Commit 5a242bfc authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

dnssec: child-record-publish option implemented

parent 92706244
...@@ -72,6 +72,14 @@ static const knot_lookup_t dnssec_key_algs[] = { ...@@ -72,6 +72,14 @@ static const knot_lookup_t dnssec_key_algs[] = {
{ 0, NULL } { 0, NULL }
}; };
const knot_lookup_t child_record[] = {
{ CHILD_RECORDS_NONE, "none" },
{ CHILD_RECORDS_EMPTY, "empty" },
{ CHILD_RECORDS_ROLLOVER, "rollover" },
{ CHILD_RECORDS_ALWAYS, "always" },
{ 0, NULL }
};
const knot_lookup_t acl_actions[] = { const knot_lookup_t acl_actions[] = {
{ ACL_ACTION_NOTIFY, "notify" }, { ACL_ACTION_NOTIFY, "notify" },
{ ACL_ACTION_TRANSFER, "transfer" }, { ACL_ACTION_TRANSFER, "transfer" },
...@@ -261,6 +269,7 @@ static const yp_item_t desc_policy[] = { ...@@ -261,6 +269,7 @@ static const yp_item_t desc_policy[] = {
CONF_IO_FRLD_ZONES }, CONF_IO_FRLD_ZONES },
{ C_KSK_SBM, YP_TREF, YP_VREF = { C_SBM }, CONF_IO_FRLD_ZONES, { C_KSK_SBM, YP_TREF, YP_VREF = { C_SBM }, CONF_IO_FRLD_ZONES,
{ check_ref } }, { check_ref } },
{ C_CHILD_RECORDS, YP_TOPT, YP_VOPT = { child_record, CHILD_RECORDS_ALWAYS } },
{ C_COMMENT, YP_TSTR, YP_VNONE }, { C_COMMENT, YP_TSTR, YP_VNONE },
{ NULL } { NULL }
}; };
......
...@@ -37,6 +37,7 @@ ...@@ -37,6 +37,7 @@
#define C_ASYNC_START "\x0B""async-start" #define C_ASYNC_START "\x0B""async-start"
#define C_BACKEND "\x07""backend" #define C_BACKEND "\x07""backend"
#define C_BG_WORKERS "\x12""background-workers" #define C_BG_WORKERS "\x12""background-workers"
#define C_CHILD_RECORDS "\x15""child-records-publish"
#define C_CHK_INTERVAL "\x0E""check-interval" #define C_CHK_INTERVAL "\x0E""check-interval"
#define C_COMMENT "\x07""comment" #define C_COMMENT "\x07""comment"
#define C_CONFIG "\x06""config" #define C_CONFIG "\x06""config"
...@@ -136,6 +137,13 @@ enum { ...@@ -136,6 +137,13 @@ enum {
KEYSTORE_BACKEND_PKCS11 = 2 KEYSTORE_BACKEND_PKCS11 = 2
}; };
enum {
CHILD_RECORDS_NONE = 0,
CHILD_RECORDS_EMPTY = 1,
CHILD_RECORDS_ROLLOVER = 2,
CHILD_RECORDS_ALWAYS = 3,
};
enum { enum {
SERIAL_POLICY_INCREMENT = 1, SERIAL_POLICY_INCREMENT = 1,
SERIAL_POLICY_UNIXTIME = 2 SERIAL_POLICY_UNIXTIME = 2
......
...@@ -85,6 +85,9 @@ static void policy_load(knot_kasp_policy_t *policy, conf_val_t *id) ...@@ -85,6 +85,9 @@ static void policy_load(knot_kasp_policy_t *policy, conf_val_t *id)
val = conf_id_get(conf(), C_POLICY, C_NSEC3_SALT_LIFETIME, id); val = conf_id_get(conf(), C_POLICY, C_NSEC3_SALT_LIFETIME, id);
policy->nsec3_salt_lifetime = conf_int(&val); policy->nsec3_salt_lifetime = conf_int(&val);
val = conf_id_get(conf(), C_POLICY, C_CHILD_RECORDS, id);
policy->child_records_publish = conf_opt(&val);
conf_val_t ksk_sbm = conf_id_get(conf(), C_POLICY, C_KSK_SBM, id); conf_val_t ksk_sbm = conf_id_get(conf(), C_POLICY, C_KSK_SBM, id);
if (ksk_sbm.code == KNOT_EOK) { if (ksk_sbm.code == KNOT_EOK) {
val = conf_id_get(conf(), C_SBM, C_CHK_INTERVAL, &ksk_sbm); val = conf_id_get(conf(), C_SBM, C_CHK_INTERVAL, &ksk_sbm);
......
...@@ -92,5 +92,6 @@ typedef struct { ...@@ -92,5 +92,6 @@ typedef struct {
// various // various
uint32_t ksk_sbm_timeout; uint32_t ksk_sbm_timeout;
uint32_t ksk_sbm_check_interval; uint32_t ksk_sbm_check_interval;
unsigned child_records_publish;
} knot_kasp_policy_t; } knot_kasp_policy_t;
// TODO make the time parameters knot_timediff_t ?? // TODO make the time parameters knot_timediff_t ??
...@@ -946,7 +946,8 @@ int knot_zone_sign_update_dnskeys(zone_update_t *update, ...@@ -946,7 +946,8 @@ int knot_zone_sign_update_dnskeys(zone_update_t *update,
ret = KNOT_ENOMEM; ret = KNOT_ENOMEM;
} }
zone_key_t *ksk_for_cds = NULL; zone_key_t *ksk_for_cds = NULL;
int kfc_prio = 0; unsigned crp = dnssec_ctx->policy->child_records_publish;
int kfc_prio = (crp == CHILD_RECORDS_ALWAYS ? 0 : (crp == CHILD_RECORDS_ROLLOVER ? 1 : 2));
for (int i = 0; i < zone_keys->count; i++) { for (int i = 0; i < zone_keys->count; i++) {
zone_key_t *key = &zone_keys->keys[i]; zone_key_t *key = &zone_keys->keys[i];
if (key->is_public) { if (key->is_public) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment