search

zonemaster / zonemaster-engine

The Zonemaster Engine - part of the Zonemaster project
Other
34 stars 33 forks source link

Update DNSSEC15, DNSSEC16 and DNSSEC17 with proper code #908

Open matsduf opened 3 years ago

matsduf commented 3 years ago

The implementations of DNSSEC15, DNSSEC16 and DNSSEC17 have a work-around on the handling of CDS and CDNSKEY records due to missing Zonemaster-LDNS code (see zonemaster/zonemaster-ldns/issues/114):

See "s/\s+CDS\s+/ DS /" and "s/\s+CDNSKEY\s+/ DNSKEY /" in DNSSEC15 code:

foreach my $cds ( @{ $cds_rrsets{ $ns_ip } } ) {
  my $rr_string = $cds->string;
  $rr_string =~ s/\s+CDS\s+/ DS /;
  push @ds, Zonemaster::LDNS::RR->new( $rr_string );
}
foreach my $cdnskey ( @{ $cdnskey_rrsets{ $ns_ip } } ) {
  my $rr_string = $cdnskey->string;
  $rr_string =~ s/\s+CDNSKEY\s+/ DNSKEY /;
  push @dnskey, Zonemaster::LDNS::RR->new( $rr_string );
}

And similar in DNSSEC16 and DNSSEC17.

tgreenx commented 2 weeks ago

Zonemaster-LDNS now have proper CDS/CDNSKEY RRs support, see https://github.com/zonemaster/zonemaster-ldns/pull/199.

However the issue raised here isn't actually solved by this added support. The responsibility lies in LDNS itself. It should be fixed in their next release, see https://github.com/zonemaster/zonemaster-ldns/issues/114#issuecomment-2346362339.