2016-04-26 17:57:11 +01:00
|
|
|
package dnssec
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"hash/fnv"
|
2021-01-10 08:30:00 +01:00
|
|
|
"io"
|
2021-04-05 15:45:28 +02:00
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/coredns/coredns/plugin/pkg/cache"
|
2016-04-26 17:57:11 +01:00
|
|
|
|
|
|
|
|
"github.com/miekg/dns"
|
|
|
|
|
)
|
|
|
|
|
|
2020-09-01 15:10:45 +08:00
|
|
|
// hash serializes the RRset and returns a signature cache key.
|
2018-08-31 17:26:43 -04:00
|
|
|
func hash(rrs []dns.RR) uint64 {
|
|
|
|
|
h := fnv.New64()
|
2021-04-05 15:45:28 +02:00
|
|
|
// we need to hash the entire RRset to pick the correct sig, if the rrset
|
|
|
|
|
// changes for whatever reason we should resign.
|
|
|
|
|
// We could use wirefmt, or the string format, both create garbage when creating
|
|
|
|
|
// the hash key. And of course is a uint64 big enough?
|
|
|
|
|
for _, rr := range rrs {
|
|
|
|
|
io.WriteString(h, rr.String())
|
|
|
|
|
}
|
|
|
|
|
return h.Sum64()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func periodicClean(c *cache.Cache, stop <-chan struct{}) {
|
|
|
|
|
tick := time.NewTicker(8 * time.Hour)
|
|
|
|
|
defer tick.Stop()
|
|
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
case <-tick.C:
|
|
|
|
|
// we sign for 8 days, check if a signature in the cache reached 75% of that (i.e. 6), if found delete
|
|
|
|
|
// the signature
|
2021-05-14 04:49:16 -04:00
|
|
|
is75 := time.Now().UTC().Add(twoDays)
|
2021-04-05 15:45:28 +02:00
|
|
|
c.Walk(func(items map[uint64]interface{}, key uint64) bool {
|
2021-05-06 04:33:16 -04:00
|
|
|
for _, rr := range items[key].([]dns.RR) {
|
|
|
|
|
if !rr.(*dns.RRSIG).ValidityPeriod(is75) {
|
|
|
|
|
delete(items, key)
|
|
|
|
|
}
|
2021-04-05 15:45:28 +02:00
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
case <-stop:
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-04-26 17:57:11 +01:00
|
|
|
}
|
|
|
|
|
}
|
