Don't include DNSSEC records in diffs

2020-06-27 16:18:50 +02:00 · 2020-06-27 16:18:50 +02:00 · ef87fdf922
commit ef87fdf922
parent 1bf66eb9db
4 changed files with 29 additions and 12 deletions
--- a/api/zones.go
+++ b/api/zones.go
@ -303,7 +303,7 @@ func diffZones(opts *config.Options, domain *happydns.Domain, ps httprouter.Para
 		}
 	}

-	toAdd, toDel := sources.DiffZones(zone1, zone2)
+	toAdd, toDel := sources.DiffZones(zone1, zone2, true)

 	var rrAdd []string
 	for _, rr := range toAdd {
@ -331,7 +331,7 @@ func applyZone(opts *config.Options, domain *happydns.Domain, zone *happydns.Zon
 		}
 	}

-	newSOA, err := sources.ApplyZone(source, domain, zone.GenerateRRs(domain.DomainName))
+	newSOA, err := sources.ApplyZone(source, domain, zone.GenerateRRs(domain.DomainName), true)
 	if err != nil {
 		return APIErrorResponse{
 			err: err,
--- a/services/analyzer.go
+++ b/services/analyzer.go
@ -41,6 +41,7 @@ import (
 	"github.com/miekg/dns"

 	"git.happydns.org/happydns/model"
+	"git.happydns.org/happydns/utils"
 )

 type Analyzer struct {
@ -170,10 +171,7 @@ func AnalyzeZone(origin string, zone []dns.RR) (svcs map[string][]*happydns.Serv
 	// Consider records not used by services as Orphan
 	for _, record := range a.zone {
 		// Skip DNSSEC records
-		if record.Header().Rrtype == dns.TypeNSEC ||
-			record.Header().Rrtype == dns.TypeNSEC3 ||
-			record.Header().Rrtype == dns.TypeDNSKEY ||
-			record.Header().Rrtype == dns.TypeRRSIG {
+		if utils.IsDNSSECType(record.Header().Rrtype) {
 			continue
 		}

--- a/sources/diff.go
+++ b/sources/diff.go
@ -35,11 +35,15 @@ import (
 	"github.com/miekg/dns"

 	"git.happydns.org/happydns/model"
+	"git.happydns.org/happydns/utils"
 )

-func DiffZones(a []dns.RR, b []dns.RR) (toAdd []dns.RR, toDel []dns.RR) {
+func DiffZones(a []dns.RR, b []dns.RR, skipDNSSEC bool) (toAdd []dns.RR, toDel []dns.RR) {
 loopDel:
 	for _, rrA := range a {
+		if skipDNSSEC && utils.IsDNSSECType(rrA.Header().Rrtype) {
+			continue
+		}
 		for _, rrB := range b {
 			if rrA.String() == rrB.String() {
 				continue loopDel
@ -51,6 +55,9 @@ loopDel:

 loopAdd:
 	for _, rrB := range b {
+		if skipDNSSEC && utils.IsDNSSECType(rrB.Header().Rrtype) {
+			continue
+		}
 		for _, rrA := range a {
 			if rrB.String() == rrA.String() {
 				continue loopAdd
@ -63,7 +70,7 @@ loopAdd:
 	return
 }

-func DiffZone(s happydns.Source, domain *happydns.Domain, rrs []dns.RR) (toAdd []dns.RR, toDel []dns.RR, err error) {
+func DiffZone(s happydns.Source, domain *happydns.Domain, rrs []dns.RR, skipDNSSEC bool) (toAdd []dns.RR, toDel []dns.RR, err error) {
 	// Get the actuals RR-set
 	var current []dns.RR
 	current, err = s.ImportZone(domain)
@ -71,12 +78,12 @@ func DiffZone(s happydns.Source, domain *happydns.Domain, rrs []dns.RR) (toAdd [
 		return
 	}

-	toAdd, toDel = DiffZones(current, rrs)
+	toAdd, toDel = DiffZones(current, rrs, skipDNSSEC)
 	return
 }

-func ApplyZone(s happydns.Source, domain *happydns.Domain, rrs []dns.RR) (*dns.SOA, error) {
-	toAdd, toDel, err := DiffZone(s, domain, rrs)
+func ApplyZone(s happydns.Source, domain *happydns.Domain, rrs []dns.RR, skipDNSSEC bool) (*dns.SOA, error) {
+	toAdd, toDel, err := DiffZone(s, domain, rrs, skipDNSSEC)
 	if err != nil {
 		return nil, err
 	}
--- a/utils/dns.go
+++ b/utils/dns.go
@ -31,7 +31,9 @@

 package utils

-import ()
+import (
+	"github.com/miekg/dns"
+)

 // SplitN splits a string into N sized string chunks.
 // This function is a copy of https://github.com/miekg/dns/blob/master/types.go#L1509
@ -55,3 +57,13 @@ func SplitN(s string, n int) []string {

 	return sx
 }
+
+// IsDNSSECType returns true if the given rrtype is generally autogenerated by
+// NS server.
+func IsDNSSECType(rrtype uint16) bool {
+	return rrtype == dns.TypeNSEC ||
+		rrtype == dns.TypeNSEC3 ||
+		rrtype == dns.TypeNSEC3PARAM ||
+		rrtype == dns.TypeDNSKEY ||
+		rrtype == dns.TypeRRSIG
+}