CSYNC: Make Dnsruby resolvers configurable

internetee · Mar 25, 2021 · 46b20bc · 46b20bc
1 parent dd3bc9b
commit 46b20bc
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 3 deletions.
diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb
@@ -27,7 +27,7 @@ class Dnskey < ApplicationRecord
   PROTOCOLS = %w(3)
   FLAGS = %w(0 256 257) # 256 = ZSK, 257 = KSK
   DS_DIGEST_TYPE = [1,2]
-
+  RESOLVERS = ENV['dnssec_validation_resolver_ips'].to_s.strip.split(', ').freeze
   self.ignored_columns = %w[legacy_domain_id]
 
   def epp_code_map

diff --git a/app/models/domain.rb b/app/models/domain.rb
@@ -171,8 +171,7 @@ def status_is_consistant
 
   def dnssec_security_level(stubber: nil)
     Dnsruby::Dnssec.reset
-
-    resolver = Dnsruby::Resolver.new(nameserver: ['8.8.8.8', '8.8.4.4'])
+    resolver = Dnsruby::Resolver.new(nameserver: Dnskey::RESOLVERS)
     resolver.do_validation = true
     resolver.do_caching = false
     resolver.dnssec = true

diff --git a/config/application.yml.sample b/config/application.yml.sample
@@ -41,6 +41,7 @@ ca_key_password: 'your-root-key-password'
 directo_invoice_url: 'https://domain/ddddd.asp'
 cdns_scanner_input_file: '/opt/cdns/input.txt'
 cdns_scanner_output_file: '/opt/cdns/output.txt'
+dnssec_resolver_ips: 8.8.8.8, 8.8.4.4
 #
 # EPP
 #
@@ -195,6 +196,7 @@ test:
   lhv_keystore_alias: 'testtest'
   cdns_scanner_input_file: 'tmp/cdns_input.txt'
   cdns_scanner_output_file: 'test/fixtures/files/cdns_output.txt'
+  dnssec_resolver_ips: 8.8.8.8, 8.8.4.4
   legal_documents_dir: 'test/fixtures/files'
 
 # Airbrake // Errbit: