fergalmoran/DnsServer
1
0
Fork 0
mirror of https://github.com/fergalmoran/DnsServer.git synced 2026-03-09 06:55:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

AuthZone: updated RefreshSignatures() to fix RRSIG check. Updated GetUpdatedNSecRRSet() to simplify implementation. Updated CreateNSec3RRSet() and GetPartialNSec3Record() to fix bug in NSEC3 type list.

Browse Source
This commit is contained in:
Shreyas Zare
2023-04-23 16:19:33 +05:30
parent 216695a3cd
commit 6554367ad7
1 changed files with 15 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
DnsServerCore/Dns/Zones/AuthZone.cs
View File

@@ -484,7 +484,12 @@ namespace DnsServerCore.Dns.Zones
internal IReadOnlyList<DnsResourceRecord> RefreshSignatures()
{
if (!_entries.TryGetValue(DnsResourceRecordType.RRSIG, out IReadOnlyList<DnsResourceRecord> rrsigRecords))
{
if ((_entries.Count == 1) && _entries.TryGetValue(DnsResourceRecordType.NS, out _))
return Array.Empty<DnsResourceRecord>(); //delegation NS records are not signed
throw new InvalidOperationException();
}
List<DnsResourceRecordType> typesToRefresh = new List<DnsResourceRecordType>();
DateTime utcNow = DateTime.UtcNow;
@@ -513,7 +518,7 @@ namespace DnsServerCore.Dns.Zones
internal virtual IReadOnlyList<DnsResourceRecord> SignRRSet(IReadOnlyList<DnsResourceRecord> records)
{
throw new InvalidOperationException();
throw new NotImplementedException();
}
internal IReadOnlyList<DnsResourceRecord> GetUpdatedNSecRRSet(string nextDomainName, uint ttl)
@@ -523,11 +528,13 @@ namespace DnsServerCore.Dns.Zones
foreach (KeyValuePair<DnsResourceRecordType, IReadOnlyList<DnsResourceRecord>> entry in _entries)
types.Add(entry.Key);
if (!_entries.ContainsKey(DnsResourceRecordType.NSEC))
if (!types.Contains(DnsResourceRecordType.NSEC))
{
types.Add(DnsResourceRecordType.NSEC);
if (!_entries.ContainsKey(DnsResourceRecordType.RRSIG))
types.Add(DnsResourceRecordType.RRSIG);
if (!types.Contains(DnsResourceRecordType.RRSIG))
types.Add(DnsResourceRecordType.RRSIG);
}
types.Sort();
@@ -556,7 +563,7 @@ namespace DnsServerCore.Dns.Zones
switch (entry.Key)
{
case DnsResourceRecordType.NSEC3:
case DnsResourceRecordType.RRSIG:
//rare case when there is a record created at the same name as that of an existing NSEC3
continue;
default:
@@ -565,13 +572,6 @@ namespace DnsServerCore.Dns.Zones
}
}
if (types.Count > 0)
{
//zone is not an empty non-terminal (ENT)
if (!_entries.ContainsKey(DnsResourceRecordType.RRSIG))
types.Add(DnsResourceRecordType.RRSIG);
}
types.Sort();
DnsNSEC3RecordData newNSec3 = new DnsNSEC3RecordData(DnssecNSEC3HashAlgorithm.SHA1, DnssecNSEC3Flags.None, iterations, salt, nextHashedOwnerName, types);
@@ -587,7 +587,7 @@ namespace DnsServerCore.Dns.Zones
switch (entry.Key)
{
case DnsResourceRecordType.NSEC3:
case DnsResourceRecordType.RRSIG:
//rare case when there is a record created at the same name as that of an existing NSEC3
continue;
default:
@@ -598,16 +598,8 @@ namespace DnsServerCore.Dns.Zones
if (_name.Equals(zoneName, StringComparison.OrdinalIgnoreCase))
{
types.Add(DnsResourceRecordType.NSEC3PARAM); //add NSEC3PARAM type to NSEC3 for unsigned zone apex
if (!_entries.ContainsKey(DnsResourceRecordType.RRSIG))
types.Add(DnsResourceRecordType.RRSIG);
}
else if (types.Count > 0)
{
//zone is not an empty non-terminal (ENT)
if (!_entries.ContainsKey(DnsResourceRecordType.RRSIG))
types.Add(DnsResourceRecordType.RRSIG);
if (!types.Contains(DnsResourceRecordType.NSEC3PARAM))
types.Add(DnsResourceRecordType.NSEC3PARAM); //add NSEC3PARAM type to NSEC3 for unsigned zone apex
}
types.Sort();