You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

113 lines
3.5 KiB

  1. /*
  2. * This file is part of PowerDNS or dnsdist.
  3. * Copyright -- PowerDNS.COM B.V. and its contributors
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of version 2 of the GNU General Public License as
  7. * published by the Free Software Foundation.
  8. *
  9. * In addition, for the avoidance of any doubt, permission is granted to
  10. * link this program with OpenSSL and to (re)distribute the binaries
  11. * produced as the result of such linking.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU General Public License
  19. * along with this program; if not, write to the Free Software
  20. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21. */
  22. #pragma once
  23. #include <boost/multi_index_container.hpp>
  24. #include <boost/multi_index/hashed_index.hpp>
  25. #include "dnsparser.hh"
  26. #include "dnsname.hh"
  27. #include "dns.hh"
  28. #include "validate.hh"
  29. using namespace ::boost::multi_index;
  30. /* FIXME should become part of the normal cache (I think) and should become more like
  31. * struct {
  32. * vector<DNSRecord> records;
  33. * vector<DNSRecord> signatures;
  34. * } recsig_t;
  35. *
  36. * typedef vector<recsig_t> recordsAndSignatures;
  37. */
  38. typedef struct
  39. {
  40. vector<DNSRecord> records;
  41. vector<DNSRecord> signatures;
  42. } recordsAndSignatures;
  43. class NegCache : public boost::noncopyable
  44. {
  45. public:
  46. struct NegCacheEntry
  47. {
  48. DNSName d_name; // The denied name
  49. QType d_qtype; // The denied type
  50. DNSName d_auth; // The denying name (aka auth)
  51. mutable uint32_t d_ttd; // Timestamp when this entry should die
  52. recordsAndSignatures authoritySOA; // The upstream SOA record and RRSIGs
  53. recordsAndSignatures DNSSECRecords; // The upstream NSEC(3) and RRSIGs
  54. mutable vState d_validationState{vState::Indeterminate};
  55. uint32_t getTTD() const
  56. {
  57. return d_ttd;
  58. };
  59. };
  60. void add(const NegCacheEntry& ne);
  61. void updateValidationStatus(const DNSName& qname, const QType& qtype, const vState newState, boost::optional<uint32_t> capTTD);
  62. bool get(const DNSName& qname, const QType& qtype, const struct timeval& now, NegCacheEntry& ne, bool typeMustMatch = false);
  63. bool getRootNXTrust(const DNSName& qname, const struct timeval& now, NegCacheEntry& ne);
  64. uint64_t count(const DNSName& qname) const;
  65. uint64_t count(const DNSName& qname, const QType qtype) const;
  66. void prune(size_t maxEntries);
  67. void clear();
  68. uint64_t dumpToFile(FILE* fd);
  69. uint64_t wipe(const DNSName& name, bool subtree = false);
  70. uint64_t size()
  71. {
  72. return d_negcache.size();
  73. };
  74. void preRemoval(const NegCacheEntry& entry)
  75. {
  76. }
  77. private:
  78. struct CompositeKey
  79. {
  80. };
  81. struct SequenceTag
  82. {
  83. };
  84. typedef boost::multi_index_container<
  85. NegCacheEntry,
  86. indexed_by<
  87. ordered_unique<tag<CompositeKey>,
  88. composite_key<
  89. NegCacheEntry,
  90. member<NegCacheEntry, DNSName, &NegCacheEntry::d_name>,
  91. member<NegCacheEntry, QType, &NegCacheEntry::d_qtype>>,
  92. composite_key_compare<
  93. CanonDNSNameCompare, std::less<QType>>>,
  94. sequenced<tag<SequenceTag>>,
  95. hashed_non_unique<tag<NegCacheEntry>,
  96. member<NegCacheEntry, DNSName, &NegCacheEntry::d_name>>>>
  97. negcache_t;
  98. // Required for the cachecleaner
  99. typedef negcache_t::nth_index<1>::type negcache_sequence_t;
  100. // Stores the negative cache entries
  101. negcache_t d_negcache;
  102. };