mirror of
https://github.com/internetee/registry.git
synced 2025-06-07 21:25:39 +02:00
88e1bc3727
author Karl Erik Õunapuu <karlerik@kreative.ee> 1591359032 +0300 committer Alex Sherman <yul.golem@gmail.com> 1617029320 +0500 CsyncJob: Don't respect IPv6 if nessecary
45 lines
1.3 KiB
Ruby
45 lines
1.3 KiB
Ruby
module CsyncRecord::Diggable
|
|
extend ActiveSupport::Concern
|
|
|
|
def valid_security_level?(post: false)
|
|
res = post ? valid_post_action? : valid_pre_action?
|
|
|
|
log_dnssec_entry(valid: res, post: post)
|
|
res
|
|
rescue Dnsruby::NXDomain
|
|
log.info("CsyncRecord: #{domain.name}: Could not resolve (NXDomain)")
|
|
false
|
|
end
|
|
|
|
def valid_pre_action?
|
|
case domain.dnssec_security_level
|
|
when Dnsruby::Message::SecurityLevel.SECURE
|
|
return true if %w[rollover deactivate].include?(action)
|
|
when Dnsruby::Message::SecurityLevel.INSECURE, Dnsruby::Message::SecurityLevel.BOGUS
|
|
return true if action == 'initialized'
|
|
end
|
|
|
|
false
|
|
end
|
|
|
|
def valid_post_action?
|
|
secure_msg = Dnsruby::Message::SecurityLevel.SECURE
|
|
security_level = domain.dnssec_security_level(stubber: dnskey)
|
|
return true if action == 'deactivate' && security_level != secure_msg
|
|
return true if %w[rollover initialized].include?(action) && security_level == secure_msg
|
|
|
|
false
|
|
end
|
|
|
|
def dnssec_validates?
|
|
return false unless dnskey.valid?
|
|
return true if valid_security_level? && valid_security_level?(post: true)
|
|
|
|
false
|
|
end
|
|
|
|
def log_dnssec_entry(valid:, post:)
|
|
log.info("#{domain.name}: #{post ? 'Post' : 'Pre'} DNSSEC validation " \
|
|
"#{valid ? 'PASSED' : 'FAILED'} for action '#{action}'")
|
|
end
|
|
end
|