}
@@ -1285,24 +1004,15 @@ find_nsec3_cover_next_closer(char *name, int namelen,
struct domain *
find_nsec3_match_qname(char *name, int namelen, struct domain *sd, DB *db)
{
- struct domainnames {
- char name[DNS_MAXNAME + 1];
- char next[DNS_MAXNAME + 1];
- } *dn;
-
- DBC *cursor;
DBT key, data;
char *hashname;
char *backname;
- char *table, *tmp;
+ char *dname;
int backnamelen;
int rs, ret;
- int i, j;
- int count, hashnamelen;
- struct domain *sd0, *sd1;
+ struct domain *sd0;
struct domain_nsec3param *n3p;
- struct question *question;
if ((n3p = find_substruct(sd, INTERNAL_TYPE_NSEC3PARAM)) == NULL) {
return NULL;
@@ -1318,99 +1028,18 @@ find_nsec3_match_qname(char *name, int namelen, struct
dolog(LOG_INFO, "hashname = %s\n", hashname);
#endif
- /* now go through our zone and find NSEC3 domains */
- /* first pass, count the NSEC3 list */
+ dname = find_match_nsec3(sd->zone, sd->zonelen, hashname);
- /* we need question for checklabel() */
- question = build_fake_question(sd->zone, sd->zonelen, 0);
- if (question == NULL) {
- dolog(LOG_INFO, "build_fake_question failed\n");
+ if (dname == NULL)
return NULL;
- }
-
- count = count_nsec3_in_zone(db, sd, question);
-
- /* realloc names structure to fit the NSEC3 names */
- tmp = calloc(count, sizeof(struct domainnames));
- if (tmp == NULL) {
- dolog(LOG_INFO, "realloc: %s\n", strerror(errno));
- free_question(question);
- return NULL;
- }
-
- table = tmp;
- dn = (struct domainnames *)tmp;
-
- /* second pass, fill NSEC3 list */
-
- if (db->cursor(db, NULL, &cursor, 0) != 0) {
- dolog(LOG_INFO, "find_nsec3 db->cursor: %s\n", strerror(errno));
- free_question(question);
- return NULL;
- }
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- if (cursor->c_get(cursor, &key, &data, DB_FIRST) != 0) {
- dolog(LOG_INFO, "find_nsec3 cursor->c_get: %s\n", strerror(errno));
- free_question(question);
- return NULL;
- }
-
- i = 1;
-
- do {
- rs = data.size;
- if ((sd1 = calloc(1, rs)) == NULL) {
- dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
- free_question(question);
- return NULL;
- }
-
- memcpy((char *)sd1, (char *)data.data, data.size);
-
- if (checklabel(db, sd1, sd, question) == 1) {
- if (sd1->flags & DOMAIN_HAVE_NSEC3) {
- strlcpy(dn->name, sd1->zonename, DNS_MAXNAME + 1);
- strlcpy(dn->next, "-", DNS_MAXNAME + 1);
- dn++;
- }
- }
-
- free (sd1);
-
- memset(&key, 0, sizeof(key));
- memset(&data, 0, sizeof(data));
-
- } while (cursor->c_get(cursor, &key, &data, DB_NEXT) == 0);
-
- cursor->c_close(cursor);
- free_question(question);
-
- /* now we sort the shebang */
- qsort(table, count, sizeof(struct domainnames), nsec3_comp);
-
- hashnamelen = strlen(hashname);
- for (j = 0; j < count; j++) {
- dn = ((struct domainnames *)table) + j;
-
- if (strncasecmp(dn->name, hashname, hashnamelen) == 0)
- break;
- }
-
- if (j == count) {
- free(table);
- return NULL;
- }
-
-
/* found it, get it via db after converting it */
- dolog(LOG_INFO, "converting %s\n", dn->name);
- backname = dns_label(dn->name, &backnamelen);
- free (table);
+#if DEBUG
+ dolog(LOG_INFO, "converting %s\n", dname);
+#endif
+
+ backname = dns_label(dname, &backnamelen);
rs = get_record_size(db, backname, backnamelen);
if (rs < 0) {
@@ -1443,6 +1072,9 @@ find_nsec3_match_qname(char *name, int namelen, struct
memcpy(sd0, data.data, data.size);
free (backname);
+#ifdef DEBUG
dolog(LOG_INFO, "returning %s\n", sd0->zonename);
+#endif
+
return (sd0);
}
blob - db83b86aa05896589b94bc49979547b23994da1b
blob + 4c08b17062057fabda39d6226b264b99a2798f95
--- main.c
+++ main.c
@@ -42,6 +42,7 @@ extern int find_recurse(struct sockaddr_storage *, in
extern u_int8_t find_region(struct sockaddr_storage *, int);
extern int find_whitelist(struct sockaddr_storage *, int);
extern int find_wildcard(struct sockaddr_storage *, int);
+extern void init_dnssec(void);
extern void init_wildcard(void);
extern void init_recurse(void);
extern void init_region(void);
@@ -190,7 +191,7 @@ static struct tcps {
} *tn1, *tnp, *tntmp;
-static const char rcsid[] = "$Id: main.c,v 1.23 2015/09/13 05:57:35 pjp Exp $";
+static const char rcsid[] = "$Id: main.c,v 1.24 2015/09/14 09:59:10 pjp Exp $";
/*
* MAIN - set up arguments, set up database, set up sockets, call mainloop
@@ -437,6 +438,7 @@ main(int argc, char *argv[])
init_filter();
init_whitelist();
init_notifyslave();
+ init_dnssec();
if (parse_file(db, conffile) < 0) {
dolog(LOG_INFO, "parsing config file failed\n");
blob - 368ebfb1e4e734652afadd8e6c41060d965b9e4d
blob + b74521180bd98eac3a57ff1532b765737465fbf8
--- parse.y
+++ parse.y
@@ -29,6 +29,8 @@
extern void dolog(int, char *, ...);
extern char *dns_label(char *, int *);
extern u_int8_t find_region(struct sockaddr_storage *, int);
+extern int insert_apex(char *, char *, int);
+extern int insert_nsec3(char *, char *, char *, int);
extern int insert_region(char *, char *, u_int8_t);
extern int insert_axfr(char *, char *);
extern int insert_notifyslave(char *, char *);
@@ -103,12 +105,13 @@ typedef struct {
#define YYSTYPE_IS_DECLARED 1
#endif
-static const char rcsid[] = "$Id: parse.y,v 1.26 2015/09/12 14:08:54 pjp Exp $";
+static const char rcsid[] = "$Id: parse.y,v 1.27 2015/09/14 09:59:10 pjp Exp $";
static int version = 0;
static int state = 0;
static uint8_t region = 0;
static uint64_t confstatus = 0;
static DB *mydb;
+static char *current_zone = NULL;
YYSTYPE yylval;
@@ -2418,6 +2421,13 @@ fill_nsec3(char *name, char *type, u_int32_t myttl, u_
return -1;
}
+ if (dnssec) {
+#ifdef DEBUG
+ dolog(LOG_INFO, "inserting %s\n", name);
+#endif
+ insert_nsec3(current_zone, name, converted_name, converted_namelen);
+ }
+
rs = get_record_size(db, converted_name, converted_namelen);
if (rs < 0) {
if (debug)
@@ -3584,6 +3594,11 @@ fill_soa(char *name, char *type, int myttl, char *auth
if (converted_name == NULL) {
dolog(LOG_ERR, "error input line %d\n", file->lineno);
return (-1);
+ }
+
+ if (dnssec) {
+ insert_apex(name, converted_name, converted_namelen);
+ current_zone = strdup(name);
}
rs = get_record_size(db, converted_name, converted_namelen);
repomaster@centroid.eu