zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-05 20:27:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

refactored job

Browse source
This commit is contained in:
olegphenomenon 2022-01-08 09:22:34 +02:00
parent 57e653e9e6
commit aff950aa97
3 changed files with 4 additions and 151 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/jobs/validate_dnssec_job.rb
View file

@ -32,9 +32,7 @@ class ValidateDnssecJob < ApplicationJob
def iterate_nameservers(domain) def iterate_nameservers(domain)
domain.nameservers.each do |n| domain.nameservers.each do |n|
result_nameserver_validation = SoaNameserverQuery.validate(domain_name: domain.name, hostname: n.hostname) next unless n.validated?
return unless result_nameserver_validation
validate(hostname: n.hostname, domain: domain) validate(hostname: n.hostname, domain: domain)
@ -124,11 +122,12 @@ class ValidateDnssecJob < ApplicationJob
def prepare_validator(nameserver) def prepare_validator(nameserver)
inner_resolver = Dnsruby::Resolver.new inner_resolver = Dnsruby::Resolver.new
timeouts = ENV['nameserver_validation_timeout'] || 4
inner_resolver.do_validation = true inner_resolver.do_validation = true
inner_resolver.dnssec = true inner_resolver.dnssec = true
inner_resolver.nameserver = nameserver inner_resolver.nameserver = nameserver
inner_resolver.packet_timeout = ENV['a_and_aaaa_validation_timeout'].to_i inner_resolver.packet_timeout = timeouts.to_i
inner_resolver.query_timeout = ENV['a_and_aaaa_validation_timeout'].to_i inner_resolver.query_timeout = timeouts.to_i
resolver = Dnsruby::Recursor.new(inner_resolver) resolver = Dnsruby::Recursor.new(inner_resolver)
resolver.dnssec = true resolver.dnssec = true

49
app/services/soa_nameserver_query.rb
View file

@ -1,49 +0,0 @@
module SoaNameserverQuery
include Dnsruby
extend self
def validate(domain_name:, hostname:)
resolver = create_resolver(hostname)
answers = resolver.query(domain_name, 'SOA', 'IN')
answers.answer.each do |a|
if a.serial.nil?
logger.info "No serial number of nameserver found"
return false
end
serial_number = a.serial.to_s
p "-------------- >>"
p "serial number #{serial_number} of #{hostname} - domain name: #{domain_name}"
p "<< --------------"
true
end
rescue StandardError => e
logger.error e.message
logger.error "failed #{hostname} validation of #{domain_name} domain name"
false
end
private
def create_resolver(nameserver)
resolver = Dnsruby::Resolver.new
resolver.retry_times = 3
resolver.recurse = 0 # Send out non-recursive queries
# disable caching otherwise SOA is cached from first nameserver queried
resolver.do_caching = false
resolver.nameserver = nameserver
resolver
end
def logger
@logger ||= Rails.logger
end
end

97
app/services/validate_dnssec.rb
View file

@ -1,97 +0,0 @@
module ValidateDnssec
include Dnsruby
extend self
def prepare_resolver
dns_servers = ENV['dnssec_resolver_ips'].to_s.split(',').map(&:strip)
dns = Dnsruby::Resolver.new({ nameserver: dns_servers })
dns.do_validation = false
dns.do_caching = false
dns.dnssec = true
dns
end
def validate_dnssec(params:, domain:)
return if params[:action] == 'rem'
dns = prepare_resolver
subzone_records = get_dnskey_records_from_subzone(resolver: dns, hostname: params[:domain], domain: domain)
form_extension_records = extensional_dnskeys_data(params)
return true if form_extension_records.empty?
validate_data(subzone_records: subzone_records, form_extension_records: form_extension_records, domain: domain)
end
def make_magic(subzone_records:, form_data:)
subzone_records.any? do |subzone_data|
subzone_data[:basic] == form_data[:basic] &&
subzone_data[:public_key].include?(form_data[:public_key])
end
end
def validate_data(subzone_records:, form_extension_records:, domain:)
flag = false
form_extension_records.each do |form_data|
flag = make_magic(subzone_records: subzone_records, form_data: form_data)
break if flag
end
return validation_dns_key_error(domain) unless flag
flag
end
def get_dnskey_records_from_subzone(resolver:, hostname:, domain:)
ds_records_answers = resolver.query(hostname, 'DNSKEY').answer
result_container = []
ds_records_answers.each do |ds|
next unless ds.type == Dnsruby::Types.DNSKEY
result_container << {
basic: {
flags: ds.flags.to_s,
algorithm: ds.algorithm.code.to_s,
protocol: ds.protocol.to_s,
},
public_key: ds.public_key.export.gsub!(/\s+/, ''),
}
end
result_container
rescue Dnsruby::NXDomain
domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
end
def validation_dns_key_error(domain)
domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
end
def extensional_dnskeys_data(params)
dnskeys_data = params[:dns_keys]
return [] if dnskeys_data.nil?
result_container = []
dnskeys_data.each do |ds|
next if ds[:action] == 'rem'
result_container << {
basic: {
flags: ds[:flags].to_s,
algorithm: ds[:alg].to_s,
protocol: ds[:protocol].to_s,
},
public_key: ds[:public_key],
}
end
result_container
end
end