introduce LookupOptions in Authority to allow dnssec feature off
This commit is contained in:
parent
0cc7874201
commit
a7778fbf16
@ -15,6 +15,8 @@ All notes should be prepended with the location of the change, e.g. `(proto)` or
|
||||
|
||||
### Changed
|
||||
|
||||
- (client) the feature `dnssec` is no longer enabled by default, use `dnssec-ring` or `dnssec-openssl` #1506
|
||||
- (server) dnssec functions of `Authority` moved into `DnsSecAuthority` #1506
|
||||
- (all) Most public enum types are now marked `#[non_exaustive]` #1426
|
||||
- (resolver) DnsRequestOptions and ResolverOpts now `#[non_exaustive]` #1426
|
||||
- (proto) all I/O Streams now use `BufDnsStreamHandle` rather than generic `DnsStreamHandle` #1433
|
||||
|
@ -9,9 +9,10 @@ use std::iter::Chain;
|
||||
use std::slice::Iter;
|
||||
use std::sync::Arc;
|
||||
|
||||
use crate::authority::LookupObject;
|
||||
use cfg_if::cfg_if;
|
||||
|
||||
use crate::authority::{LookupObject, LookupOptions};
|
||||
use crate::client::rr::LowerName;
|
||||
use crate::proto::rr::dnssec::SupportedAlgorithms;
|
||||
use crate::proto::rr::{Record, RecordSet, RecordType, RrsetRecords};
|
||||
|
||||
/// The result of a lookup on an Authority
|
||||
@ -185,8 +186,7 @@ impl From<LookupRecords> for AuthLookup {
|
||||
/// * `'q` - the lifetime of the query/request
|
||||
#[derive(Debug)]
|
||||
pub struct AnyRecords {
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
rrsets: Vec<Arc<RecordSet>>,
|
||||
rrset: Option<Arc<RecordSet>>,
|
||||
records: Option<Arc<RecordSet>>,
|
||||
@ -197,16 +197,14 @@ pub struct AnyRecords {
|
||||
impl AnyRecords {
|
||||
/// construct a new lookup of any set of records
|
||||
pub fn new(
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
// TODO: potentially very expensive
|
||||
rrsets: Vec<Arc<RecordSet>>,
|
||||
query_type: RecordType,
|
||||
query_name: LowerName,
|
||||
) -> Self {
|
||||
AnyRecords {
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
lookup_options,
|
||||
rrsets,
|
||||
rrset: None,
|
||||
records: None,
|
||||
@ -226,8 +224,7 @@ impl<'r> IntoIterator for &'r AnyRecords {
|
||||
|
||||
fn into_iter(self) -> Self::IntoIter {
|
||||
AnyRecordsIter {
|
||||
is_secure: self.is_secure,
|
||||
supported_algorithms: self.supported_algorithms,
|
||||
lookup_options: self.lookup_options,
|
||||
// TODO: potentially very expensive
|
||||
rrsets: self.rrsets.iter(),
|
||||
rrset: None,
|
||||
@ -239,9 +236,9 @@ impl<'r> IntoIterator for &'r AnyRecords {
|
||||
}
|
||||
|
||||
/// An iteration over a lookup for any Records
|
||||
#[allow(unused)]
|
||||
pub struct AnyRecordsIter<'r> {
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
rrsets: Iter<'r, Arc<RecordSet>>,
|
||||
rrset: Option<&'r RecordSet>,
|
||||
records: Option<RrsetRecords<'r>>,
|
||||
@ -281,11 +278,17 @@ impl<'r> Iterator for AnyRecordsIter<'r> {
|
||||
self.rrset?;
|
||||
|
||||
// getting here, we must have exhausted our records from the rrset
|
||||
self.records = Some(
|
||||
self.rrset
|
||||
.expect("rrset should not be None at this point")
|
||||
.records(self.is_secure, self.supported_algorithms),
|
||||
);
|
||||
cfg_if! {
|
||||
if #[cfg(feature = "dnssec")] {
|
||||
self.records = Some(
|
||||
self.rrset
|
||||
.expect("rrset should not be None at this point")
|
||||
.records(self.lookup_options.is_dnssec(), self.lookup_options.supported_algorithms()),
|
||||
);
|
||||
} else {
|
||||
self.records = Some(self.rrset.expect("rrset should not be None at this point").records_without_rrsigs());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -297,15 +300,13 @@ pub enum LookupRecords {
|
||||
Empty,
|
||||
/// The associate records
|
||||
Records {
|
||||
/// was the search a secure search
|
||||
is_secure: bool,
|
||||
/// what are the requests supported algorithms
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
/// LookupOptions for the request, e.g. dnssec and supported algorithms
|
||||
lookup_options: LookupOptions,
|
||||
/// the records found based on the query
|
||||
records: Arc<RecordSet>,
|
||||
},
|
||||
/// Vec of disjoint record sets
|
||||
ManyRecords(bool, SupportedAlgorithms, Vec<Arc<RecordSet>>),
|
||||
ManyRecords(LookupOptions, Vec<Arc<RecordSet>>),
|
||||
// TODO: need a better option for very large zone xfrs...
|
||||
/// A generic lookup response where anything is desired
|
||||
AnyRecords(AnyRecords),
|
||||
@ -313,27 +314,18 @@ pub enum LookupRecords {
|
||||
|
||||
impl LookupRecords {
|
||||
/// Construct a new LookupRecords
|
||||
pub fn new(
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
records: Arc<RecordSet>,
|
||||
) -> Self {
|
||||
pub fn new(lookup_options: LookupOptions, records: Arc<RecordSet>) -> Self {
|
||||
LookupRecords::Records {
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
lookup_options,
|
||||
records,
|
||||
}
|
||||
}
|
||||
|
||||
/// Construct a new LookupRecords over a set of ResordSets
|
||||
pub fn many(
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
mut records: Vec<Arc<RecordSet>>,
|
||||
) -> Self {
|
||||
pub fn many(lookup_options: LookupOptions, mut records: Vec<Arc<RecordSet>>) -> Self {
|
||||
// we're reversing the records because they are output in reverse order, via pop()
|
||||
records.reverse();
|
||||
LookupRecords::ManyRecords(is_secure, supported_algorithms, records)
|
||||
LookupRecords::ManyRecords(lookup_options, records)
|
||||
}
|
||||
|
||||
/// This is an NxDomain or NameExists, and has no associated records
|
||||
@ -363,17 +355,37 @@ impl<'a> IntoIterator for &'a LookupRecords {
|
||||
match self {
|
||||
LookupRecords::Empty => LookupRecordsIter::Empty,
|
||||
LookupRecords::Records {
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
lookup_options,
|
||||
records,
|
||||
} => LookupRecordsIter::RecordsIter(records.records(*is_secure, *supported_algorithms)),
|
||||
LookupRecords::ManyRecords(is_secure, supported_algorithms, r) => {
|
||||
LookupRecordsIter::ManyRecordsIter(
|
||||
r.iter()
|
||||
.map(|r| r.records(*is_secure, *supported_algorithms))
|
||||
.collect(),
|
||||
None,
|
||||
)
|
||||
} => {
|
||||
cfg_if! {
|
||||
if #[cfg(feature = "dnssec")] {
|
||||
LookupRecordsIter::RecordsIter(records.records(
|
||||
lookup_options.is_dnssec(),
|
||||
lookup_options.supported_algorithms(),
|
||||
))
|
||||
} else {
|
||||
LookupRecordsIter::RecordsIter(records.records_without_rrsigs())
|
||||
}
|
||||
}
|
||||
}
|
||||
LookupRecords::ManyRecords(lookup_options, r) => {
|
||||
cfg_if! {
|
||||
if #[cfg(feature = "dnssec")] {
|
||||
LookupRecordsIter::ManyRecordsIter(
|
||||
r.iter().map(|r| r.records(
|
||||
lookup_options.is_dnssec(),
|
||||
lookup_options.supported_algorithms(),
|
||||
)).collect(),
|
||||
None,
|
||||
)
|
||||
} else {
|
||||
LookupRecordsIter::ManyRecordsIter(
|
||||
r.iter().map(|r| r.records_without_rrsigs()).collect(),
|
||||
None,
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
LookupRecords::AnyRecords(r) => LookupRecordsIter::AnyRecordsIter(r.iter()),
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2015-2018 Benjamin Fry <benjaminfry@me.com>
|
||||
// Copyright 2015-2021 Benjamin Fry <benjaminfry@me.com>
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
|
||||
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
|
||||
@ -11,11 +11,78 @@ use std::pin::Pin;
|
||||
|
||||
use crate::client::op::LowerQuery;
|
||||
use crate::client::proto::rr::dnssec::rdata::key::KEY;
|
||||
use crate::client::rr::dnssec::{DnsSecError, DnsSecResult, SigSigner, SupportedAlgorithms};
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::client::rr::dnssec::SupportedAlgorithms;
|
||||
use crate::client::rr::dnssec::{DnsSecError, DnsSecResult, SigSigner};
|
||||
use crate::client::rr::{LowerName, Name, RecordType};
|
||||
|
||||
use crate::authority::{LookupError, MessageRequest, UpdateResult, ZoneType};
|
||||
|
||||
/// LookupOptions that specify different options from the client to include or exclude various records in the response.
|
||||
///
|
||||
/// For example, `is_dnssec` will include `RRSIG` in the response, `supported_algorithms` will only include a subset of
|
||||
/// `RRSIG` based on the algorithms supported by the request.
|
||||
#[derive(Clone, Copy, Debug)]
|
||||
pub struct LookupOptions {
|
||||
is_dnssec: bool,
|
||||
#[cfg(feature = "dnssec")]
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
}
|
||||
|
||||
impl Default for LookupOptions {
|
||||
/// Returns a LookupOptions with all default values, i.e. DNSSEC will be disabled.
|
||||
fn default() -> Self {
|
||||
LookupOptions {
|
||||
is_dnssec: false,
|
||||
#[cfg(feature = "dnssec")]
|
||||
supported_algorithms: SupportedAlgorithms::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Lookup Options for the request to the authority
|
||||
impl LookupOptions {
|
||||
/// Return a new LookupOptions
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
pub fn for_dnssec(is_dnssec: bool, supported_algorithms: SupportedAlgorithms) -> Self {
|
||||
LookupOptions {
|
||||
is_dnssec,
|
||||
supported_algorithms,
|
||||
}
|
||||
}
|
||||
|
||||
/// Specify that this lookup should return DNSSEC related records as well, e.g. RRSIG
|
||||
pub fn set_is_dnssec(self, val: bool) -> Self {
|
||||
Self {
|
||||
is_dnssec: val,
|
||||
..self
|
||||
}
|
||||
}
|
||||
|
||||
/// If true this lookup should return DNSSEC related records as well, e.g. RRSIG
|
||||
pub fn is_dnssec(&self) -> bool {
|
||||
self.is_dnssec
|
||||
}
|
||||
|
||||
/// Specify the algorithms for which DNSSEC records should be returned
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
pub fn set_supported_algorithms(self, val: SupportedAlgorithms) -> Self {
|
||||
Self {
|
||||
supported_algorithms: val,
|
||||
..self
|
||||
}
|
||||
}
|
||||
|
||||
/// The algorithms for which DNSSEC records should be returned
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
pub fn supported_algorithms(&self) -> SupportedAlgorithms {
|
||||
self.supported_algorithms
|
||||
}
|
||||
}
|
||||
|
||||
/// Authority implementations can be used with a `Catalog`
|
||||
pub trait Authority: Send {
|
||||
/// Result of a lookup
|
||||
@ -53,8 +120,7 @@ pub trait Authority: Send {
|
||||
&self,
|
||||
name: &LowerName,
|
||||
rtype: RecordType,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>>;
|
||||
|
||||
/// Using the specified query, perform a lookup against this zone.
|
||||
@ -71,22 +137,15 @@ pub trait Authority: Send {
|
||||
fn search(
|
||||
&self,
|
||||
query: &LowerQuery,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>>;
|
||||
|
||||
/// Get the NS, NameServer, record for the zone
|
||||
fn ns(
|
||||
&self,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
self.lookup(
|
||||
self.origin(),
|
||||
RecordType::NS,
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
)
|
||||
self.lookup(self.origin(), RecordType::NS, lookup_options)
|
||||
}
|
||||
|
||||
/// Return the NSEC records based on the given name
|
||||
@ -99,8 +158,7 @@ pub trait Authority: Send {
|
||||
fn get_nsec_records(
|
||||
&self,
|
||||
name: &LowerName,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>>;
|
||||
|
||||
/// Returns the SOA of the authority.
|
||||
@ -109,29 +167,17 @@ pub trait Authority: Send {
|
||||
/// should be used, see `soa_secure()`, which will optionally return RRSIGs.
|
||||
fn soa(&self) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
// SOA should be origin|SOA
|
||||
self.lookup(
|
||||
self.origin(),
|
||||
RecordType::SOA,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
)
|
||||
self.lookup(self.origin(), RecordType::SOA, LookupOptions::default())
|
||||
}
|
||||
|
||||
/// Returns the SOA record for the zone
|
||||
fn soa_secure(
|
||||
&self,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
self.lookup(
|
||||
self.origin(),
|
||||
RecordType::SOA,
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
)
|
||||
self.lookup(self.origin(), RecordType::SOA, lookup_options)
|
||||
}
|
||||
|
||||
// TODO: this should probably be a general purpose higher level component?
|
||||
/// Add a (Sig0) key that is authorized to perform updates against this authority
|
||||
fn add_update_auth_key(&mut self, _name: Name, _key: KEY) -> DnsSecResult<()> {
|
||||
Err(DnsSecError::from(
|
||||
|
@ -15,13 +15,14 @@ use std::task::{Context, Poll};
|
||||
use futures_util::{future, TryFutureExt};
|
||||
use log::debug;
|
||||
|
||||
use crate::authority::{
|
||||
Authority, LookupError, LookupOptions, MessageRequest, UpdateResult, ZoneType,
|
||||
};
|
||||
use crate::client::op::LowerQuery;
|
||||
use crate::client::proto::rr::dnssec::rdata::key::KEY;
|
||||
use crate::client::rr::dnssec::{DnsSecError, DnsSecResult, SigSigner, SupportedAlgorithms};
|
||||
use crate::client::rr::dnssec::{DnsSecError, DnsSecResult, SigSigner};
|
||||
use crate::client::rr::{LowerName, Name, Record, RecordType};
|
||||
|
||||
use crate::authority::{Authority, LookupError, MessageRequest, UpdateResult, ZoneType};
|
||||
|
||||
/// An Object safe Authority
|
||||
pub trait AuthorityObject: Send + Sync {
|
||||
/// Clone the object
|
||||
@ -57,8 +58,7 @@ pub trait AuthorityObject: Send + Sync {
|
||||
&self,
|
||||
name: &LowerName,
|
||||
rtype: RecordType,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> BoxedLookupFuture;
|
||||
|
||||
/// Using the specified query, perform a lookup against this zone.
|
||||
@ -72,21 +72,11 @@ pub trait AuthorityObject: Send + Sync {
|
||||
///
|
||||
/// Returns a vectory containing the results of the query, it will be empty if not found. If
|
||||
/// `is_secure` is true, in the case of no records found then NSEC records will be returned.
|
||||
fn search(
|
||||
&self,
|
||||
query: &LowerQuery,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
) -> BoxedLookupFuture;
|
||||
fn search(&self, query: &LowerQuery, lookup_options: LookupOptions) -> BoxedLookupFuture;
|
||||
|
||||
/// Get the NS, NameServer, record for the zone
|
||||
fn ns(&self, is_secure: bool, supported_algorithms: SupportedAlgorithms) -> BoxedLookupFuture {
|
||||
self.lookup(
|
||||
&self.origin(),
|
||||
RecordType::NS,
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
)
|
||||
fn ns(&self, lookup_options: LookupOptions) -> BoxedLookupFuture {
|
||||
self.lookup(&self.origin(), RecordType::NS, lookup_options)
|
||||
}
|
||||
|
||||
/// Return the NSEC records based on the given name
|
||||
@ -99,8 +89,7 @@ pub trait AuthorityObject: Send + Sync {
|
||||
fn get_nsec_records(
|
||||
&self,
|
||||
name: &LowerName,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> BoxedLookupFuture;
|
||||
|
||||
/// Returns the SOA of the authority.
|
||||
@ -109,26 +98,12 @@ pub trait AuthorityObject: Send + Sync {
|
||||
/// should be used, see `soa_secure()`, which will optionally return RRSIGs.
|
||||
fn soa(&self) -> BoxedLookupFuture {
|
||||
// SOA should be origin|SOA
|
||||
self.lookup(
|
||||
&self.origin(),
|
||||
RecordType::SOA,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
)
|
||||
self.lookup(&self.origin(), RecordType::SOA, LookupOptions::default())
|
||||
}
|
||||
|
||||
/// Returns the SOA record for the zone
|
||||
fn soa_secure(
|
||||
&self,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
) -> BoxedLookupFuture {
|
||||
self.lookup(
|
||||
&self.origin(),
|
||||
RecordType::SOA,
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
)
|
||||
fn soa_secure(&self, lookup_options: LookupOptions) -> BoxedLookupFuture {
|
||||
self.lookup(&self.origin(), RecordType::SOA, lookup_options)
|
||||
}
|
||||
|
||||
// TODO: this should probably be a general purpose higher level component?
|
||||
@ -202,11 +177,10 @@ where
|
||||
&self,
|
||||
name: &LowerName,
|
||||
rtype: RecordType,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> BoxedLookupFuture {
|
||||
let this = self.read().expect("poisoned");
|
||||
let lookup = Authority::lookup(&*this, name, rtype, is_secure, supported_algorithms);
|
||||
let lookup = Authority::lookup(&*this, name, rtype, lookup_options);
|
||||
BoxedLookupFuture::from(lookup.map_ok(|l| Box::new(l) as Box<dyn LookupObject>))
|
||||
}
|
||||
|
||||
@ -221,15 +195,10 @@ where
|
||||
///
|
||||
/// Returns a vectory containing the results of the query, it will be empty if not found. If
|
||||
/// `is_secure` is true, in the case of no records found then NSEC records will be returned.
|
||||
fn search(
|
||||
&self,
|
||||
query: &LowerQuery,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
) -> BoxedLookupFuture {
|
||||
fn search(&self, query: &LowerQuery, lookup_options: LookupOptions) -> BoxedLookupFuture {
|
||||
let this = self.read().expect("poisoned");
|
||||
debug!("performing {} on {}", query, this.origin());
|
||||
let lookup = Authority::search(&*this, query, is_secure, supported_algorithms);
|
||||
let lookup = Authority::search(&*this, query, lookup_options);
|
||||
BoxedLookupFuture::from(lookup.map_ok(|l| Box::new(l) as Box<dyn LookupObject>))
|
||||
}
|
||||
|
||||
@ -243,15 +212,10 @@ where
|
||||
fn get_nsec_records(
|
||||
&self,
|
||||
name: &LowerName,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> BoxedLookupFuture {
|
||||
let lookup = Authority::get_nsec_records(
|
||||
&*self.read().expect("poisoned"),
|
||||
name,
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
);
|
||||
let lookup =
|
||||
Authority::get_nsec_records(&*self.read().expect("poisoned"), name, lookup_options);
|
||||
BoxedLookupFuture::from(lookup.map_ok(|l| Box::new(l) as Box<dyn LookupObject>))
|
||||
}
|
||||
|
||||
|
@ -1,18 +1,10 @@
|
||||
/*
|
||||
* Copyright (C) 2015 Benjamin Fry <benjaminfry@me.com>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
// Copyright 2015-2021 Benjamin Fry <benjaminfry@me.com>
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
|
||||
// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
|
||||
// http://opensource.org/licenses/MIT>, at your option. This file may not be
|
||||
// copied, modified, or distributed except according to those terms.
|
||||
|
||||
// TODO, I've implemented this as a separate entity from the cache, but I wonder if the cache
|
||||
// should be the only "front-end" for lookups, where if that misses, then we go to the catalog
|
||||
// then, if requested, do a recursive lookup... i.e. the catalog would only point to files.
|
||||
@ -22,17 +14,21 @@ use std::future::Future;
|
||||
use std::io;
|
||||
use std::pin::Pin;
|
||||
|
||||
use cfg_if::cfg_if;
|
||||
use log::{debug, error, info, trace, warn};
|
||||
|
||||
use crate::authority::{
|
||||
AuthLookup, MessageRequest, MessageResponse, MessageResponseBuilder, ZoneType,
|
||||
};
|
||||
use crate::authority::{
|
||||
AuthorityObject, BoxedLookupFuture, EmptyLookup, LookupError, LookupObject,
|
||||
AuthorityObject, BoxedLookupFuture, EmptyLookup, LookupError, LookupObject, LookupOptions,
|
||||
};
|
||||
use crate::client::op::{Edns, Header, LowerQuery, MessageType, OpCode, ResponseCode};
|
||||
use crate::client::rr::dnssec::{Algorithm, SupportedAlgorithms};
|
||||
use crate::client::rr::rdata::opt::{EdnsCode, EdnsOption};
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::client::rr::{
|
||||
dnssec::{Algorithm, SupportedAlgorithms},
|
||||
rdata::opt::{EdnsCode, EdnsOption},
|
||||
};
|
||||
use crate::client::rr::{LowerName, RecordType};
|
||||
use crate::server::{Request, RequestHandler, ResponseHandler};
|
||||
|
||||
@ -47,10 +43,11 @@ fn send_response<R: ResponseHandler>(
|
||||
mut response: MessageResponse<'_, '_>,
|
||||
mut response_handle: R,
|
||||
) -> io::Result<()> {
|
||||
#[cfg(feature = "dnssec")]
|
||||
if let Some(mut resp_edns) = response_edns {
|
||||
// set edns DAU and DHU
|
||||
// send along the algorithms which are supported by this authority
|
||||
let mut algorithms = SupportedAlgorithms::new();
|
||||
let mut algorithms = SupportedAlgorithms::default();
|
||||
algorithms.set(Algorithm::RSASHA256);
|
||||
algorithms.set(Algorithm::ECDSAP256SHA256);
|
||||
algorithms.set(Algorithm::ECDSAP384SHA384);
|
||||
@ -428,30 +425,42 @@ async fn lookup<R: ResponseHandler + Unpin>(
|
||||
}
|
||||
}
|
||||
|
||||
fn lookup_options_for_edns(edns: Option<&Edns>) -> LookupOptions {
|
||||
let edns = match edns {
|
||||
Some(edns) => edns,
|
||||
None => return LookupOptions::default(),
|
||||
};
|
||||
|
||||
cfg_if! {
|
||||
if #[cfg(feature = "dnssec")] {
|
||||
let supported_algorithms = if let Some(&EdnsOption::DAU(algs)) = edns.option(EdnsCode::DAU)
|
||||
{
|
||||
algs
|
||||
} else {
|
||||
debug!("no DAU in request, used default SupportAlgorithms");
|
||||
Default::default()
|
||||
};
|
||||
|
||||
LookupOptions::for_dnssec(edns.dnssec_ok(), supported_algorithms)
|
||||
} else {
|
||||
LookupOptions::default()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async fn build_response(
|
||||
authority: &dyn AuthorityObject,
|
||||
request_id: u16,
|
||||
query: &LowerQuery,
|
||||
edns: Option<&Edns>,
|
||||
) -> (Header, LookupSections) {
|
||||
let (is_dnssec, supported_algorithms) =
|
||||
edns.map_or((false, SupportedAlgorithms::new()), |edns| {
|
||||
let supported_algorithms =
|
||||
if let Some(&EdnsOption::DAU(algs)) = edns.option(EdnsCode::DAU) {
|
||||
algs
|
||||
} else {
|
||||
debug!("no DAU in request, used default SupportAlgorithms");
|
||||
Default::default()
|
||||
};
|
||||
|
||||
(edns.dnssec_ok(), supported_algorithms)
|
||||
});
|
||||
let lookup_options = lookup_options_for_edns(edns);
|
||||
|
||||
// log algorithms being requested
|
||||
if is_dnssec {
|
||||
if lookup_options.is_dnssec() {
|
||||
info!(
|
||||
"request: {} supported_algs: {}",
|
||||
request_id, supported_algorithms
|
||||
"request: {} lookup_options: {:?}",
|
||||
request_id, lookup_options
|
||||
);
|
||||
}
|
||||
|
||||
@ -462,7 +471,7 @@ async fn build_response(
|
||||
response_header.set_authoritative(authority.zone_type().is_authoritative());
|
||||
|
||||
debug!("performing {} on {}", query, authority.origin());
|
||||
let future = authority.search(query, is_dnssec, supported_algorithms);
|
||||
let future = authority.search(query, lookup_options);
|
||||
|
||||
#[allow(deprecated)]
|
||||
let sections = match authority.zone_type() {
|
||||
@ -471,8 +480,7 @@ async fn build_response(
|
||||
future,
|
||||
authority,
|
||||
&mut response_header,
|
||||
is_dnssec,
|
||||
supported_algorithms,
|
||||
lookup_options,
|
||||
request_id,
|
||||
&query,
|
||||
)
|
||||
@ -490,8 +498,7 @@ async fn send_authoritative_response(
|
||||
future: BoxedLookupFuture,
|
||||
authority: &dyn AuthorityObject,
|
||||
response_header: &mut Header,
|
||||
is_dnssec: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
request_id: u16,
|
||||
query: &LowerQuery,
|
||||
) -> LookupSections {
|
||||
@ -529,7 +536,7 @@ async fn send_authoritative_response(
|
||||
let (ns, soa) = if answers.is_some() {
|
||||
// This was a successful authoritative lookup:
|
||||
// get the NS records
|
||||
match authority.ns(is_dnssec, supported_algorithms).await {
|
||||
match authority.ns(lookup_options).await {
|
||||
Ok(ns) => (Some(ns), None),
|
||||
Err(e) => {
|
||||
warn!("ns_lookup errored: {}", e);
|
||||
@ -537,11 +544,11 @@ async fn send_authoritative_response(
|
||||
}
|
||||
}
|
||||
} else {
|
||||
let nsecs = if is_dnssec {
|
||||
let nsecs = if lookup_options.is_dnssec() {
|
||||
// in the dnssec case, nsec records should exist, we return NoError + NoData + NSec...
|
||||
debug!("request: {} non-existent adding nsecs", request_id);
|
||||
// run the nsec lookup future, and then transition to get soa
|
||||
let future = authority.get_nsec_records(query.name(), true, supported_algorithms);
|
||||
let future = authority.get_nsec_records(query.name(), lookup_options);
|
||||
match future.await {
|
||||
// run the soa lookup
|
||||
Ok(nsecs) => Some(nsecs),
|
||||
@ -554,7 +561,7 @@ async fn send_authoritative_response(
|
||||
None
|
||||
};
|
||||
|
||||
match authority.soa_secure(is_dnssec, supported_algorithms).await {
|
||||
match authority.soa_secure(lookup_options).await {
|
||||
Ok(soa) => (nsecs, Some(soa)),
|
||||
Err(e) => {
|
||||
warn!("failed to lookup soa: {}", e);
|
||||
|
@ -25,7 +25,7 @@ mod zone_type;
|
||||
pub use self::auth_lookup::{
|
||||
AnyRecords, AuthLookup, AuthLookupIter, LookupRecords, LookupRecordsIter,
|
||||
};
|
||||
pub use self::authority::Authority;
|
||||
pub use self::authority::{Authority, LookupOptions};
|
||||
pub use self::authority_object::{AuthorityObject, BoxedLookupFuture, EmptyLookup, LookupObject};
|
||||
pub use self::catalog::Catalog;
|
||||
pub use self::error::{LookupError, LookupResult};
|
||||
|
@ -16,12 +16,12 @@ use rustls::{Certificate, PrivateKey};
|
||||
use serde::Deserialize;
|
||||
|
||||
use crate::client::error::ParseResult;
|
||||
use crate::client::rr::dnssec::Algorithm;
|
||||
#[cfg(any(feature = "dns-over-tls", feature = "dnssec"))]
|
||||
use crate::client::rr::dnssec::{KeyFormat, KeyPair, Private, SigSigner};
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::client::rr::domain::IntoName;
|
||||
use crate::client::rr::domain::Name;
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::client::rr::{
|
||||
dnssec::{Algorithm, KeyFormat, KeyPair, Private, SigSigner},
|
||||
domain::IntoName,
|
||||
};
|
||||
|
||||
/// Key pair configuration for DNSSec keys for signing a zone
|
||||
#[derive(Deserialize, PartialEq, Debug)]
|
||||
@ -51,6 +51,8 @@ impl KeyConfig {
|
||||
/// * `signer_name` - the name to use when signing records, e.g. ns.example.com
|
||||
/// * `is_zone_signing_key` - specify that this key should be used for signing a zone
|
||||
/// * `is_zone_update_auth` - specifies that this key can be used for dynamic updates in the zone
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
pub fn new(
|
||||
key_path: String,
|
||||
password: Option<String>,
|
||||
@ -107,6 +109,8 @@ impl KeyConfig {
|
||||
}
|
||||
|
||||
/// algorithm for for the key, see `Algorithm` for supported algorithms.
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
pub fn algorithm(&self) -> ParseResult<Algorithm> {
|
||||
match self.algorithm.as_str() {
|
||||
"RSASHA1" => Ok(Algorithm::RSASHA1),
|
||||
|
@ -16,6 +16,7 @@ use std::path::{Path, PathBuf};
|
||||
use std::str::FromStr;
|
||||
use std::time::Duration;
|
||||
|
||||
use cfg_if::cfg_if;
|
||||
use log;
|
||||
use serde::{self, Deserialize};
|
||||
use toml;
|
||||
@ -139,7 +140,13 @@ impl Config {
|
||||
|
||||
/// the tls certificate to use for accepting tls connections
|
||||
pub fn get_tls_cert(&self) -> Option<&dnssec::TlsCertConfig> {
|
||||
self.tls_cert.as_ref()
|
||||
cfg_if! {
|
||||
if #[cfg(feature = "dnssec")] {
|
||||
self.tls_cert.as_ref()
|
||||
} else {
|
||||
None
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -239,10 +246,18 @@ impl ZoneConfig {
|
||||
|
||||
/// declare that this zone should be signed, see keys for configuration of the keys for signing
|
||||
pub fn is_dnssec_enabled(&self) -> bool {
|
||||
self.enable_dnssec.unwrap_or(false)
|
||||
cfg_if! {
|
||||
if #[cfg(feature = "dnssec")] {
|
||||
self.enable_dnssec.unwrap_or(false)
|
||||
} else {
|
||||
false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// the configuration for the keys used for auth and/or dnssec zone signing.
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
pub fn get_keys(&self) -> &[dnssec::KeyConfig] {
|
||||
&self.keys
|
||||
}
|
||||
|
@ -17,10 +17,12 @@ use std::pin::Pin;
|
||||
|
||||
use log::{debug, info};
|
||||
|
||||
use crate::authority::{Authority, LookupError, MessageRequest, UpdateResult, ZoneType};
|
||||
use crate::authority::{
|
||||
Authority, LookupError, LookupOptions, MessageRequest, UpdateResult, ZoneType,
|
||||
};
|
||||
use crate::client::op::LowerQuery;
|
||||
use crate::client::proto::rr::dnssec::rdata::key::KEY;
|
||||
use crate::client::rr::dnssec::{DnsSecResult, SigSigner, SupportedAlgorithms};
|
||||
use crate::client::rr::dnssec::{DnsSecResult, SigSigner};
|
||||
use crate::client::rr::{LowerName, Name, RecordSet, RecordType, RrKey};
|
||||
use crate::client::serialize::txt::{Lexer, Parser, Token};
|
||||
use crate::store::file::FileConfig;
|
||||
@ -268,10 +270,9 @@ impl Authority for FileAuthority {
|
||||
&self,
|
||||
name: &LowerName,
|
||||
rtype: RecordType,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
Box::pin(self.0.lookup(name, rtype, is_secure, supported_algorithms))
|
||||
Box::pin(self.0.lookup(name, rtype, lookup_options))
|
||||
}
|
||||
|
||||
/// Using the specified query, perform a lookup against this zone.
|
||||
@ -288,19 +289,17 @@ impl Authority for FileAuthority {
|
||||
fn search(
|
||||
&self,
|
||||
query: &LowerQuery,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
Box::pin(self.0.search(query, is_secure, supported_algorithms))
|
||||
Box::pin(self.0.search(query, lookup_options))
|
||||
}
|
||||
|
||||
/// Get the NS, NameServer, record for the zone
|
||||
fn ns(
|
||||
&self,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
self.0.ns(is_secure, supported_algorithms)
|
||||
self.0.ns(lookup_options)
|
||||
}
|
||||
|
||||
/// Return the NSEC records based on the given name
|
||||
@ -313,11 +312,9 @@ impl Authority for FileAuthority {
|
||||
fn get_nsec_records(
|
||||
&self,
|
||||
name: &LowerName,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
self.0
|
||||
.get_nsec_records(name, is_secure, supported_algorithms)
|
||||
self.0.get_nsec_records(name, lookup_options)
|
||||
}
|
||||
|
||||
/// Returns the SOA of the authority.
|
||||
@ -331,10 +328,9 @@ impl Authority for FileAuthority {
|
||||
/// Returns the SOA record for the zone
|
||||
fn soa_secure(
|
||||
&self,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
self.0.soa_secure(is_secure, supported_algorithms)
|
||||
self.0.soa_secure(lookup_options)
|
||||
}
|
||||
|
||||
/// Add a (Sig0) key that is authorized to perform updates against this authority
|
||||
@ -382,8 +378,7 @@ mod tests {
|
||||
&authority,
|
||||
&LowerName::from_str("www.example.com.").unwrap(),
|
||||
RecordType::A,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.expect("lookup failed");
|
||||
|
||||
@ -401,8 +396,7 @@ mod tests {
|
||||
&authority,
|
||||
&LowerName::from_str("include.alias.example.com.").unwrap(),
|
||||
RecordType::A,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.expect("INCLUDE lookup failed");
|
||||
|
||||
|
@ -15,7 +15,6 @@ use log::info;
|
||||
|
||||
use crate::client::op::LowerQuery;
|
||||
use crate::client::op::ResponseCode;
|
||||
use crate::client::rr::dnssec::SupportedAlgorithms;
|
||||
use crate::client::rr::{LowerName, Name, Record, RecordType};
|
||||
use crate::resolver::config::ResolverConfig;
|
||||
use crate::resolver::error::ResolveError;
|
||||
@ -23,7 +22,7 @@ use crate::resolver::lookup::Lookup as ResolverLookup;
|
||||
use crate::resolver::{TokioAsyncResolver, TokioHandle};
|
||||
|
||||
use crate::authority::{
|
||||
Authority, LookupError, LookupObject, MessageRequest, UpdateResult, ZoneType,
|
||||
Authority, LookupError, LookupObject, LookupOptions, MessageRequest, UpdateResult, ZoneType,
|
||||
};
|
||||
use crate::store::forwarder::ForwardConfig;
|
||||
|
||||
@ -106,8 +105,7 @@ impl Authority for ForwardAuthority {
|
||||
&self,
|
||||
name: &LowerName,
|
||||
rtype: RecordType,
|
||||
_is_secure: bool,
|
||||
_supported_algorithms: SupportedAlgorithms,
|
||||
_lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
// TODO: make this an error?
|
||||
assert!(self.origin.zone_of(name));
|
||||
@ -124,22 +122,15 @@ impl Authority for ForwardAuthority {
|
||||
fn search(
|
||||
&self,
|
||||
query: &LowerQuery,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
Box::pin(self.lookup(
|
||||
query.name(),
|
||||
query.query_type(),
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
))
|
||||
Box::pin(self.lookup(query.name(), query.query_type(), lookup_options))
|
||||
}
|
||||
|
||||
fn get_nsec_records(
|
||||
&self,
|
||||
_name: &LowerName,
|
||||
_is_secure: bool,
|
||||
_supported_algorithms: SupportedAlgorithms,
|
||||
_lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
Box::pin(future::err(LookupError::from(io::Error::new(
|
||||
io::ErrorKind::Other,
|
||||
|
@ -13,11 +13,14 @@ use std::future::Future;
|
||||
use std::pin::Pin;
|
||||
use std::sync::Arc;
|
||||
|
||||
use cfg_if::cfg_if;
|
||||
use futures_util::future::{self, TryFutureExt};
|
||||
use log::{debug, error};
|
||||
|
||||
use crate::client::op::{LowerQuery, ResponseCode};
|
||||
use crate::client::rr::dnssec::{DnsSecResult, SigSigner, SupportedAlgorithms};
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::client::rr::dnssec::SupportedAlgorithms;
|
||||
use crate::client::rr::dnssec::{DnsSecResult, SigSigner};
|
||||
use crate::client::rr::rdata::key::KEY;
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::client::rr::rdata::DNSSECRData;
|
||||
@ -25,8 +28,8 @@ use crate::client::rr::rdata::SOA;
|
||||
use crate::client::rr::{DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey};
|
||||
|
||||
use crate::authority::{
|
||||
AnyRecords, AuthLookup, Authority, LookupError, LookupRecords, LookupResult, MessageRequest,
|
||||
UpdateResult, ZoneType,
|
||||
AnyRecords, AuthLookup, Authority, LookupError, LookupOptions, LookupRecords, LookupResult,
|
||||
MessageRequest, UpdateResult, ZoneType,
|
||||
};
|
||||
|
||||
/// InMemoryAuthority is responsible for storing the resource records for a particular zone.
|
||||
@ -189,8 +192,7 @@ impl InMemoryAuthority {
|
||||
&self,
|
||||
name: &LowerName,
|
||||
record_type: RecordType,
|
||||
and_rrsigs: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Option<Arc<RecordSet>> {
|
||||
// this range covers all the records for any of the RecordTypes at a given label.
|
||||
let start_range_key = RrKey::new(name.clone(), RecordType::Unknown(u16::min_value()));
|
||||
@ -214,7 +216,7 @@ impl InMemoryAuthority {
|
||||
|
||||
// TODO: maybe unwrap this recursion.
|
||||
match lookup {
|
||||
None => self.inner_lookup_wildcard(name, record_type, and_rrsigs, supported_algorithms),
|
||||
None => self.inner_lookup_wildcard(name, record_type, lookup_options),
|
||||
l => l.cloned(),
|
||||
}
|
||||
}
|
||||
@ -223,8 +225,7 @@ impl InMemoryAuthority {
|
||||
&self,
|
||||
name: &LowerName,
|
||||
record_type: RecordType,
|
||||
and_rrsigs: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Option<Arc<RecordSet>> {
|
||||
// if this is a wildcard or a root, both should break continued lookups
|
||||
let wildcard = if name.is_wildcard() || name.is_root() {
|
||||
@ -233,15 +234,27 @@ impl InMemoryAuthority {
|
||||
name.clone().into_wildcard()
|
||||
};
|
||||
|
||||
self.inner_lookup(&wildcard, record_type, and_rrsigs, supported_algorithms)
|
||||
self.inner_lookup(&wildcard, record_type, lookup_options)
|
||||
// we need to change the name to the query name in the result set since this was a wildcard
|
||||
.map(|rrset| {
|
||||
let mut new_answer =
|
||||
RecordSet::new(name.borrow(), rrset.record_type(), rrset.ttl());
|
||||
|
||||
let (records, _rrsigs): (Vec<&Record>, Vec<&Record>) = rrset
|
||||
.records(and_rrsigs, supported_algorithms)
|
||||
.partition(|r| r.record_type() != RecordType::RRSIG);
|
||||
let records;
|
||||
let _rrsigs: Vec<&Record>;
|
||||
cfg_if! {
|
||||
if #[cfg(feature = "dnssec")] {
|
||||
let (records_tmp, rrsigs_tmp) = rrset
|
||||
.records(lookup_options.is_dnssec(), lookup_options.supported_algorithms())
|
||||
.partition(|r| r.record_type() != RecordType::RRSIG);
|
||||
records = records_tmp;
|
||||
_rrsigs = rrsigs_tmp;
|
||||
} else {
|
||||
let (records_tmp, rrsigs_tmp) = (rrset.records_without_rrsigs(), Vec::with_capacity(0));
|
||||
records = records_tmp;
|
||||
_rrsigs = rrsigs_tmp;
|
||||
}
|
||||
};
|
||||
|
||||
for record in records {
|
||||
new_answer.add_rdata(record.rdata().clone());
|
||||
@ -268,8 +281,7 @@ impl InMemoryAuthority {
|
||||
query_type: RecordType,
|
||||
next_name: LowerName,
|
||||
_search_type: RecordType,
|
||||
and_rrsigs: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Option<Vec<Arc<RecordSet>>> {
|
||||
let mut additionals: Vec<Arc<RecordSet>> = vec![];
|
||||
|
||||
@ -287,8 +299,7 @@ impl InMemoryAuthority {
|
||||
// loop and collect any additional records to send
|
||||
let mut next_name = Some(next_name.clone());
|
||||
while let Some(search) = next_name.take() {
|
||||
let additional =
|
||||
self.inner_lookup(&search, *query_type, and_rrsigs, supported_algorithms);
|
||||
let additional = self.inner_lookup(&search, *query_type, lookup_options);
|
||||
let mut continue_name = None;
|
||||
|
||||
if let Some(additional) = additional {
|
||||
@ -786,16 +797,14 @@ impl Authority for InMemoryAuthority {
|
||||
&self,
|
||||
name: &LowerName,
|
||||
query_type: RecordType,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
// Collect the records from each rr_set
|
||||
let (result, additionals): (LookupResult<LookupRecords>, Option<LookupRecords>) =
|
||||
match query_type {
|
||||
RecordType::AXFR | RecordType::ANY => {
|
||||
let result = AnyRecords::new(
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
lookup_options,
|
||||
self.records.values().cloned().collect(),
|
||||
query_type,
|
||||
name.clone(),
|
||||
@ -804,8 +813,7 @@ impl Authority for InMemoryAuthority {
|
||||
}
|
||||
_ => {
|
||||
// perform the lookup
|
||||
let answer =
|
||||
self.inner_lookup(name, query_type, is_secure, supported_algorithms);
|
||||
let answer = self.inner_lookup(name, query_type, lookup_options);
|
||||
|
||||
// evaluate any cnames for additional inclusion
|
||||
let additionals_root_chain_type: Option<(_, _)> = answer
|
||||
@ -816,8 +824,7 @@ impl Authority for InMemoryAuthority {
|
||||
query_type,
|
||||
search_name,
|
||||
search_type,
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
lookup_options,
|
||||
)
|
||||
.map(|adds| (adds, search_type))
|
||||
});
|
||||
@ -877,7 +884,7 @@ impl Authority for InMemoryAuthority {
|
||||
use log::warn;
|
||||
|
||||
// ANAME's are constructed on demand, so need to be signed before return
|
||||
if is_secure {
|
||||
if lookup_options.is_dnssec() {
|
||||
Self::sign_rrset(
|
||||
&mut new_answer,
|
||||
self.secure_keys(),
|
||||
@ -906,11 +913,10 @@ impl Authority for InMemoryAuthority {
|
||||
// map the answer to a result
|
||||
let answer = answer
|
||||
.map_or(Err(LookupError::from(ResponseCode::NXDomain)), |rr_set| {
|
||||
Ok(LookupRecords::new(is_secure, supported_algorithms, rr_set))
|
||||
Ok(LookupRecords::new(lookup_options, rr_set))
|
||||
});
|
||||
|
||||
let additionals = additionals
|
||||
.map(|a| LookupRecords::many(is_secure, supported_algorithms, a));
|
||||
let additionals = additionals.map(|a| LookupRecords::many(lookup_options, a));
|
||||
|
||||
(answer, additionals)
|
||||
}
|
||||
@ -950,8 +956,7 @@ impl Authority for InMemoryAuthority {
|
||||
fn search(
|
||||
&self,
|
||||
query: &LowerQuery,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
debug!("searching InMemoryAuthority for: {}", query);
|
||||
|
||||
@ -976,16 +981,14 @@ impl Authority for InMemoryAuthority {
|
||||
|
||||
// perform the actual lookup
|
||||
match record_type {
|
||||
RecordType::SOA => {
|
||||
Box::pin(self.lookup(self.origin(), record_type, is_secure, supported_algorithms))
|
||||
}
|
||||
RecordType::SOA => Box::pin(self.lookup(self.origin(), record_type, lookup_options)),
|
||||
RecordType::AXFR => {
|
||||
// TODO: shouldn't these SOA's be secure? at least the first, perhaps not the last?
|
||||
let lookup = future::try_join3(
|
||||
// TODO: maybe switch this to be an soa_inner type call?
|
||||
self.soa_secure(is_secure, supported_algorithms),
|
||||
self.soa_secure(lookup_options),
|
||||
self.soa(),
|
||||
self.lookup(lookup_name, record_type, is_secure, supported_algorithms),
|
||||
self.lookup(lookup_name, record_type, lookup_options),
|
||||
)
|
||||
.map_ok(|(start_soa, end_soa, records)| match start_soa {
|
||||
l @ AuthLookup::Empty => l,
|
||||
@ -999,7 +1002,7 @@ impl Authority for InMemoryAuthority {
|
||||
Box::pin(lookup)
|
||||
}
|
||||
// A standard Lookup path
|
||||
_ => Box::pin(self.lookup(lookup_name, record_type, is_secure, supported_algorithms)),
|
||||
_ => Box::pin(self.lookup(lookup_name, record_type, lookup_options)),
|
||||
}
|
||||
}
|
||||
|
||||
@ -1014,8 +1017,7 @@ impl Authority for InMemoryAuthority {
|
||||
fn get_nsec_records(
|
||||
&self,
|
||||
name: &LowerName,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
fn is_nsec_rrset(rr_set: &RecordSet) -> bool {
|
||||
rr_set.record_type() == RecordType::NSEC
|
||||
@ -1026,7 +1028,7 @@ impl Authority for InMemoryAuthority {
|
||||
let no_data = self
|
||||
.records
|
||||
.get(&rr_key)
|
||||
.map(|rr_set| LookupRecords::new(is_secure, supported_algorithms, rr_set.clone()));
|
||||
.map(|rr_set| LookupRecords::new(lookup_options, rr_set.clone()));
|
||||
|
||||
if let Some(no_data) = no_data {
|
||||
return Box::pin(future::ready(Ok(no_data.into())));
|
||||
@ -1088,8 +1090,7 @@ impl Authority for InMemoryAuthority {
|
||||
};
|
||||
|
||||
Box::pin(future::ready(Ok(LookupRecords::many(
|
||||
is_secure,
|
||||
supported_algorithms,
|
||||
lookup_options,
|
||||
proofs,
|
||||
)
|
||||
.into())))
|
||||
@ -1099,8 +1100,7 @@ impl Authority for InMemoryAuthority {
|
||||
fn get_nsec_records(
|
||||
&self,
|
||||
_name: &LowerName,
|
||||
_is_secure: bool,
|
||||
_supported_algorithms: SupportedAlgorithms,
|
||||
_lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
Box::pin(future::ok(AuthLookup::default()))
|
||||
}
|
||||
|
@ -16,7 +16,7 @@ use std::sync::Arc;
|
||||
use log::{error, info, warn};
|
||||
|
||||
use crate::client::op::LowerQuery;
|
||||
use crate::client::rr::dnssec::{DnsSecResult, SigSigner, SupportedAlgorithms};
|
||||
use crate::client::rr::dnssec::{DnsSecResult, SigSigner};
|
||||
use crate::client::rr::{LowerName, RrKey};
|
||||
use crate::proto::op::ResponseCode;
|
||||
use crate::proto::rr::dnssec::rdata::key::KEY;
|
||||
@ -24,7 +24,9 @@ use crate::proto::rr::{DNSClass, Name, RData, Record, RecordSet, RecordType};
|
||||
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::authority::UpdateRequest;
|
||||
use crate::authority::{Authority, LookupError, MessageRequest, UpdateResult, ZoneType};
|
||||
use crate::authority::{
|
||||
Authority, LookupError, LookupOptions, MessageRequest, UpdateResult, ZoneType,
|
||||
};
|
||||
use crate::error::{PersistenceErrorKind, PersistenceResult};
|
||||
use crate::store::in_memory::InMemoryAuthority;
|
||||
use crate::store::sqlite::{Journal, SqliteConfig};
|
||||
@ -313,8 +315,7 @@ impl SqliteAuthority {
|
||||
if block_on(self.lookup(
|
||||
&required_name,
|
||||
RecordType::ANY,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap_or_default()
|
||||
.was_empty()
|
||||
@ -330,8 +331,7 @@ impl SqliteAuthority {
|
||||
if block_on(self.lookup(
|
||||
&required_name,
|
||||
rrset,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap_or_default()
|
||||
.was_empty()
|
||||
@ -355,8 +355,7 @@ impl SqliteAuthority {
|
||||
if !block_on(self.lookup(
|
||||
&required_name,
|
||||
RecordType::ANY,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap_or_default()
|
||||
.was_empty()
|
||||
@ -372,8 +371,7 @@ impl SqliteAuthority {
|
||||
if !block_on(self.lookup(
|
||||
&required_name,
|
||||
rrset,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap_or_default()
|
||||
.was_empty()
|
||||
@ -395,8 +393,7 @@ impl SqliteAuthority {
|
||||
if !block_on(self.lookup(
|
||||
&required_name,
|
||||
require.rr_type(),
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap_or_default()
|
||||
.iter()
|
||||
@ -482,12 +479,8 @@ impl SqliteAuthority {
|
||||
.any(|sig| {
|
||||
let name = LowerName::from(sig.signer_name());
|
||||
// TODO: updates should be async as well.
|
||||
let keys = block_on(self.lookup(
|
||||
&name,
|
||||
RecordType::KEY,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
));
|
||||
let keys =
|
||||
block_on(self.lookup(&name, RecordType::KEY, LookupOptions::default()));
|
||||
|
||||
let keys = match keys {
|
||||
Ok(keys) => keys,
|
||||
@ -940,21 +933,17 @@ impl Authority for SqliteAuthority {
|
||||
&self,
|
||||
name: &LowerName,
|
||||
rtype: RecordType,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
self.in_memory
|
||||
.lookup(name, rtype, is_secure, supported_algorithms)
|
||||
self.in_memory.lookup(name, rtype, lookup_options)
|
||||
}
|
||||
|
||||
fn search(
|
||||
&self,
|
||||
query: &LowerQuery,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
self.in_memory
|
||||
.search(query, is_secure, supported_algorithms)
|
||||
self.in_memory.search(query, lookup_options)
|
||||
}
|
||||
|
||||
/// Return the NSEC records based on the given name
|
||||
@ -967,11 +956,9 @@ impl Authority for SqliteAuthority {
|
||||
fn get_nsec_records(
|
||||
&self,
|
||||
name: &LowerName,
|
||||
is_secure: bool,
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
lookup_options: LookupOptions,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
self.in_memory
|
||||
.get_nsec_records(name, is_secure, supported_algorithms)
|
||||
self.in_memory.get_nsec_records(name, lookup_options)
|
||||
}
|
||||
|
||||
fn add_update_auth_key(&mut self, name: Name, key: KEY) -> DnsSecResult<()> {
|
||||
|
@ -9,13 +9,14 @@ use futures_executor::block_on;
|
||||
use trust_dns_client::op::{Message, Query, ResponseCode};
|
||||
use trust_dns_client::rr::dnssec::SupportedAlgorithms;
|
||||
use trust_dns_client::rr::{Name, RData, Record, RecordType};
|
||||
use trust_dns_server::authority::{AuthLookup, Authority, LookupError, MessageRequest};
|
||||
use trust_dns_server::authority::{
|
||||
AuthLookup, Authority, LookupError, LookupOptions, MessageRequest,
|
||||
};
|
||||
|
||||
pub fn test_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
let query = Query::query(Name::from_str("www.example.com.").unwrap(), RecordType::A);
|
||||
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
match lookup
|
||||
.into_iter()
|
||||
@ -52,7 +53,7 @@ pub fn test_soa<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
}
|
||||
|
||||
pub fn test_ns<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
let lookup = block_on(authority.ns(false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.ns(LookupOptions::default())).unwrap();
|
||||
|
||||
match lookup
|
||||
.into_iter()
|
||||
@ -68,8 +69,7 @@ pub fn test_ns<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
pub fn test_ns_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
let query = Query::query(Name::from_str("example.com.").unwrap(), RecordType::NS);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let additionals = dbg!(lookup
|
||||
.take_additionals()
|
||||
@ -98,8 +98,7 @@ pub fn test_ns_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
pub fn test_mx<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
let query = Query::query(Name::from_str("example.com.").unwrap(), RecordType::MX);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let additionals = dbg!(lookup
|
||||
.take_additionals()
|
||||
@ -152,8 +151,7 @@ pub fn test_mx_to_null<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
RecordType::MX,
|
||||
);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
// In this case there should be no additional records
|
||||
assert!(lookup.take_additionals().is_none());
|
||||
@ -175,8 +173,7 @@ pub fn test_cname<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
RecordType::CNAME,
|
||||
);
|
||||
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let cname = lookup
|
||||
.into_iter()
|
||||
@ -192,8 +189,7 @@ pub fn test_cname<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
pub fn test_cname_alias<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
let query = Query::query(Name::from_str("alias.example.com.").unwrap(), RecordType::A);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let additionals = lookup
|
||||
.take_additionals()
|
||||
@ -227,8 +223,7 @@ pub fn test_cname_chain<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
RecordType::A,
|
||||
);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let additionals = lookup
|
||||
.take_additionals()
|
||||
@ -270,8 +265,7 @@ pub fn test_cname_chain<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
pub fn test_aname<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
let query = Query::query(Name::from_str("example.com.").unwrap(), RecordType::ANAME);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let additionals = lookup
|
||||
.take_additionals()
|
||||
@ -311,8 +305,7 @@ pub fn test_aname<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
pub fn test_aname_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
let query = Query::query(Name::from_str("example.com.").unwrap(), RecordType::A);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let additionals = lookup.take_additionals().expect("no additionals for aname");
|
||||
|
||||
@ -348,8 +341,7 @@ pub fn test_aname_chain<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
RecordType::A,
|
||||
);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let additionals = lookup.take_additionals().expect("no additionals");
|
||||
|
||||
@ -408,8 +400,7 @@ pub fn test_dots_in_name<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
Name::from_str("this.has.dots.example.com.").unwrap(),
|
||||
RecordType::A,
|
||||
);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(
|
||||
*lookup
|
||||
@ -427,15 +418,13 @@ pub fn test_dots_in_name<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
Name::from_str("has.dots.example.com.").unwrap(),
|
||||
RecordType::A,
|
||||
);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap_err();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap_err();
|
||||
|
||||
assert!(lookup.is_name_exists(), "lookup: {}", lookup);
|
||||
|
||||
// the rest should all be NameExists
|
||||
let query = Query::query(Name::from_str("dots.example.com.").unwrap(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap_err();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap_err();
|
||||
|
||||
assert!(lookup.is_name_exists());
|
||||
|
||||
@ -444,8 +433,7 @@ pub fn test_dots_in_name<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
Name::from_str("not.this.has.dots.example.com.").unwrap(),
|
||||
RecordType::A,
|
||||
);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap_err();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap_err();
|
||||
|
||||
assert!(lookup.is_nx_domain());
|
||||
}
|
||||
@ -456,8 +444,7 @@ pub fn test_wildcard<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
Name::from_str("*.wildcard.example.com.").unwrap(),
|
||||
RecordType::CNAME,
|
||||
);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(
|
||||
*lookup
|
||||
@ -475,7 +462,7 @@ pub fn test_wildcard<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
Name::from_str("www.wildcard.example.com.").unwrap(),
|
||||
RecordType::CNAME,
|
||||
);
|
||||
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()))
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()))
|
||||
.expect("lookup of www.wildcard.example.com. failed");
|
||||
|
||||
assert_eq!(
|
||||
@ -503,7 +490,7 @@ pub fn test_wildcard_chain<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
Name::from_str("www.wildcard.example.com.").unwrap(),
|
||||
RecordType::A,
|
||||
);
|
||||
let mut lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()))
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default()))
|
||||
.expect("lookup of www.wildcard.example.com. failed");
|
||||
|
||||
// the name should match the lookup, not the A records
|
||||
@ -536,8 +523,7 @@ pub fn test_srv<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
RecordType::SRV,
|
||||
);
|
||||
|
||||
let mut lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let mut lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
let additionals = dbg!(lookup
|
||||
.take_additionals()
|
||||
@ -584,7 +570,7 @@ pub fn test_srv<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
pub fn test_invalid_lookup<A: Authority<Lookup = AuthLookup>>(authority: A) {
|
||||
let query = Query::query(Name::from_str("www.google.com.").unwrap(), RecordType::A);
|
||||
|
||||
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()));
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()));
|
||||
|
||||
let err = lookup.expect_err("Lookup for www.google.com succeeded");
|
||||
match err {
|
||||
|
@ -10,13 +10,16 @@ use trust_dns_client::rr::dnssec::{Algorithm, SupportedAlgorithms, Verifier};
|
||||
use trust_dns_client::rr::{DNSClass, Name, Record, RecordType};
|
||||
use trust_dns_proto::rr::dnssec::rdata::DNSKEY;
|
||||
use trust_dns_proto::xfer;
|
||||
use trust_dns_server::authority::{AuthLookup, Authority};
|
||||
use trust_dns_server::authority::{AuthLookup, Authority, LookupOptions};
|
||||
|
||||
pub fn test_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]) {
|
||||
let query = Query::query(Name::from_str("www.example.com.").unwrap(), RecordType::A);
|
||||
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), true, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(
|
||||
&query.into(),
|
||||
LookupOptions::for_dnssec(true, SupportedAlgorithms::new()),
|
||||
))
|
||||
.unwrap();
|
||||
|
||||
let (a_records, other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
@ -33,7 +36,9 @@ pub fn test_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DN
|
||||
|
||||
#[allow(clippy::unreadable_literal)]
|
||||
pub fn test_soa<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]) {
|
||||
let lookup = block_on(authority.soa_secure(true, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup =
|
||||
block_on(authority.soa_secure(LookupOptions::for_dnssec(true, SupportedAlgorithms::new())))
|
||||
.unwrap();
|
||||
|
||||
let (soa_records, other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
@ -61,7 +66,9 @@ pub fn test_soa<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]
|
||||
}
|
||||
|
||||
pub fn test_ns<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]) {
|
||||
let lookup = block_on(authority.ns(true, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup =
|
||||
block_on(authority.ns(LookupOptions::for_dnssec(true, SupportedAlgorithms::new())))
|
||||
.unwrap();
|
||||
|
||||
let (ns_records, other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
@ -87,8 +94,11 @@ pub fn test_aname_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys:
|
||||
RecordType::A,
|
||||
);
|
||||
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), true, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(
|
||||
&query.into(),
|
||||
LookupOptions::for_dnssec(true, SupportedAlgorithms::new()),
|
||||
))
|
||||
.unwrap();
|
||||
|
||||
let (a_records, other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
@ -109,8 +119,11 @@ pub fn test_wildcard<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DN
|
||||
Name::from_str("www.wildcard.example.com.").unwrap(),
|
||||
RecordType::CNAME,
|
||||
);
|
||||
let lookup = block_on(authority.search(&query.into(), true, SupportedAlgorithms::new()))
|
||||
.expect("lookup of www.wildcard.example.com. failed");
|
||||
let lookup = block_on(authority.search(
|
||||
&query.into(),
|
||||
LookupOptions::for_dnssec(true, SupportedAlgorithms::new()),
|
||||
))
|
||||
.expect("lookup of www.wildcard.example.com. failed");
|
||||
|
||||
let (cname_records, other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
@ -134,8 +147,7 @@ pub fn test_nsec_nodata<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &
|
||||
let name = Name::from_str("www.example.com.").unwrap();
|
||||
let lookup = block_on(authority.get_nsec_records(
|
||||
&name.clone().into(),
|
||||
true,
|
||||
SupportedAlgorithms::all(),
|
||||
LookupOptions::for_dnssec(true, SupportedAlgorithms::all()),
|
||||
))
|
||||
.unwrap();
|
||||
|
||||
@ -165,8 +177,7 @@ pub fn test_nsec_nxdomain_start<A: Authority<Lookup = AuthLookup>>(authority: A,
|
||||
let name = Name::from_str("aaa.example.com.").unwrap();
|
||||
let lookup = block_on(authority.get_nsec_records(
|
||||
&name.clone().into(),
|
||||
true,
|
||||
SupportedAlgorithms::all(),
|
||||
LookupOptions::for_dnssec(true, SupportedAlgorithms::all()),
|
||||
))
|
||||
.unwrap();
|
||||
|
||||
@ -198,8 +209,7 @@ pub fn test_nsec_nxdomain_middle<A: Authority<Lookup = AuthLookup>>(authority: A
|
||||
let name = Name::from_str("ccc.example.com.").unwrap();
|
||||
let lookup = block_on(authority.get_nsec_records(
|
||||
&name.clone().into(),
|
||||
true,
|
||||
SupportedAlgorithms::all(),
|
||||
LookupOptions::for_dnssec(true, SupportedAlgorithms::all()),
|
||||
))
|
||||
.unwrap();
|
||||
|
||||
@ -233,8 +243,7 @@ pub fn test_nsec_nxdomain_wraps_end<A: Authority<Lookup = AuthLookup>>(
|
||||
let name = Name::from_str("zzz.example.com.").unwrap();
|
||||
let lookup = block_on(authority.get_nsec_records(
|
||||
&name.clone().into(),
|
||||
true,
|
||||
SupportedAlgorithms::all(),
|
||||
LookupOptions::for_dnssec(true, SupportedAlgorithms::all()),
|
||||
))
|
||||
.unwrap();
|
||||
|
||||
@ -272,8 +281,7 @@ pub fn test_rfc_6975_supported_algorithms<A: Authority<Lookup = AuthLookup>>(
|
||||
|
||||
let lookup = block_on(authority.search(
|
||||
&query.into(),
|
||||
true,
|
||||
SupportedAlgorithms::from(key.algorithm()),
|
||||
LookupOptions::for_dnssec(true, SupportedAlgorithms::from(key.algorithm())),
|
||||
))
|
||||
.unwrap();
|
||||
|
||||
|
@ -12,7 +12,7 @@ use trust_dns_client::proto::rr::{DNSClass, Name, RData, Record, RecordSet, Reco
|
||||
use trust_dns_client::rr::dnssec::{Algorithm, SigSigner, SupportedAlgorithms, Verifier};
|
||||
use trust_dns_client::serialize::binary::{BinDecodable, BinEncodable, BinSerializable};
|
||||
use trust_dns_server::authority::{
|
||||
AuthLookup, Authority, LookupError, MessageRequest, UpdateResult,
|
||||
AuthLookup, Authority, LookupError, LookupOptions, MessageRequest, UpdateResult,
|
||||
};
|
||||
|
||||
fn update_authority<A: Authority<Lookup = AuthLookup>>(
|
||||
@ -44,8 +44,7 @@ pub fn test_create<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys: &[
|
||||
assert!(update_authority(message, key, &mut authority).expect("create failed"));
|
||||
|
||||
let query = Query::query(name, RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
match lookup
|
||||
.into_iter()
|
||||
@ -92,8 +91,7 @@ pub fn test_create_multi<A: Authority<Lookup = AuthLookup>>(mut authority: A, ke
|
||||
assert!(update_authority(message, key, &mut authority).expect("create failed"));
|
||||
|
||||
let query = Query::query(name, RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert!(lookup.iter().any(|rr| *rr == record));
|
||||
assert!(lookup.iter().any(|rr| *rr == record2));
|
||||
@ -142,8 +140,7 @@ pub fn test_append<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys: &[
|
||||
|
||||
// verify record contents
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 1);
|
||||
assert!(lookup.iter().any(|rr| *rr == record));
|
||||
@ -161,8 +158,7 @@ pub fn test_append<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys: &[
|
||||
assert!(update_authority(message, key, &mut authority).expect("append failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 2);
|
||||
|
||||
@ -179,8 +175,7 @@ pub fn test_append<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys: &[
|
||||
assert!(!update_authority(message, key, &mut authority).expect("append failed"));
|
||||
|
||||
let query = Query::query(name, RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 2);
|
||||
|
||||
@ -229,8 +224,7 @@ pub fn test_append_multi<A: Authority<Lookup = AuthLookup>>(mut authority: A, ke
|
||||
assert!(update_authority(message, key, &mut authority).expect("append failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 3);
|
||||
|
||||
@ -249,8 +243,7 @@ pub fn test_append_multi<A: Authority<Lookup = AuthLookup>>(mut authority: A, ke
|
||||
assert!(!update_authority(message, key, &mut authority).expect("append failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 3);
|
||||
|
||||
@ -297,8 +290,7 @@ pub fn test_compare_and_swap<A: Authority<Lookup = AuthLookup>>(
|
||||
assert!(update_authority(message, key, &mut authority).expect("compare_and_swap failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 1);
|
||||
assert!(lookup.iter().any(|rr| *rr == new));
|
||||
@ -321,8 +313,7 @@ pub fn test_compare_and_swap<A: Authority<Lookup = AuthLookup>>(
|
||||
);
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 1);
|
||||
assert!(lookup.iter().any(|rr| *rr == new));
|
||||
@ -378,8 +369,7 @@ pub fn test_compare_and_swap_multi<A: Authority<Lookup = AuthLookup>>(
|
||||
assert!(update_authority(message, key, &mut authority).expect("compare_and_swap failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 2);
|
||||
assert!(lookup.iter().any(|rr| *rr == new1));
|
||||
@ -404,8 +394,7 @@ pub fn test_compare_and_swap_multi<A: Authority<Lookup = AuthLookup>>(
|
||||
);
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 2);
|
||||
assert!(lookup.iter().any(|rr| *rr == new1));
|
||||
@ -463,8 +452,7 @@ pub fn test_delete_by_rdata<A: Authority<Lookup = AuthLookup>>(
|
||||
assert!(update_authority(message, key, &mut authority).expect("delete_by_rdata failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 1);
|
||||
assert!(lookup.iter().any(|rr| *rr == record1));
|
||||
@ -536,8 +524,7 @@ pub fn test_delete_by_rdata_multi<A: Authority<Lookup = AuthLookup>>(
|
||||
assert!(update_authority(message, key, &mut authority).expect("delete_by_rdata failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup =
|
||||
block_on(authority.search(&query.into(), false, SupportedAlgorithms::new())).unwrap();
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default())).unwrap();
|
||||
|
||||
assert_eq!(lookup.iter().count(), 2);
|
||||
assert!(!lookup.iter().any(|rr| *rr == record1));
|
||||
@ -594,7 +581,7 @@ pub fn test_delete_rrset<A: Authority<Lookup = AuthLookup>>(mut authority: A, ke
|
||||
assert!(update_authority(message, key, &mut authority).expect("delete_rrset failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()));
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()));
|
||||
|
||||
assert_eq!(
|
||||
*lookup.unwrap_err().as_response_code().unwrap(),
|
||||
@ -652,14 +639,14 @@ pub fn test_delete_all<A: Authority<Lookup = AuthLookup>>(mut authority: A, keys
|
||||
assert!(update_authority(message, key, &mut authority).expect("delete_all failed"));
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::A);
|
||||
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()));
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()));
|
||||
assert_eq!(
|
||||
*lookup.unwrap_err().as_response_code().unwrap(),
|
||||
ResponseCode::NXDomain
|
||||
);
|
||||
|
||||
let query = Query::query(name.clone(), RecordType::AAAA);
|
||||
let lookup = block_on(authority.search(&query.into(), false, SupportedAlgorithms::new()));
|
||||
let lookup = block_on(authority.search(&query.into(), LookupOptions::default()));
|
||||
assert_eq!(
|
||||
*lookup.unwrap_err().as_response_code().unwrap(),
|
||||
ResponseCode::NXDomain
|
||||
|
@ -24,7 +24,6 @@ fn test_lookup() {
|
||||
.block_on(forwarder.lookup(
|
||||
&Name::from_str("www.example.com.").unwrap().into(),
|
||||
RecordType::A,
|
||||
false,
|
||||
Default::default(),
|
||||
))
|
||||
.unwrap();
|
||||
|
@ -4,10 +4,9 @@ use std::str::FromStr;
|
||||
use futures_executor::block_on;
|
||||
|
||||
use trust_dns_client::proto::rr::rdata::tlsa::*;
|
||||
use trust_dns_client::rr::dnssec::*;
|
||||
use trust_dns_client::rr::*;
|
||||
use trust_dns_client::serialize::txt::*;
|
||||
use trust_dns_server::authority::{Authority, ZoneType};
|
||||
use trust_dns_server::authority::{Authority, LookupOptions, ZoneType};
|
||||
use trust_dns_server::store::in_memory::InMemoryAuthority;
|
||||
|
||||
// TODO: split this test up to test each thing separately
|
||||
@ -100,8 +99,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let lowercase_record = block_on(authority.lookup(
|
||||
&Name::from_str("tech.").unwrap().into(),
|
||||
RecordType::SOA,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -132,8 +130,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let mut ns_records: Vec<Record> = block_on(authority.lookup(
|
||||
&Name::from_str("isi.edu").unwrap().into(),
|
||||
RecordType::NS,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -166,8 +163,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let mut mx_records: Vec<Record> = block_on(authority.lookup(
|
||||
&Name::from_str("isi.edu").unwrap().into(),
|
||||
RecordType::MX,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -199,8 +195,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let a_record: Record = block_on(authority.lookup(
|
||||
&Name::from_str("a.isi.edu").unwrap().into(),
|
||||
RecordType::A,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -221,8 +216,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let aaaa_record: Record = block_on(authority.lookup(
|
||||
&Name::from_str("aaaa.isi.edu").unwrap().into(),
|
||||
RecordType::AAAA,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -243,8 +237,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let short_record: Record = block_on(authority.lookup(
|
||||
&Name::from_str("short.isi.edu").unwrap().into(),
|
||||
RecordType::A,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -266,8 +259,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let mut txt_records: Vec<Record> = block_on(authority.lookup(
|
||||
&Name::from_str("a.isi.edu").unwrap().into(),
|
||||
RecordType::TXT,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -311,8 +303,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let ptr_record: Record = block_on(authority.lookup(
|
||||
&Name::from_str("103.0.3.26.in-addr.arpa").unwrap().into(),
|
||||
RecordType::PTR,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -329,8 +320,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let srv_record: Record = block_on(authority.lookup(
|
||||
&Name::from_str("_ldap._tcp.service.isi.edu").unwrap().into(),
|
||||
RecordType::SRV,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -350,8 +340,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let idna_record: Record = block_on(authority.lookup(
|
||||
&Name::from_str("rust-❤️-🦀.isi.edu").unwrap().into(),
|
||||
RecordType::A,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -372,8 +361,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
let caa_record: Record = block_on(authority.lookup(
|
||||
&Name::parse("nocerts.isi.edu.", None).unwrap().into(),
|
||||
RecordType::CAA,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
))
|
||||
.unwrap()
|
||||
.iter()
|
||||
@ -395,8 +383,7 @@ tech. 3600 in soa ns0.centralnic.net. hostmaster.centralnic.ne
|
||||
.unwrap()
|
||||
.into(),
|
||||
RecordType::TLSA,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
LookupOptions::default(),
|
||||
),
|
||||
)
|
||||
.unwrap()
|
||||
|
Loading…
Reference in New Issue
Block a user