StackExchange/dnscontrol
1
1
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-09-20 23:06:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
dnscontrol/providers/powerdns/dnssec.go
Jan-Philipp Benecke cf8e288339
PowerDNS: fix order problems of delete corrections & some cleanup (#1153) 
Signed-off-by: Jan-Philipp Benecke <jan-philipp.benecke@jpbe.de>
2021-05-10 10:18:40 -04:00

76 lines
2 KiB
Go
Raw Blame History

package powerdns
import (
"context"
"github.com/StackExchange/dnscontrol/v3/models"
"github.com/mittwald/go-powerdns/apis/cryptokeys"
)
// getDNSSECCorrections returns corrections that update a domain's DNSSEC state.
func (api *powerdnsProvider) getDNSSECCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
zoneCryptokeys, getErr := api.client.Cryptokeys().ListCryptokeys(context.Background(), api.ServerName, dc.Name)
if getErr != nil {
return nil, getErr
}
// check if any of the avail. key is active and published
hasEnabledKey := false
var keyID int
if len(zoneCryptokeys) > 0 {
for _, cryptoKey := range zoneCryptokeys {
if cryptoKey.Active && cryptoKey.Published {
hasEnabledKey = true
keyID = cryptoKey.ID
break
}
}
}
// dnssec is enabled, we want it to be disabled
if hasEnabledKey && dc.AutoDNSSEC == "off" {
return []*models.Correction{
{
Msg: "Disable DNSSEC",
F: func() error { _, err := api.removeDnssec(dc.Name, keyID); return err },
},
}, nil
}
// dnssec is disabled, we want it to be enabled
if !hasEnabledKey && dc.AutoDNSSEC == "on" {
return []*models.Correction{
{
Msg: "Enable DNSSEC",
F: func() error { _, err := api.enableDnssec(dc.Name); return err },
},
}, nil
}
return nil, nil
}
// enableDnssec creates a active and published cryptokey on this domain
func (api *powerdnsProvider) enableDnssec(domain string) (bool, error) {
// if there is now key, create one and enable it
_, err := api.client.Cryptokeys().CreateCryptokey(context.Background(), api.ServerName, domain, cryptokeys.Cryptokey{
KeyType: "csk",
Active: true,
Published: true,
})
if err != nil {
return false, err
}
return true, nil
}
// removeDnssec removes the cryptokey from this zone
func (api *powerdnsProvider) removeDnssec(domain string, keyID int) (bool, error) {
err := api.client.Cryptokeys().DeleteCryptokey(context.Background(), api.ServerName, domain, keyID)
if err != nil {
return false, err
}
return true, nil
}
Reference in a new issue View git blame Copy permalink