diff options
| -rw-r--r-- | middleware/dnssec/README.md | 6 | ||||
| -rw-r--r-- | middleware/dnssec/setup.go | 67 | ||||
| -rw-r--r-- | middleware/dnssec/setup_test.go | 15 |
3 files changed, 58 insertions, 30 deletions
diff --git a/middleware/dnssec/README.md b/middleware/dnssec/README.md index 9845917f0..b87b25b1c 100644 --- a/middleware/dnssec/README.md +++ b/middleware/dnssec/README.md @@ -26,6 +26,7 @@ TODO(miek): think about key rollovers, and how to do them automatically. ~~~ dnssec [ZONES... ] { key file KEY... + cache_capacity CAPACITY } ~~~ @@ -33,4 +34,9 @@ dnssec [ZONES... ] { will be signed with all keys. Generating a key can be done with `dnssec-keygen`: `dnssec-keygen -a ECDSAP256SHA256 <zonename>`. A key created for zone *A* can be safely used for zone *B*. + +* `cache_capacity` indicates the capacity of the LRU cache. The dnssec middleware uses LRU cache to manage + objects and the default capacity is 10000. + + ## Examples diff --git a/middleware/dnssec/setup.go b/middleware/dnssec/setup.go index a61a42453..19a68a853 100644 --- a/middleware/dnssec/setup.go +++ b/middleware/dnssec/setup.go @@ -1,6 +1,7 @@ package dnssec import ( + "strconv" "strings" "github.com/miekg/coredns/core/dnsserver" @@ -18,12 +19,12 @@ func init() { } func setup(c *caddy.Controller) error { - zones, keys, err := dnssecParse(c) + zones, keys, capacity, err := dnssecParse(c) if err != nil { return middleware.Error("dnssec", err) } - cache, err := lru.New(defaultCap) + cache, err := lru.New(capacity) if err != nil { return err } @@ -34,10 +35,12 @@ func setup(c *caddy.Controller) error { return nil } -func dnssecParse(c *caddy.Controller) ([]string, []*DNSKEY, error) { +func dnssecParse(c *caddy.Controller) ([]string, []*DNSKEY, int, error) { zones := []string{} keys := []*DNSKEY{} + + capacity := defaultCap for c.Next() { if c.Val() == "dnssec" { // dnssec [zones...] @@ -49,47 +52,57 @@ func dnssecParse(c *caddy.Controller) ([]string, []*DNSKEY, error) { } for c.NextBlock() { - k, e := keyParse(c) - if e != nil { - return nil, nil, e + switch c.Val() { + case "key": + k, e := keyParse(c) + if e != nil { + return nil, nil, 0, e + } + keys = append(keys, k...) + case "cache_capacity": + if !c.NextArg() { + return nil, nil, 0, c.ArgErr() + } + value := c.Val() + cacheCap, err := strconv.Atoi(value) + if err != nil { + return nil, nil, 0, err + } + capacity = cacheCap } - keys = append(keys, k...) + } } } for i := range zones { zones[i] = middleware.Host(zones[i]).Normalize() } - return zones, keys, nil + return zones, keys, capacity, nil } func keyParse(c *caddy.Controller) ([]*DNSKEY, error) { keys := []*DNSKEY{} - what := c.Val() if !c.NextArg() { return nil, c.ArgErr() } value := c.Val() - switch what { - case "key": - if value == "file" { - ks := c.RemainingArgs() - for _, k := range ks { - base := k - // Kmiek.nl.+013+26205.key, handle .private or without extension: Kmiek.nl.+013+26205 - if strings.HasSuffix(k, ".key") { - base = k[:len(k)-4] - } - if strings.HasSuffix(k, ".private") { - base = k[:len(k)-8] - } - k, err := ParseKeyFile(base+".key", base+".private") - if err != nil { - return nil, err - } - keys = append(keys, k) + if value == "file" { + ks := c.RemainingArgs() + for _, k := range ks { + base := k + // Kmiek.nl.+013+26205.key, handle .private or without extension: Kmiek.nl.+013+26205 + if strings.HasSuffix(k, ".key") { + base = k[:len(k)-4] + } + if strings.HasSuffix(k, ".private") { + base = k[:len(k)-8] + } + k, err := ParseKeyFile(base+".key", base+".private") + if err != nil { + return nil, err } + keys = append(keys, k) } } return keys, nil diff --git a/middleware/dnssec/setup_test.go b/middleware/dnssec/setup_test.go index 9dbeb77fd..3940505a9 100644 --- a/middleware/dnssec/setup_test.go +++ b/middleware/dnssec/setup_test.go @@ -13,19 +13,25 @@ func TestSetupDnssec(t *testing.T) { shouldErr bool expectedZones []string expectedKeys []string + expectedCapacity int expectedErrContent string }{ { - `dnssec`, false, nil, nil, "", + `dnssec`, false, nil, nil, defaultCap, "", }, { - `dnssec miek.nl`, false, []string{"miek.nl."}, nil, "", + `dnssec miek.nl`, false, []string{"miek.nl."}, nil, defaultCap, "", + }, + { + `dnssec miek.nl { + cache_capacity 100 + }`, false, []string{"miek.nl."}, nil, 100, "", }, } for i, test := range tests { c := caddy.NewTestController("dns", test.input) - zones, keys, err := dnssecParse(c) + zones, keys, capacity, err := dnssecParse(c) if test.shouldErr && err == nil { t.Errorf("Test %d: Expected error but found %s for input %s", i, err, test.input) @@ -51,6 +57,9 @@ func TestSetupDnssec(t *testing.T) { t.Errorf("Dnssec not correctly set for input %s. Expected: '%s', actual: '%s'", test.input, k, keys[i].K.Header().Name) } } + if capacity != test.expectedCapacity { + t.Errorf("Dnssec not correctly set capacity for input '%s' Expected: '%d', actual: '%d'", test.input, capacity, test.expectedCapacity) + } } } } |