[Opendnssec-commits] [svn.opendnssec.org/svn/dnssec] r5491 - in trunk/OpenDNSSEC: . enforcer/enforcerd enforcer/utils

sion at nominet.org.uk sion at nominet.org.uk
Tue Aug 30 11:29:55 CEST 2011


Author: sion
Date: 2011-08-30 11:29:54 +0200 (Tue, 30 Aug 2011)
New Revision: 5491

Modified:
   trunk/OpenDNSSEC/NEWS
   trunk/OpenDNSSEC/enforcer/enforcerd/enforcer.c
   trunk/OpenDNSSEC/enforcer/utils/ksmutil.c
Log:
Use TTLs from policy in exported RRs, pivotal story 14881605.


Modified: trunk/OpenDNSSEC/NEWS
===================================================================
--- trunk/OpenDNSSEC/NEWS	2011-08-29 14:13:39 UTC (rev 5490)
+++ trunk/OpenDNSSEC/NEWS	2011-08-30 09:29:54 UTC (rev 5491)
@@ -7,6 +7,8 @@
   were seen, or if both were seen (so a key rollover is happening).
 * ods-ksmutil: Prevent MySQL username or password being interpreted by the 
   shell when running "ods-ksmutil setup"
+* Enforcer/ods-ksmutil: Use TTls from kasp when generating DNSKEY and DS
+  records for output.
 
 Bugfixes:
 * Bugfix #246: Less confusing text for XML validation in ods-kaspcheck.

Modified: trunk/OpenDNSSEC/enforcer/enforcerd/enforcer.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/enforcerd/enforcer.c	2011-08-29 14:13:39 UTC (rev 5490)
+++ trunk/OpenDNSSEC/enforcer/enforcerd/enforcer.c	2011-08-30 09:29:54 UTC (rev 5491)
@@ -1598,6 +1598,11 @@
     char*   ds_seen_buffer = NULL;   /* Which keys have we promoted */
     char*   temp_char = NULL;   /* Contents of DS records */
 
+	/* To find the ttl of the DS */
+	int policy_id = -1;
+	int rrttl = -1;
+	int param_id = -1; /* unused */
+
     /* Key information */
     hsm_key_t *key = NULL;
     ldns_rr *dnskey_rr = NULL;
@@ -1775,6 +1780,18 @@
             sign_params->flags += LDNS_KEY_SEP_KEY;
             dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
 
+			/* Set TTL if we can find it; else leave it as the default */
+			/* We need a policy id */
+			status = KsmPolicyIdFromZoneId(zone_id, &policy_id);
+			if (status == 0) {
+
+				/* Use this to get the TTL parameter value */
+				status = KsmParameterValue(KSM_PAR_KSKTTL_STRING, KSM_PAR_KSKTTL_CAT, &rrttl, policy_id, &param_id);
+				if (status == 0) {
+					ldns_rr_set_ttl(dnskey_rr, rrttl);
+				}
+			}
+
             temp_char = ldns_rr2str(dnskey_rr);
             ldns_rr_free(dnskey_rr);
 

Modified: trunk/OpenDNSSEC/enforcer/utils/ksmutil.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/utils/ksmutil.c	2011-08-29 14:13:39 UTC (rev 5490)
+++ trunk/OpenDNSSEC/enforcer/utils/ksmutil.c	2011-08-30 09:29:54 UTC (rev 5491)
@@ -1401,6 +1401,11 @@
     ldns_rr *ds_sha256_rr = NULL;
     hsm_sign_params_t *sign_params = NULL;
 
+	/* To find the ttl of the DS */
+	int policy_id = -1;
+	int rrttl = -1;
+	int param_id = -1; /* unused */
+
     char* sql = NULL;
     KSM_KEYDATA data;       /* Data for each key */
     DB_RESULT	result;     /* Result set from query */
@@ -1574,11 +1579,40 @@
             sign_params->keytag = ldns_calc_keytag(dnskey_rr);
 
             if (ds_flag == 0) {
+
+				/* Set TTL if we can find it; else leave it as the default */
+				/* We need a policy id */
+				status = KsmPolicyIdFromZoneId(data.zone_id, &policy_id);
+				if (status == 0) {
+
+					/* Use this to get the TTL parameter value */
+					if (keytype_id == KSM_TYPE_KSK) {
+						status = KsmParameterValue(KSM_PAR_KSKTTL_STRING, KSM_PAR_KSKTTL_CAT, &rrttl, policy_id, &param_id);
+					} else {
+						status = KsmParameterValue(KSM_PAR_ZSKTTL_STRING, KSM_PAR_ZSKTTL_CAT, &rrttl, policy_id, &param_id);
+					}
+					if (status == 0) {
+						ldns_rr_set_ttl(dnskey_rr, rrttl);
+					}
+				}
+
                 printf("\n;%s %s DNSKEY record:\n", KsmKeywordStateValueToName(data.state), (keytype_id == KSM_TYPE_KSK ? "KSK" : "ZSK"));
                 ldns_rr_print(stdout, dnskey_rr);
             }
             else {
 
+				/* Set TTL if we can find it; else leave it as the default */
+				/* We need a policy id */
+				status = KsmPolicyIdFromZoneId(data.zone_id, &policy_id);
+				if (status == 0) {
+
+					/* Use this to get the DSTTL parameter value */
+					status = KsmParameterValue(KSM_PAR_DSTTL_STRING, KSM_PAR_DSTTL_CAT, &rrttl, policy_id, &param_id);
+					if (status == 0) {
+						ldns_rr_set_ttl(dnskey_rr, rrttl);
+					}
+				}
+
                 printf("\n;%s %s DS record (SHA1):\n", KsmKeywordStateValueToName(data.state), (keytype_id == KSM_TYPE_KSK ? "KSK" : "ZSK"));
                 ds_sha1_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA1);
                 ldns_rr_print(stdout, ds_sha1_rr);




More information about the Opendnssec-commits mailing list