More precise handling of TlsaResourceRecord

2024-04-08 21:55:22 +02:00 · 2024-04-08 21:55:22 +02:00 · 35ee67b0ae
parent ca5263f386
commit 35ee67b0ae
2 changed files with 10 additions and 8 deletions
--- a/src/daneupdate/utils/tlsa/liveupdate_config.py
+++ b/src/daneupdate/utils/tlsa/liveupdate_config.py
@ -18,6 +18,7 @@ from dns.rdataset import Rdataset
 from dns.rdatatype import TLSA, RdataType
 from dns.rdtypes.ANY.TLSA import TLSA as RdataTlsa
 from dns.resolver import NXDOMAIN, Resolver
+from dns.rrset import RRset
 from dns.tsig import Key
 from dns.tsigkeyring import from_text as tsig_from_text
 from dns.update import UpdateMessage
@ -27,8 +28,7 @@ from ..config import (
    AdoptedCertHostitemConfig, AdoptedCertHostitemRecordsitemConfig,
    AdoptedCertHostitemRecordsitemRrtypeitemConfig,
    AdoptedCertHostitemServeritemConfig, Configuration, get_host_and_domain)
-from ..config_types.common import (
-    TlsaMatchingType, TlsaProtocol, TlsaSelector, TlsaUsage)
+from ..config_types.common import TlsaProtocol
 from .record_type import TlsaResourceRecord

 _LOGGER = getLogger(name=__name__)
@ -111,8 +111,9 @@ class _DnsServerInfo(object):
        except NXDOMAIN:
            return response_set
        item: RdataTlsa
+        ttl = answer.rrset.ttl if isinstance(answer.rrset, RRset) else 0
        for item in answer:  # type: ignore
-            record = TlsaResourceRecord.from_rdtype(item=item)
+            record = TlsaResourceRecord.from_rdtype(item=item, ttl=ttl)
            response_set.add(record)
        return response_set

@ -149,7 +150,7 @@ class _DnsServerInfo(object):
        # Superfluous records (to remove)
        rdset_removing = Rdataset(rdclass=RdataClass.IN, rdtype=RdataType.TLSA)
        for record in records_existing - records_required:
-            rdset_removing.add(rd=record.rdata)
+            rdset_removing.add(rd=record.rdata, ttl=record.ttl)
        if rdset_removing.items:
            update.delete(fqdn.as_dnsname, rdset_removing)
        # Missing records (to add)
--- a/src/daneupdate/utils/tlsa/record_type.py
+++ b/src/daneupdate/utils/tlsa/record_type.py
@ -16,16 +16,16 @@ class TlsaResourceRecord(object):
    A generated TLSA resource record type. See:
    https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
    """
-    ttl: int | None
+    ttl: int
    usage: TlsaUsage
    selector: TlsaSelector
    matching_type: TlsaMatchingType
    data: bytes

    @staticmethod
-    def from_rdtype(item: TLSA):
+    def from_rdtype(item: TLSA, ttl: int):
        return TlsaResourceRecord(
-            ttl=None, usage=TlsaUsage(value=item.usage),
+            ttl=ttl, usage=TlsaUsage(value=item.usage),
            selector=TlsaSelector(value=item.selector),
            matching_type=TlsaMatchingType(value=item.mtype), data=item.cert)

@ -38,7 +38,8 @@ class TlsaResourceRecord(object):

    def __eq__(self, other: object) -> bool:
        if isinstance(other, TlsaResourceRecord):
-            return self.usage == other.usage \
+            return self.ttl == other.ttl \
+                and self.usage == other.usage \
                and self.selector == other.selector \
                and self.matching_type == other.matching_type \
                and self.data == other.data