Skip to content
This repository was archived by the owner on Jun 7, 2025. It is now read-only.

Commit e816839

Browse files
linxsidelinxside
authored
bug: fix nsec3 settings (#478)
1 parent c4940ad commit e816839

1 file changed

Lines changed: 19 additions & 14 deletions

File tree

internal/app/pdns-health-checker/healthchecks/intervallensurensec3/intervallensurensec3.go

Lines changed: 19 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ import (
1717
"github.com/prometheus/client_golang/prometheus/promauto"
1818
)
1919

20+
const expectedNSEC3PARAMS = "1 0 0 -" // RFC9276
21+
2022
var (
2123
ensurensec3cycles = promauto.NewCounter(prometheus.CounterOpts{Name: "healthchecker_ensure_nsec3_cyles_total", Help: "The total count of ensure nse3 cycles for dnssec zones"})
2224
powerdnsclierrtotal = promauto.NewCounter(prometheus.CounterOpts{Name: "healthchecker_powerdns_cli_call_total", ConstLabels: map[string]string{"state": "failed"}, Help: "The total count of powerdns cli calls"})
@@ -65,25 +67,28 @@ func ensurensec3(hs *models.HealthService) {
6567
intervallsigningsync.Dnssecprimaryzonecount.Set(float64(len(activeprimaryzones)))
6668
}
6769

68-
func checkNecessityForUpdateNSEC3(hs *models.HealthService, pdnsconnection modelpowerdns.PDNSconnectionobject, zoneid string) {
69-
mdata, mderr := dnsutils.GetZoneMetaDataFromPrimary(pdnsconnection, zoneid, "NSEC3PARAM")
70-
if mderr != nil {
71-
logger.ErrorErrLog(mderr)
70+
func checkNecessityForUpdateNSEC3(hs *models.HealthService, pdnsconnection modelpowerdns.PDNSconnectionobject, zoneID string) {
71+
mData, mdErr := dnsutils.GetZoneMetaDataFromPrimary(pdnsconnection, zoneID, "NSEC3PARAM")
72+
if mdErr != nil {
73+
logger.ErrorErrLog(mdErr)
7274
}
7375

74-
if len(mdata) == 0 {
75-
err := setnsec3(zoneid)
76-
if err != nil {
77-
logger.ErrorErrLog(err)
78-
}
79-
80-
rectifyerr := dnsutils.RectifyZone(pdnsconnection, zoneid)
81-
if rectifyerr != nil {
82-
logger.ErrorErrLog(rectifyerr)
76+
if len(mData) > 0 {
77+
if mData[0] == expectedNSEC3PARAMS {
78+
return
8379
}
80+
}
81+
err := setnsec3(zoneID)
82+
if err != nil {
83+
logger.ErrorErrLog(err)
84+
}
8485

85-
eventutils.PublishChangeZoneEvent(hs.Ms, hs.Conf.ChangeEventTopic, zoneid)
86+
rectifyErr := dnsutils.RectifyZone(pdnsconnection, zoneID)
87+
if rectifyErr != nil {
88+
logger.ErrorErrLog(rectifyErr)
8689
}
90+
91+
eventutils.PublishChangeZoneEvent(hs.Ms, hs.Conf.ChangeEventTopic, zoneID)
8792
}
8893

8994
func setnsec3(zoneid string) error {

0 commit comments

Comments
 (0)