Enforce DNSSEC for checkpoint updates

2015-03-24 06:59:38 -04:00 · 2015-03-24 06:59:38 -04:00 · e6740ee103
commit e6740ee103
parent dbf46a721a
1 changed files with 17 additions and 10 deletions
--- a/src/cryptonote_core/checkpoints_create.cpp
+++ b/src/cryptonote_core/checkpoints_create.cpp
@ -138,21 +138,34 @@ bool load_checkpoints_from_dns(cryptonote::checkpoints& checkpoints, bool testne
  size_t cur_index = first_index;
  do
  {
    std::string url;
    if (testnet)
    {
-      records = tools::DNSResolver::instance().get_txt_record(testnet_dns_urls[cur_index], avail, valid);
+      url = testnet_dns_urls[cur_index];
    }
    else
    {
-      records = tools::DNSResolver::instance().get_txt_record(dns_urls[cur_index], avail, valid);
+      url = dns_urls[cur_index];
    }
-    if (records.size() == 0 || (avail && !valid))
+
    records = tools::DNSResolver::instance().get_txt_record(url, avail, valid);
    if (!avail)
    {
      LOG_PRINT_L2("DNSSEC not available for checkpoint update at URL: " << url << ", skipping.");
    }
    if (!valid)
    {
      LOG_PRINT_L2("DNSSEC validation failed for checkpoint update at URL: " << url << ", skipping.");
    }
    if (records.size() == 0 || !avail || !valid)
    {
      cur_index++;
      if (cur_index == dns_urls.size())
      {
 	cur_index = 0;
      }
      records.clear();
      continue;
    }
    break;
@ -160,13 +173,7 @@ bool load_checkpoints_from_dns(cryptonote::checkpoints& checkpoints, bool testne
  if (records.size() == 0)
  {
-    LOG_PRINT_L1("Fetching MoneroPulse checkpoints failed, no TXT records available.");
+    LOG_PRINT_L0("WARNING: All MoneroPulse checkpoint URLs failed DNSSEC validation and/or returned no records");
    return true;
  }
  if (avail && !valid)
  {
    LOG_PRINT_L0("WARNING: MoneroPulse failed DNSSEC validation and/or returned no records");
    return true;
  }