Enforce DNSSEC for checkpoint updates

This commit is contained in:
Thomas Winget 2015-03-24 06:59:38 -04:00
parent dbf46a721a
commit e6740ee103
No known key found for this signature in database
GPG Key ID: 58131A160789E630

View File

@ -138,21 +138,34 @@ bool load_checkpoints_from_dns(cryptonote::checkpoints& checkpoints, bool testne
size_t cur_index = first_index; size_t cur_index = first_index;
do do
{ {
std::string url;
if (testnet) if (testnet)
{ {
records = tools::DNSResolver::instance().get_txt_record(testnet_dns_urls[cur_index], avail, valid); url = testnet_dns_urls[cur_index];
} }
else else
{ {
records = tools::DNSResolver::instance().get_txt_record(dns_urls[cur_index], avail, valid); url = dns_urls[cur_index];
} }
if (records.size() == 0 || (avail && !valid))
records = tools::DNSResolver::instance().get_txt_record(url, avail, valid);
if (!avail)
{
LOG_PRINT_L2("DNSSEC not available for checkpoint update at URL: " << url << ", skipping.");
}
if (!valid)
{
LOG_PRINT_L2("DNSSEC validation failed for checkpoint update at URL: " << url << ", skipping.");
}
if (records.size() == 0 || !avail || !valid)
{ {
cur_index++; cur_index++;
if (cur_index == dns_urls.size()) if (cur_index == dns_urls.size())
{ {
cur_index = 0; cur_index = 0;
} }
records.clear();
continue; continue;
} }
break; break;
@ -160,13 +173,7 @@ bool load_checkpoints_from_dns(cryptonote::checkpoints& checkpoints, bool testne
if (records.size() == 0) if (records.size() == 0)
{ {
LOG_PRINT_L1("Fetching MoneroPulse checkpoints failed, no TXT records available."); LOG_PRINT_L0("WARNING: All MoneroPulse checkpoint URLs failed DNSSEC validation and/or returned no records");
return true;
}
if (avail && !valid)
{
LOG_PRINT_L0("WARNING: MoneroPulse failed DNSSEC validation and/or returned no records");
return true; return true;
} }