aboutsummaryrefslogtreecommitdiff
path: root/middleware/dnssec/setup.go
diff options
context:
space:
mode:
Diffstat (limited to 'middleware/dnssec/setup.go')
-rw-r--r--middleware/dnssec/setup.go128
1 files changed, 0 insertions, 128 deletions
diff --git a/middleware/dnssec/setup.go b/middleware/dnssec/setup.go
deleted file mode 100644
index 90425b711..000000000
--- a/middleware/dnssec/setup.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package dnssec
-
-import (
- "fmt"
- "strconv"
- "strings"
-
- "github.com/coredns/coredns/core/dnsserver"
- "github.com/coredns/coredns/middleware"
- "github.com/coredns/coredns/middleware/pkg/cache"
-
- "github.com/mholt/caddy"
-)
-
-func init() {
- caddy.RegisterPlugin("dnssec", caddy.Plugin{
- ServerType: "dns",
- Action: setup,
- })
-}
-
-func setup(c *caddy.Controller) error {
- zones, keys, capacity, err := dnssecParse(c)
- if err != nil {
- return middleware.Error("dnssec", err)
- }
-
- ca := cache.New(capacity)
- dnsserver.GetConfig(c).AddMiddleware(func(next middleware.Handler) middleware.Handler {
- return New(zones, keys, next, ca)
- })
-
- // Export the capacity for the metrics. This only happens once, because this is a re-load change only.
- cacheCapacity.WithLabelValues("signature").Set(float64(capacity))
-
- return nil
-}
-
-func dnssecParse(c *caddy.Controller) ([]string, []*DNSKEY, int, error) {
- zones := []string{}
-
- keys := []*DNSKEY{}
-
- capacity := defaultCap
- for c.Next() {
- // dnssec [zones...]
- zones = make([]string, len(c.ServerBlockKeys))
- copy(zones, c.ServerBlockKeys)
- args := c.RemainingArgs()
- if len(args) > 0 {
- zones = args
- }
-
- for c.NextBlock() {
- switch c.Val() {
- case "key":
- k, e := keyParse(c)
- if e != nil {
- return nil, nil, 0, e
- }
- keys = append(keys, k...)
- case "cache_capacity":
- if !c.NextArg() {
- return nil, nil, 0, c.ArgErr()
- }
- value := c.Val()
- cacheCap, err := strconv.Atoi(value)
- if err != nil {
- return nil, nil, 0, err
- }
- capacity = cacheCap
- }
-
- }
- }
- for i := range zones {
- zones[i] = middleware.Host(zones[i]).Normalize()
- }
-
- // Check if each keys owner name can actually sign the zones we want them to sign
- for _, k := range keys {
- kname := middleware.Name(k.K.Header().Name)
- ok := false
- for i := range zones {
- if kname.Matches(zones[i]) {
- ok = true
- break
- }
- }
- if !ok {
- return zones, keys, capacity, fmt.Errorf("key %s (keyid: %d) can not sign any of the zones", string(kname), k.keytag)
- }
- }
-
- return zones, keys, capacity, nil
-}
-
-func keyParse(c *caddy.Controller) ([]*DNSKEY, error) {
- keys := []*DNSKEY{}
-
- if !c.NextArg() {
- return nil, c.ArgErr()
- }
- value := c.Val()
- if value == "file" {
- ks := c.RemainingArgs()
- if len(ks) == 0 {
- return nil, c.ArgErr()
- }
-
- for _, k := range ks {
- base := k
- // Kmiek.nl.+013+26205.key, handle .private or without extension: Kmiek.nl.+013+26205
- if strings.HasSuffix(k, ".key") {
- base = k[:len(k)-4]
- }
- if strings.HasSuffix(k, ".private") {
- base = k[:len(k)-8]
- }
- k, err := ParseKeyFile(base+".key", base+".private")
- if err != nil {
- return nil, err
- }
- keys = append(keys, k)
- }
- }
- return keys, nil
-}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-24 19:21:12 +0000