Lines Matching refs:zone
75 #include <dns/zone.h>
81 #define DNS_ZONE_VALID(zone) ISC_MAGIC_VALID(zone, ZONE_MAGIC)
311 * Zones in certain states such as "waiting for zone transfer"
312 * or "zone transfer in progress" are kept on per-state linked lists
313 * in the zone manager using the 'statelink' field. The 'statelist'
314 * field points at the list the zone is currently on. It the zone
320 * Statistics counters about zone management.
324 * Optional per-zone statistics counters. Counted outside of this
345 * Keys that are signing the zone for the first time.
378 * catalog zone data
383 * parent catalog zone
414 * maximum zone ttl
419 * Inline zone signing state.
452 /* XXX MPA these may need to go back into zone.h */
454 #define DNS_ZONEFLG_NEEDDUMP 0x00000002U /*%< zone need consolidation */
457 #define DNS_ZONEFLG_HASINCLUDE 0x00000010U /*%< $INCLUDE in zone file */
459 #define DNS_ZONEFLG_EXITING 0x00000040U /*%< zone is being destroyed */
460 #define DNS_ZONEFLG_EXPIRED 0x00000080U /*%< zone has expired */
462 #define DNS_ZONEFLG_UPTODATE 0x00000200U /*%< zone contents are
469 * zone with no masters
476 #define DNS_ZONEFLG_FORCEXFER 0x00008000U /*%< Force a zone xfer */
493 * due to the zone just
503 #define DNS_ZONELOADFLAG_THAW 0x00000002U /* Thaw the zone on successful
572 dns_zone_t *zone;
588 * 'db' is the zone's 'db' or a new one if this is the initial
595 dns_zone_t *zone;
606 dns_zone_t *zone;
618 dns_zone_t *zone;
642 * Hold state for when we are signing a zone with a new
679 * 'seen_nsec' will be set to true if, while iterating the zone to create a
695 dns_zone_t *zone;
704 dns_zone_t *zone;
734 static void zone_debuglog(dns_zone_t *zone, const char *, int debuglevel,
736 static void notify_log(dns_zone_t *zone, int level, const char *fmt, ...)
738 static void queue_xfrin(dns_zone_t *zone);
743 static void zone_unload(dns_zone_t *zone);
744 static void zone_expire(dns_zone_t *zone);
747 static isc_result_t zone_replacedb(dns_zone_t *zone, dns_db_t *db,
749 static inline void zone_attachdb(dns_zone_t *zone, dns_db_t *db);
750 static inline void zone_detachdb(dns_zone_t *zone);
751 static isc_result_t default_journal(dns_zone_t *zone);
752 static void zone_xfrdone(dns_zone_t *zone, isc_result_t result);
753 static isc_result_t zone_postload(dns_zone_t *zone, dns_db_t *db,
755 static void zone_needdump(dns_zone_t *zone, unsigned int delay);
758 static isc_result_t zone_startload(dns_db_t *db, dns_zone_t *zone,
760 static void zone_namerd_tostr(dns_zone_t *zone, char *buf, size_t length);
761 static void zone_name_tostr(dns_zone_t *zone, char *buf, size_t length);
762 static void zone_rdclass_tostr(dns_zone_t *zone, char *buf, size_t length);
763 static void zone_viewname_tostr(dns_zone_t *zone, char *buf, size_t length);
764 static isc_result_t zone_send_secureserial(dns_zone_t *zone,
774 static void queue_soa_query(dns_zone_t *zone);
776 static void ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset,
780 static void notify_cancel(dns_zone_t *zone);
783 static isc_result_t notify_createmessage(dns_zone_t *zone,
791 dns_zone_t *zone);
801 zone_get_from_db(dns_zone_t *zone, dns_db_t *db, unsigned int *nscount,
807 static void zone_freedbargs(dns_zone_t *zone);
809 static void zone_saveunique(dns_zone_t *zone, const char *path,
811 static void zone_maintenance(dns_zone_t *zone);
812 static void zone_notify(dns_zone_t *zone, isc_time_t *now);
814 static isc_result_t zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm,
819 static void zone_rekey(dns_zone_t *zone);
820 static isc_result_t zone_send_securedb(dns_zone_t *zone, dns_db_t *db);
824 #define ENTER zone_debuglog(zone, me, 1, "enter")
836 dns_zone_log(zone, ISC_LOG_WARNING, \
849 dns_zone_log(zone, ISC_LOG_WARNING, \
880 inc_stats(dns_zone_t *zone, isc_statscounter_t counter) {
881 if (zone->stats != NULL)
882 isc_stats_increment(zone->stats, counter);
892 dns_zone_t *zone;
899 zone = isc_mem_get(mctx, sizeof(*zone));
900 if (zone == NULL) {
904 zone->mctx = NULL;
905 isc_mem_attach(mctx, &zone->mctx);
907 result = isc_mutex_init(&zone->lock);
912 result = ZONEDB_INITLOCK(&zone->dblock);
919 zone->locked = ISC_FALSE;
921 zone->db = NULL;
922 zone->zmgr = NULL;
923 ISC_LINK_INIT(zone, link);
924 result = isc_refcount_init(&zone->erefs, 1); /* Implicit attach. */
928 zone->irefs = 0;
929 dns_name_init(&zone->origin, NULL);
930 zone->strnamerd = NULL;
931 zone->strname = NULL;
932 zone->strrdclass = NULL;
933 zone->strviewname = NULL;
934 zone->masterfile = NULL;
935 ISC_LIST_INIT(zone->includes);
936 ISC_LIST_INIT(zone->newincludes);
937 zone->nincludes = 0;
938 zone->masterformat = dns_masterformat_none;
939 zone->masterstyle = NULL;
940 zone->keydirectory = NULL;
941 zone->journalsize = -1;
942 zone->journal = NULL;
943 zone->rdclass = dns_rdataclass_none;
944 zone->type = dns_zone_none;
945 zone->flags = 0;
946 zone->options = 0;
947 zone->options2 = 0;
948 zone->keyopts = 0;
949 zone->db_argc = 0;
950 zone->db_argv = NULL;
951 isc_time_settoepoch(&zone->expiretime);
952 isc_time_settoepoch(&zone->refreshtime);
953 isc_time_settoepoch(&zone->dumptime);
954 isc_time_settoepoch(&zone->loadtime);
955 zone->notifytime = now;
956 isc_time_settoepoch(&zone->resigntime);
957 isc_time_settoepoch(&zone->keywarntime);
958 isc_time_settoepoch(&zone->signingtime);
959 isc_time_settoepoch(&zone->nsec3chaintime);
960 isc_time_settoepoch(&zone->refreshkeytime);
961 zone->refreshkeyinterval = 0;
962 zone->refreshkeycount = 0;
963 zone->refresh = DNS_ZONE_DEFAULTREFRESH;
964 zone->retry = DNS_ZONE_DEFAULTRETRY;
965 zone->expire = 0;
966 zone->minimum = 0;
967 zone->maxrefresh = DNS_ZONE_MAXREFRESH;
968 zone->minrefresh = DNS_ZONE_MINREFRESH;
969 zone->maxretry = DNS_ZONE_MAXRETRY;
970 zone->minretry = DNS_ZONE_MINRETRY;
971 zone->masters = NULL;
972 zone->masterdscps = NULL;
973 zone->masterkeynames = NULL;
974 zone->mastersok = NULL;
975 zone->masterscnt = 0;
976 zone->curmaster = 0;
977 zone->maxttl = 0;
978 zone->notify = NULL;
979 zone->notifykeynames = NULL;
980 zone->notifydscp = NULL;
981 zone->notifytype = dns_notifytype_yes;
982 zone->notifycnt = 0;
983 zone->task = NULL;
984 zone->loadtask = NULL;
985 zone->update_acl = NULL;
986 zone->forward_acl = NULL;
987 zone->notify_acl = NULL;
988 zone->query_acl = NULL;
989 zone->queryon_acl = NULL;
990 zone->xfr_acl = NULL;
991 zone->update_disabled = ISC_FALSE;
992 zone->zero_no_soa_ttl = ISC_TRUE;
993 zone->check_names = dns_severity_ignore;
994 zone->request = NULL;
995 zone->lctx = NULL;
996 zone->readio = NULL;
997 zone->dctx = NULL;
998 zone->writeio = NULL;
999 zone->timer = NULL;
1000 zone->idlein = DNS_DEFAULT_IDLEIN;
1001 zone->idleout = DNS_DEFAULT_IDLEOUT;
1002 zone->log_key_expired_timer = 0;
1003 ISC_LIST_INIT(zone->notifies);
1004 isc_sockaddr_any(&zone->notifysrc4);
1005 isc_sockaddr_any6(&zone->notifysrc6);
1006 isc_sockaddr_any(&zone->xfrsource4);
1007 isc_sockaddr_any6(&zone->xfrsource6);
1008 isc_sockaddr_any(&zone->altxfrsource4);
1009 isc_sockaddr_any6(&zone->altxfrsource6);
1010 zone->notifysrc4dscp = -1;
1011 zone->notifysrc6dscp = -1;
1012 zone->xfrsource4dscp = -1;
1013 zone->xfrsource6dscp = -1;
1014 zone->altxfrsource4dscp = -1;
1015 zone->altxfrsource6dscp = -1;
1016 zone->xfr = NULL;
1017 zone->tsigkey = NULL;
1018 zone->maxxfrin = MAX_XFER_TIME;
1019 zone->maxxfrout = MAX_XFER_TIME;
1020 zone->ssutable = NULL;
1021 zone->sigvalidityinterval = 30 * 24 * 3600;
1022 zone->sigresigninginterval = 7 * 24 * 3600;
1023 zone->view = NULL;
1024 zone->prev_view = NULL;
1025 zone->acache = NULL;
1026 zone->checkmx = NULL;
1027 zone->checksrv = NULL;
1028 zone->checkns = NULL;
1029 ISC_LINK_INIT(zone, statelink);
1030 zone->statelist = NULL;
1031 zone->stats = NULL;
1032 zone->requeststats_on = ISC_FALSE;
1033 zone->statlevel = dns_zonestat_none;
1034 zone->requeststats = NULL;
1035 zone->rcvquerystats = NULL;
1036 zone->notifydelay = 5;
1037 zone->isself = NULL;
1038 zone->isselfarg = NULL;
1039 ISC_LIST_INIT(zone->signing);
1040 ISC_LIST_INIT(zone->nsec3chain);
1041 zone->signatures = 10;
1042 zone->nodes = 100;
1043 zone->privatetype = (dns_rdatatype_t)0xffffU;
1044 zone->added = ISC_FALSE;
1045 zone->automatic = ISC_FALSE;
1046 zone->rpzs = NULL;
1047 zone->rpz_num = DNS_RPZ_INVALID_NUM;
1049 zone->catzs = NULL;
1050 zone->parentcatz = NULL;
1052 ISC_LIST_INIT(zone->forwards);
1053 zone->raw = NULL;
1054 zone->secure = NULL;
1055 zone->sourceserial = 0;
1056 zone->sourceserialset = ISC_FALSE;
1057 zone->requestixfr = ISC_TRUE;
1058 zone->requestexpire = ISC_TRUE;
1059 ISC_LIST_INIT(zone->rss_events);
1060 zone->rss_db = NULL;
1061 zone->rss_raw = NULL;
1062 zone->rss_newver = NULL;
1063 zone->rss_oldver = NULL;
1064 zone->rss_event = NULL;
1065 zone->rss_state = NULL;
1066 zone->updatemethod = dns_updatemethod_increment;
1067 zone->maxrecords = 0U;
1069 zone->magic = ZONE_MAGIC;
1072 result = dns_zone_setdbtype(zone, dbargc_default, dbargv_default);
1077 ISC_EVENT_INIT(&zone->ctlevent, sizeof(zone->ctlevent), 0, NULL,
1078 DNS_EVENT_ZONECONTROL, zone_shutdown, zone, zone,
1080 *zonep = zone;
1084 isc_refcount_decrement(&zone->erefs, NULL);
1085 isc_refcount_destroy(&zone->erefs);
1088 ZONEDB_DESTROYLOCK(&zone->dblock);
1091 DESTROYLOCK(&zone->lock);
1094 isc_mem_putanddetach(&zone->mctx, zone, sizeof(*zone));
1099 * Free a zone. Because we require that there be no more
1103 zone_free(dns_zone_t *zone) {
1109 REQUIRE(DNS_ZONE_VALID(zone));
1110 REQUIRE(isc_refcount_current(&zone->erefs) == 0);
1111 REQUIRE(zone->irefs == 0);
1112 REQUIRE(!LOCKED_ZONE(zone));
1113 REQUIRE(zone->timer == NULL);
1114 REQUIRE(zone->zmgr == NULL);
1119 if (zone->request != NULL) {
1120 dns_request_destroy(&zone->request); /* XXXMPA */
1122 INSIST(zone->readio == NULL);
1123 INSIST(zone->statelist == NULL);
1124 INSIST(zone->writeio == NULL);
1126 if (zone->task != NULL) {
1127 isc_task_detach(&zone->task);
1129 if (zone->loadtask != NULL) {
1130 isc_task_detach(&zone->loadtask);
1132 if (zone->view != NULL) {
1133 dns_view_weakdetach(&zone->view);
1135 if (zone->prev_view != NULL) {
1136 dns_view_weakdetach(&zone->prev_view);
1140 for (signing = ISC_LIST_HEAD(zone->signing);
1142 signing = ISC_LIST_HEAD(zone->signing)) {
1143 ISC_LIST_UNLINK(zone->signing, signing, link);
1146 isc_mem_put(zone->mctx, signing, sizeof *signing);
1148 for (nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
1150 nsec3chain = ISC_LIST_HEAD(zone->nsec3chain)) {
1151 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain, link);
1154 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
1156 for (include = ISC_LIST_HEAD(zone->includes);
1158 include = ISC_LIST_HEAD(zone->includes)) {
1159 ISC_LIST_UNLINK(zone->includes, include, link);
1160 isc_mem_free(zone->mctx, include->name);
1161 isc_mem_put(zone->mctx, include, sizeof *include);
1163 for (include = ISC_LIST_HEAD(zone->newincludes);
1165 include = ISC_LIST_HEAD(zone->newincludes)) {
1166 ISC_LIST_UNLINK(zone->newincludes, include, link);
1167 isc_mem_free(zone->mctx, include->name);
1168 isc_mem_put(zone->mctx, include, sizeof *include);
1170 if (zone->masterfile != NULL) {
1171 isc_mem_free(zone->mctx, zone->masterfile);
1173 zone->masterfile = NULL;
1174 if (zone->keydirectory != NULL) {
1175 isc_mem_free(zone->mctx, zone->keydirectory);
1177 zone->keydirectory = NULL;
1178 zone->journalsize = -1;
1179 if (zone->journal != NULL) {
1180 isc_mem_free(zone->mctx, zone->journal);
1182 zone->journal = NULL;
1183 if (zone->stats != NULL) {
1184 isc_stats_detach(&zone->stats);
1186 if (zone->requeststats != NULL) {
1187 isc_stats_detach(&zone->requeststats);
1189 if (zone->rcvquerystats != NULL){
1190 dns_stats_detach(&zone->rcvquerystats);
1192 if (zone->db != NULL) {
1193 zone_detachdb(zone);
1195 if (zone->acache != NULL) {
1196 dns_acache_detach(&zone->acache);
1198 if (zone->rpzs != NULL) {
1199 REQUIRE(zone->rpz_num < zone->rpzs->p.num_zones);
1200 dns_rpz_detach_rpzs(&zone->rpzs);
1201 zone->rpz_num = DNS_RPZ_INVALID_NUM;
1203 if (zone->catzs != NULL) {
1204 dns_catz_catzs_detach(&zone->catzs);
1206 zone_freedbargs(zone);
1207 RUNTIME_CHECK(dns_zone_setmasterswithkeys(zone, NULL,
1209 RUNTIME_CHECK(dns_zone_setalsonotify(zone, NULL, 0) == ISC_R_SUCCESS);
1210 zone->check_names = dns_severity_ignore;
1211 if (zone->update_acl != NULL) {
1212 dns_acl_detach(&zone->update_acl);
1214 if (zone->forward_acl != NULL) {
1215 dns_acl_detach(&zone->forward_acl);
1217 if (zone->notify_acl != NULL) {
1218 dns_acl_detach(&zone->notify_acl);
1220 if (zone->query_acl != NULL) {
1221 dns_acl_detach(&zone->query_acl);
1223 if (zone->queryon_acl != NULL) {
1224 dns_acl_detach(&zone->queryon_acl);
1226 if (zone->xfr_acl != NULL) {
1227 dns_acl_detach(&zone->xfr_acl);
1229 if (dns_name_dynamic(&zone->origin)) {
1230 dns_name_free(&zone->origin, zone->mctx);
1232 if (zone->strnamerd != NULL) {
1233 isc_mem_free(zone->mctx, zone->strnamerd);
1235 if (zone->strname != NULL) {
1236 isc_mem_free(zone->mctx, zone->strname);
1238 if (zone->strrdclass != NULL) {
1239 isc_mem_free(zone->mctx, zone->strrdclass);
1241 if (zone->strviewname != NULL) {
1242 isc_mem_free(zone->mctx, zone->strviewname);
1244 if (zone->ssutable != NULL) {
1245 dns_ssutable_detach(&zone->ssutable);
1249 ZONEDB_DESTROYLOCK(&zone->dblock);
1250 DESTROYLOCK(&zone->lock);
1251 isc_refcount_destroy(&zone->erefs);
1252 zone->magic = 0;
1253 mctx = zone->mctx;
1254 isc_mem_put(mctx, zone, sizeof(*zone));
1259 * Returns ISC_TRUE iff this the signed side of an inline-signing zone.
1260 * Caller should hold zone lock.
1263 inline_secure(dns_zone_t *zone) {
1264 REQUIRE(DNS_ZONE_VALID(zone));
1265 if (zone->raw != NULL)
1271 * Returns ISC_TRUE iff this the unsigned side of an inline-signing zone
1272 * Caller should hold zone lock.
1275 inline_raw(dns_zone_t *zone) {
1276 REQUIRE(DNS_ZONE_VALID(zone));
1277 if (zone->secure != NULL)
1286 dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass) {
1289 REQUIRE(DNS_ZONE_VALID(zone));
1295 LOCK_ZONE(zone);
1296 INSIST(zone != zone->raw);
1297 REQUIRE(zone->rdclass == dns_rdataclass_none ||
1298 zone->rdclass == rdclass);
1299 zone->rdclass = rdclass;
1301 if (zone->strnamerd != NULL)
1302 isc_mem_free(zone->mctx, zone->strnamerd);
1303 if (zone->strrdclass != NULL)
1304 isc_mem_free(zone->mctx, zone->strrdclass);
1306 zone_namerd_tostr(zone, namebuf, sizeof namebuf);
1307 zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf);
1308 zone_rdclass_tostr(zone, namebuf, sizeof namebuf);
1309 zone->strrdclass = isc_mem_strdup(zone->mctx, namebuf);
1311 if (inline_secure(zone))
1312 dns_zone_setclass(zone->raw, rdclass);
1313 UNLOCK_ZONE(zone);
1317 dns_zone_getclass(dns_zone_t *zone) {
1318 REQUIRE(DNS_ZONE_VALID(zone));
1320 return (zone->rdclass);
1324 dns_zone_setnotifytype(dns_zone_t *zone, dns_notifytype_t notifytype) {
1325 REQUIRE(DNS_ZONE_VALID(zone));
1327 LOCK_ZONE(zone);
1328 zone->notifytype = notifytype;
1329 UNLOCK_ZONE(zone);
1333 dns_zone_getserial2(dns_zone_t *zone, isc_uint32_t *serialp) {
1337 REQUIRE(DNS_ZONE_VALID(zone));
1340 LOCK_ZONE(zone);
1341 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
1342 if (zone->db != NULL) {
1343 result = zone_get_from_db(zone, zone->db, NULL, &soacount,
1350 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
1351 UNLOCK_ZONE(zone);
1357 dns_zone_getserial(dns_zone_t *zone) {
1361 result = dns_zone_getserial2(zone, &serial);
1372 dns_zone_settype(dns_zone_t *zone, dns_zonetype_t type) {
1375 REQUIRE(DNS_ZONE_VALID(zone));
1381 LOCK_ZONE(zone);
1382 REQUIRE(zone->type == dns_zone_none || zone->type == type);
1383 zone->type = type;
1385 if (zone->strnamerd != NULL)
1386 isc_mem_free(zone->mctx, zone->strnamerd);
1388 zone_namerd_tostr(zone, namebuf, sizeof namebuf);
1389 zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf);
1390 UNLOCK_ZONE(zone);
1394 zone_freedbargs(dns_zone_t *zone) {
1398 if (zone->db_argv != NULL) {
1399 for (i = 0; i < zone->db_argc; i++)
1400 isc_mem_free(zone->mctx, zone->db_argv[i]);
1401 isc_mem_put(zone->mctx, zone->db_argv,
1402 zone->db_argc * sizeof(*zone->db_argv));
1404 zone->db_argc = 0;
1405 zone->db_argv = NULL;
1409 dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx) {
1416 REQUIRE(DNS_ZONE_VALID(zone));
1419 LOCK_ZONE(zone);
1420 size = (zone->db_argc + 1) * sizeof(char *);
1421 for (i = 0; i < zone->db_argc; i++)
1422 size += strlen(zone->db_argv[i]) + 1;
1428 tmp2 += (zone->db_argc + 1) * sizeof(char *);
1429 for (i = 0; i < zone->db_argc; i++) {
1431 strlcpy(tmp2, zone->db_argv[i], size - (tmp2 - base));
1437 UNLOCK_ZONE(zone);
1443 dns_zone_setdbtype(dns_zone_t *zone,
1450 REQUIRE(DNS_ZONE_VALID(zone));
1454 LOCK_ZONE(zone);
1457 argv = isc_mem_get(zone->mctx, dbargc * sizeof(*argv));
1465 argv[i] = isc_mem_strdup(zone->mctx, dbargv[i]);
1471 zone_freedbargs(zone);
1473 zone->db_argc = dbargc;
1474 zone->db_argv = argv;
1482 isc_mem_free(zone->mctx, argv[i]);
1485 isc_mem_put(zone->mctx, argv, dbargc * sizeof(*argv));
1490 UNLOCK_ZONE(zone);
1495 dns_zone_setview_helper(dns_zone_t *zone, dns_view_t *view) {
1498 if (zone->prev_view == NULL && zone->view != NULL) {
1499 dns_view_weakattach(zone->view, &zone->prev_view);
1502 INSIST(zone != zone->raw);
1503 if (zone->view != NULL) {
1504 dns_view_weakdetach(&zone->view);
1506 dns_view_weakattach(view, &zone->view);
1508 if (zone->strviewname != NULL) {
1509 isc_mem_free(zone->mctx, zone->strviewname);
1511 if (zone->strnamerd != NULL) {
1512 isc_mem_free(zone->mctx, zone->strnamerd);
1515 zone_namerd_tostr(zone, namebuf, sizeof namebuf);
1516 zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf);
1517 zone_viewname_tostr(zone, namebuf, sizeof namebuf);
1518 zone->strviewname = isc_mem_strdup(zone->mctx, namebuf);
1520 if (inline_secure(zone)) {
1521 dns_zone_setview(zone->raw, view);
1526 dns_zone_setview(dns_zone_t *zone, dns_view_t *view) {
1527 REQUIRE(DNS_ZONE_VALID(zone));
1529 LOCK_ZONE(zone);
1530 dns_zone_setview_helper(zone, view);
1531 UNLOCK_ZONE(zone);
1535 dns_zone_getview(dns_zone_t *zone) {
1536 REQUIRE(DNS_ZONE_VALID(zone));
1538 return (zone->view);
1542 dns_zone_setviewcommit(dns_zone_t *zone) {
1543 REQUIRE(DNS_ZONE_VALID(zone));
1545 LOCK_ZONE(zone);
1546 if (zone->prev_view != NULL)
1547 dns_view_weakdetach(&zone->prev_view);
1548 UNLOCK_ZONE(zone);
1552 dns_zone_setviewrevert(dns_zone_t *zone) {
1553 REQUIRE(DNS_ZONE_VALID(zone));
1555 LOCK_ZONE(zone);
1556 if (zone->prev_view != NULL) {
1557 dns_zone_setview_helper(zone, zone->prev_view);
1558 dns_view_weakdetach(&zone->prev_view);
1560 UNLOCK_ZONE(zone);
1564 dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin) {
1568 REQUIRE(DNS_ZONE_VALID(zone));
1571 LOCK_ZONE(zone);
1572 INSIST(zone != zone->raw);
1573 if (dns_name_dynamic(&zone->origin)) {
1574 dns_name_free(&zone->origin, zone->mctx);
1575 dns_name_init(&zone->origin, NULL);
1577 result = dns_name_dup(origin, zone->mctx, &zone->origin);
1579 if (zone->strnamerd != NULL)
1580 isc_mem_free(zone->mctx, zone->strnamerd);
1581 if (zone->strname != NULL)
1582 isc_mem_free(zone->mctx, zone->strname);
1584 zone_namerd_tostr(zone, namebuf, sizeof namebuf);
1585 zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf);
1586 zone_name_tostr(zone, namebuf, sizeof namebuf);
1587 zone->strname = isc_mem_strdup(zone->mctx, namebuf);
1589 if (result == ISC_R_SUCCESS && inline_secure(zone))
1590 result = dns_zone_setorigin(zone->raw, origin);
1591 UNLOCK_ZONE(zone);
1596 dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache) {
1597 REQUIRE(DNS_ZONE_VALID(zone));
1600 LOCK_ZONE(zone);
1601 if (zone->acache != NULL)
1602 dns_acache_detach(&zone->acache);
1603 dns_acache_attach(acache, &zone->acache);
1604 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
1605 if (zone->db != NULL) {
1609 * If the zone reuses an existing DB, the DB needs to be
1614 result = dns_acache_setdb(acache, zone->db);
1621 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
1622 UNLOCK_ZONE(zone);
1626 dns_zone_setstring(dns_zone_t *zone, char **field, const char *value) {
1630 copy = isc_mem_strdup(zone->mctx, value);
1638 isc_mem_free(zone->mctx, *field);
1645 dns_zone_setfile(dns_zone_t *zone, const char *file) {
1646 return (dns_zone_setfile3(zone, file, dns_masterformat_text,
1651 dns_zone_setfile2(dns_zone_t *zone, const char *file,
1654 return (dns_zone_setfile3(zone, file, format,
1659 dns_zone_setfile3(dns_zone_t *zone, const char *file,
1665 REQUIRE(DNS_ZONE_VALID(zone));
1667 LOCK_ZONE(zone);
1668 result = dns_zone_setstring(zone, &zone->masterfile, file);
1670 zone->masterformat = format;
1672 zone->masterstyle = style;
1673 result = default_journal(zone);
1675 UNLOCK_ZONE(zone);
1681 dns_zone_getfile(dns_zone_t *zone) {
1682 REQUIRE(DNS_ZONE_VALID(zone));
1684 return (zone->masterfile);
1688 dns_zone_getmaxttl(dns_zone_t *zone) {
1689 REQUIRE(DNS_ZONE_VALID(zone));
1691 return (zone->maxttl);
1695 dns_zone_setmaxttl(dns_zone_t *zone, dns_ttl_t maxttl) {
1696 REQUIRE(DNS_ZONE_VALID(zone));
1698 LOCK_ZONE(zone);
1700 zone->options2 |= DNS_ZONEOPT2_CHECKTTL;
1702 zone->options2 &= ~DNS_ZONEOPT2_CHECKTTL;
1703 zone->maxttl = maxttl;
1704 UNLOCK_ZONE(zone);
1710 default_journal(dns_zone_t *zone) {
1714 REQUIRE(DNS_ZONE_VALID(zone));
1715 REQUIRE(LOCKED_ZONE(zone));
1717 if (zone->masterfile != NULL) {
1719 int len = strlen(zone->masterfile) + sizeof(".jnl");
1720 journal = isc_mem_allocate(zone->mctx, len);
1723 strlcpy(journal, zone->masterfile, len);
1728 result = dns_zone_setstring(zone, &zone->journal, journal);
1730 isc_mem_free(zone->mctx, journal);
1735 dns_zone_setjournal(dns_zone_t *zone, const char *myjournal) {
1738 REQUIRE(DNS_ZONE_VALID(zone));
1740 LOCK_ZONE(zone);
1741 result = dns_zone_setstring(zone, &zone->journal, myjournal);
1742 UNLOCK_ZONE(zone);
1748 dns_zone_getjournal(dns_zone_t *zone) {
1749 REQUIRE(DNS_ZONE_VALID(zone));
1751 return (zone->journal);
1755 * Return true iff the zone is "dynamic", in the sense that the zone's
1764 dns_zone_isdynamic(dns_zone_t *zone, isc_boolean_t ignore_freeze) {
1765 REQUIRE(DNS_ZONE_VALID(zone));
1767 if (zone->type == dns_zone_slave || zone->type == dns_zone_stub ||
1768 zone->type == dns_zone_key ||
1769 (zone->type == dns_zone_redirect && zone->masters != NULL))
1773 if (zone->type == dns_zone_master &&
1774 (!zone->update_disabled || ignore_freeze) &&
1775 ((zone->ssutable != NULL) ||
1776 (zone->update_acl != NULL && !dns_acl_isnone(zone->update_acl))))
1784 * Set the response policy index and information for a zone.
1787 dns_zone_rpz_enable(dns_zone_t *zone, dns_rpz_zones_t *rpzs,
1796 if (strcmp(zone->db_argv[0], "rbt") != 0 &&
1797 strcmp(zone->db_argv[0], "rbt64") != 0)
1799 if (zone->masterformat == dns_masterformat_map)
1805 LOCK_ZONE(zone);
1806 if (zone->rpzs != NULL) {
1807 REQUIRE(zone->rpzs == rpzs && zone->rpz_num == rpz_num);
1809 REQUIRE(zone->rpz_num == DNS_RPZ_INVALID_NUM);
1810 dns_rpz_attach_rpzs(rpzs, &zone->rpzs);
1811 zone->rpz_num = rpz_num;
1814 UNLOCK_ZONE(zone);
1820 dns_zone_get_rpz_num(dns_zone_t *zone) {
1821 return (zone->rpz_num);
1825 * If a zone is a response policy zone, mark its new database.
1828 dns_zone_rpz_enable_db(dns_zone_t *zone, dns_db_t *db) {
1829 if (zone->rpz_num != DNS_RPZ_INVALID_NUM) {
1830 REQUIRE(zone->rpzs != NULL);
1831 dns_db_rpz_attach(db, zone->rpzs, zone->rpz_num);
1836 dns_zone_catz_enable(dns_zone_t *zone, dns_catz_zones_t *catzs) {
1837 REQUIRE(DNS_ZONE_VALID(zone));
1840 LOCK_ZONE(zone);
1841 INSIST(zone->catzs == NULL || zone->catzs == catzs);
1842 dns_catz_catzs_set_view(catzs, zone->view);
1843 if (zone->catzs == NULL)
1844 dns_catz_catzs_attach(catzs, &zone->catzs);
1845 UNLOCK_ZONE(zone);
1849 * If a zone is a catalog zone, attach it to update notification in database.
1852 dns_zone_catz_enable_db(dns_zone_t *zone, dns_db_t *db) {
1853 REQUIRE(DNS_ZONE_VALID(zone));
1856 if (zone->catzs != NULL) {
1858 zone->catzs);
1863 * Set catalog zone ownership of the zone
1866 dns_zone_set_parentcatz(dns_zone_t *zone, dns_catz_zone_t *catz) {
1867 REQUIRE(DNS_ZONE_VALID(zone));
1869 LOCK_ZONE(zone);
1870 INSIST(zone->parentcatz == NULL || zone->parentcatz == catz);
1871 zone->parentcatz = catz;
1872 UNLOCK_ZONE(zone);
1876 dns_zone_get_parentcatz(const dns_zone_t *zone) {
1877 REQUIRE(DNS_ZONE_VALID(zone));
1878 return (zone->parentcatz);
1883 zone_touched(dns_zone_t *zone) {
1888 REQUIRE(DNS_ZONE_VALID(zone));
1890 result = isc_file_getmodtime(zone->masterfile, &modtime);
1892 isc_time_compare(&modtime, &zone->loadtime) > 0)
1895 for (include = ISC_LIST_HEAD(zone->includes);
1909 zone_load(dns_zone_t *zone, unsigned int flags, isc_boolean_t locked) {
1916 REQUIRE(DNS_ZONE_VALID(zone));
1919 LOCK_ZONE(zone);
1921 INSIST(zone != zone->raw);
1922 hasraw = inline_secure(zone);
1924 result = zone_load(zone->raw, flags, ISC_FALSE);
1927 UNLOCK_ZONE(zone);
1930 LOCK_ZONE(zone->raw);
1935 INSIST(zone->type != dns_zone_none);
1937 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADING)) {
1939 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_THAW);
1944 INSIST(zone->db_argc >= 1);
1946 rbt = strcmp(zone->db_argv[0], "rbt") == 0 ||
1947 strcmp(zone->db_argv[0], "rbt64") == 0;
1949 if (zone->db != NULL && zone->masterfile == NULL && rbt) {
1951 * The zone has no master file configured.
1957 if (zone->db != NULL && dns_zone_isdynamic(zone, ISC_FALSE)) {
1960 * zone being reloaded. Do nothing - the database
1963 if (zone->type == dns_zone_master)
1971 * Store the current time before the zone is loaded, so that if the
1973 * zone->loadtime is set, then the file will still be reloaded
1979 * Don't do the load if the file that stores the zone is older
1980 * than the last time the zone was loaded. If the zone has not
1981 * been loaded yet, zone->loadtime will be the epoch.
1983 if (zone->masterfile != NULL) {
1990 if (!isc_time_isepoch(&zone->loadtime) &&
1996 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
1997 !zone_touched(zone))
1999 dns_zone_log(zone, ISC_LOG_DEBUG(1),
2011 result = isc_file_getmodtime(zone->masterfile, &filetime);
2021 if (zone->type == dns_zone_master &&
2022 strcmp(zone->db_argv[0], "_builtin") == 0 &&
2023 (zone->db_argc < 2 || strcmp(zone->db_argv[1], "empty") != 0) &&
2024 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
2031 * but we need to associate the database with the zone object.
2033 if (strcmp(zone->db_argv[0], "dlz") == 0) {
2037 for (dlzdb = ISC_LIST_HEAD(zone->view->dlz_unsearched);
2042 if (strcmp(zone->db_argv[1], dlzdb->dlzname) == 0)
2047 dns_zone_log(zone, ISC_LOG_ERROR,
2049 "to 'search yes;'", zone->db_argv[1]);
2054 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
2055 /* ask SDLZ driver if the zone is supported */
2059 zone->view->rdclass, &zone->origin,
2062 if (zone->db != NULL)
2063 zone_detachdb(zone);
2064 zone_attachdb(zone, db);
2068 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
2074 result = (*dlzdb->configure_callback)(zone->view,
2075 dlzdb, zone);
2077 dns_zone_log(zone, ISC_LOG_ERROR,
2084 if ((zone->type == dns_zone_slave || zone->type == dns_zone_stub ||
2085 (zone->type == dns_zone_redirect && zone->masters != NULL)) &&
2087 if (zone->masterfile == NULL ||
2088 !isc_file_exists(zone->masterfile)) {
2089 if (zone->masterfile != NULL) {
2090 dns_zone_log(zone, ISC_LOG_DEBUG(1),
2093 zone->refreshtime = now;
2094 if (zone->task != NULL)
2095 zone_settimer(zone, &now);
2101 dns_zone_log(zone, ISC_LOG_DEBUG(1), "starting load");
2103 result = dns_db_create(zone->mctx, zone->db_argv[0],
2104 &zone->origin, (zone->type == dns_zone_stub) ?
2106 zone->rdclass,
2107 zone->db_argc - 1, zone->db_argv + 1,
2111 dns_zone_log(zone, ISC_LOG_ERROR,
2112 "loading zone: creating database: %s",
2116 dns_db_settask(db, zone->task);
2119 if (zone->masterfile != NULL) {
2120 result = zone_startload(db, zone, loadtime);
2123 if (zone->type == dns_zone_master ||
2124 (zone->type == dns_zone_redirect &&
2125 zone->masters == NULL)) {
2126 dns_zone_log(zone, ISC_LOG_ERROR,
2127 "loading zone: "
2131 dns_zone_log(zone, ISC_LOG_INFO, "loading zone: "
2137 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADING);
2139 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_THAW);
2143 result = zone_postload(zone, db, loadtime, result);
2147 UNLOCK_ZONE(zone->raw);
2149 UNLOCK_ZONE(zone);
2156 dns_zone_load(dns_zone_t *zone) {
2157 return (zone_load(zone, 0, ISC_FALSE));
2161 dns_zone_loadnew(dns_zone_t *zone) {
2162 return (zone_load(zone, DNS_ZONELOADFLAG_NOSTAT, ISC_FALSE));
2168 dns_zone_t *zone = asl->zone;
2174 REQUIRE(DNS_ZONE_VALID(zone));
2184 LOCK_ZONE(zone);
2185 load_pending = ISC_TF(DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING));
2188 UNLOCK_ZONE(zone);
2192 zone_load(zone, 0, ISC_TRUE);
2194 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADPENDING);
2195 UNLOCK_ZONE(zone);
2197 /* Inform the zone table we've finished loading */
2199 (asl->loaded)(asl->loaded_arg, zone, task);
2202 isc_mem_put(zone->mctx, asl, sizeof (*asl));
2203 dns_zone_idetach(&zone);
2207 dns_zone_asyncload(dns_zone_t *zone, dns_zt_zoneloaded_t done, void *arg) {
2212 REQUIRE(DNS_ZONE_VALID(zone));
2214 if (zone->zmgr == NULL)
2218 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING))
2221 asl = isc_mem_get(zone->mctx, sizeof (*asl));
2225 asl->zone = NULL;
2229 e = isc_event_allocate(zone->zmgr->mctx, zone->zmgr,
2236 LOCK_ZONE(zone);
2237 zone_iattach(zone, &asl->zone);
2238 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADPENDING);
2239 isc_task_send(zone->loadtask, &e);
2240 UNLOCK_ZONE(zone);
2246 isc_mem_put(zone->mctx, asl, sizeof (*asl));
2251 dns__zone_loadpending(dns_zone_t *zone) {
2252 REQUIRE(DNS_ZONE_VALID(zone));
2254 return (ISC_TF(DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING)));
2258 dns_zone_loadandthaw(dns_zone_t *zone) {
2261 if (inline_raw(zone))
2262 result = zone_load(zone->secure, DNS_ZONELOADFLAG_THAW,
2265 result = zone_load(zone, DNS_ZONELOADFLAG_THAW, ISC_FALSE);
2274 zone->update_disabled = ISC_FALSE;
2277 zone->update_disabled = ISC_FALSE;
2287 get_master_options(dns_zone_t *zone) {
2291 if (zone->type == dns_zone_slave ||
2292 (zone->type == dns_zone_redirect && zone->masters == NULL))
2294 if (zone->type == dns_zone_key)
2296 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNS))
2298 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_FATALNS))
2300 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMES))
2302 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL))
2304 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMX))
2306 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMXFAIL))
2308 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKWILDCARD))
2310 if (DNS_ZONE_OPTION2(zone, DNS_ZONEOPT2_CHECKTTL))
2318 dns_zone_t *zone = (dns_zone_t *) arg;
2321 REQUIRE(DNS_ZONE_VALID(zone));
2329 for (inc = ISC_LIST_HEAD(zone->newincludes);
2335 inc = isc_mem_get(zone->mctx, sizeof(dns_include_t));
2338 inc->name = isc_mem_strdup(zone->mctx, filename);
2340 isc_mem_put(zone->mctx, inc, sizeof(dns_include_t));
2349 ISC_LIST_APPEND(zone->newincludes, inc, link);
2366 options = get_master_options(load->zone);
2368 result = dns_master_loadfileinc5(load->zone->masterfile,
2371 load->zone->rdclass, options, 0,
2374 &load->zone->lctx,
2376 load->zone, load->zone->mctx,
2377 load->zone->masterformat,
2378 load->zone->maxttl);
2408 dns_zone_t *zone = event->ev_arg;
2413 REQUIRE(DNS_ZONE_VALID(zone));
2414 INSIST(task == zone->task);
2423 LOCK_ZONE(zone);
2424 INSIST(zone != zone->raw);
2425 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
2426 if (zone->db != NULL) {
2429 dns_db_currentversion(zone->db, &version);
2431 if (inline_secure(zone))
2432 get_raw_serial(zone->raw, &rawdata);
2433 if (zone->type == dns_zone_key)
2435 else if (zone->masterstyle != NULL)
2436 output_style = zone->masterstyle;
2439 result = dns_master_dumpinc3(zone->mctx, zone->db, version,
2440 output_style, zone->masterfile,
2441 zone->task, dump_done, zone, &zone->dctx, zone->masterformat,
2443 dns_db_closeversion(zone->db, &version, ISC_FALSE);
2446 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
2447 UNLOCK_ZONE(zone);
2453 dump_done(zone, result);
2463 zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header) {
2467 zone->sourceserial = header->sourceserial;
2468 zone->sourceserialset = ISC_TRUE;
2472 dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header) {
2473 if (zone == NULL)
2476 LOCK_ZONE(zone);
2477 zone_setrawdata(zone, header);
2478 UNLOCK_ZONE(zone);
2482 zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
2488 dns_zone_rpz_enable_db(zone, db);
2489 dns_zone_catz_enable_db(zone, db);
2490 options = get_master_options(zone);
2491 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MANYERRORS))
2494 if (zone->zmgr != NULL && zone->db != NULL && zone->loadtask != NULL) {
2495 load = isc_mem_get(zone->mctx, sizeof(*load));
2500 load->zone = NULL;
2505 isc_mem_attach(zone->mctx, &load->mctx);
2506 zone_iattach(zone, &load->zone);
2510 zone_iattach(zone, &load->callbacks.zone);
2514 result = zonemgr_getio(zone->zmgr, ISC_TRUE, zone->loadtask,
2516 &zone->readio);
2531 zone_iattach(zone, &callbacks.zone);
2534 zone_idetach(&callbacks.zone);
2537 result = dns_master_loadfile5(zone->masterfile,
2538 &zone->origin, &zone->origin,
2539 zone->rdclass, options, 0,
2542 zone, zone->mctx,
2543 zone->masterformat,
2544 zone->maxttl);
2548 zone_idetach(&callbacks.zone);
2556 zone_idetach(&load->zone);
2557 zone_idetach(&load->callbacks.zone);
2559 isc_mem_put(zone->mctx, load, sizeof(*load));
2564 zone_check_mx(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
2582 * Outside of zone.
2584 if (!dns_name_issubdomain(name, &zone->origin)) {
2585 if (zone->checkmx != NULL)
2586 return ((zone->checkmx)(zone, name, owner));
2590 if (zone->type == dns_zone_master)
2614 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMXFAIL))
2616 dns_zone_log(zone, level,
2623 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNMXCNAME) ||
2624 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME))
2626 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME))
2627 dns_zone_log(zone, level,
2634 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNMXCNAME) ||
2635 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME))
2637 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME)) {
2639 dns_zone_log(zone, level, "%s/MX '%s' is below a DNAME"
2646 if (zone->checkmx != NULL && result == DNS_R_DELEGATION)
2647 return ((zone->checkmx)(zone, name, owner));
2653 zone_check_srv(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
2671 * Outside of zone.
2673 if (!dns_name_issubdomain(name, &zone->origin)) {
2674 if (zone->checksrv != NULL)
2675 return ((zone->checksrv)(zone, name, owner));
2679 if (zone->type == dns_zone_master)
2703 dns_zone_log(zone, level,
2711 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNSRVCNAME) ||
2712 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME))
2714 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME))
2715 dns_zone_log(zone, level,
2722 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNSRVCNAME) ||
2723 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME))
2725 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME)) {
2727 dns_zone_log(zone, level, "%s/SRV '%s' is below a "
2734 if (zone->checksrv != NULL && result == DNS_R_DELEGATION)
2735 return ((zone->checksrv)(zone, name, owner));
2741 zone_check_glue(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
2756 * Outside of zone.
2758 if (!dns_name_issubdomain(name, &zone->origin)) {
2759 if (zone->checkns != NULL)
2760 return ((zone->checkns)(zone, name, owner, NULL, NULL));
2764 if (zone->type == dns_zone_master)
2813 * Check glue against child zone.
2815 if (zone->checkns != NULL)
2816 answer = (zone->checkns)(zone, name, owner,
2841 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKSIBLING)) {
2842 dns_zone_log(zone, level, "%s/NS '%s' has no %s"
2848 if (result == DNS_R_DELEGATION && zone->checkns != NULL)
2849 (void)(zone->checkns)(zone, name, owner,
2855 dns_zone_log(zone, level, "%s/NS '%s' is a CNAME (illegal)",
2861 dns_zone_log(zone, level,
2876 zone_rrset_check_dup(dns_zone_t *zone, dns_name_t *owner,
2888 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKDUPRRFAIL))
2918 dns_zone_log(zone, level, "%s/%s has "
2934 zone_check_dup(dns_zone_t *zone, dns_db_t *db) {
2967 if (!zone_rrset_check_dup(zone, name, &rdataset))
3011 integrity_checks(dns_zone_t *zone, dns_db_t *db) {
3044 * Is this name visible in the zone?
3046 if (!dns_name_issubdomain(name, &zone->origin) ||
3054 if (dns_name_equal(name, &zone->origin))
3062 * Remember bottom of zone due to NS.
3071 if (!zone_check_glue(zone, db, &ns.name, name))
3085 * Remember bottom of zone due to DNAME.
3100 if (!zone_check_mx(zone, db, &mx.mx, name))
3108 if (zone->rdclass != dns_rdataclass_in)
3119 if (!zone_check_srv(zone, db, &srv.target, name))
3131 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKSPF))
3133 if (zone->rdclass != dns_rdataclass_in)
3162 dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found type "
3186 zone_check_dnskeys(dns_zone_t *zone, dns_db_t *db) {
3196 result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
3230 dns_zone_log(zone, ISC_LOG_WARNING,
3249 resume_signingwithkey(dns_zone_t *zone) {
3257 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
3258 if (zone->db != NULL)
3259 dns_db_attach(zone->db, &db);
3260 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
3264 result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
3271 zone->privatetype,
3290 result = zone_signwithkey(zone, rdata.data[0],
3294 dns_zone_log(zone, ISC_LOG_ERROR,
3319 zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
3330 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
3331 if (zone->db != NULL)
3332 dns_db_attach(zone->db, &db);
3333 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
3341 * If this zone is not NSEC3-capable, attempting to remove any NSEC3
3359 nsec3chain = isc_mem_get(zone->mctx, sizeof *nsec3chain);
3418 dns_zone_log(zone, ISC_LOG_INFO,
3428 for (current = ISC_LIST_HEAD(zone->nsec3chain);
3441 * Attach zone database to the structure initialized above and create
3457 * "nsec3chain" list for the zone and set the appropriate zone
3462 ISC_LIST_INITANDAPPEND(zone->nsec3chain,
3465 if (isc_time_isepoch(&zone->nsec3chaintime)) {
3467 zone->nsec3chaintime = now;
3468 if (zone->task != NULL)
3469 zone_settimer(zone, &now);
3478 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
3488 * Find private-type records at the zone apex which signal that an NSEC3 chain
3495 resume_addnsec3chain(dns_zone_t *zone) {
3504 INSIST(LOCKED_ZONE(zone));
3506 if (zone->privatetype == 0)
3509 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
3510 if (zone->db != NULL)
3511 dns_db_attach(zone->db, &db);
3512 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
3516 result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
3523 * In order to create NSEC3 chains we need the DNSKEY RRset at zone
3530 * Get the RRset containing all private-type records at the zone apex.
3534 zone->privatetype, dns_rdatatype_none,
3568 result = zone_addnsec3chain(zone, &nsec3param);
3570 dns_zone_log(zone, ISC_LOG_ERROR,
3588 set_resigntime(dns_zone_t *zone) {
3597 if (zone->update_disabled)
3600 if (!inline_secure(zone) && (zone->type != dns_zone_master ||
3601 (zone->ssutable == NULL &&
3602 (zone->update_acl == NULL || dns_acl_isnone(zone->update_acl)))))
3608 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
3609 if (zone->db != NULL)
3610 dns_db_attach(zone->db, &db);
3611 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
3613 isc_time_settoepoch(&zone->resigntime);
3620 isc_time_settoepoch(&zone->resigntime);
3624 resign = rdataset.resign - zone->sigresigninginterval;
3628 isc_time_set(&zone->resigntime, resign, nanosecs);
3635 check_nsec3param(dns_zone_t *zone, dns_db_t *db) {
3643 isc_boolean_t dynamic = (zone->type == dns_zone_master) ?
3644 dns_zone_isdynamic(zone, ISC_FALSE) : ISC_FALSE;
3647 result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
3649 dns_zone_log(zone, ISC_LOG_ERROR,
3666 dns_zone_log(zone, ISC_LOG_ERROR,
3685 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NSEC3TESTZONE) &&
3688 dns_zone_log(zone, ISC_LOG_WARNING,
3694 dns_zone_log(zone, ISC_LOG_ERROR,
3696 " in dynamic zone: %u",
3703 dns_zone_log(zone, ISC_LOG_WARNING,
3714 dns_zone_log(zone, ISC_LOG_ERROR,
3727 * Set the timer for refreshing the key zone to the soonest future time
3732 set_refreshkeytimer(dns_zone_t *zone, dns_rdata_keydata_t *key,
3754 if (isc_time_compare(&zone->refreshkeytime, &timenow) < 0 ||
3755 isc_time_compare(&timethen, &zone->refreshkeytime) < 0)
3756 zone->refreshkeytime = timethen;
3758 isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80);
3759 dns_zone_log(zone, ISC_LOG_DEBUG(1), "next key refresh: %s", timebuf);
3760 zone_settimer(zone, &timenow);
3764 * Convert key(s) linked from 'keynode' to KEYDATA and add to the key zone.
3765 * If the key zone is changed, set '*changed' to ISC_TRUE.
3768 create_keydata(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
3816 zone->rdclass, dns_rdatatype_keydata,
3819 /* Add rdata to zone. */
3824 /* Refresh new keys from the zone apex as soon as possible. */
3825 set_refreshkeytimer(zone, &keydata, now, ISC_TRUE);
3846 * Remove from the key zone all the KEYDATA records found in rdataset.
3899 trust_key(dns_zone_t *zone, dns_name_t *keyname,
3914 result = dns_view_getsecroots(zone->view, &sr);
3932 * to the zone will fail.
3935 fail_secure(dns_zone_t *zone, dns_name_t *keyname) {
3939 result = dns_view_getsecroots(zone->view, &sr);
3947 * Scan a set of KEYDATA records from the key zone. The ones that are
3951 load_secroots(dns_zone_t *zone, dns_name_t *name, dns_rdataset_t *rdataset) {
3956 isc_mem_t *mctx = zone->mctx;
3963 result = dns_view_getsecroots(zone->view, &sr);
3983 set_refreshkeytimer(zone, &keydata, now, ISC_TRUE);
4005 trust_key(zone, name, &dnskey, mctx);
4011 dns_zone_log(zone, ISC_LOG_ERROR,
4013 dns_zone_log(zone, ISC_LOG_ERROR,
4016 dns_zone_log(zone, ISC_LOG_ERROR,
4018 fail_secure(zone, name);
4100 * Write all transactions in 'diff' to the zone journal file.
4103 zone_journal(dns_zone_t *zone, dns_diff_t *diff, isc_uint32_t *sourceserial,
4113 journalfile = dns_zone_getjournal(zone);
4115 result = dns_journal_open(zone->mctx, journalfile, mode,
4118 dns_zone_log(zone, ISC_LOG_ERROR,
4129 dns_zone_log(zone, ISC_LOG_ERROR,
4140 * Create an SOA record for a newly-created zone
4143 add_soa(dns_zone_t *zone, dns_db_t *db) {
4150 dns_zone_log(zone, ISC_LOG_DEBUG(1), "creating SOA");
4152 dns_diff_init(zone->mctx, &diff);
4155 dns_zone_log(zone, ISC_LOG_ERROR,
4162 result = dns_soa_buildrdata(&zone->origin, dns_rootname, zone->rdclass,
4165 dns_zone_log(zone, ISC_LOG_ERROR,
4172 &zone->origin, 0, &rdata);
4188 dns_zone_t *zone;
4198 dns_zone_t *zone = ((struct addifmissing_arg *)arg)->zone;
4225 result = create_keydata(zone, db, ver, diff, keytable,
4235 * zone. If a domain is no longer named in managed-keys, delete all keys
4236 * from that domain from the key zone. If a domain is mentioned in in
4237 * managed-keys but there are no references to it in the key zone, load
4238 * the key zone with the initializing key(s) for that domain.
4241 sync_keyzone(dns_zone_t *zone, dns_db_t *db) {
4246 dns_view_t *view = zone->view;
4253 dns_zone_log(zone, ISC_LOG_DEBUG(1), "synchronizing trusted keys");
4255 dns_diff_init(zone->mctx, &diff);
4261 dns_zone_log(zone, ISC_LOG_ERROR,
4268 * Walk the zone DB. If we find any keys whose names are no longer
4271 * zone. Otherwise call load_secroots(), which loads keys into
4301 load_secroots(zone, rrname, rdataset);
4311 * in the zone. If we find any, we add them to the zone.
4317 arg.zone = zone;
4323 CHECK(update_soa_serial(db, ver, &diff, zone->mctx,
4324 zone->updatemethod));
4325 CHECK(zone_journal(zone, &diff, NULL, "sync_keyzone"));
4327 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
4328 zone_needdump(zone, 30);
4334 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
4335 dns_zone_log(zone, ISC_LOG_ERROR,
4338 isc_time_settoepoch(&zone->refreshkeytime);
4354 dns_zone_synckeyzone(dns_zone_t *zone) {
4358 if (zone->type != dns_zone_key)
4361 CHECK(dns_zone_getdb(zone, &db));
4363 LOCK_ZONE(zone);
4364 result = sync_keyzone(zone, db);
4365 UNLOCK_ZONE(zone);
4374 maybe_send_secure(dns_zone_t *zone) {
4379 * 'secure' zone. We now need information about the status of the
4380 * 'raw' zone. If we failed to load, then we need it to send a
4386 if (zone->raw->db != NULL) {
4387 if (zone->db != NULL) {
4391 result = zone_get_from_db(zone->raw, zone->raw->db,
4395 zone_send_secureserial(zone->raw, serial);
4397 zone_send_securedb(zone->raw, zone->raw->db);
4400 DNS_ZONE_SETFLAG(zone->raw, DNS_ZONEFLG_SENDSECURE);
4418 * The zone is presumed to be locked.
4419 * If this is a inline_raw zone the secure version is also locked.
4422 zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
4431 isc_boolean_t hasinclude = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HASINCLUDE);
4436 INSIST(LOCKED_ZONE(zone));
4437 if (inline_raw(zone))
4438 INSIST(LOCKED_ZONE(zone->secure));
4443 * Initiate zone transfer? We may need a error code that
4448 if (zone->type == dns_zone_slave ||
4449 zone->type == dns_zone_stub ||
4450 (zone->type == dns_zone_redirect &&
4451 zone->masters == NULL)) {
4453 dns_zone_log(zone, ISC_LOG_DEBUG(1),
4456 dns_zone_log(zone, ISC_LOG_ERROR,
4459 zone->masterfile,
4461 } else if (zone->type == dns_zone_master &&
4462 inline_secure(zone) && result == ISC_R_FILENOTFOUND)
4464 dns_zone_log(zone, ISC_LOG_DEBUG(1),
4466 maybe_send_secure(zone);
4469 if (zone->type == dns_zone_key &&
4472 dns_zone_log(zone, level,
4474 zone->masterfile,
4479 if (zone->type != dns_zone_key)
4483 dns_zone_log(zone, ISC_LOG_DEBUG(2),
4488 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HASINCLUDE);
4490 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HASINCLUDE);
4493 * If there's no master file for a key zone, then the zone is new:
4498 if (nomaster && zone->type == dns_zone_key) {
4499 result = add_soa(zone, db);
4507 if (zone->journal != NULL &&
4508 ! DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOMERGE) &&
4509 ! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED))
4511 if (zone->type == dns_zone_master &&
4512 (zone->update_acl != NULL || zone->ssutable != NULL))
4516 result = dns_journal_rollforward(zone->mctx, db, options,
4517 zone->journal);
4521 dns_zone_log(zone, ISC_LOG_ERROR,
4529 dns_zone_log(zone, ISC_LOG_ERROR,
4531 "journal out of sync with zone");
4534 dns_zone_log(zone, ISC_LOG_DEBUG(1),
4543 * Obtain ns, soa and cname counts for top of zone.
4546 result = zone_get_from_db(zone, db, &nscount, &soacount, &serial,
4549 if (result != ISC_R_SUCCESS && zone->type != dns_zone_key) {
4550 dns_zone_log(zone, ISC_LOG_ERROR,
4559 if (zone->journal != NULL && dns_zone_isdynamic(zone, ISC_TRUE) &&
4560 ! DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS)) {
4564 result = dns_journal_open(zone->mctx, zone->journal,
4575 dns_zone_log(zone, ISC_LOG_INFO,
4578 if (remove(zone->journal) < 0 && errno != ENOENT) {
4587 zone->journal, strbuf);
4592 dns_zone_log(zone, ISC_LOG_DEBUG(1), "loaded; checking validity");
4596 * the top of the zone.
4599 switch (zone->type) {
4606 dns_zone_log(zone, ISC_LOG_ERROR,
4611 dns_zone_log(zone, ISC_LOG_ERROR,
4617 if (zone->type == dns_zone_master && errors != 0) {
4621 if (zone->type != dns_zone_stub &&
4622 zone->type != dns_zone_redirect) {
4623 result = check_nsec3param(zone, db);
4627 if (zone->type == dns_zone_master &&
4628 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKINTEGRITY) &&
4629 !integrity_checks(zone, db)) {
4633 if (zone->type == dns_zone_master &&
4634 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKDUPRR) &&
4635 !zone_check_dup(zone, db)) {
4640 if (zone->db != NULL) {
4647 result = zone_get_from_db(zone, zone->db, NULL,
4653 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS) &&
4657 INSIST(zone->type == dns_zone_master);
4660 zone_unchanged(zone->db, db, zone->mctx)) {
4661 dns_zone_log(zone, ISC_LOG_INFO,
4670 dns_zone_log(zone, ISC_LOG_ERROR,
4678 dns_zone_log(zone, ISC_LOG_ERROR,
4679 "zone serial (%u/%u) has gone "
4682 strcmp(zone->db_argv[0], "_builtin") != 0)
4683 dns_zone_log(zone, ISC_LOG_ERROR,
4684 "zone serial (%u) unchanged. "
4685 "zone may fail to transfer "
4689 if (zone->type == dns_zone_master &&
4690 (zone->update_acl != NULL || zone->ssutable != NULL) &&
4691 zone->sigresigninginterval < (3 * refresh) &&
4694 dns_zone_log(zone, ISC_LOG_WARNING,
4699 zone->refresh = RANGE(refresh,
4700 zone->minrefresh, zone->maxrefresh);
4701 zone->retry = RANGE(retry,
4702 zone->minretry, zone->maxretry);
4703 zone->expire = RANGE(expire, zone->refresh + zone->retry,
4705 zone->minimum = minimum;
4706 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
4708 if (zone->type == dns_zone_slave ||
4709 zone->type == dns_zone_stub ||
4710 (zone->type == dns_zone_redirect &&
4711 zone->masters != NULL)) {
4715 result = isc_file_getmodtime(zone->journal, &t);
4717 result = isc_file_getmodtime(zone->masterfile,
4720 DNS_ZONE_TIME_ADD(&t, zone->expire,
4721 &zone->expiretime);
4723 DNS_ZONE_TIME_ADD(&now, zone->retry,
4724 &zone->expiretime);
4726 delay = isc_random_jitter(zone->retry,
4727 (zone->retry * 3) / 4);
4728 DNS_ZONE_TIME_ADD(&now, delay, &zone->refreshtime);
4729 if (isc_time_compare(&zone->refreshtime,
4730 &zone->expiretime) >= 0)
4731 zone->refreshtime = now;
4737 result = sync_keyzone(zone, db);
4744 "unexpected zone type %d", zone->type);
4752 if (zone->type == dns_zone_master)
4753 zone_check_dnskeys(zone, db);
4758 if (zone->type == dns_zone_master &&
4759 DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_MAINTAIN))
4760 zone->refreshkeytime = now;
4765 isc_event_t *e = isc_event_allocate(zone->mctx, NULL,
4768 zone,
4770 dns_db_ondestroy(db, zone->task, &e);
4774 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
4775 if (zone->db != NULL) {
4776 result = zone_replacedb(zone, db, ISC_FALSE);
4777 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
4784 zone_attachdb(zone, db);
4785 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
4786 DNS_ZONE_SETFLAG(zone,
4789 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SENDSECURE) &&
4790 inline_raw(zone))
4792 if (zone->secure->db == NULL)
4793 zone_send_securedb(zone, db);
4795 zone_send_secureserial(zone, serial);
4800 * Finished loading inline-signing zone; need to get status
4803 if (zone->type == dns_zone_master && inline_secure(zone))
4804 maybe_send_secure(zone);
4810 if (zone->type == dns_zone_key)
4811 zone_needdump(zone, 30);
4813 zone_needdump(zone, DNS_DUMP_DELAY);
4816 if (zone->task != NULL) {
4817 if (zone->type == dns_zone_master) {
4818 set_resigntime(zone);
4819 resume_signingwithkey(zone);
4820 resume_addnsec3chain(zone);
4823 if (zone->type == dns_zone_master &&
4824 !DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_NORESIGN) &&
4825 dns_zone_isdynamic(zone, ISC_FALSE) &&
4845 dns_zone_log(zone, ISC_LOG_DEBUG(3),
4849 zone->sigresigninginterval);
4852 dns_zone_log(zone, ISC_LOG_WARNING,
4853 "signed dynamic zone has no "
4857 zone_settimer(zone, &now);
4863 for (inc = ISC_LIST_HEAD(zone->includes);
4865 inc = ISC_LIST_HEAD(zone->includes)) {
4866 ISC_LIST_UNLINK(zone->includes, inc, link);
4867 isc_mem_free(zone->mctx, inc->name);
4868 isc_mem_put(zone->mctx, inc, sizeof(*inc));
4870 zone->nincludes = 0;
4875 for (inc = ISC_LIST_HEAD(zone->newincludes);
4877 inc = ISC_LIST_HEAD(zone->newincludes)) {
4878 ISC_LIST_UNLINK(zone->newincludes, inc, link);
4879 ISC_LIST_APPEND(zone->includes, inc, link);
4880 zone->nincludes++;
4884 dns_zone_log(zone, ISC_LOG_INFO, "loaded serial %u%s", serial,
4887 zone->loadtime = loadtime;
4888 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADPENDING);
4892 for (inc = ISC_LIST_HEAD(zone->newincludes);
4894 inc = ISC_LIST_HEAD(zone->newincludes)) {
4895 ISC_LIST_UNLINK(zone->newincludes, inc, link);
4896 isc_mem_free(zone->mctx, inc->name);
4897 isc_mem_put(zone->mctx, inc, sizeof(*inc));
4899 if (zone->type == dns_zone_slave ||
4900 zone->type == dns_zone_stub ||
4901 zone->type == dns_zone_key ||
4902 (zone->type == dns_zone_redirect && zone->masters != NULL)) {
4904 if (zone->journal != NULL)
4905 zone_saveunique(zone, zone->journal,
4907 if (zone->masterfile != NULL)
4908 zone_saveunique(zone, zone->masterfile,
4912 /* Mark the zone for immediate refresh. */
4913 zone->refreshtime = now;
4914 if (zone->task != NULL)
4915 zone_settimer(zone, &now);
4917 } else if (zone->type == dns_zone_master ||
4918 zone->type == dns_zone_redirect) {
4919 if (!(inline_secure(zone) && result == ISC_R_FILENOTFOUND))
4920 dns_zone_log(zone, ISC_LOG_ERROR,
4922 else if (zone->type == dns_zone_master)
4930 exit_check(dns_zone_t *zone) {
4931 REQUIRE(LOCKED_ZONE(zone));
4933 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SHUTDOWN) && zone->irefs == 0) {
4937 INSIST(isc_refcount_current(&zone->erefs) == 0);
4944 zone_check_ns(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version,
4954 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOCHECKNS))
4957 if (zone->type == dns_zone_master)
4981 dns_zone_log(zone, level, "NS '%s' has no address "
4990 dns_zone_log(zone, level, "NS '%s' is a CNAME "
5000 dns_zone_log(zone, level, "NS '%s' is below a DNAME "
5010 zone_count_ns_rr(dns_zone_t *zone, dns_db_t *db, dns_dbnode_t *node,
5035 if (errors != NULL && zone->rdclass == dns_rdataclass_in &&
5036 (zone->type == dns_zone_master ||
5037 zone->type == dns_zone_slave)) {
5042 if (dns_name_issubdomain(&ns.name, &zone->origin) &&
5043 !zone_check_ns(zone, db, version, &ns.name, logit))
5157 * zone must be locked.
5160 zone_get_from_db(dns_zone_t *zone, dns_db_t *db, unsigned int *nscount,
5172 REQUIRE(zone != NULL);
5192 result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
5199 result = zone_count_ns_rr(zone, db, node, version,
5231 dns_zone_t *zone;
5239 zone = *zonep;
5241 isc_refcount_decrement(&zone->erefs, &refs);
5244 LOCK_ZONE(zone);
5245 INSIST(zone != zone->raw);
5249 if (zone->task != NULL) {
5251 * This zone is being managed. Post
5256 isc_event_t *ev = &zone->ctlevent;
5257 isc_task_send(zone->task, &ev);
5260 * This zone is not being managed; it has
5270 INSIST(zone->view == NULL);
5272 raw = zone->raw;
5273 zone->raw = NULL;
5274 secure = zone->secure;
5275 zone->secure = NULL;
5277 UNLOCK_ZONE(zone);
5285 zone_free(zone);
5315 dns_zone_t *zone;
5318 * 'zone' locked by caller.
5321 zone = *zonep;
5325 INSIST(zone->irefs > 0);
5326 zone->irefs--;
5327 INSIST(zone->irefs + isc_refcount_current(&zone->erefs) > 0);
5332 dns_zone_t *zone;
5336 zone = *zonep;
5339 LOCK_ZONE(zone);
5340 INSIST(zone->irefs > 0);
5341 zone->irefs--;
5342 free_needed = exit_check(zone);
5343 UNLOCK_ZONE(zone);
5345 zone_free(zone);
5349 dns_zone_getmctx(dns_zone_t *zone) {
5350 REQUIRE(DNS_ZONE_VALID(zone));
5352 return (zone->mctx);
5356 dns_zone_getmgr(dns_zone_t *zone) {
5357 REQUIRE(DNS_ZONE_VALID(zone));
5359 return (zone->zmgr);
5363 dns_zone_setflag(dns_zone_t *zone, unsigned int flags, isc_boolean_t value) {
5364 REQUIRE(DNS_ZONE_VALID(zone));
5366 LOCK_ZONE(zone);
5368 DNS_ZONE_SETFLAG(zone, flags);
5370 DNS_ZONE_CLRFLAG(zone, flags);
5371 UNLOCK_ZONE(zone);
5375 dns_zone_setoption(dns_zone_t *zone, unsigned int option,
5378 REQUIRE(DNS_ZONE_VALID(zone));
5380 LOCK_ZONE(zone);
5382 zone->options |= option;
5384 zone->options &= ~option;
5385 UNLOCK_ZONE(zone);
5389 dns_zone_setoption2(dns_zone_t *zone, unsigned int option,
5392 REQUIRE(DNS_ZONE_VALID(zone));
5394 LOCK_ZONE(zone);
5396 zone->options2 |= option;
5398 zone->options2 &= ~option;
5399 UNLOCK_ZONE(zone);
5403 dns_zone_getoptions(dns_zone_t *zone) {
5404 REQUIRE(DNS_ZONE_VALID(zone));
5406 return (zone->options);
5410 dns_zone_getoptions2(dns_zone_t *zone) {
5411 REQUIRE(DNS_ZONE_VALID(zone));
5413 return (zone->options2);
5417 dns_zone_setkeyopt(dns_zone_t *zone, unsigned int keyopt, isc_boolean_t value)
5419 REQUIRE(DNS_ZONE_VALID(zone));
5421 LOCK_ZONE(zone);
5423 zone->keyopts |= keyopt;
5425 zone->keyopts &= ~keyopt;
5426 UNLOCK_ZONE(zone);
5430 dns_zone_getkeyopts(dns_zone_t *zone) {
5432 REQUIRE(DNS_ZONE_VALID(zone));
5434 return (zone->keyopts);
5438 dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) {
5439 REQUIRE(DNS_ZONE_VALID(zone));
5441 LOCK_ZONE(zone);
5442 zone->xfrsource4 = *xfrsource;
5443 UNLOCK_ZONE(zone);
5449 dns_zone_getxfrsource4(dns_zone_t *zone) {
5450 REQUIRE(DNS_ZONE_VALID(zone));
5451 return (&zone->xfrsource4);
5455 dns_zone_setxfrsource4dscp(dns_zone_t *zone, isc_dscp_t dscp) {
5456 REQUIRE(DNS_ZONE_VALID(zone));
5458 LOCK_ZONE(zone);
5459 zone->xfrsource4dscp = dscp;
5460 UNLOCK_ZONE(zone);
5466 dns_zone_getxfrsource4dscp(dns_zone_t *zone) {
5467 REQUIRE(DNS_ZONE_VALID(zone));
5468 return (zone->xfrsource4dscp);
5472 dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) {
5473 REQUIRE(DNS_ZONE_VALID(zone));
5475 LOCK_ZONE(zone);
5476 zone->xfrsource6 = *xfrsource;
5477 UNLOCK_ZONE(zone);
5483 dns_zone_getxfrsource6(dns_zone_t *zone) {
5484 REQUIRE(DNS_ZONE_VALID(zone));
5485 return (&zone->xfrsource6);
5489 dns_zone_getxfrsource6dscp(dns_zone_t *zone) {
5490 REQUIRE(DNS_ZONE_VALID(zone));
5491 return (zone->xfrsource6dscp);
5495 dns_zone_setxfrsource6dscp(dns_zone_t *zone, isc_dscp_t dscp) {
5496 REQUIRE(DNS_ZONE_VALID(zone));
5498 LOCK_ZONE(zone);
5499 zone->xfrsource6dscp = dscp;
5500 UNLOCK_ZONE(zone);
5506 dns_zone_setaltxfrsource4(dns_zone_t *zone,
5509 REQUIRE(DNS_ZONE_VALID(zone));
5511 LOCK_ZONE(zone);
5512 zone->altxfrsource4 = *altxfrsource;
5513 UNLOCK_ZONE(zone);
5519 dns_zone_getaltxfrsource4(dns_zone_t *zone) {
5520 REQUIRE(DNS_ZONE_VALID(zone));
5521 return (&zone->altxfrsource4);
5525 dns_zone_setaltxfrsource4dscp(dns_zone_t *zone, isc_dscp_t dscp) {
5526 REQUIRE(DNS_ZONE_VALID(zone));
5528 LOCK_ZONE(zone);
5529 zone->altxfrsource4dscp = dscp;
5530 UNLOCK_ZONE(zone);
5536 dns_zone_getaltxfrsource4dscp(dns_zone_t *zone) {
5537 REQUIRE(DNS_ZONE_VALID(zone));
5538 return (zone->altxfrsource4dscp);
5542 dns_zone_setaltxfrsource6(dns_zone_t *zone,
5545 REQUIRE(DNS_ZONE_VALID(zone));
5547 LOCK_ZONE(zone);
5548 zone->altxfrsource6 = *altxfrsource;
5549 UNLOCK_ZONE(zone);
5555 dns_zone_getaltxfrsource6(dns_zone_t *zone) {
5556 REQUIRE(DNS_ZONE_VALID(zone));
5557 return (&zone->altxfrsource6);
5561 dns_zone_setaltxfrsource6dscp(dns_zone_t *zone, isc_dscp_t dscp) {
5562 REQUIRE(DNS_ZONE_VALID(zone));
5564 LOCK_ZONE(zone);
5565 zone->altxfrsource6dscp = dscp;
5566 UNLOCK_ZONE(zone);
5572 dns_zone_getaltxfrsource6dscp(dns_zone_t *zone) {
5573 REQUIRE(DNS_ZONE_VALID(zone));
5574 return (zone->altxfrsource6dscp);
5578 dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) {
5579 REQUIRE(DNS_ZONE_VALID(zone));
5581 LOCK_ZONE(zone);
5582 zone->notifysrc4 = *notifysrc;
5583 UNLOCK_ZONE(zone);
5589 dns_zone_getnotifysrc4(dns_zone_t *zone) {
5590 REQUIRE(DNS_ZONE_VALID(zone));
5591 return (&zone->notifysrc4);
5595 dns_zone_setnotifysrc4dscp(dns_zone_t *zone, isc_dscp_t dscp) {
5596 REQUIRE(DNS_ZONE_VALID(zone));
5598 LOCK_ZONE(zone);
5599 zone->notifysrc4dscp = dscp;
5600 UNLOCK_ZONE(zone);
5606 dns_zone_getnotifysrc4dscp(dns_zone_t *zone) {
5607 REQUIRE(DNS_ZONE_VALID(zone));
5608 return (zone->notifysrc4dscp);
5612 dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) {
5613 REQUIRE(DNS_ZONE_VALID(zone));
5615 LOCK_ZONE(zone);
5616 zone->notifysrc6 = *notifysrc;
5617 UNLOCK_ZONE(zone);
5623 dns_zone_getnotifysrc6(dns_zone_t *zone) {
5624 REQUIRE(DNS_ZONE_VALID(zone));
5625 return (&zone->notifysrc6);
5782 dns_zone_setnotifysrc6dscp(dns_zone_t *zone, isc_dscp_t dscp) {
5783 REQUIRE(DNS_ZONE_VALID(zone));
5785 LOCK_ZONE(zone);
5786 zone->notifysrc6dscp = dscp;
5787 UNLOCK_ZONE(zone);
5793 dns_zone_getnotifysrc6dscp(dns_zone_t *zone) {
5794 REQUIRE(DNS_ZONE_VALID(zone));
5795 return (zone->notifysrc6dscp);
5799 dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify,
5802 return (dns_zone_setalsonotifydscpkeys(zone, notify, NULL, NULL,
5807 dns_zone_setalsonotifywithkeys(dns_zone_t *zone, const isc_sockaddr_t *notify,
5810 return (dns_zone_setalsonotifydscpkeys(zone, notify, NULL, keynames,
5815 dns_zone_setalsonotifydscpkeys(dns_zone_t *zone, const isc_sockaddr_t *notify,
5824 REQUIRE(DNS_ZONE_VALID(zone));
5829 LOCK_ZONE(zone);
5831 if (count == zone->notifycnt &&
5832 same_addrs(zone->notify, notify, count) &&
5833 same_keynames(zone->notifykeynames, keynames, count))
5836 clear_addresskeylist(&zone->notify, &zone->notifydscp,
5837 &zone->notifykeynames, &zone->notifycnt,
5838 zone->mctx);
5847 keynames, &newnames, zone->mctx);
5852 * Everything is ok so attach to the zone.
5854 zone->notify = newaddrs;
5855 zone->notifydscp = newdscps;
5856 zone->notifykeynames = newnames;
5857 zone->notifycnt = count;
5859 UNLOCK_ZONE(zone);
5864 dns_zone_setmasters(dns_zone_t *zone, const isc_sockaddr_t *masters,
5869 result = dns_zone_setmasterswithkeys(zone, masters, NULL, count);
5874 dns_zone_setmasterswithkeys(dns_zone_t *zone,
5886 REQUIRE(DNS_ZONE_VALID(zone));
5892 LOCK_ZONE(zone);
5899 if (count != zone->masterscnt ||
5900 !same_addrs(zone->masters, masters, count) ||
5901 !same_keynames(zone->masterkeynames, keynames, count)) {
5902 if (zone->request != NULL)
5903 dns_request_cancel(zone->request);
5909 * zone->masterscnt to 0:
5911 if (zone->mastersok != NULL) {
5912 isc_mem_put(zone->mctx, zone->mastersok,
5913 zone->masterscnt * sizeof(isc_boolean_t));
5914 zone->mastersok = NULL;
5916 clear_addresskeylist(&zone->masters, &zone->masterdscps,
5917 &zone->masterkeynames, &zone->masterscnt,
5918 zone->mctx);
5929 newok = isc_mem_get(zone->mctx, count * sizeof(*newok));
5932 isc_mem_put(zone->mctx, newaddrs, count * sizeof(*newaddrs));
5942 keynames, &newnames, zone->mctx);
5945 isc_mem_put(zone->mctx, newok, count * sizeof(*newok));
5950 * Everything is ok so attach to the zone.
5952 zone->curmaster = 0;
5953 zone->mastersok = newok;
5954 zone->masters = newaddrs;
5955 zone->masterdscps = newdscps;
5956 zone->masterkeynames = newnames;
5957 zone->masterscnt = count;
5958 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOMASTERS);
5961 UNLOCK_ZONE(zone);
5966 dns_zone_getdb(dns_zone_t *zone, dns_db_t **dpb) {
5969 REQUIRE(DNS_ZONE_VALID(zone));
5971 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
5972 if (zone->db == NULL)
5975 dns_db_attach(zone->db, dpb);
5976 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
5982 dns_zone_setdb(dns_zone_t *zone, dns_db_t *db) {
5983 REQUIRE(DNS_ZONE_VALID(zone));
5984 REQUIRE(zone->type == dns_zone_staticstub);
5986 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
5987 REQUIRE(zone->db == NULL);
5988 dns_db_attach(db, &zone->db);
5989 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
5996 dns_zone_maintenance(dns_zone_t *zone) {
6000 REQUIRE(DNS_ZONE_VALID(zone));
6003 LOCK_ZONE(zone);
6005 zone_settimer(zone, &now);
6006 UNLOCK_ZONE(zone);
6010 was_dumping(dns_zone_t *zone) {
6013 REQUIRE(LOCKED_ZONE(zone));
6015 dumping = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING);
6016 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DUMPING);
6018 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
6019 isc_time_settoepoch(&zone->dumptime);
6025 find_zone_keys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
6031 const char *directory = dns_zone_getkeydirectory(zone);
6066 set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when, isc_stdtime_t now)
6071 zone->key_expiry = when;
6073 dns_zone_log(zone, ISC_LOG_ERROR,
6075 isc_time_settoepoch(&zone->keywarntime);
6080 dns_zone_log(zone, ISC_LOG_WARNING,
6087 isc_time_set(&zone->keywarntime, when - delta, 0);
6089 isc_time_set(&zone->keywarntime, when - 7 * 24 * 3600, 0);
6090 isc_time_formattimestamp(&zone->keywarntime, timebuf, 80);
6091 dns_zone_log(zone, ISC_LOG_NOTICE,
6155 del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
6231 if (zone->log_key_expired_timer <= now) {
6234 dns_name_format(&zone->origin, origin,
6239 dns_zone_log(zone, ISC_LOG_WARNING,
6246 zone->log_key_expired_timer = now +
6318 set_key_expiry_warning(zone, (isc_stdtime_t)timewarn,
6322 dns_zone_log(zone, ISC_LOG_ERROR,
6436 zone_resigninc(dns_zone_t *zone) {
6459 dns_diff_init(zone->mctx, &_sig_diff);
6466 if (zone->update_disabled ||
6467 DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_NORESIGN))
6473 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
6474 dns_db_attach(zone->db, &db);
6475 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
6479 dns_zone_log(zone, ISC_LOG_ERROR,
6487 result = find_zone_keys(zone, db, version, now, zone->mctx,
6490 dns_zone_log(zone, ISC_LOG_ERROR,
6497 soaexpire = now + dns_zone_getsigvalidityinterval(zone);
6507 check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
6508 keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
6513 dns_zone_log(zone, ISC_LOG_ERROR,
6520 resign = rdataset.resign - zone->sigresigninginterval;
6526 * entire zone. The SOA record should always be the most
6530 if (covers == dns_rdatatype_soa || i++ > zone->signatures ||
6534 result = del_sigs(zone, db, version, name, covers, &zonediff,
6537 dns_zone_log(zone, ISC_LOG_ERROR,
6544 zone_keys, nkeys, zone->mctx, inception,
6547 dns_zone_log(zone, ISC_LOG_ERROR,
6558 dns_zone_log(zone, ISC_LOG_ERROR,
6566 result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa,
6569 dns_zone_log(zone, ISC_LOG_ERROR,
6576 * Did we change anything in the zone?
6588 result = update_soa_serial(db, version, zonediff.diff, zone->mctx,
6589 zone->updatemethod);
6591 dns_zone_log(zone, ISC_LOG_ERROR,
6601 result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
6602 zonediff.diff, zone_keys, nkeys, zone->mctx,
6605 dns_zone_log(zone, ISC_LOG_ERROR,
6612 CHECK(zone_journal(zone, zonediff.diff, NULL, "zone_resigninc"));
6627 set_resigntime(zone);
6628 LOCK_ZONE(zone);
6629 zone_needdump(zone, DNS_DUMP_DELAY);
6630 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
6631 UNLOCK_ZONE(zone);
6638 isc_time_nowplusinterval(&zone->resigntime, &ival);
6905 updatesignwithkey(dns_zone_t *zone, dns_signing_t *signing,
6923 zone->privatetype, dns_rdatatype_none,
6957 * we need to sign the zone with the matching key across a
6965 DNS_DIFFOP_DEL, &zone->origin,
6974 * finished signing the zone with this key. If it is already
6984 rdata.type = zone->privatetype;
6987 &zone->origin, rdataset.ttl, &rdata));
7010 * Called from zone_nsec3chain() in order to update zone records indicating
7028 * 0, indicating that this NSEC3 chain is now complete for this zone.
7319 dst_key_t *zone_keys[], unsigned int nkeys, dns_zone_t *zone,
7330 result = del_sigs(zone, db, version, &tuple->name,
7334 dns_zone_log(zone, ISC_LOG_ERROR,
7341 zone_keys, nkeys, zone->mctx, inception,
7344 dns_zone_log(zone, ISC_LOG_ERROR,
7370 zone_nsec3chain(dns_zone_t *zone) {
7403 dns_rdatatype_t privatetype = zone->privatetype;
7412 dns_diff_init(zone->mctx, ¶m_diff);
7413 dns_diff_init(zone->mctx, &nsec3_diff);
7414 dns_diff_init(zone->mctx, &nsec_diff);
7415 dns_diff_init(zone->mctx, &_sig_diff);
7422 if (zone->update_disabled) {
7427 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
7429 * This function is called when zone timer fires, after the latter gets
7431 * zone_addnsec3chain() is closely followed by a zone deletion request,
7433 * after the zone is deleted by rmzone(), which calls dns_db_detach()
7434 * for zone->db, causing the latter to become NULL. Return immediately
7437 if (zone->db != NULL) {
7438 dns_db_attach(zone->db, &db);
7440 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
7447 dns_zone_log(zone, ISC_LOG_ERROR,
7455 result = find_zone_keys(zone, db, version, now, zone->mctx,
7458 dns_zone_log(zone, ISC_LOG_ERROR,
7465 soaexpire = now + dns_zone_getsigvalidityinterval(zone);
7475 check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
7476 keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
7483 nodes = zone->nodes;
7484 signatures = zone->signatures;
7485 LOCK_ZONE(zone);
7486 nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
7487 UNLOCK_ZONE(zone);
7495 * The following while loop iterates over nodes in the zone database,
7499 * from the zone database; if so, the database iterator is reset to
7515 LOCK_ZONE(zone);
7518 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
7519 if (nsec3chain->done || nsec3chain->db != zone->db) {
7520 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain, link);
7523 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
7524 UNLOCK_ZONE(zone);
7575 * Check to see if this is a bottom of zone node.
7619 zone->minimum, unsecure,
7622 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
7652 LOCK_ZONE(zone);
7653 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain,
7655 UNLOCK_ZONE(zone);
7673 LOCK_ZONE(zone);
7674 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain,
7676 UNLOCK_ZONE(zone);
7680 dns_zone_log(zone, ISC_LOG_ERROR,
7717 * zone needs to switch from NSEC3 to NSEC; if so, it first builds an
7718 * NSEC chain by iterating over all nodes in the zone database and only
7725 LOCK_ZONE(zone);
7726 nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
7727 UNLOCK_ZONE(zone);
7731 LOCK_ZONE(zone);
7733 UNLOCK_ZONE(zone);
7752 dns_zone_log(zone, ISC_LOG_ERROR,
7761 dns_zone_log(zone, ISC_LOG_DEBUG(3), "zone_nsec3chain:"
7777 dns_zone_log(zone, ISC_LOG_ERROR,
7792 dns_zone_log(zone, ISC_LOG_ERROR,
7824 * Check to see if this is a bottom of zone node.
7864 CHECK(add_nsec(db, version, name, node, zone->minimum,
7883 LOCK_ZONE(zone);
7884 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain,
7886 UNLOCK_ZONE(zone);
7894 dns_zone_log(zone, ISC_LOG_ERROR,
7902 dns_zone_log(zone, ISC_LOG_ERROR,
7932 * We may need to update the NSEC/NSEC3 records for the zone apex.
7941 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
7963 result = updatesecure(db, version, &zone->origin,
7964 zone->minimum, ISC_TRUE,
7967 dns_zone_log(zone, ISC_LOG_ERROR,
7981 zone->minimum, ISC_FALSE,
7984 dns_zone_log(zone, ISC_LOG_ERROR,
7999 nkeys, zone, inception, expire, now,
8002 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
8012 nkeys, zone, inception, expire, now,
8015 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
8021 result = updatesecure(db, version, &zone->origin,
8022 zone->minimum, ISC_FALSE, &nsec_diff);
8024 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
8032 nkeys, zone, inception, expire, now,
8035 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
8041 * If we made no effective changes to the zone then we can just
8052 result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa,
8055 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
8060 result = update_soa_serial(db, version, zonediff.diff, zone->mctx,
8061 zone->updatemethod);
8063 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
8069 result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
8070 zonediff.diff, zone_keys, nkeys, zone->mctx,
8073 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
8079 CHECK(zone_journal(zone, zonediff.diff, NULL, "zone_nsec3chain"));
8081 LOCK_ZONE(zone);
8082 zone_needdump(zone, DNS_DUMP_DELAY);
8083 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
8084 UNLOCK_ZONE(zone);
8090 LOCK_ZONE(zone);
8091 for (nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
8095 UNLOCK_ZONE(zone);
8111 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
8115 set_resigntime(zone);
8119 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain: %s",
8128 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
8146 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
8148 LOCK_ZONE(zone);
8149 ISC_LIST_PREPEND(zone->nsec3chain, nsec3chain, link);
8150 UNLOCK_ZONE(zone);
8159 LOCK_ZONE(zone);
8160 for (nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
8164 UNLOCK_ZONE(zone);
8185 LOCK_ZONE(zone);
8186 if (ISC_LIST_HEAD(zone->nsec3chain) != NULL) {
8188 if (zone->update_disabled || result != ISC_R_SUCCESS)
8192 isc_time_nowplusinterval(&zone->nsec3chaintime, &interval);
8194 isc_time_settoepoch(&zone->nsec3chaintime);
8195 UNLOCK_ZONE(zone);
8268 * Incrementally sign the zone using the keys requested.
8272 zone_sign(dns_zone_t *zone) {
8308 dns_diff_init(zone->mctx, &_sig_diff);
8309 dns_diff_init(zone->mctx, &post_diff);
8316 if (zone->update_disabled) {
8321 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
8322 if (zone->db != NULL)
8323 dns_db_attach(zone->db, &db);
8324 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
8332 dns_zone_log(zone, ISC_LOG_ERROR,
8340 result = find_zone_keys(zone, db, version, now, zone->mctx,
8343 dns_zone_log(zone, ISC_LOG_ERROR,
8350 soaexpire = now + dns_zone_getsigvalidityinterval(zone);
8365 nodes = zone->nodes;
8366 signatures = zone->signatures;
8367 signing = ISC_LIST_HEAD(zone->signing);
8370 check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
8371 keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
8374 CHECK(dns_private_chains(db, version, zone->privatetype,
8384 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
8385 if (signing->done || signing->db != zone->db) {
8387 * The zone has been reloaded. We will have
8391 ISC_LIST_UNLINK(zone->signing, signing, link);
8393 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
8396 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
8535 expire, zone->minimum, is_ksk,
8538 &signatures, zone->mctx));
8556 ISC_LIST_UNLINK(zone->signing, signing, link);
8562 * zone with a zone signing key.
8565 * for the zone. We can now clear the
8569 &zone->origin,
8570 zone->minimum,
8574 dns_zone_log(zone,
8581 result = updatesignwithkey(zone, signing,
8584 zone->minimum,
8587 dns_zone_log(zone, ISC_LOG_ERROR,
8595 dns_zone_log(zone, ISC_LOG_ERROR,
8618 nkeys, zone, inception, expire, now,
8621 dns_zone_log(zone, ISC_LOG_ERROR, "zone_sign:"
8640 result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa,
8643 dns_zone_log(zone, ISC_LOG_ERROR,
8649 result = update_soa_serial(db, version, zonediff.diff, zone->mctx,
8650 zone->updatemethod);
8652 dns_zone_log(zone, ISC_LOG_ERROR,
8662 result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
8663 zonediff.diff, zone_keys, nkeys, zone->mctx,
8666 dns_zone_log(zone, ISC_LOG_ERROR,
8675 CHECK(zone_journal(zone, zonediff.diff, NULL, "zone_sign"));
8681 for (signing = ISC_LIST_HEAD(zone->signing);
8704 isc_mem_put(zone->mctx, signing, sizeof *signing);
8708 set_resigntime(zone);
8711 LOCK_ZONE(zone);
8712 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
8713 zone_needdump(zone, DNS_DUMP_DELAY);
8714 UNLOCK_ZONE(zone);
8721 for (signing = ISC_LIST_HEAD(zone->signing);
8732 ISC_LIST_PREPEND(zone->signing, signing, link);
8752 if (ISC_LIST_HEAD(zone->signing) != NULL) {
8754 if (zone->update_disabled || result != ISC_R_SUCCESS)
8758 isc_time_nowplusinterval(&zone->signingtime, &interval);
8760 isc_time_settoepoch(&zone->signingtime);
8801 * 'rdset' contains either a DNSKEY rdataset from the zone apex, or
8802 * a KEYDATA rdataset from the key zone.
8841 * Calculate the refresh interval for a keydata zone, per
8911 * hold zone lock.
8922 dns_zone_t *zone = kfetch->zone;
8945 set_refreshkeytimer(zone, &keydata, now, ISC_FALSE);
8950 zone->rdclass, dns_rdatatype_keydata,
8983 mctx = kfetch->zone->view->mctx;
9015 dns_zone_log(kfetch->zone, ISC_LOG_DEBUG(3),
9031 * A DNSKEY set has been fetched from the zone apex of a zone whose trust
9032 * anchors are being managed; scan the keyset, and update the key zone and the
9040 dns_zone_t *zone;
9069 zone = kfetch->zone;
9070 isc_mem_attach(zone->mctx, &mctx);
9084 LOCK_ZONE(zone);
9085 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) || zone->view == NULL)
9091 result = dns_view_getsecroots(zone->view, &secroots);
9098 zone->refreshkeycount--;
9099 alldone = ISC_TF(zone->refreshkeycount == 0);
9102 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESHING);
9104 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9111 dns_zone_log(zone, ISC_LOG_WARNING,
9120 dns_zone_log(zone, ISC_LOG_WARNING,
9161 zone->view->mctx, &sigrr,
9164 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9165 "Verifying DNSKEY set for zone "
9200 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9201 "DNSKEY set for zone '%s' could not be verified "
9211 * be removed from the key zone
9238 * automatically trust all the keys we find at the zone apex.
9253 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9254 "Pending key %d for zone %s "
9264 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9265 "Active key %d for zone %s "
9271 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9272 "Revoked key %d for zone %s "
9293 dns_rdata_fromstruct(&keydatarr, zone->rdclass,
9302 set_refreshkeytimer(zone, &keydata, now, ISC_FALSE);
9309 * add them to the key zone and set the acceptance timer
9311 * determined that we're initializing the zone for the
9314 * must be scheduled for removal from the key zone (or,
9360 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9362 "for zone %s is now "
9371 dns_view_untrust(zone->view, keyname,
9384 dns_zone_log(zone, ISC_LOG_INFO,
9386 "for zone %s is now "
9393 dns_zone_log(zone, ISC_LOG_INFO,
9395 "for zone %s removal "
9402 dns_zone_log(zone, ISC_LOG_WARNING,
9403 "Active key %d for zone "
9423 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9425 "for zone %s "
9436 dns_zone_log(zone, ISC_LOG_INFO,
9437 "Key %d for zone %s "
9450 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9452 "for zone %s was "
9462 * Key wasn't in the key zone but it's
9468 /* Key wasn't in the key zone: add it */
9472 dns_zone_log(zone, ISC_LOG_WARNING,
9474 "anchor management for zone '%s'; "
9481 dns_zone_log(zone, ISC_LOG_INFO,
9483 "for zone '%s': "
9507 dns_rdata_fromstruct(&keydatarr, zone->rdclass,
9526 dns_rdata_fromstruct(&keydatarr, zone->rdclass,
9530 /* Insert into key zone */
9540 trust_key(zone, keyname, &dnskey, mctx);
9545 set_refreshkeytimer(zone, &keydata, now, ISC_FALSE);
9554 * zone would suddenly be nonsecured. We avoid this by checking to
9556 * the security roots; then all queries to the zone will fail.
9559 fail_secure(zone, keyname);
9566 zone->updatemethod));
9567 CHECK(zone_journal(zone, &diff, NULL, "keyfetch_done"));
9570 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
9571 zone_needdump(zone, 30);
9594 INSIST(zone->irefs > 0);
9595 zone->irefs--;
9596 kfetch->zone = NULL;
9612 free_needed = exit_check(zone);
9613 UNLOCK_ZONE(zone);
9615 zone_free(zone);
9621 * Refresh the data in the key zone. Initiate a fetch to get new DNSKEY
9622 * records from the zone apex.
9625 zone_refreshkeys(dns_zone_t *zone) {
9639 REQUIRE(zone->db != NULL);
9643 LOCK_ZONE(zone);
9644 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
9645 isc_time_settoepoch(&zone->refreshkeytime);
9646 UNLOCK_ZONE(zone);
9650 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
9651 dns_db_attach(zone->db, &db);
9652 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
9654 dns_diff_init(zone->mctx, &diff);
9658 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESHING);
9707 kfetch = isc_mem_get(zone->mctx, sizeof(dns_keyfetch_t));
9713 zone->refreshkeycount++;
9714 kfetch->zone = zone;
9715 zone->irefs++;
9716 INSIST(zone->irefs != 0);
9719 dns_name_dup(name, zone->mctx, kname);
9732 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9747 result = dns_resolver_createfetch(zone->view->resolver,
9753 zone->task,
9761 zone->refreshkeycount--;
9762 zone->irefs--;
9765 dns_name_free(kname, zone->mctx);
9766 isc_mem_put(zone->mctx, kfetch, sizeof(dns_keyfetch_t));
9767 dns_zone_log(zone, ISC_LOG_WARNING,
9774 CHECK(update_soa_serial(db, ver, &diff, zone->mctx,
9775 zone->updatemethod));
9776 CHECK(zone_journal(zone, &diff, NULL, "zone_refreshkeys"));
9778 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
9779 zone_needdump(zone, 30);
9792 zone->refreshkeytime = timethen;
9793 zone_settimer(zone, &timenow);
9795 isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80);
9796 dns_zone_log(zone, ISC_LOG_DEBUG(1), "retry key refresh: %s",
9801 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESHING);
9810 UNLOCK_ZONE(zone);
9816 zone_maintenance(dns_zone_t *zone) {
9822 REQUIRE(DNS_ZONE_VALID(zone));
9828 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING))
9832 * Configuring the view of this zone may have
9838 if (zone->view == NULL || zone->view->adb == NULL)
9846 switch (zone->type) {
9848 if (zone->masters == NULL)
9853 LOCK_ZONE(zone);
9854 if (isc_time_compare(&now, &zone->expiretime) >= 0 &&
9855 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
9856 zone_expire(zone);
9857 zone->refreshtime = now;
9859 UNLOCK_ZONE(zone);
9868 switch (zone->type) {
9870 if (zone->masters == NULL)
9875 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH) &&
9876 isc_time_compare(&now, &zone->refreshtime) >= 0)
9877 dns_zone_refresh(zone);
9886 if (zone->type == dns_zone_slave &&
9887 (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY) ||
9888 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDSTARTUPNOTIFY)) &&
9889 isc_time_compare(&now, &zone->notifytime) >= 0)
9890 zone_notify(zone, &now);
9895 switch (zone->type) {
9901 LOCK_ZONE(zone);
9902 if (zone->masterfile != NULL &&
9903 isc_time_compare(&now, &zone->dumptime) >= 0 &&
9904 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
9905 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP)) {
9906 dumping = was_dumping(zone);
9909 UNLOCK_ZONE(zone);
9911 result = zone_dump(zone, ISC_TRUE); /* task locked */
9913 dns_zone_log(zone, ISC_LOG_WARNING,
9925 switch (zone->type) {
9928 if ((DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY) ||
9929 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDSTARTUPNOTIFY))&&
9930 isc_time_compare(&now, &zone->notifytime) >= 0)
9931 zone_notify(zone, &now);
9939 switch (zone->type) {
9941 if (isc_time_compare(&now, &zone->refreshkeytime) >= 0) {
9942 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
9943 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESHING)) {
9944 zone_refreshkeys(zone);
9949 if (!isc_time_isepoch(&zone->refreshkeytime) &&
9950 isc_time_compare(&now, &zone->refreshkeytime) >= 0 &&
9951 zone->rss_event == NULL)
9952 zone_rekey(zone);
9957 switch (zone->type) {
9964 if (zone->rss_event != NULL)
9966 if (!isc_time_isepoch(&zone->signingtime) &&
9967 isc_time_compare(&now, &zone->signingtime) >= 0)
9968 zone_sign(zone);
9969 else if (!isc_time_isepoch(&zone->resigntime) &&
9970 isc_time_compare(&now, &zone->resigntime) >= 0)
9971 zone_resigninc(zone);
9972 else if (!isc_time_isepoch(&zone->nsec3chaintime) &&
9973 isc_time_compare(&now, &zone->nsec3chaintime) >= 0)
9974 zone_nsec3chain(zone);
9978 if (!isc_time_isepoch(&zone->keywarntime) &&
9979 isc_time_compare(&now, &zone->keywarntime) >= 0)
9980 set_key_expiry_warning(zone, zone->key_expiry,
9987 zone_settimer(zone, &now);
9991 dns_zone_markdirty(dns_zone_t *zone) {
9997 * Obtaining a lock on the zone->secure (see zone_send_secureserial)
10002 LOCK_ZONE(zone);
10003 if (zone->type == dns_zone_master) {
10004 if (inline_raw(zone)) {
10006 secure = zone->secure;
10007 INSIST(secure != zone);
10010 UNLOCK_ZONE(zone);
10018 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
10019 if (zone->db != NULL) {
10020 result = zone_get_from_db(zone, zone->db, NULL,
10026 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
10028 zone_send_secureserial(zone, serial);
10033 set_resigntime(zone);
10037 zone_needdump(zone, DNS_DUMP_DELAY);
10038 UNLOCK_ZONE(zone);
10042 dns_zone_expire(dns_zone_t *zone) {
10043 REQUIRE(DNS_ZONE_VALID(zone));
10045 LOCK_ZONE(zone);
10046 zone_expire(zone);
10047 UNLOCK_ZONE(zone);
10051 zone_expire(dns_zone_t *zone) {
10053 * 'zone' locked by caller.
10056 REQUIRE(LOCKED_ZONE(zone));
10058 dns_zone_log(zone, ISC_LOG_WARNING, "expired");
10060 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_EXPIRED);
10061 zone->refresh = DNS_ZONE_DEFAULTREFRESH;
10062 zone->retry = DNS_ZONE_DEFAULTRETRY;
10063 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
10064 zone_unload(zone);
10068 dns_zone_refresh(dns_zone_t *zone) {
10074 REQUIRE(DNS_ZONE_VALID(zone));
10076 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
10084 LOCK_ZONE(zone);
10085 oldflags = zone->flags;
10086 if (zone->masterscnt == 0) {
10087 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOMASTERS);
10089 dns_zone_log(zone, ISC_LOG_ERROR,
10093 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH);
10094 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
10095 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
10102 * If we are successful it will be reset using zone->refresh.
10104 isc_interval_set(&i, isc_random_jitter(zone->retry, zone->retry / 4),
10106 result = isc_time_nowplusinterval(&zone->refreshtime, &i);
10108 dns_zone_log(zone, ISC_LOG_WARNING,
10117 if (! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HAVETIMERS))
10118 zone->retry = ISC_MIN(zone->retry * 2, 6 * 3600);
10120 zone->curmaster = 0;
10121 for (j = 0; j < zone->masterscnt; j++)
10122 zone->mastersok[j] = ISC_FALSE;
10124 queue_soa_query(zone);
10126 UNLOCK_ZONE(zone);
10130 dns_zone_flush(dns_zone_t *zone) {
10134 REQUIRE(DNS_ZONE_VALID(zone));
10136 LOCK_ZONE(zone);
10137 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_FLUSH);
10138 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
10139 zone->masterfile != NULL) {
10141 dumping = was_dumping(zone);
10144 UNLOCK_ZONE(zone);
10146 result = zone_dump(zone, ISC_FALSE); /* Unknown task. */
10151 dns_zone_dump(dns_zone_t *zone) {
10155 REQUIRE(DNS_ZONE_VALID(zone));
10157 LOCK_ZONE(zone);
10158 dumping = was_dumping(zone);
10159 UNLOCK_ZONE(zone);
10161 result = zone_dump(zone, ISC_FALSE); /* Unknown task. */
10166 zone_needdump(dns_zone_t *zone, unsigned int delay) {
10172 * 'zone' locked by caller
10175 REQUIRE(DNS_ZONE_VALID(zone));
10176 REQUIRE(LOCKED_ZONE(zone));
10182 if (zone->masterfile == NULL ||
10183 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) == 0)
10190 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
10191 if (isc_time_isepoch(&zone->dumptime) ||
10192 isc_time_compare(&zone->dumptime, &dumptime) > 0)
10193 zone->dumptime = dumptime;
10194 if (zone->task != NULL)
10195 zone_settimer(zone, &now);
10201 dns_zone_t *zone = arg;
10210 REQUIRE(DNS_ZONE_VALID(zone));
10214 if (result == ISC_R_SUCCESS && zone->journal != NULL &&
10215 zone->journalsize != -1) {
10217 * We don't own these, zone->dctx must stay valid.
10219 db = dns_dumpctx_db(zone->dctx);
10220 version = dns_dumpctx_version(zone->dctx);
10227 LOCK_ZONE(zone);
10228 if (inline_raw(zone)) {
10229 secure = zone->secure;
10230 INSIST(secure != zone);
10233 UNLOCK_ZONE(zone);
10243 * If there is a secure version of this zone
10252 mresult = dns_db_getsoaserial(zone->secure->db,
10262 UNLOCK_ZONE(zone);
10266 * zone->xfr safely.
10268 if (tresult == ISC_R_SUCCESS && zone->xfr == NULL) {
10269 tresult = dns_journal_compact(zone->mctx,
10270 zone->journal,
10272 zone->journalsize);
10277 dns_zone_log(zone, ISC_LOG_DEBUG(3),
10282 dns_zone_log(zone, ISC_LOG_ERROR,
10289 zone->compact_serial = serial;
10293 LOCK_ZONE(zone);
10294 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_DUMPING);
10296 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDCOMPACT);
10301 zone_needdump(zone, DNS_DUMP_DELAY);
10303 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FLUSH) &&
10304 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
10305 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
10306 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
10307 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DUMPING);
10308 isc_time_settoepoch(&zone->dumptime);
10311 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_FLUSH);
10313 if (zone->dctx != NULL)
10314 dns_dumpctx_detach(&zone->dctx);
10315 zonemgr_putio(&zone->writeio);
10316 UNLOCK_ZONE(zone);
10318 (void)zone_dump(zone, ISC_FALSE);
10319 dns_zone_idetach(&zone);
10323 zone_dump(dns_zone_t *zone, isc_boolean_t compact) {
10336 REQUIRE(DNS_ZONE_VALID(zone));
10340 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
10341 if (zone->db != NULL)
10342 dns_db_attach(zone->db, &db);
10343 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
10344 LOCK_ZONE(zone);
10345 if (zone->masterfile != NULL) {
10346 masterfile = isc_mem_strdup(zone->mctx, zone->masterfile);
10347 masterformat = zone->masterformat;
10349 UNLOCK_ZONE(zone);
10359 if (compact && zone->type != dns_zone_stub) {
10361 LOCK_ZONE(zone);
10362 zone_iattach(zone, &dummy);
10363 result = zonemgr_getio(zone->zmgr, ISC_FALSE, zone->task,
10364 zone_gotwritehandle, zone,
10365 &zone->writeio);
10370 UNLOCK_ZONE(zone);
10377 if (inline_secure(zone))
10378 get_raw_serial(zone->raw, &rawdata);
10379 if (zone->type == dns_zone_key)
10383 result = dns_master_dump3(zone->mctx, db, version,
10392 isc_mem_free(zone->mctx, masterfile);
10399 LOCK_ZONE(zone);
10400 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_DUMPING);
10405 zone_needdump(zone, DNS_DUMP_DELAY);
10406 } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FLUSH) &&
10407 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
10408 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
10409 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
10410 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DUMPING);
10411 isc_time_settoepoch(&zone->dumptime);
10414 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_FLUSH);
10415 UNLOCK_ZONE(zone);
10423 dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style,
10431 REQUIRE(DNS_ZONE_VALID(zone));
10433 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
10434 if (zone->db != NULL)
10435 dns_db_attach(zone->db, &db);
10436 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
10444 else if (inline_secure(zone))
10445 get_raw_serial(zone->raw, &rawdata);
10446 else if (zone->sourceserialset) {
10448 rawdata.sourceserial = zone->sourceserial;
10450 result = dns_master_dumptostream3(zone->mctx, db, version, style,
10458 dns_zone_dumptostream3(dns_zone_t *zone, FILE *fd, dns_masterformat_t format,
10462 return (dumptostream(zone, fd, style, format, rawversion));
10466 dns_zone_dumptostream2(dns_zone_t *zone, FILE *fd, dns_masterformat_t format,
10468 return (dumptostream(zone, fd, style, format, DNS_RAWFORMAT_VERSION));
10472 dns_zone_dumptostream(dns_zone_t *zone, FILE *fd) {
10473 return (dumptostream(zone, fd, &dns_master_style_default,
10478 dns_zone_fulldumptostream(dns_zone_t *zone, FILE *fd) {
10479 return (dumptostream(zone, fd, &dns_master_style_full,
10484 dns_zone_unload(dns_zone_t *zone) {
10485 REQUIRE(DNS_ZONE_VALID(zone));
10487 LOCK_ZONE(zone);
10488 zone_unload(zone);
10489 UNLOCK_ZONE(zone);
10493 notify_cancel(dns_zone_t *zone) {
10497 * 'zone' locked by caller.
10500 REQUIRE(LOCKED_ZONE(zone));
10502 for (notify = ISC_LIST_HEAD(zone->notifies);
10513 forward_cancel(dns_zone_t *zone) {
10517 * 'zone' locked by caller.
10520 REQUIRE(LOCKED_ZONE(zone));
10522 for (forward = ISC_LIST_HEAD(zone->forwards);
10531 zone_unload(dns_zone_t *zone) {
10533 * 'zone' locked by caller.
10536 REQUIRE(LOCKED_ZONE(zone));
10538 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FLUSH) ||
10539 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
10540 if (zone->writeio != NULL)
10541 zonemgr_cancelio(zone->writeio);
10543 if (zone->dctx != NULL)
10544 dns_dumpctx_cancel(zone->dctx);
10546 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
10547 zone_detachdb(zone);
10548 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
10549 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADED);
10550 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
10554 dns_zone_setminrefreshtime(dns_zone_t *zone, isc_uint32_t val) {
10555 REQUIRE(DNS_ZONE_VALID(zone));
10558 zone->minrefresh = val;
10562 dns_zone_setmaxrefreshtime(dns_zone_t *zone, isc_uint32_t val) {
10563 REQUIRE(DNS_ZONE_VALID(zone));
10566 zone->maxrefresh = val;
10570 dns_zone_setminretrytime(dns_zone_t *zone, isc_uint32_t val) {
10571 REQUIRE(DNS_ZONE_VALID(zone));
10574 zone->minretry = val;
10578 dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val) {
10579 REQUIRE(DNS_ZONE_VALID(zone));
10582 zone->maxretry = val;
10586 dns_zone_getmaxrecords(dns_zone_t *zone) {
10587 REQUIRE(DNS_ZONE_VALID(zone));
10589 return (zone->maxrecords);
10593 dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t val) {
10594 REQUIRE(DNS_ZONE_VALID(zone));
10596 zone->maxrecords = val;
10600 notify_isqueued(dns_zone_t *zone, unsigned int flags, dns_name_t *name,
10607 for (notify = ISC_LIST_HEAD(zone->notifies);
10629 zmgr = notify->zone->zmgr;
10636 result = isc_ratelimiter_enqueue(notify->zone->zmgr->notifyrl,
10637 notify->zone->task,
10649 notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
10657 if (zone->view == NULL || zone->isself == NULL)
10662 src = zone->notifysrc4;
10666 src = zone->notifysrc6;
10681 result = dns_view_getpeertsig(zone->view, &dstaddr, &key);
10684 isself = (zone->isself)(zone->view, key, &src, dst, zone->rdclass,
10685 zone->isselfarg);
10697 if (notify->zone != NULL) {
10699 LOCK_ZONE(notify->zone);
10700 REQUIRE(LOCKED_ZONE(notify->zone));
10702 ISC_LIST_UNLINK(notify->zone->notifies, notify, link);
10704 UNLOCK_ZONE(notify->zone);
10706 zone_idetach(¬ify->zone);
10708 dns_zone_idetach(¬ify->zone);
10736 notify->zone = NULL;
10761 INSIST(task == notify->zone->task);
10770 LOCK_ZONE(notify->zone);
10772 UNLOCK_ZONE(notify->zone);
10786 if (notify->zone->view->adb == NULL)
10789 result = dns_adb_createfind(notify->zone->view->adb,
10790 notify->zone->task,
10794 notify->zone->view->dstport,
10806 LOCK_ZONE(notify->zone);
10808 UNLOCK_ZONE(notify->zone);
10830 ? notify->zone->zmgr->startupnotifyrl
10831 : notify->zone->zmgr->notifyrl,
10832 notify->zone->task, &e);
10859 LOCK_ZONE(notify->zone);
10863 if (DNS_ZONE_FLAG(notify->zone, DNS_ZONEFLG_LOADED) == 0) {
10869 DNS_ZONE_FLAG(notify->zone, DNS_ZONEFLG_EXITING) ||
10870 notify->zone->view->requestmgr == NULL ||
10871 notify->zone->db == NULL) {
10883 notify_log(notify->zone, ISC_LOG_DEBUG(3),
10890 result = notify_createmessage(notify->zone, notify->flags, &message);
10901 result = dns_view_getpeertsig(notify->zone->view, &dstip, &key);
10903 notify_log(notify->zone, ISC_LOG_ERROR,
10911 notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to %s",
10914 if (notify->zone->view->peers != NULL) {
10917 result = dns_peerlist_peerbyaddr(notify->zone->view->peers,
10934 src = notify->zone->notifysrc4;
10936 dscp = notify->zone->notifysrc4dscp;
10940 src = notify->zone->notifysrc6;
10942 dscp = notify->zone->notifysrc6dscp;
10949 if (DNS_ZONE_FLAG(notify->zone, DNS_ZONEFLG_DIALNOTIFY))
10951 result = dns_request_createvia4(notify->zone->view->requestmgr,
10954 0, notify->zone->task, notify_done,
10958 inc_stats(notify->zone,
10961 inc_stats(notify->zone,
10972 UNLOCK_ZONE(notify->zone);
10991 REQUIRE(LOCKED_ZONE(notify->zone));
10993 if (DNS_ZONE_FLAG(notify->zone, DNS_ZONEFLG_EXITING))
11000 if (notify_isqueued(notify->zone, notify->flags, NULL, &dst,
11003 if (notify_isself(notify->zone, &dst))
11010 zone_iattach(notify->zone, &newnotify->zone);
11011 ISC_LIST_APPEND(newnotify->zone->notifies, newnotify, link);
11026 dns_zone_notify(dns_zone_t *zone) {
11029 REQUIRE(DNS_ZONE_VALID(zone));
11031 LOCK_ZONE(zone);
11032 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
11035 zone_settimer(zone, &now);
11036 UNLOCK_ZONE(zone);
11040 zone_notify(dns_zone_t *zone, isc_time_t *now) {
11061 REQUIRE(DNS_ZONE_VALID(zone));
11063 LOCK_ZONE(zone);
11064 startup = !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
11065 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
11066 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDSTARTUPNOTIFY);
11067 notifytype = zone->notifytype;
11068 DNS_ZONE_TIME_ADD(now, zone->notifydelay, &zone->notifytime);
11069 UNLOCK_ZONE(zone);
11071 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) ||
11072 ! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED))
11079 zone->type != dns_zone_master)
11082 origin = &zone->origin;
11085 * If the zone is dialup we are done as we don't want to send
11088 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALNOTIFY))
11100 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
11101 if (zone->db != NULL)
11102 dns_db_attach(zone->db, &zonedb);
11103 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
11128 result = dns_name_dup(&soa.origin, zone->mctx, &master);
11137 LOCK_ZONE(zone);
11138 for (i = 0; i < zone->notifycnt; i++) {
11142 if ((zone->notifykeynames != NULL) &&
11143 (zone->notifykeynames[i] != NULL)) {
11144 dns_view_t *view = dns_zone_getview(zone);
11145 dns_name_t *keyname = zone->notifykeynames[i];
11149 dst = zone->notify[i];
11150 if (notify_isqueued(zone, flags, NULL, &dst, key)) {
11156 result = notify_create(zone->mctx, flags, ¬ify);
11163 zone_iattach(zone, ¬ify->zone);
11173 ISC_LIST_APPEND(zone->notifies, notify, link);
11178 notify_log(zone, ISC_LOG_INFO,
11184 UNLOCK_ZONE(zone);
11211 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOTIFYTOSOA) &&
11218 notify_log(zone, ISC_LOG_INFO,
11224 LOCK_ZONE(zone);
11225 isqueued = notify_isqueued(zone, flags, &ns.name, NULL, NULL);
11226 UNLOCK_ZONE(zone);
11231 result = notify_create(zone->mctx, flags, ¬ify);
11234 dns_zone_iattach(zone, ¬ify->zone);
11235 result = dns_name_dup(&ns.name, zone->mctx, ¬ify->ns);
11237 LOCK_ZONE(zone);
11239 UNLOCK_ZONE(zone);
11242 LOCK_ZONE(zone);
11243 ISC_LIST_APPEND(zone->notifies, notify, link);
11244 UNLOCK_ZONE(zone);
11252 dns_name_free(&master, zone->mctx);
11355 dns_zone_t *zone = NULL;
11370 zone = stub->zone;
11376 LOCK_ZONE(zone);
11378 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
11379 zone_debuglog(zone, me, 1, "exiting");
11384 isc_sockaddr_format(&zone->masteraddr, master, sizeof(master));
11385 isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source));
11389 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
11390 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
11391 dns_zone_log(zone, ISC_LOG_DEBUG(1),
11397 dns_zonemgr_unreachableadd(zone->zmgr, &zone->masteraddr,
11398 &zone->sourceaddr, &now);
11399 dns_zone_log(zone, ISC_LOG_INFO,
11406 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTPARSE, &msg);
11424 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS) &&
11428 dns_zone_log(zone, ISC_LOG_DEBUG(1),
11432 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
11436 dns_zone_log(zone, ISC_LOG_INFO,
11448 dns_zone_log(zone, ISC_LOG_INFO,
11454 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEVC);
11462 dns_zone_log(zone, ISC_LOG_INFO, "refreshing stub: "
11475 dns_zone_log(zone, ISC_LOG_INFO,
11482 dns_zone_log(zone, ISC_LOG_INFO,
11491 result = save_nsrrset(msg, &zone->origin, stub->db, stub->version);
11493 dns_zone_log(zone, ISC_LOG_INFO,
11503 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
11504 if (zone->db == NULL)
11505 zone_attachdb(zone, stub->db);
11506 result = zone_get_from_db(zone, zone->db, NULL, &soacount, NULL,
11509 zone->refresh = RANGE(refresh, zone->minrefresh,
11510 zone->maxrefresh);
11511 zone->retry = RANGE(retry, zone->minretry, zone->maxretry);
11512 zone->expire = RANGE(expire, zone->refresh + zone->retry,
11514 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
11516 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
11521 dns_request_destroy(&zone->request);
11523 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
11524 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
11525 DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime);
11526 isc_interval_set(&i, zone->expire, 0);
11527 DNS_ZONE_TIME_ADD(&now, zone->expire, &zone->expiretime);
11529 if (zone->masterfile != NULL)
11530 zone_needdump(zone, 0);
11532 zone_settimer(zone, &now);
11543 dns_request_destroy(&zone->request);
11548 zone->curmaster++;
11549 } while (zone->curmaster < zone->masterscnt &&
11550 zone->mastersok[zone->curmaster]);
11551 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
11552 if (exiting || zone->curmaster >= zone->masterscnt) {
11555 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
11556 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
11560 for (j = 0; j < zone->masterscnt; j++)
11561 if (zone->mastersok[j] == ISC_FALSE) {
11568 zone->curmaster = 0;
11572 while (zone->curmaster < zone->masterscnt &&
11573 zone->mastersok[zone->curmaster])
11574 zone->curmaster++;
11575 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
11577 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
11579 zone_settimer(zone, &now);
11583 queue_soa_query(zone);
11590 dns_request_destroy(&zone->request);
11591 ns_query(zone, NULL, stub);
11592 UNLOCK_ZONE(zone);
11596 UNLOCK_ZONE(zone);
11598 dns_zone_idetach(&stub->zone);
11613 get_edns_expire(dns_zone_t * zone, dns_message_t *message,
11645 dns_zone_log(zone, ISC_LOG_DEBUG(1),
11658 * Set the file modification time zone->expire seconds before expiretime.
11661 setmodtime(dns_zone_t *zone, isc_time_t *expiretime) {
11666 isc_interval_set(&i, zone->expire, 0);
11672 if (zone->journal != NULL)
11673 result = isc_file_settime(zone->journal, &when);
11675 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
11676 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP))
11677 result = isc_file_settime(zone->masterfile, &when);
11679 result = isc_file_settime(zone->masterfile, &when);
11685 zone_needdump(zone, DNS_DUMP_DELAY);
11687 dns_zone_log(zone, ISC_LOG_ERROR, "refresh: could not set "
11689 zone->masterfile, dns_result_totext(result));
11699 dns_zone_t *zone;
11713 zone = revent->ev_arg;
11714 INSIST(DNS_ZONE_VALID(zone));
11722 LOCK_ZONE(zone);
11724 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
11726 dns_request_destroy(&zone->request);
11734 isc_sockaddr_format(&zone->masteraddr, master, sizeof(master));
11735 isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source));
11739 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
11740 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
11741 dns_zone_log(zone, ISC_LOG_DEBUG(1),
11748 dns_zone_log(zone, ISC_LOG_INFO,
11753 if ((zone->type == dns_zone_slave ||
11754 zone->type == dns_zone_redirect) &&
11755 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_TRYTCPREFRESH)) {
11756 if (!dns_zonemgr_unreachable(zone->zmgr,
11757 &zone->masteraddr,
11758 &zone->sourceaddr,
11761 DNS_ZONE_SETFLAG(zone,
11765 dns_zone_log(zone, ISC_LOG_DEBUG(1),
11772 dns_zone_log(zone, ISC_LOG_INFO,
11779 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTPARSE, &msg);
11784 dns_zone_log(zone, ISC_LOG_INFO,
11801 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS) &&
11805 dns_zone_log(zone, ISC_LOG_DEBUG(1),
11809 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
11812 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS) &&
11814 dns_zone_log(zone, ISC_LOG_DEBUG(1),
11818 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
11821 dns_zone_log(zone, ISC_LOG_INFO,
11829 (zone->type == dns_zone_slave ||
11830 zone->type == dns_zone_redirect))
11836 * If truncated punt to zone transfer which will query again.
11839 if (zone->type == dns_zone_slave ||
11840 zone->type == dns_zone_redirect) {
11841 dns_zone_log(zone, ISC_LOG_INFO,
11843 "initiating TCP zone xfer "
11846 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR);
11849 INSIST(zone->type == dns_zone_stub);
11851 dns_zone_log(zone, ISC_LOG_INFO,
11857 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEVC);
11866 dns_zone_log(zone, ISC_LOG_INFO,
11879 * There should not be a CNAME record at top of zone.
11882 dns_zone_log(zone, ISC_LOG_INFO,
11883 "refresh: CNAME at top of zone "
11892 dns_zone_log(zone, ISC_LOG_INFO,
11902 dns_zone_log(zone, ISC_LOG_INFO,
11909 * Only one soa at top of zone.
11912 dns_zone_log(zone, ISC_LOG_INFO,
11923 result = dns_message_findname(msg, DNS_SECTION_ANSWER, &zone->origin,
11927 dns_zone_log(zone, ISC_LOG_INFO,
11935 dns_zone_log(zone, ISC_LOG_INFO,
11945 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
11947 result = zone_get_from_db(zone, zone->db, NULL, &dbsoacount,
11952 zone_debuglog(zone, me, 1, "serial: new %u, old %u",
11955 zone_debuglog(zone, me, 1, "serial: new %u, old not loaded",
11958 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) ||
11959 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER) ||
11961 if (dns_zonemgr_unreachable(zone->zmgr, &zone->masteraddr,
11962 &zone->sourceaddr, &now))
11964 dns_zone_log(zone, ISC_LOG_INFO,
11967 (zone->type == dns_zone_slave ||
11968 zone->type == dns_zone_redirect) ?
11969 "zone transfer" : "NS query",
11975 dns_request_destroy(&zone->request);
11976 if (zone->type == dns_zone_slave ||
11977 zone->type == dns_zone_redirect) {
11980 INSIST(zone->type == dns_zone_stub);
11981 ns_query(zone, rdataset, NULL);
11992 expire = zone->expire;
11993 get_edns_expire(zone, msg, &expire);
11999 if (isc_time_compare(&expiretime, &zone->expiretime) > 0) {
12000 zone->expiretime = expiretime;
12001 if (zone->masterfile != NULL)
12002 setmodtime(zone, &expiretime);
12005 DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime);
12006 zone->mastersok[zone->curmaster] = ISC_TRUE;
12009 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MULTIMASTER))
12010 dns_zone_log(zone, ISC_LOG_INFO, "serial number (%u) "
12014 zone_debuglog(zone, me, 1, "ahead");
12015 zone->mastersok[zone->curmaster] = ISC_TRUE;
12026 dns_request_destroy(&zone->request);
12031 zone->curmaster++;
12032 } while (zone->curmaster < zone->masterscnt &&
12033 zone->mastersok[zone->curmaster]);
12034 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
12035 if (zone->curmaster >= zone->masterscnt) {
12037 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
12038 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
12042 for (j = 0; j < zone->masterscnt; j++)
12043 if (zone->mastersok[j] == ISC_FALSE) {
12050 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
12051 zone->curmaster = 0;
12055 while (zone->curmaster < zone->masterscnt &&
12056 zone->mastersok[zone->curmaster])
12057 zone->curmaster++;
12060 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
12061 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDREFRESH)) {
12062 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDREFRESH);
12063 zone->refreshtime = now;
12065 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
12066 zone_settimer(zone, &now);
12071 queue_soa_query(zone);
12078 dns_request_destroy(&zone->request);
12079 queue_soa_query(zone);
12082 UNLOCK_ZONE(zone);
12084 queue_xfrin(zone);
12085 dns_zone_idetach(&zone);
12090 queue_soa_query(dns_zone_t *zone) {
12100 REQUIRE(LOCKED_ZONE(zone));
12102 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
12103 cancel_refresh(zone);
12107 e = isc_event_allocate(zone->mctx, NULL, DNS_EVENT_ZONE,
12108 soa_query, zone, sizeof(isc_event_t));
12110 cancel_refresh(zone);
12118 zone_iattach(zone, &dummy);
12120 e->ev_arg = zone;
12122 result = isc_ratelimiter_enqueue(zone->zmgr->refreshrl, zone->task, &e);
12126 cancel_refresh(zone);
12131 create_query(dns_zone_t *zone, dns_rdatatype_t rdtype,
12139 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTRENDER,
12145 message->rdclass = zone->rdclass;
12159 dns_name_clone(&zone->origin, qname);
12160 dns_rdataset_makequestion(qrdataset, zone->rdclass, rdtype);
12214 dns_zone_t *zone = event->ev_arg;
12225 REQUIRE(DNS_ZONE_VALID(zone));
12231 LOCK_ZONE(zone);
12233 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) ||
12234 zone->view->requestmgr == NULL) {
12235 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
12241 result = create_query(zone, dns_rdatatype_soa, &message);
12245 INSIST(zone->masterscnt > 0);
12246 INSIST(zone->curmaster < zone->masterscnt);
12248 zone->masteraddr = zone->masters[zone->curmaster];
12250 isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
12255 if ((zone->masterkeynames != NULL) &&
12256 (zone->masterkeynames[zone->curmaster] != NULL)) {
12257 dns_view_t *view = dns_zone_getview(zone);
12258 dns_name_t *keyname = zone->masterkeynames[zone->curmaster];
12263 dns_zone_log(zone, ISC_LOG_ERROR,
12269 result = dns_view_getpeertsig(zone->view, &masterip, &key);
12273 dns_zone_log(zone, ISC_LOG_ERROR,
12279 options = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEVC) ?
12282 reqnsid = zone->view->requestnsid;
12283 reqexpire = zone->requestexpire;
12284 if (zone->view->peers != NULL) {
12287 result = dns_peerlist_peerbyaddr(zone->view->peers,
12292 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
12294 &zone->sourceaddr);
12300 if (zone->view->resolver != NULL)
12302 dns_resolver_getudpsize(zone->view->resolver);
12312 switch (isc_sockaddr_pf(&zone->masteraddr)) {
12314 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
12315 if (isc_sockaddr_equal(&zone->altxfrsource4,
12316 &zone->xfrsource4))
12318 zone->sourceaddr = zone->altxfrsource4;
12320 dscp = zone->altxfrsource4dscp;
12322 zone->sourceaddr = zone->xfrsource4;
12324 dscp = zone->xfrsource4dscp;
12328 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
12329 if (isc_sockaddr_equal(&zone->altxfrsource6,
12330 &zone->xfrsource6))
12332 zone->sourceaddr = zone->altxfrsource6;
12334 dscp = zone->altxfrsource6dscp;
12336 zone->sourceaddr = zone->xfrsource6;
12338 dscp = zone->xfrsource6dscp;
12346 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
12349 zone_debuglog(zone, me, 1,
12354 zone_iattach(zone, &dummy);
12356 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH))
12358 result = dns_request_createvia4(zone->view->requestmgr, message,
12359 &zone->sourceaddr, &zone->masteraddr,
12361 timeout, 0, zone->task,
12362 refresh_callback, zone, &zone->request);
12365 zone_debuglog(zone, me, 1,
12370 if (isc_sockaddr_pf(&zone->masteraddr) == PF_INET)
12371 inc_stats(zone, dns_zonestatscounter_soaoutv4);
12373 inc_stats(zone, dns_zonestatscounter_soaoutv6);
12381 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
12385 cancel_refresh(zone);
12387 UNLOCK_ZONE(zone);
12388 dns_zone_idetach(&zone);
12399 zone->curmaster++;
12400 } while (zone->curmaster < zone->masterscnt &&
12401 zone->mastersok[zone->curmaster]);
12402 if (zone->curmaster < zone->masterscnt)
12404 zone->curmaster = 0;
12409 ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
12422 REQUIRE(DNS_ZONE_VALID(zone));
12423 REQUIRE(LOCKED_ZONE(zone));
12431 stub = isc_mem_get(zone->mctx, sizeof(*stub));
12435 stub->mctx = zone->mctx;
12436 stub->zone = NULL;
12441 * Attach so that the zone won't disappear from under us.
12443 zone_iattach(zone, &stub->zone);
12447 * new one and attach it to the zone once we have the NS
12450 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
12451 if (zone->db != NULL) {
12452 dns_db_attach(zone->db, &stub->db);
12453 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
12455 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
12457 INSIST(zone->db_argc >= 1);
12458 result = dns_db_create(zone->mctx, zone->db_argv[0],
12459 &zone->origin, dns_dbtype_stub,
12460 zone->rdclass,
12461 zone->db_argc - 1,
12462 zone->db_argv + 1,
12465 dns_zone_log(zone, ISC_LOG_ERROR,
12472 dns_db_settask(stub->db, zone->task);
12477 dns_zone_log(zone, ISC_LOG_INFO, "refreshing stub: "
12486 result = dns_db_findnode(stub->db, &zone->origin, ISC_TRUE,
12489 dns_zone_log(zone, ISC_LOG_INFO, "refreshing stub: "
12499 dns_zone_log(zone, ISC_LOG_INFO,
12508 * XXX Optimisation: Create message when zone is setup and reuse.
12510 result = create_query(zone, dns_rdatatype_ns, &message);
12513 INSIST(zone->masterscnt > 0);
12514 INSIST(zone->curmaster < zone->masterscnt);
12515 zone->masteraddr = zone->masters[zone->curmaster];
12517 isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
12522 if ((zone->masterkeynames != NULL) &&
12523 (zone->masterkeynames[zone->curmaster] != NULL)) {
12524 dns_view_t *view = dns_zone_getview(zone);
12525 dns_name_t *keyname = zone->masterkeynames[zone->curmaster];
12530 dns_zone_log(zone, ISC_LOG_ERROR,
12535 (void)dns_view_getpeertsig(zone->view, &masterip, &key);
12537 reqnsid = zone->view->requestnsid;
12538 if (zone->view->peers != NULL) {
12541 result = dns_peerlist_peerbyaddr(zone->view->peers,
12546 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
12548 &zone->sourceaddr);
12554 if (zone->view->resolver != NULL)
12556 dns_resolver_getudpsize(zone->view->resolver);
12562 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
12565 zone_debuglog(zone, me, 1,
12573 switch (isc_sockaddr_pf(&zone->masteraddr)) {
12575 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
12576 zone->sourceaddr = zone->altxfrsource4;
12578 dscp = zone->altxfrsource4dscp;
12580 zone->sourceaddr = zone->xfrsource4;
12582 dscp = zone->xfrsource4dscp;
12586 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
12587 zone->sourceaddr = zone->altxfrsource6;
12589 dscp = zone->altxfrsource6dscp;
12591 zone->sourceaddr = zone->xfrsource6;
12593 dscp = zone->xfrsource6dscp;
12602 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH))
12604 result = dns_request_createvia4(zone->view->requestmgr, message,
12605 &zone->sourceaddr, &zone->masteraddr,
12607 timeout * 3, timeout, 0, zone->task,
12608 stub_callback, stub, &zone->request);
12610 zone_debuglog(zone, me, 1,
12619 cancel_refresh(zone);
12627 if (stub->zone != NULL)
12628 zone_idetach(&stub->zone);
12640 * Handle the control event. Note that although this event causes the zone
12645 dns_zone_t *zone = (dns_zone_t *) event->ev_arg;
12650 REQUIRE(DNS_ZONE_VALID(zone));
12652 INSIST(isc_refcount_current(&zone->erefs) == 0);
12654 zone_debuglog(zone, "zone_shutdown", 3, "shutting down");
12659 LOCK_ZONE(zone);
12660 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_EXITING);
12661 UNLOCK_ZONE(zone);
12666 * If there's no zone manager, we can't be waiting for the
12669 if (zone->zmgr != NULL) {
12670 RWLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write);
12671 if (zone->statelist == &zone->zmgr->waiting_for_xfrin) {
12672 ISC_LIST_UNLINK(zone->zmgr->waiting_for_xfrin, zone,
12675 zone->statelist = NULL;
12677 if (zone->statelist == &zone->zmgr->xfrin_in_progress) {
12678 ISC_LIST_UNLINK(zone->zmgr->xfrin_in_progress, zone,
12680 zone->statelist = NULL;
12681 zmgr_resume_xfrs(zone->zmgr, ISC_FALSE);
12683 RWUNLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write);
12689 if (zone->xfr != NULL)
12690 dns_xfrin_shutdown(zone->xfr);
12692 /* Safe to release the zone now */
12693 if (zone->zmgr != NULL)
12694 dns_zonemgr_releasezone(zone->zmgr, zone);
12696 LOCK_ZONE(zone);
12697 INSIST(zone != zone->raw);
12699 INSIST(zone->irefs > 0);
12700 zone->irefs--;
12702 if (zone->request != NULL) {
12703 dns_request_cancel(zone->request);
12706 if (zone->readio != NULL)
12707 zonemgr_cancelio(zone->readio);
12709 if (zone->lctx != NULL)
12710 dns_loadctx_cancel(zone->lctx);
12712 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FLUSH) ||
12713 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
12714 if (zone->writeio != NULL)
12715 zonemgr_cancelio(zone->writeio);
12717 if (zone->dctx != NULL)
12718 dns_dumpctx_cancel(zone->dctx);
12721 notify_cancel(zone);
12723 forward_cancel(zone);
12725 if (zone->timer != NULL) {
12726 isc_timer_detach(&zone->timer);
12727 INSIST(zone->irefs > 0);
12728 zone->irefs--;
12736 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_SHUTDOWN);
12737 free_needed = exit_check(zone);
12738 if (inline_secure(zone)) {
12739 raw = zone->raw;
12740 zone->raw = NULL;
12742 if (inline_raw(zone)) {
12743 secure = zone->secure;
12744 zone->secure = NULL;
12746 UNLOCK_ZONE(zone);
12752 zone_free(zone);
12758 dns_zone_t *zone = (dns_zone_t *)event->ev_arg;
12761 REQUIRE(DNS_ZONE_VALID(zone));
12765 zone_maintenance(zone);
12771 zone_settimer(dns_zone_t *zone, isc_time_t *now) {
12776 REQUIRE(DNS_ZONE_VALID(zone));
12779 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
12784 switch (zone->type) {
12786 if (zone->masters != NULL)
12791 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY) ||
12792 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDSTARTUPNOTIFY))
12793 next = zone->notifytime;
12794 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
12795 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
12796 INSIST(!isc_time_isepoch(&zone->dumptime));
12798 isc_time_compare(&zone->dumptime, &next) < 0)
12799 next = zone->dumptime;
12801 if (zone->type == dns_zone_redirect)
12803 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESHING) &&
12804 !isc_time_isepoch(&zone->refreshkeytime)) {
12806 isc_time_compare(&zone->refreshkeytime, &next) < 0)
12807 next = zone->refreshkeytime;
12809 if (!isc_time_isepoch(&zone->resigntime)) {
12811 isc_time_compare(&zone->resigntime, &next) < 0)
12812 next = zone->resigntime;
12814 if (!isc_time_isepoch(&zone->keywarntime)) {
12816 isc_time_compare(&zone->keywarntime, &next) < 0)
12817 next = zone->keywarntime;
12819 if (!isc_time_isepoch(&zone->signingtime)) {
12821 isc_time_compare(&zone->signingtime, &next) < 0)
12822 next = zone->signingtime;
12824 if (!isc_time_isepoch(&zone->nsec3chaintime)) {
12826 isc_time_compare(&zone->nsec3chaintime, &next) < 0)
12827 next = zone->nsec3chaintime;
12833 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY) ||
12834 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDSTARTUPNOTIFY))
12835 next = zone->notifytime;
12839 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESH) &&
12840 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOMASTERS) &&
12841 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOREFRESH) &&
12842 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADING) &&
12843 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING) &&
12844 !isc_time_isepoch(&zone->refreshtime) &&
12846 isc_time_compare(&zone->refreshtime, &next) < 0))
12847 next = zone->refreshtime;
12848 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
12849 !isc_time_isepoch(&zone->expiretime)) {
12851 isc_time_compare(&zone->expiretime, &next) < 0)
12852 next = zone->expiretime;
12854 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
12855 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
12856 INSIST(!isc_time_isepoch(&zone->dumptime));
12858 isc_time_compare(&zone->dumptime, &next) < 0)
12859 next = zone->dumptime;
12864 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
12865 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
12866 INSIST(!isc_time_isepoch(&zone->dumptime));
12868 isc_time_compare(&zone->dumptime, &next) < 0)
12869 next = zone->dumptime;
12871 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESHING)) {
12873 (!isc_time_isepoch(&zone->refreshkeytime) &&
12874 isc_time_compare(&zone->refreshkeytime, &next) < 0))
12875 next = zone->refreshkeytime;
12884 zone_debuglog(zone, me, 10, "settimer inactive");
12885 result = isc_timer_reset(zone->timer, isc_timertype_inactive,
12888 dns_zone_log(zone, ISC_LOG_ERROR,
12889 "could not deactivate zone timer: %s",
12894 result = isc_timer_reset(zone->timer, isc_timertype_once,
12897 dns_zone_log(zone, ISC_LOG_ERROR,
12898 "could not reset zone timer: %s",
12904 cancel_refresh(dns_zone_t *zone) {
12909 * 'zone' locked by caller.
12912 REQUIRE(DNS_ZONE_VALID(zone));
12913 REQUIRE(LOCKED_ZONE(zone));
12917 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
12919 zone_settimer(zone, &now);
12923 notify_createmessage(dns_zone_t *zone, unsigned int flags,
12942 REQUIRE(DNS_ZONE_VALID(zone));
12945 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTRENDER,
12952 message->rdclass = zone->rdclass;
12966 dns_name_clone(&zone->origin, tempname);
12967 dns_rdataset_makequestion(temprdataset, zone->rdclass,
12990 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
12991 INSIST(zone->db != NULL); /* XXXJT: is this assumption correct? */
12992 dns_db_attach(zone->db, &zonedb);
12993 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
12996 dns_name_clone(&zone->origin, tempname);
13014 result = isc_buffer_allocate(zone->mctx, &b, r.length);
13072 dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from,
13075 return (dns_zone_notifyreceive2(zone, from, NULL, msg));
13079 dns_zone_notifyreceive2(dns_zone_t *zone, isc_sockaddr_t *from,
13095 REQUIRE(DNS_ZONE_VALID(zone));
13102 * Check that 'from' is a valid notify source, (zone->masters).
13120 * Notify messages are processed by the raw zone.
13122 LOCK_ZONE(zone);
13123 INSIST(zone != zone->raw);
13124 if (inline_secure(zone)) {
13125 result = dns_zone_notifyreceive2(zone->raw, from, to, msg);
13126 UNLOCK_ZONE(zone);
13133 inc_stats(zone, dns_zonestatscounter_notifyinv4);
13135 inc_stats(zone, dns_zonestatscounter_notifyinv6);
13137 dns_message_findname(msg, DNS_SECTION_QUESTION, &zone->origin,
13140 UNLOCK_ZONE(zone);
13142 dns_zone_log(zone, ISC_LOG_NOTICE,
13147 dns_zone_log(zone, ISC_LOG_NOTICE,
13148 "NOTIFY zone does not match");
13153 * If we are a master zone just succeed.
13155 if (zone->type == dns_zone_master) {
13156 UNLOCK_ZONE(zone);
13161 for (i = 0; i < zone->masterscnt; i++) {
13162 if (isc_sockaddr_eqaddr(from, &zone->masters[i]))
13164 if (zone->view->aclenv.match_mapped &&
13166 isc_sockaddr_pf(&zone->masters[i]) == AF_INET) {
13169 isc_netaddr_fromsockaddr(&na2, &zone->masters[i]);
13177 * 'zone->notify_acl'.
13181 if (i >= zone->masterscnt && zone->notify_acl != NULL &&
13182 dns_acl_match(&netaddr, tsig, zone->notify_acl,
13183 &zone->view->aclenv,
13188 } else if (i >= zone->masterscnt) {
13189 UNLOCK_ZONE(zone);
13190 dns_zone_log(zone, ISC_LOG_INFO,
13192 inc_stats(zone, dns_zonestatscounter_notifyrej);
13197 * If the zone is loaded and there are answers check the serial
13199 * check if we are a dialup zone as we use the notify request
13203 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
13204 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOREFRESH)) {
13206 &zone->origin,
13225 result = zone_get_from_db(zone, zone->db, NULL,
13231 dns_zone_log(zone,
13234 "zone is up to date",
13236 UNLOCK_ZONE(zone);
13247 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESH)) {
13248 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDREFRESH);
13249 zone->notifyfrom = *from;
13250 UNLOCK_ZONE(zone);
13252 dns_zone_log(zone, ISC_LOG_INFO,
13257 dns_zone_log(zone, ISC_LOG_INFO,
13263 dns_zone_log(zone, ISC_LOG_INFO, "notify from %s: serial %u",
13266 dns_zone_log(zone, ISC_LOG_INFO, "notify from %s: no serial",
13268 zone->notifyfrom = *from;
13269 UNLOCK_ZONE(zone);
13272 dns_zonemgr_unreachabledel(zone->zmgr, from, to);
13274 dns_zone_refresh(zone);
13279 dns_zone_setnotifyacl(dns_zone_t *zone, dns_acl_t *acl) {
13281 REQUIRE(DNS_ZONE_VALID(zone));
13283 LOCK_ZONE(zone);
13284 if (zone->notify_acl != NULL)
13285 dns_acl_detach(&zone->notify_acl);
13286 dns_acl_attach(acl, &zone->notify_acl);
13287 UNLOCK_ZONE(zone);
13291 dns_zone_setqueryacl(dns_zone_t *zone, dns_acl_t *acl) {
13293 REQUIRE(DNS_ZONE_VALID(zone));
13295 LOCK_ZONE(zone);
13296 if (zone->query_acl != NULL)
13297 dns_acl_detach(&zone->query_acl);
13298 dns_acl_attach(acl, &zone->query_acl);
13299 UNLOCK_ZONE(zone);
13303 dns_zone_setqueryonacl(dns_zone_t *zone, dns_acl_t *acl) {
13305 REQUIRE(DNS_ZONE_VALID(zone));
13307 LOCK_ZONE(zone);
13308 if (zone->queryon_acl != NULL)
13309 dns_acl_detach(&zone->queryon_acl);
13310 dns_acl_attach(acl, &zone->queryon_acl);
13311 UNLOCK_ZONE(zone);
13315 dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl) {
13317 REQUIRE(DNS_ZONE_VALID(zone));
13319 LOCK_ZONE(zone);
13320 if (zone->update_acl != NULL)
13321 dns_acl_detach(&zone->update_acl);
13322 dns_acl_attach(acl, &zone->update_acl);
13323 UNLOCK_ZONE(zone);
13327 dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl) {
13329 REQUIRE(DNS_ZONE_VALID(zone));
13331 LOCK_ZONE(zone);
13332 if (zone->forward_acl != NULL)
13333 dns_acl_detach(&zone->forward_acl);
13334 dns_acl_attach(acl, &zone->forward_acl);
13335 UNLOCK_ZONE(zone);
13339 dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl) {
13341 REQUIRE(DNS_ZONE_VALID(zone));
13343 LOCK_ZONE(zone);
13344 if (zone->xfr_acl != NULL)
13345 dns_acl_detach(&zone->xfr_acl);
13346 dns_acl_attach(acl, &zone->xfr_acl);
13347 UNLOCK_ZONE(zone);
13351 dns_zone_getnotifyacl(dns_zone_t *zone) {
13353 REQUIRE(DNS_ZONE_VALID(zone));
13355 return (zone->notify_acl);
13359 dns_zone_getqueryacl(dns_zone_t *zone) {
13361 REQUIRE(DNS_ZONE_VALID(zone));
13363 return (zone->query_acl);
13367 dns_zone_getqueryonacl(dns_zone_t *zone) {
13369 REQUIRE(DNS_ZONE_VALID(zone));
13371 return (zone->queryon_acl);
13375 dns_zone_getupdateacl(dns_zone_t *zone) {
13377 REQUIRE(DNS_ZONE_VALID(zone));
13379 return (zone->update_acl);
13383 dns_zone_getforwardacl(dns_zone_t *zone) {
13385 REQUIRE(DNS_ZONE_VALID(zone));
13387 return (zone->forward_acl);
13391 dns_zone_getxfracl(dns_zone_t *zone) {
13393 REQUIRE(DNS_ZONE_VALID(zone));
13395 return (zone->xfr_acl);
13399 dns_zone_clearupdateacl(dns_zone_t *zone) {
13401 REQUIRE(DNS_ZONE_VALID(zone));
13403 LOCK_ZONE(zone);
13404 if (zone->update_acl != NULL)
13405 dns_acl_detach(&zone->update_acl);
13406 UNLOCK_ZONE(zone);
13410 dns_zone_clearforwardacl(dns_zone_t *zone) {
13412 REQUIRE(DNS_ZONE_VALID(zone));
13414 LOCK_ZONE(zone);
13415 if (zone->forward_acl != NULL)
13416 dns_acl_detach(&zone->forward_acl);
13417 UNLOCK_ZONE(zone);
13421 dns_zone_clearnotifyacl(dns_zone_t *zone) {
13423 REQUIRE(DNS_ZONE_VALID(zone));
13425 LOCK_ZONE(zone);
13426 if (zone->notify_acl != NULL)
13427 dns_acl_detach(&zone->notify_acl);
13428 UNLOCK_ZONE(zone);
13432 dns_zone_clearqueryacl(dns_zone_t *zone) {
13434 REQUIRE(DNS_ZONE_VALID(zone));
13436 LOCK_ZONE(zone);
13437 if (zone->query_acl != NULL)
13438 dns_acl_detach(&zone->query_acl);
13439 UNLOCK_ZONE(zone);
13443 dns_zone_clearqueryonacl(dns_zone_t *zone) {
13445 REQUIRE(DNS_ZONE_VALID(zone));
13447 LOCK_ZONE(zone);
13448 if (zone->queryon_acl != NULL)
13449 dns_acl_detach(&zone->queryon_acl);
13450 UNLOCK_ZONE(zone);
13454 dns_zone_clearxfracl(dns_zone_t *zone) {
13456 REQUIRE(DNS_ZONE_VALID(zone));
13458 LOCK_ZONE(zone);
13459 if (zone->xfr_acl != NULL)
13460 dns_acl_detach(&zone->xfr_acl);
13461 UNLOCK_ZONE(zone);
13465 dns_zone_getupdatedisabled(dns_zone_t *zone) {
13466 REQUIRE(DNS_ZONE_VALID(zone));
13467 return (zone->update_disabled);
13472 dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state) {
13473 REQUIRE(DNS_ZONE_VALID(zone));
13474 zone->update_disabled = state;
13478 dns_zone_getzeronosoattl(dns_zone_t *zone) {
13479 REQUIRE(DNS_ZONE_VALID(zone));
13480 return (zone->zero_no_soa_ttl);
13485 dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state) {
13486 REQUIRE(DNS_ZONE_VALID(zone));
13487 zone->zero_no_soa_ttl = state;
13491 dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity) {
13493 REQUIRE(DNS_ZONE_VALID(zone));
13495 zone->check_names = severity;
13499 dns_zone_getchecknames(dns_zone_t *zone) {
13501 REQUIRE(DNS_ZONE_VALID(zone));
13503 return (zone->check_names);
13507 dns_zone_setjournalsize(dns_zone_t *zone, isc_int32_t size) {
13509 REQUIRE(DNS_ZONE_VALID(zone));
13511 zone->journalsize = size;
13515 dns_zone_getjournalsize(dns_zone_t *zone) {
13517 REQUIRE(DNS_ZONE_VALID(zone));
13519 return (zone->journalsize);
13523 zone_namerd_tostr(dns_zone_t *zone, char *buf, size_t length) {
13534 if (zone->type != dns_zone_redirect && zone->type != dns_zone_key) {
13535 if (dns_name_dynamic(&zone->origin))
13536 result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer);
13543 (void)dns_rdataclass_totext(zone->rdclass, &buffer);
13546 if (zone->view != NULL && strcmp(zone->view->name, "_bind") != 0 &&
13547 strcmp(zone->view->name, "_default") != 0 &&
13548 strlen(zone->view->name) < isc_buffer_availablelength(&buffer)) {
13550 isc_buffer_putstr(&buffer, zone->view->name);
13552 if (inline_secure(zone) && 9U < isc_buffer_availablelength(&buffer))
13554 if (inline_raw(zone) && 11U < isc_buffer_availablelength(&buffer))
13561 zone_name_tostr(dns_zone_t *zone, char *buf, size_t length) {
13572 if (dns_name_dynamic(&zone->origin))
13573 result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer);
13582 zone_rdclass_tostr(dns_zone_t *zone, char *buf, size_t length) {
13592 (void)dns_rdataclass_totext(zone->rdclass, &buffer);
13598 zone_viewname_tostr(dns_zone_t *zone, char *buf, size_t length) {
13610 if (zone->view == NULL) {
13612 } else if (strlen(zone->view->name)
13614 isc_buffer_putstr(&buffer, zone->view->name);
13623 dns_zone_name(dns_zone_t *zone, char *buf, size_t length) {
13624 REQUIRE(DNS_ZONE_VALID(zone));
13626 zone_namerd_tostr(zone, buf, length);
13630 dns_zone_nameonly(dns_zone_t *zone, char *buf, size_t length) {
13631 REQUIRE(DNS_ZONE_VALID(zone));
13633 zone_name_tostr(zone, buf, length);
13637 notify_log(dns_zone_t *zone, int level, const char *fmt, ...) {
13648 level, "zone %s: %s", zone->strnamerd, message);
13652 dns_zone_logc(dns_zone_t *zone, isc_logcategory_t *category,
13664 level, "%s%s: %s", (zone->type == dns_zone_key) ?
13665 "managed-keys-zone" : (zone->type == dns_zone_redirect) ?
13666 "redirect-zone" : "zone ", zone->strnamerd, message);
13670 dns_zone_log(dns_zone_t *zone, int level, const char *fmt, ...) {
13681 level, "%s%s: %s", (zone->type == dns_zone_key) ?
13682 "managed-keys-zone" : (zone->type == dns_zone_redirect) ?
13683 "redirect-zone" : "zone ", zone->strnamerd, message);
13687 zone_debuglog(dns_zone_t *zone, const char *me, int debuglevel,
13702 switch (zone->type) {
13704 zstr = "managed-keys-zone";
13707 zstr = "redirect-zone";
13710 zstr = "zone";
13714 level, "%s: %s %s: %s", me, zstr, zone->strnamerd,
13743 dns_zone_setmaxxfrin(dns_zone_t *zone, isc_uint32_t maxxfrin) {
13744 REQUIRE(DNS_ZONE_VALID(zone));
13746 zone->maxxfrin = maxxfrin;
13750 dns_zone_getmaxxfrin(dns_zone_t *zone) {
13751 REQUIRE(DNS_ZONE_VALID(zone));
13753 return (zone->maxxfrin);
13757 dns_zone_setmaxxfrout(dns_zone_t *zone, isc_uint32_t maxxfrout) {
13758 REQUIRE(DNS_ZONE_VALID(zone));
13759 zone->maxxfrout = maxxfrout;
13763 dns_zone_getmaxxfrout(dns_zone_t *zone) {
13764 REQUIRE(DNS_ZONE_VALID(zone));
13766 return (zone->maxxfrout);
13770 dns_zone_gettype(dns_zone_t *zone) {
13771 REQUIRE(DNS_ZONE_VALID(zone));
13773 return (zone->type);
13777 dns_zone_getorigin(dns_zone_t *zone) {
13778 REQUIRE(DNS_ZONE_VALID(zone));
13780 return (&zone->origin);
13784 dns_zone_settask(dns_zone_t *zone, isc_task_t *task) {
13785 REQUIRE(DNS_ZONE_VALID(zone));
13787 LOCK_ZONE(zone);
13788 if (zone->task != NULL)
13789 isc_task_detach(&zone->task);
13790 isc_task_attach(task, &zone->task);
13791 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
13792 if (zone->db != NULL)
13793 dns_db_settask(zone->db, zone->task);
13794 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
13795 UNLOCK_ZONE(zone);
13799 dns_zone_gettask(dns_zone_t *zone, isc_task_t **target) {
13800 REQUIRE(DNS_ZONE_VALID(zone));
13801 isc_task_attach(zone->task, target);
13805 dns_zone_setidlein(dns_zone_t *zone, isc_uint32_t idlein) {
13806 REQUIRE(DNS_ZONE_VALID(zone));
13810 zone->idlein = idlein;
13814 dns_zone_getidlein(dns_zone_t *zone) {
13815 REQUIRE(DNS_ZONE_VALID(zone));
13817 return (zone->idlein);
13821 dns_zone_setidleout(dns_zone_t *zone, isc_uint32_t idleout) {
13822 REQUIRE(DNS_ZONE_VALID(zone));
13824 zone->idleout = idleout;
13828 dns_zone_getidleout(dns_zone_t *zone) {
13829 REQUIRE(DNS_ZONE_VALID(zone));
13831 return (zone->idleout);
13848 INSIST(task == notify->zone->task);
13855 result = dns_message_create(notify->zone->mctx,
13863 notify_log(notify->zone, ISC_LOG_DEBUG(3),
13867 notify_log(notify->zone, ISC_LOG_DEBUG(2),
13888 notify_log(notify->zone, ISC_LOG_DEBUG(1),
13903 update_log_cb(void *arg, dns_zone_t *zone, int level, const char *message) {
13905 dns_zone_log(zone, level, "%s", message);
13909 sync_secure_journal(dns_zone_t *zone, dns_zone_t *raw, dns_journal_t *journal,
13959 if (zone->privatetype != 0 &&
13960 rdata->type == zone->privatetype)
14089 dns_zone_t *zone;
14096 zone = event->ev_arg;
14101 LOCK_ZONE(zone);
14105 * for the zone, just queue the new one and exit.
14107 if (zone->rss_event != NULL && zone->rss_event != event) {
14108 ISC_LIST_APPEND(zone->rss_events, event, ev_link);
14109 UNLOCK_ZONE(zone);
14114 if (zone->rss_event != NULL) {
14115 INSIST(zone->rss_event == event);
14116 UNLOCK_ZONE(zone);
14118 zone->rss_event = event;
14119 dns_diff_init(zone->mctx, &zone->rss_diff);
14122 * zone->db may be NULL, if the load from disk failed.
14125 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
14126 if (zone->db != NULL)
14127 dns_db_attach(zone->db, &zone->rss_db);
14130 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
14132 if (result == ISC_R_SUCCESS && zone->raw != NULL)
14133 dns_zone_attach(zone->raw, &zone->rss_raw);
14137 UNLOCK_ZONE(zone);
14142 * We first attempt to sync the raw zone to the secure zone
14143 * by using the raw zone's journal, applying all the deltas
14144 * from the latest source-serial of the secure zone up to
14145 * the current serial number of the raw zone.
14150 CHECK(dns_journal_open(zone->rss_raw->mctx,
14151 zone->rss_raw->journal,
14154 result = dns_journal_open(zone->mctx, zone->journal,
14177 dns_db_currentversion(zone->rss_db, &zone->rss_oldver);
14178 CHECK(dns_db_newversion(zone->rss_db, &zone->rss_newver));
14181 * Try to apply diffs from the raw zone's journal to the secure
14182 * zone. If that fails, we recover by syncing up the databases
14185 result = sync_secure_journal(zone, zone->rss_raw, rjournal,
14187 &zone->rss_diff);
14191 CHECK(sync_secure_db(zone, zone->rss_raw, zone->rss_db,
14192 zone->rss_oldver, &soatuple,
14193 &zone->rss_diff));
14195 CHECK(dns_diff_apply(&zone->rss_diff, zone->rss_db,
14196 zone->rss_newver));
14201 CHECK(dns_db_createsoatuple(zone->rss_db,
14202 zone->rss_oldver,
14203 zone->rss_diff.mctx,
14214 CHECK(do_one_tuple(&tuple, zone->rss_db,
14215 zone->rss_newver, &zone->rss_diff));
14216 CHECK(do_one_tuple(&soatuple, zone->rss_db,
14217 zone->rss_newver, &zone->rss_diff));
14218 dns_zone_log(zone, ISC_LOG_INFO,
14222 CHECK(update_soa_serial(zone->rss_db, zone->rss_newver,
14223 &zone->rss_diff, zone->mctx,
14224 zone->updatemethod));
14227 result = dns_update_signaturesinc(&log, zone, zone->rss_db,
14228 zone->rss_oldver, zone->rss_newver,
14229 &zone->rss_diff,
14230 zone->sigvalidityinterval,
14231 &zone->rss_state);
14243 CHECK(dns_journal_open(zone->rss_raw->mctx,
14244 zone->rss_raw->journal,
14246 CHECK(zone_journal(zone, &zone->rss_diff, &end,
14252 LOCK_ZONE(zone);
14253 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
14255 zone->sourceserial = end;
14256 zone->sourceserialset = ISC_TRUE;
14257 zone_needdump(zone, DNS_DUMP_DELAY);
14260 zone_settimer(zone, &timenow);
14261 UNLOCK_ZONE(zone);
14263 dns_db_closeversion(zone->rss_db, &zone->rss_oldver, ISC_FALSE);
14264 dns_db_closeversion(zone->rss_db, &zone->rss_newver, ISC_TRUE);
14267 isc_event_free(&zone->rss_event);
14268 event = ISC_LIST_HEAD(zone->rss_events);
14270 if (zone->rss_raw != NULL)
14271 dns_zone_detach(&zone->rss_raw);
14273 dns_zone_log(zone, ISC_LOG_ERROR, "receive_secure_serial: %s",
14279 if (zone->rss_db != NULL) {
14280 if (zone->rss_oldver != NULL)
14281 dns_db_closeversion(zone->rss_db, &zone->rss_oldver,
14283 if (zone->rss_newver != NULL)
14284 dns_db_closeversion(zone->rss_db, &zone->rss_newver,
14286 dns_db_detach(&zone->rss_db);
14288 INSIST(zone->rss_oldver == NULL);
14289 INSIST(zone->rss_newver == NULL);
14292 dns_diff_clear(&zone->rss_diff);
14295 LOCK_ZONE(zone);
14296 INSIST(zone->irefs > 1);
14297 zone->irefs--;
14298 ISC_LIST_UNLINK(zone->rss_events, event, ev_link);
14301 dns_zone_idetach(&zone);
14305 zone_send_secureserial(dns_zone_t *zone, isc_uint32_t serial) {
14309 e = isc_event_allocate(zone->secure->mctx, zone,
14311 receive_secure_serial, zone->secure,
14316 INSIST(LOCKED_ZONE(zone->secure));
14317 zone_iattach(zone->secure, &dummy);
14318 isc_task_send(zone->secure->task, &e);
14320 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SENDSECURE);
14385 * nsecparam_t data from a zone.
14388 save_nsec3param(dns_zone_t *zone, nsec3paramlist_t *nsec3list) {
14399 REQUIRE(DNS_ZONE_VALID(zone));
14406 dns_db_attach(zone->db, &db);
14434 nsec3param = isc_mem_get(zone->mctx, sizeof(nsec3param_t));
14444 zone->privatetype, nsec3param->data,
14451 result = dns_db_findrdataset(db, node, version, zone->privatetype,
14500 isc_mem_put(zone->mctx, nsec3p,
14507 nsec3param = isc_mem_get(zone->mctx, sizeof(nsec3param_t));
14541 * Populate new zone db with private type records found by save_nsec3param().
14544 restore_nsec3param(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version,
14553 REQUIRE(DNS_ZONE_VALID(zone));
14556 dns_diff_init(zone->mctx, &diff);
14572 rdata.type = zone->privatetype;
14573 rdata.rdclass = zone->rdclass;
14575 &zone->origin, 0, &rdata);
14588 dns_zone_t *zone;
14606 zone = event->ev_arg;
14614 LOCK_ZONE(zone);
14615 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) || !inline_secure(zone)) {
14621 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
14622 if (zone->db != NULL) {
14623 result = dns_db_getsoaserial(zone->db, NULL, &oldserial);
14628 * assemble nsec3parameters from the old zone, and set a flag
14631 result = save_nsec3param(zone, &nsec3list);
14633 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
14637 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
14639 result = dns_db_create(zone->mctx, zone->db_argv[0],
14640 &zone->origin, dns_dbtype_zone, zone->rdclass,
14641 zone->db_argc - 1, zone->db_argv + 1, &db);
14703 result = restore_nsec3param(zone, db, version, &nsec3list);
14712 * Lock hierarchy: zmgr, zone, raw.
14714 INSIST(zone != zone->raw);
14715 LOCK_ZONE(zone->raw);
14716 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
14717 result = zone_postload(zone, db, loadtime, ISC_R_SUCCESS);
14718 zone_needdump(zone, 0); /* XXXMPA */
14719 UNLOCK_ZONE(zone->raw);
14722 UNLOCK_ZONE(zone);
14724 dns_zone_log(zone, ISC_LOG_ERROR, "receive_secure_db: %s",
14731 isc_mem_put(zone->mctx, nsec3p, sizeof(nsec3param_t));
14747 dns_zone_idetach(&zone);
14753 zone_send_securedb(dns_zone_t *zone, dns_db_t *db) {
14758 e = isc_event_allocate(zone->secure->mctx, zone,
14760 receive_secure_db, zone->secure,
14766 INSIST(LOCKED_ZONE(zone->secure));
14767 zone_iattach(zone->secure, &secure);
14768 isc_task_send(zone->secure->task, &e);
14769 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SENDSECURE);
14774 dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
14778 REQUIRE(DNS_ZONE_VALID(zone));
14780 LOCK_ZONE(zone);
14781 if (inline_raw(zone)) {
14782 secure = zone->secure;
14783 INSIST(secure != zone);
14786 UNLOCK_ZONE(zone);
14794 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
14795 result = zone_replacedb(zone, db, dump);
14796 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
14799 UNLOCK_ZONE(zone);
14804 zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
14811 * 'zone' and 'zonedb' locked by caller.
14813 REQUIRE(DNS_ZONE_VALID(zone));
14814 REQUIRE(LOCKED_ZONE(zone));
14815 if (inline_raw(zone))
14816 REQUIRE(LOCKED_ZONE(zone->secure));
14822 result = zone_get_from_db(zone, db, &nscount, &soacount,
14826 dns_zone_log(zone, ISC_LOG_ERROR,
14830 if (nscount == 0 && zone->type != dns_zone_key) {
14831 dns_zone_log(zone, ISC_LOG_ERROR, "has no NS records");
14837 dns_zone_log(zone, ISC_LOG_ERROR,
14843 result = check_nsec3param(zone, db);
14851 * The initial version of a slave zone is always dumped;
14855 if (zone->db != NULL && zone->journal != NULL &&
14856 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS) &&
14857 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER))
14861 dns_zone_log(zone, ISC_LOG_DEBUG(3), "generating diffs");
14865 dns_zone_log(zone, ISC_LOG_ERROR,
14874 result = zone_get_from_db(zone, zone->db, NULL, &soacount,
14879 if ((zone->type == dns_zone_slave ||
14880 (zone->type == dns_zone_redirect &&
14881 zone->masters != NULL))
14886 dns_zone_log(zone, ISC_LOG_ERROR,
14894 result = dns_db_diff(zone->mctx, db, ver, zone->db, NULL,
14895 zone->journal);
14899 zone_needdump(zone, DNS_DUMP_DELAY);
14900 else if (zone->journalsize != -1) {
14901 result = dns_journal_compact(zone->mctx, zone->journal,
14902 serial, zone->journalsize);
14907 dns_zone_log(zone, ISC_LOG_DEBUG(3),
14912 dns_zone_log(zone, ISC_LOG_ERROR,
14918 if (zone->type == dns_zone_master && inline_raw(zone))
14919 zone_send_secureserial(zone, serial);
14921 if (dump && zone->masterfile != NULL) {
14926 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER) &&
14927 remove(zone->masterfile) < 0 && errno != ENOENT) {
14936 zone->masterfile, strbuf);
14938 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) == 0)
14939 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NODELAY);
14941 zone_needdump(zone, 0);
14943 if (dump && zone->journal != NULL) {
14951 * no longer be used to bring the zone
14958 if (remove(zone->journal) < 0 && errno != ENOENT) {
14967 zone->journal, strbuf);
14971 if (inline_raw(zone))
14972 zone_send_securedb(zone, db);
14977 dns_zone_log(zone, ISC_LOG_DEBUG(3), "replacing zone database");
14979 if (zone->db != NULL)
14980 zone_detachdb(zone);
14981 zone_attachdb(zone, db);
14982 dns_db_settask(zone->db, zone->task);
14983 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED|DNS_ZONEFLG_NEEDNOTIFY);
14993 zone_attachdb(dns_zone_t *zone, dns_db_t *db) {
14994 REQUIRE(zone->db == NULL && db != NULL);
14996 dns_db_attach(db, &zone->db);
14997 if (zone->acache != NULL) {
14999 result = dns_acache_setdb(zone->acache, db);
15010 zone_detachdb(dns_zone_t *zone) {
15011 REQUIRE(zone->db != NULL);
15013 if (zone->acache != NULL)
15014 (void)dns_acache_putdb(zone->acache, zone->db);
15015 dns_db_detach(&zone->db);
15019 zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
15029 REQUIRE(DNS_ZONE_VALID(zone));
15031 dns_zone_log(zone, ISC_LOG_DEBUG(1),
15032 "zone transfer finished: %s", dns_result_totext(result));
15035 * Obtaining a lock on the zone->secure (see zone_send_secureserial)
15040 LOCK_ZONE(zone);
15041 if (inline_raw(zone)) {
15042 secure = zone->secure;
15043 INSIST(secure != zone);
15046 UNLOCK_ZONE(zone);
15055 INSIST((zone->flags & DNS_ZONEFLG_REFRESH) != 0);
15056 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
15057 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR);
15062 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
15065 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_FORCEXFER);
15067 * Has the zone expired underneath us?
15069 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
15070 if (zone->db == NULL) {
15071 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
15076 * Update the zone structure's data from the actual
15081 INSIST(zone->db != NULL);
15082 result = zone_get_from_db(zone, zone->db, &nscount,
15085 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
15088 dns_zone_log(zone, ISC_LOG_ERROR,
15089 "transferred zone "
15093 dns_zone_log(zone, ISC_LOG_ERROR,
15094 "transferred zone "
15096 if (DNS_ZONE_FLAG(zone,
15098 zone->refresh = DNS_ZONE_DEFAULTREFRESH;
15099 zone->retry = DNS_ZONE_DEFAULTRETRY;
15101 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
15102 zone_unload(zone);
15105 zone->refresh = RANGE(refresh, zone->minrefresh,
15106 zone->maxrefresh);
15107 zone->retry = RANGE(retry, zone->minretry,
15108 zone->maxretry);
15109 zone->expire = RANGE(expire,
15110 zone->refresh + zone->retry,
15112 zone->minimum = minimum;
15113 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
15119 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDREFRESH)) {
15120 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDREFRESH);
15121 zone->refreshtime = now;
15122 DNS_ZONE_TIME_ADD(&now, zone->expire,
15123 &zone->expiretime);
15125 DNS_ZONE_JITTER_ADD(&now, zone->refresh,
15126 &zone->refreshtime);
15127 DNS_ZONE_TIME_ADD(&now, zone->expire,
15128 &zone->expiretime);
15132 if (zone->tsigkey != NULL) {
15134 dns_name_format(&zone->tsigkey->name, namebuf,
15140 dns_zone_log(zone, ISC_LOG_INFO,
15143 if (inline_raw(zone))
15144 zone_send_secureserial(zone, serial);
15152 if (zone->masterfile != NULL || zone->journal != NULL) {
15156 if (zone->journal != NULL)
15157 result = isc_file_settime(zone->journal, &now);
15159 zone->masterfile != NULL)
15160 result = isc_file_settime(zone->masterfile,
15163 if ((DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NODELAY) != 0) ||
15169 zone->masterfile != NULL)
15170 zone_needdump(zone, delay);
15172 dns_zone_log(zone, ISC_LOG_ERROR,
15175 zone->masterfile,
15178 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NODELAY);
15179 inc_stats(zone, dns_zonestatscounter_xfrsuccess);
15184 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLAG_NOIXFR);
15188 DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime);
15189 inc_stats(zone, dns_zonestatscounter_xfrfail);
15198 zone->curmaster++;
15199 } while (zone->curmaster < zone->masterscnt &&
15200 zone->mastersok[zone->curmaster]);
15203 if (zone->curmaster >= zone->masterscnt) {
15204 zone->curmaster = 0;
15205 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
15206 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
15207 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH);
15208 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
15209 while (zone->curmaster < zone->masterscnt &&
15210 zone->mastersok[zone->curmaster])
15211 zone->curmaster++;
15214 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
15216 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH);
15219 inc_stats(zone, dns_zonestatscounter_xfrfail);
15222 zone_settimer(zone, &now);
15225 * If creating the transfer object failed, zone->xfr is NULL.
15226 * Otherwise, we are called as the done callback of a zone
15231 if (zone->xfr != NULL)
15232 dns_xfrin_detach(&zone->xfr);
15234 if (zone->tsigkey != NULL)
15235 dns_tsigkey_detach(&zone->tsigkey);
15240 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDCOMPACT)) {
15241 result = dns_journal_compact(zone->mctx, zone->journal,
15242 zone->compact_serial,
15243 zone->journalsize);
15248 dns_zone_log(zone, ISC_LOG_DEBUG(3),
15253 dns_zone_log(zone, ISC_LOG_ERROR,
15258 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDCOMPACT);
15267 if (zone->zmgr != NULL &&
15268 zone->statelist == &zone->zmgr->xfrin_in_progress) {
15269 UNLOCK_ZONE(zone);
15270 RWLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write);
15271 ISC_LIST_UNLINK(zone->zmgr->xfrin_in_progress, zone, statelink);
15272 zone->statelist = NULL;
15273 zmgr_resume_xfrs(zone->zmgr, ISC_FALSE);
15274 RWUNLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write);
15275 LOCK_ZONE(zone);
15281 if (again && !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
15282 queue_soa_query(zone);
15284 INSIST(zone->irefs > 0);
15285 zone->irefs--;
15286 free_needed = exit_check(zone);
15287 UNLOCK_ZONE(zone);
15289 zone_free(zone);
15296 dns_zone_t *zone;
15301 zone = load->zone;
15311 * Lock hierarchy: zmgr, zone, raw.
15314 LOCK_ZONE(zone);
15315 INSIST(zone != zone->raw);
15316 if (inline_secure(zone))
15317 LOCK_ZONE(zone->raw);
15318 else if (inline_raw(zone)) {
15319 secure = zone->secure;
15322 UNLOCK_ZONE(zone);
15330 (void)zone_postload(zone, load->db, load->loadtime, result);
15331 zonemgr_putio(&zone->readio);
15332 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADING);
15333 zone_idetach(&load->callbacks.zone);
15335 * Leave the zone frozen if the reload fails.
15338 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_THAW))
15339 zone->update_disabled = ISC_FALSE;
15340 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_THAW);
15341 if (inline_secure(zone))
15342 UNLOCK_ZONE(zone->raw);
15345 UNLOCK_ZONE(zone);
15349 if (load->zone->lctx != NULL)
15350 dns_loadctx_detach(&load->zone->lctx);
15351 dns_zone_idetach(&load->zone);
15356 dns_zone_getssutable(dns_zone_t *zone, dns_ssutable_t **table) {
15357 REQUIRE(DNS_ZONE_VALID(zone));
15361 LOCK_ZONE(zone);
15362 if (zone->ssutable != NULL)
15363 dns_ssutable_attach(zone->ssutable, table);
15364 UNLOCK_ZONE(zone);
15368 dns_zone_setssutable(dns_zone_t *zone, dns_ssutable_t *table) {
15369 REQUIRE(DNS_ZONE_VALID(zone));
15371 LOCK_ZONE(zone);
15372 if (zone->ssutable != NULL)
15373 dns_ssutable_detach(&zone->ssutable);
15375 dns_ssutable_attach(table, &zone->ssutable);
15376 UNLOCK_ZONE(zone);
15380 dns_zone_setsigvalidityinterval(dns_zone_t *zone, isc_uint32_t interval) {
15381 REQUIRE(DNS_ZONE_VALID(zone));
15383 zone->sigvalidityinterval = interval;
15387 dns_zone_getsigvalidityinterval(dns_zone_t *zone) {
15388 REQUIRE(DNS_ZONE_VALID(zone));
15390 return (zone->sigvalidityinterval);
15394 dns_zone_setsigresigninginterval(dns_zone_t *zone, isc_uint32_t interval) {
15397 REQUIRE(DNS_ZONE_VALID(zone));
15399 LOCK_ZONE(zone);
15400 zone->sigresigninginterval = interval;
15401 set_resigntime(zone);
15402 if (zone->task != NULL) {
15404 zone_settimer(zone, &now);
15406 UNLOCK_ZONE(zone);
15410 dns_zone_getsigresigninginterval(dns_zone_t *zone) {
15411 REQUIRE(DNS_ZONE_VALID(zone));
15413 return (zone->sigresigninginterval);
15417 queue_xfrin(dns_zone_t *zone) {
15420 dns_zonemgr_t *zmgr = zone->zmgr;
15424 INSIST(zone->statelist == NULL);
15427 ISC_LIST_APPEND(zmgr->waiting_for_xfrin, zone, statelink);
15428 LOCK_ZONE(zone);
15429 zone->irefs++;
15430 UNLOCK_ZONE(zone);
15431 zone->statelist = &zmgr->waiting_for_xfrin;
15432 result = zmgr_start_xfrin_ifquota(zmgr, zone);
15436 dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_INFO,
15437 "zone transfer deferred due to quota");
15439 dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_ERROR,
15440 "starting zone transfer: %s",
15446 * This event callback is called when a zone has received
15447 * any necessary zone transfer quota. This is the time
15457 dns_zone_t *zone = event->ev_arg;
15468 INSIST(task == zone->task);
15470 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
15477 isc_sockaddr_format(&zone->masteraddr, master, sizeof(master));
15478 if (dns_zonemgr_unreachable(zone->zmgr, &zone->masteraddr,
15479 &zone->sourceaddr, &now))
15481 isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source));
15482 dns_zone_log(zone, ISC_LOG_INFO,
15483 "got_transfer_quota: skipping zone transfer as "
15490 isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
15491 (void)dns_peerlist_peerbyaddr(zone->view->peers, &masterip, &peer);
15493 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR))
15498 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
15499 loaded = ISC_TF(zone->db != NULL);
15500 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
15503 dns_zone_log(zone, ISC_LOG_DEBUG(1),
15507 } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER)) {
15508 dns_zone_log(zone, ISC_LOG_DEBUG(1),
15512 } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLAG_NOIXFR)) {
15513 dns_zone_log(zone, ISC_LOG_DEBUG(1),
15517 LOCK_ZONE(zone);
15518 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLAG_NOIXFR);
15519 UNLOCK_ZONE(zone);
15525 use_ixfr = zone->requestixfr;
15527 dns_zone_log(zone, ISC_LOG_DEBUG(1),
15530 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR))
15535 dns_zone_log(zone, ISC_LOG_DEBUG(1),
15550 if ((zone->masterkeynames != NULL) &&
15551 (zone->masterkeynames[zone->curmaster] != NULL)) {
15552 dns_view_t *view = dns_zone_getview(zone);
15553 dns_name_t *keyname = zone->masterkeynames[zone->curmaster];
15554 result = dns_view_gettsig(view, keyname, &zone->tsigkey);
15556 if (zone->tsigkey == NULL)
15557 result = dns_view_getpeertsig(zone->view, &masterip,
15558 &zone->tsigkey);
15561 dns_zone_log(zone, ISC_LOG_ERROR,
15562 "could not get TSIG key for zone transfer: %s",
15566 if (zone->masterdscps != NULL)
15567 dscp = zone->masterdscps[zone->curmaster];
15569 LOCK_ZONE(zone);
15570 masteraddr = zone->masteraddr;
15571 sourceaddr = zone->sourceaddr;
15575 dscp = zone->xfrsource4dscp;
15579 dscp = zone->xfrsource6dscp;
15584 UNLOCK_ZONE(zone);
15586 result = dns_xfrin_create3(zone, xfrtype, &masteraddr, &sourceaddr,
15587 dscp, zone->tsigkey, zone->mctx,
15588 zone->zmgr->timermgr, zone->zmgr->socketmgr,
15589 zone->task, zone_xfrdone, &zone->xfr);
15591 LOCK_ZONE(zone);
15594 inc_stats(zone, dns_zonestatscounter_axfrreqv4);
15596 inc_stats(zone, dns_zonestatscounter_axfrreqv6);
15599 inc_stats(zone, dns_zonestatscounter_ixfrreqv4);
15601 inc_stats(zone, dns_zonestatscounter_ixfrreqv6);
15603 UNLOCK_ZONE(zone);
15608 * zone transfer. This ensures that we get removed from
15612 zone_xfrdone(zone, result);
15629 if (forward->zone != NULL) {
15630 LOCK(&forward->zone->lock);
15632 ISC_LIST_UNLINK(forward->zone->forwards, forward, link);
15633 UNLOCK(&forward->zone->lock);
15634 dns_zone_idetach(&forward->zone);
15645 LOCK_ZONE(forward->zone);
15647 if (DNS_ZONE_FLAG(forward->zone, DNS_ZONEFLG_EXITING)) {
15648 UNLOCK_ZONE(forward->zone);
15652 if (forward->which >= forward->zone->masterscnt) {
15653 UNLOCK_ZONE(forward->zone);
15657 forward->addr = forward->zone->masters[forward->which];
15666 src = forward->zone->xfrsource4;
15667 dscp = forward->zone->xfrsource4dscp;
15670 src = forward->zone->xfrsource6;
15671 dscp = forward->zone->xfrsource6dscp;
15677 result = dns_request_createraw4(forward->zone->view->requestmgr,
15681 0, 0, forward->zone->task,
15686 ISC_LIST_APPEND(forward->zone->forwards, forward, link);
15690 UNLOCK_ZONE(forward->zone);
15702 dns_zone_t *zone;
15708 zone = forward->zone;
15709 INSIST(DNS_ZONE_VALID(zone));
15716 dns_zone_log(zone, ISC_LOG_INFO,
15722 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTPARSE, &msg);
15747 dns_zone_log(zone, ISC_LOG_INFO,
15754 /* These should not occur if the masters/zone are valid. */
15762 dns_zone_log(zone, ISC_LOG_WARNING,
15795 dns_zone_log(zone, ISC_LOG_DEBUG(3),
15803 dns_zone_forwardupdate(dns_zone_t *zone, dns_message_t *msg,
15810 REQUIRE(DNS_ZONE_VALID(zone));
15814 forward = isc_mem_get(zone->mctx, sizeof(*forward));
15819 forward->zone = NULL;
15841 result = isc_buffer_allocate(zone->mctx, &forward->msgbuf, mr->length);
15848 isc_mem_attach(zone->mctx, &forward->mctx);
15849 dns_zone_iattach(zone, &forward->zone);
15860 dns_zone_next(dns_zone_t *zone, dns_zone_t **next) {
15861 REQUIRE(DNS_ZONE_VALID(zone));
15864 *next = ISC_LIST_NEXT(zone, link);
16004 dns_zone_t *zone = NULL;
16018 result = dns_zone_create(&zone, mctx);
16022 *zonep = zone;
16028 dns_zonemgr_managezone(dns_zonemgr_t *zmgr, dns_zone_t *zone) {
16031 REQUIRE(DNS_ZONE_VALID(zone));
16038 LOCK_ZONE(zone);
16039 REQUIRE(zone->task == NULL);
16040 REQUIRE(zone->timer == NULL);
16041 REQUIRE(zone->zmgr == NULL);
16043 isc_taskpool_gettask(zmgr->zonetasks, &zone->task);
16044 isc_taskpool_gettask(zmgr->loadtasks, &zone->loadtask);
16051 isc_task_setname(zone->task, "zone", zone);
16052 isc_task_setname(zone->loadtask, "loadzone", zone);
16056 zone->task, zone_timer, zone,
16057 &zone->timer);
16065 zone->irefs++;
16066 INSIST(zone->irefs != 0);
16068 ISC_LIST_APPEND(zmgr->zones, zone, link);
16069 zone->zmgr = zmgr;
16075 isc_task_detach(&zone->loadtask);
16076 isc_task_detach(&zone->task);
16079 UNLOCK_ZONE(zone);
16085 dns_zonemgr_releasezone(dns_zonemgr_t *zmgr, dns_zone_t *zone) {
16088 REQUIRE(DNS_ZONE_VALID(zone));
16090 REQUIRE(zone->zmgr == zmgr);
16093 LOCK_ZONE(zone);
16095 ISC_LIST_UNLINK(zmgr->zones, zone, link);
16096 zone->zmgr = NULL;
16101 UNLOCK_ZONE(zone);
16106 ENSURE(zone->zmgr == NULL);
16181 dns_zone_t *zone;
16200 for (zone = ISC_LIST_HEAD(zmgr->zones);
16201 zone != NULL;
16202 zone = ISC_LIST_NEXT(zone, link))
16204 LOCK_ZONE(zone);
16205 forward_cancel(zone);
16206 UNLOCK_ZONE(zone);
16260 /* Create or resize the zone task pools. */
16281 * We always set all tasks in the zone-load task pool to
16287 * part of the system than zone tasks, then this will need to be
16289 * zone tasks only when we were loading, and turn them off the
16295 /* Create or resize the zone memory context pool. */
16359 * Try to start a new incoming zone transfer to fill a quota
16363 * The zone manager is locked by the caller.
16367 dns_zone_t *zone;
16370 for (zone = ISC_LIST_HEAD(zmgr->waiting_for_xfrin);
16371 zone != NULL;
16372 zone = next)
16375 next = ISC_LIST_NEXT(zone, statelink);
16376 result = zmgr_start_xfrin_ifquota(zmgr, zone);
16389 * zone, it may succeed if it uses another master.
16393 dns_zone_log(zone, ISC_LOG_DEBUG(1),
16394 "starting zone transfer: %s",
16402 * Try to start an incoming zone transfer for 'zone', quota permitting.
16405 * The zone manager is locked by the caller.
16415 zmgr_start_xfrin_ifquota(dns_zonemgr_t *zmgr, dns_zone_t *zone) {
16424 * If we are exiting just pretend we got quota so the zone will
16425 * be cleaned up in the zone's task context.
16427 LOCK_ZONE(zone);
16428 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
16429 UNLOCK_ZONE(zone);
16435 * like to transfer this zone from.
16437 isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
16438 (void)dns_peerlist_peerbyaddr(zone->view->peers, &masterip, &peer);
16439 UNLOCK_ZONE(zone);
16482 * We have sufficient quota. Move the zone to the "xfrin_in_progress"
16487 got_transfer_quota, zone, sizeof(isc_event_t));
16491 LOCK_ZONE(zone);
16492 INSIST(zone->statelist == &zmgr->waiting_for_xfrin);
16493 ISC_LIST_UNLINK(zmgr->waiting_for_xfrin, zone, statelink);
16494 ISC_LIST_APPEND(zmgr->xfrin_in_progress, zone, statelink);
16495 zone->statelist = &zmgr->xfrin_in_progress;
16496 isc_task_send(zone->task, &e);
16497 dns_zone_log(zone, ISC_LOG_INFO, "Transfer started.");
16498 UNLOCK_ZONE(zone);
16641 zone_saveunique(dns_zone_t *zone, const char *path, const char *templat) {
16648 buf = isc_mem_get(zone->mctx, buflen);
16660 dns_zone_log(zone, ISC_LOG_WARNING, "unable to load from '%s'; "
16665 isc_mem_put(zone->mctx, buf, buflen);
16893 dns_zone_forcereload(dns_zone_t *zone) {
16894 REQUIRE(DNS_ZONE_VALID(zone));
16896 if (zone->type == dns_zone_master ||
16897 (zone->type == dns_zone_redirect && zone->masters == NULL))
16900 LOCK_ZONE(zone);
16901 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_FORCEXFER);
16902 UNLOCK_ZONE(zone);
16903 dns_zone_refresh(zone);
16907 dns_zone_isforced(dns_zone_t *zone) {
16908 REQUIRE(DNS_ZONE_VALID(zone));
16910 return (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER));
16914 dns_zone_setstatistics(dns_zone_t *zone, isc_boolean_t on) {
16918 UNUSED(zone);
16924 dns_zone_getstatscounters(dns_zone_t *zone) {
16928 UNUSED(zone);
16933 dns_zone_setstats(dns_zone_t *zone, isc_stats_t *stats) {
16934 REQUIRE(DNS_ZONE_VALID(zone));
16935 REQUIRE(zone->stats == NULL);
16937 LOCK_ZONE(zone);
16938 zone->stats = NULL;
16939 isc_stats_attach(stats, &zone->stats);
16940 UNLOCK_ZONE(zone);
16944 dns_zone_setrequeststats(dns_zone_t *zone, isc_stats_t *stats) {
16946 REQUIRE(DNS_ZONE_VALID(zone));
16948 LOCK_ZONE(zone);
16949 if (zone->requeststats_on && stats == NULL)
16950 zone->requeststats_on = ISC_FALSE;
16951 else if (!zone->requeststats_on && stats != NULL) {
16952 if (zone->requeststats == NULL) {
16953 isc_stats_attach(stats, &zone->requeststats);
16954 zone->requeststats_on = ISC_TRUE;
16957 UNLOCK_ZONE(zone);
16961 dns_zone_setrcvquerystats(dns_zone_t *zone, dns_stats_t *stats) {
16963 REQUIRE(DNS_ZONE_VALID(zone));
16965 LOCK_ZONE(zone);
16966 if (zone->requeststats_on && stats != NULL) {
16967 if (zone->rcvquerystats == NULL) {
16968 dns_stats_attach(stats, &zone->rcvquerystats);
16969 zone->requeststats_on = ISC_TRUE;
16972 UNLOCK_ZONE(zone);
16976 dns_zone_getrequeststats(dns_zone_t *zone) {
16978 * We don't lock zone for efficiency reason. This is not catastrophic
16985 if (zone->requeststats_on)
16986 return (zone->requeststats);
16996 dns_zone_getrcvquerystats(dns_zone_t *zone) {
16997 if (zone->requeststats_on)
16998 return (zone->rcvquerystats);
17004 dns_zone_dialup(dns_zone_t *zone) {
17006 REQUIRE(DNS_ZONE_VALID(zone));
17008 zone_debuglog(zone, "dns_zone_dialup", 3,
17010 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALNOTIFY),
17011 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH));
17013 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALNOTIFY))
17014 dns_zone_notify(zone);
17015 if (zone->type != dns_zone_master && zone->masters != NULL &&
17016 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH))
17017 dns_zone_refresh(zone);
17021 dns_zone_setdialup(dns_zone_t *zone, dns_dialuptype_t dialup) {
17022 REQUIRE(DNS_ZONE_VALID(zone));
17024 LOCK_ZONE(zone);
17025 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_DIALNOTIFY |
17032 DNS_ZONE_SETFLAG(zone, (DNS_ZONEFLG_DIALNOTIFY |
17037 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALNOTIFY);
17040 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALNOTIFY);
17041 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
17044 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALREFRESH);
17045 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
17048 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
17053 UNLOCK_ZONE(zone);
17057 dns_zone_setkeydirectory(dns_zone_t *zone, const char *directory) {
17060 REQUIRE(DNS_ZONE_VALID(zone));
17062 LOCK_ZONE(zone);
17063 result = dns_zone_setstring(zone, &zone->keydirectory, directory);
17064 UNLOCK_ZONE(zone);
17070 dns_zone_getkeydirectory(dns_zone_t *zone) {
17071 REQUIRE(DNS_ZONE_VALID(zone));
17073 return (zone->keydirectory);
17078 dns_zone_t *zone;
17086 for (zone = ISC_LIST_HEAD(zmgr->xfrin_in_progress);
17087 zone != NULL;
17088 zone = ISC_LIST_NEXT(zone, statelink))
17092 for (zone = ISC_LIST_HEAD(zmgr->waiting_for_xfrin);
17093 zone != NULL;
17094 zone = ISC_LIST_NEXT(zone, statelink))
17098 for (zone = ISC_LIST_HEAD(zmgr->zones);
17099 zone != NULL;
17100 zone = ISC_LIST_NEXT(zone, link))
17101 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESH))
17105 for (zone = ISC_LIST_HEAD(zmgr->zones);
17106 zone != NULL;
17107 zone = ISC_LIST_NEXT(zone, link)) {
17108 dns_view_t *view = zone->view;
17115 for (zone = ISC_LIST_HEAD(zmgr->zones);
17116 zone != NULL;
17117 zone = ISC_LIST_NEXT(zone, link)) {
17118 dns_view_t *view = zone->view;
17121 if (zone->automatic)
17135 dns_zone_checknames(dns_zone_t *zone, dns_name_t *name, dns_rdata_t *rdata) {
17144 REQUIRE(DNS_ZONE_VALID(zone));
17146 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMES) &&
17150 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL) ||
17160 dns_zone_log(zone, level, "%s/%s: %s", namebuf, typebuf,
17172 dns_zone_log(zone, level, "%s/%s: %s: %s ", namebuf, typebuf,
17182 dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx) {
17183 REQUIRE(DNS_ZONE_VALID(zone));
17184 zone->checkmx = checkmx;
17188 dns_zone_setchecksrv(dns_zone_t *zone, dns_checksrvfunc_t checksrv) {
17189 REQUIRE(DNS_ZONE_VALID(zone));
17190 zone->checksrv = checksrv;
17194 dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns) {
17195 REQUIRE(DNS_ZONE_VALID(zone));
17196 zone->checkns = checkns;
17200 dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg) {
17201 REQUIRE(DNS_ZONE_VALID(zone));
17203 LOCK_ZONE(zone);
17204 zone->isself = isself;
17205 zone->isselfarg = arg;
17206 UNLOCK_ZONE(zone);
17210 dns_zone_setnotifydelay(dns_zone_t *zone, isc_uint32_t delay) {
17211 REQUIRE(DNS_ZONE_VALID(zone));
17213 LOCK_ZONE(zone);
17214 zone->notifydelay = delay;
17215 UNLOCK_ZONE(zone);
17219 dns_zone_getnotifydelay(dns_zone_t *zone) {
17220 REQUIRE(DNS_ZONE_VALID(zone));
17222 return (zone->notifydelay);
17226 dns_zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm,
17230 REQUIRE(DNS_ZONE_VALID(zone));
17232 dns_zone_log(zone, ISC_LOG_NOTICE,
17235 LOCK_ZONE(zone);
17236 result = zone_signwithkey(zone, algorithm, keyid, deleteit);
17237 UNLOCK_ZONE(zone);
17249 dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
17253 REQUIRE(DNS_ZONE_VALID(zone));
17257 dns_zone_log(zone, ISC_LOG_NOTICE,
17261 LOCK_ZONE(zone);
17262 result = zone_addnsec3chain(zone, nsec3param);
17263 UNLOCK_ZONE(zone);
17269 dns_zone_setnodes(dns_zone_t *zone, isc_uint32_t nodes) {
17270 REQUIRE(DNS_ZONE_VALID(zone));
17274 zone->nodes = nodes;
17278 dns_zone_setsignatures(dns_zone_t *zone, isc_uint32_t signatures) {
17279 REQUIRE(DNS_ZONE_VALID(zone));
17289 zone->signatures = signatures;
17293 dns_zone_getsignatures(dns_zone_t *zone) {
17294 REQUIRE(DNS_ZONE_VALID(zone));
17295 return (zone->signatures);
17299 dns_zone_setprivatetype(dns_zone_t *zone, dns_rdatatype_t type) {
17300 REQUIRE(DNS_ZONE_VALID(zone));
17301 zone->privatetype = type;
17305 dns_zone_getprivatetype(dns_zone_t *zone) {
17306 REQUIRE(DNS_ZONE_VALID(zone));
17307 return (zone->privatetype);
17311 zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm, isc_uint16_t keyid,
17320 signing = isc_mem_get(zone->mctx, sizeof *signing);
17334 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
17335 if (zone->db != NULL)
17336 dns_db_attach(zone->db, &db);
17337 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
17346 for (current = ISC_LIST_HEAD(zone->signing);
17366 ISC_LIST_INITANDAPPEND(zone->signing, signing, link);
17368 if (isc_time_isepoch(&zone->signingtime)) {
17369 zone->signingtime = now;
17370 if (zone->task != NULL)
17371 zone_settimer(zone, &now);
17381 isc_mem_put(zone->mctx, signing, sizeof *signing);
17547 sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
17557 result = find_zone_keys(zone, db, ver, now, zone->mctx,
17560 dns_zone_log(zone, ISC_LOG_ERROR,
17567 soaexpire = now + dns_zone_getsigvalidityinterval(zone);
17569 check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
17570 keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
17581 dns_name_equal(&tuple->name, &zone->origin))
17586 result = del_sigs(zone, db, ver, &zone->origin,
17590 dns_zone_log(zone, ISC_LOG_ERROR,
17595 result = add_sigs(db, ver, &zone->origin, dns_rdatatype_dnskey,
17596 zonediff->diff, zone_keys, nkeys, zone->mctx,
17600 dns_zone_log(zone, ISC_LOG_ERROR,
17607 result = update_sigs(diff, db, ver, zone_keys, nkeys, zone,
17612 dns_zone_log(zone, ISC_LOG_ERROR,
17625 * Prevent the zone entering a inconsistent state where
17630 dnskey_sane(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
17636 dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone);
17670 dns_zone_log(zone, ISC_LOG_ERROR,
17682 clean_nsec3param(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
17699 result = dns_nsec3param_deletechains(db, ver, zone, ISC_TRUE, diff);
17738 add_chains(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
17746 CHECK(dns_private_chains(db, ver, zone->privatetype, NULL,
17749 CHECK(dns_nsec3_addnsec3sx(db, ver, origin, zone->minimum,
17750 ISC_FALSE, zone->privatetype, diff));
17751 CHECK(updatesecure(db, ver, origin, zone->minimum, ISC_TRUE, diff));
17758 zone_rekey(dns_zone_t *zone) {
17779 REQUIRE(DNS_ZONE_VALID(zone));
17790 dir = dns_zone_getkeydirectory(zone);
17791 mctx = zone->mctx;
17796 CHECK(dns_zone_getdb(zone, &db));
17803 dns_zone_log(zone, ISC_LOG_INFO, "reconfiguring zone keys");
17816 CHECK(dns_dnssec_keylistfromrdataset(&zone->origin, dir,
17838 * True when called from "rndc sign". Indicates the zone should be
17841 fullsign = ISC_TF(DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_FULLSIGN) != 0);
17843 result = dns_dnssec_findmatchingkeys2(&zone->origin, dir, now, mctx,
17847 check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
17850 &zone->origin, ttl, &diff,
17858 dns_zone_log(zone, ISC_LOG_ERROR, "zone_rekey:"
17859 "couldn't update zone keys: %s",
17871 dns_zone_log(zone, ISC_LOG_ERROR, "zone_rekey:"
17880 * event, we need to sign the zone fully. (If there's a new
17882 * the zone signing can be handled incrementally.)
17901 * whole zone with this key later
17911 dnskey_sane(zone, db, ver, &diff)) {
17913 CHECK(clean_nsec3param(zone, db, ver, &diff));
17914 CHECK(add_signing_records(db, zone->privatetype,
17918 zone->updatemethod));
17919 CHECK(add_chains(zone, db, ver, &diff));
17920 CHECK(sign_apex(zone, db, ver, now, &diff, &zonediff));
17921 CHECK(zone_journal(zone, zonediff.diff, NULL,
17932 LOCK_ZONE(zone);
17933 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
17935 zone_needdump(zone, DNS_DUMP_DELAY);
17937 zone_settimer(zone, &timenow);
17944 result = zone_signwithkey(zone,
17949 dns_zone_log(zone, ISC_LOG_ERROR,
17958 * "rndc sign" was called, so we now sign the zone
17967 result = zone_signwithkey(zone,
17972 dns_zone_log(zone, ISC_LOG_ERROR,
17981 * the full zone, but only with newly active
17990 result = zone_signwithkey(zone,
17995 dns_zone_log(zone, ISC_LOG_ERROR,
18006 zone->keyopts &= ~DNS_ZONEKEY_FULLSIGN;
18009 * Cause the zone to add/delete NSEC3 chains for the
18019 if (tuple->rdata.type != zone->privatetype ||
18031 result = zone_addnsec3chain(zone, &nsec3param);
18033 dns_zone_log(zone, ISC_LOG_ERROR,
18044 resume_addnsec3chain(zone);
18049 set_resigntime(zone);
18050 UNLOCK_ZONE(zone);
18053 isc_time_settoepoch(&zone->refreshkeytime);
18060 if (DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_MAINTAIN)) {
18064 LOCK_ZONE(zone);
18065 DNS_ZONE_TIME_ADD(&timenow, zone->refreshkeyinterval,
18067 zone->refreshkeytime = timethen;
18068 UNLOCK_ZONE(zone);
18079 LOCK_ZONE(zone);
18081 &zone->refreshkeytime) < 0) {
18082 zone->refreshkeytime = timethen;
18084 UNLOCK_ZONE(zone);
18087 zone_settimer(zone, &timenow);
18089 isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80);
18090 dns_zone_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf);
18126 isc_interval_set(&ival, ISC_MIN(zone->refreshkeyinterval, 600), 0);
18127 isc_time_nowplusinterval(&zone->refreshkeytime, &ival);
18132 dns_zone_rekey(dns_zone_t *zone, isc_boolean_t fullsign) {
18135 if (zone->type == dns_zone_master && zone->task != NULL) {
18136 LOCK_ZONE(zone);
18139 zone->keyopts |= DNS_ZONEKEY_FULLSIGN;
18142 zone->refreshkeytime = now;
18143 zone_settimer(zone, &now);
18145 UNLOCK_ZONE(zone);
18150 dns_zone_nscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version,
18156 REQUIRE(DNS_ZONE_VALID(zone));
18162 result = zone_count_ns_rr(zone, db, node, version, NULL, errors,
18169 dns_zone_cdscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version) {
18177 REQUIRE(DNS_ZONE_VALID(zone));
18238 CHECK(dns_ds_buildrdata(&zone->origin, &rdata,
18311 dns_zone_setautomatic(dns_zone_t *zone, isc_boolean_t automatic) {
18312 REQUIRE(DNS_ZONE_VALID(zone));
18314 LOCK_ZONE(zone);
18315 zone->automatic = automatic;
18316 UNLOCK_ZONE(zone);
18320 dns_zone_getautomatic(dns_zone_t *zone) {
18321 REQUIRE(DNS_ZONE_VALID(zone));
18322 return (zone->automatic);
18326 dns_zone_setadded(dns_zone_t *zone, isc_boolean_t added) {
18327 REQUIRE(DNS_ZONE_VALID(zone));
18329 LOCK_ZONE(zone);
18330 zone->added = added;
18331 UNLOCK_ZONE(zone);
18335 dns_zone_getadded(dns_zone_t *zone) {
18336 REQUIRE(DNS_ZONE_VALID(zone));
18337 return (zone->added);
18341 dns_zone_dlzpostload(dns_zone_t *zone, dns_db_t *db)
18350 * Lock hierarchy: zmgr, zone, raw.
18353 LOCK_ZONE(zone);
18354 INSIST(zone != zone->raw);
18355 if (inline_secure(zone))
18356 LOCK_ZONE(zone->raw);
18357 else if (inline_raw(zone)) {
18358 secure = zone->secure;
18361 UNLOCK_ZONE(zone);
18369 result = zone_postload(zone, db, loadtime, ISC_R_SUCCESS);
18370 if (inline_secure(zone))
18371 UNLOCK_ZONE(zone->raw);
18374 UNLOCK_ZONE(zone);
18379 dns_zone_setrefreshkeyinterval(dns_zone_t *zone, isc_uint32_t interval) {
18380 REQUIRE(DNS_ZONE_VALID(zone));
18387 zone->refreshkeyinterval = interval * 60;
18392 dns_zone_setrequestixfr(dns_zone_t *zone, isc_boolean_t flag) {
18393 REQUIRE(DNS_ZONE_VALID(zone));
18394 zone->requestixfr = flag;
18398 dns_zone_getrequestixfr(dns_zone_t *zone) {
18399 REQUIRE(DNS_ZONE_VALID(zone));
18400 return (zone->requestixfr);
18404 dns_zone_setrequestexpire(dns_zone_t *zone, isc_boolean_t flag) {
18405 REQUIRE(DNS_ZONE_VALID(zone));
18406 zone->requestexpire = flag;
18410 dns_zone_getrequestexpire(dns_zone_t *zone) {
18411 REQUIRE(DNS_ZONE_VALID(zone));
18412 return (zone->requestexpire);
18416 dns_zone_setserialupdatemethod(dns_zone_t *zone, dns_updatemethod_t method) {
18417 REQUIRE(DNS_ZONE_VALID(zone));
18418 zone->updatemethod = method;
18422 dns_zone_getserialupdatemethod(dns_zone_t *zone) {
18423 REQUIRE(DNS_ZONE_VALID(zone));
18424 return(zone->updatemethod);
18428 * Lock hierarchy: zmgr, zone, raw.
18431 dns_zone_link(dns_zone_t *zone, dns_zone_t *raw) {
18435 REQUIRE(DNS_ZONE_VALID(zone));
18436 REQUIRE(zone->zmgr != NULL);
18437 REQUIRE(zone->task != NULL);
18438 REQUIRE(zone->loadtask != NULL);
18439 REQUIRE(zone->raw == NULL);
18447 REQUIRE(zone != raw);
18450 * Lock hierarchy: zmgr, zone, raw.
18452 zmgr = zone->zmgr;
18454 LOCK_ZONE(zone);
18458 NULL, NULL, zone->task, zone_timer, raw,
18470 /* dns_zone_attach(raw, &zone->raw); */
18472 zone->raw = raw;
18474 /* dns_zone_iattach(zone, &raw->secure); */
18475 zone_iattach(zone, &raw->secure);
18477 isc_task_attach(zone->task, &raw->task);
18478 isc_task_attach(zone->loadtask, &raw->loadtask);
18486 UNLOCK_ZONE(zone);
18492 dns_zone_getraw(dns_zone_t *zone, dns_zone_t **raw) {
18493 REQUIRE(DNS_ZONE_VALID(zone));
18496 LOCK(&zone->lock);
18497 INSIST(zone != zone->raw);
18498 if (zone->raw != NULL)
18499 dns_zone_attach(zone->raw, raw);
18500 UNLOCK(&zone->lock);
18518 dns_zone_t *zone;
18529 zone = event->ev_arg;
18530 INSIST(DNS_ZONE_VALID(zone));
18535 dns_diff_init(zone->mctx, &diff);
18537 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
18538 if (zone->db != NULL)
18539 dns_db_attach(zone->db, &db);
18540 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
18547 dns_zone_log(zone, ISC_LOG_ERROR,
18557 result = dns_db_findrdataset(db, node, newver, zone->privatetype,
18590 &zone->origin, rdataset.ttl,
18597 CHECK(update_soa_serial(db, newver, &diff, zone->mctx,
18598 zone->updatemethod));
18600 result = dns_update_signatures(&log, zone, db,
18602 zone->sigvalidityinterval);
18606 CHECK(zone_journal(zone, &diff, NULL, "keydone"));
18609 LOCK_ZONE(zone);
18610 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
18611 zone_needdump(zone, 30);
18612 UNLOCK_ZONE(zone);
18629 dns_zone_idetach(&zone);
18636 dns_zone_keydone(dns_zone_t *zone, const char *keystr) {
18643 REQUIRE(DNS_ZONE_VALID(zone));
18645 LOCK_ZONE(zone);
18647 e = isc_event_allocate(zone->mctx, zone, DNS_EVENT_KEYDONE, keydone,
18648 zone, sizeof(struct keydone));
18692 zone_iattach(zone, &dummy);
18693 isc_task_send(zone->task, &e);
18698 UNLOCK_ZONE(zone);
18703 * Called from the zone task's queue after the relevant event is posted by
18708 * If not, modify the relevant private-type records at the zone apex and call
18717 dns_zone_t *zone;
18731 zone = event->ev_arg;
18732 INSIST(DNS_ZONE_VALID(zone));
18740 dns_diff_init(zone->mctx, &diff);
18742 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
18743 if (zone->db != NULL)
18744 dns_db_attach(zone->db, &db);
18745 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
18752 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
18753 dns_zone_log(zone, ISC_LOG_ERROR,
18764 result = dns_db_findrdataset(db, node, newver, zone->privatetype,
18817 CHECK(dns_nsec3param_deletechains(db, newver, zone,
18823 * passed in the event handler's argument to the zone apex.
18825 * If the zone is not currently capable of supporting an NSEC3
18826 * chain (due to the DNSKEY RRset at the zone apex not existing
18840 rdata.type = zone->privatetype;
18841 rdata.rdclass = zone->rdclass;
18843 &zone->origin, 0, &rdata));
18847 * If we changed anything in the zone, write changes to journal file
18853 CHECK(update_soa_serial(db, newver, &diff, zone->mctx,
18854 zone->updatemethod));
18855 result = dns_update_signatures(&log, zone, db,
18857 zone->sigvalidityinterval);
18860 CHECK(zone_journal(zone, &diff, NULL, "setnsec3param"));
18863 LOCK_ZONE(zone);
18864 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
18865 zone_needdump(zone, 30);
18866 UNLOCK_ZONE(zone);
18883 LOCK_ZONE(zone);
18884 resume_addnsec3chain(zone);
18885 UNLOCK_ZONE(zone);
18889 dns_zone_idetach(&zone);
18899 * the NSEC3 changes requested for the zone:
18904 * signal that the zone should be signed using NSEC instead of NSEC3,
18907 * the zone apex, convert it to a private-type record and store the latter
18910 * Once the nsec3param_t structure is prepared, post an event to the zone's
18915 dns_zone_setnsec3param(dns_zone_t *zone, isc_uint8_t hash, isc_uint8_t flags,
18930 REQUIRE(DNS_ZONE_VALID(zone));
18933 LOCK_ZONE(zone);
18935 e = isc_event_allocate(zone->mctx, zone, DNS_EVENT_SETNSEC3PARAM,
18936 setnsec3param, zone, sizeof(struct np3event));
18950 param.common.rdclass = zone->rdclass;
18960 CHECK(dns_rdata_fromstruct(&nrdata, zone->rdclass,
18963 dns_nsec3param_toprivate(&nrdata, &prdata, zone->privatetype,
18969 zone_iattach(zone, &dummy);
18970 isc_task_send(zone->task, &e);
18975 UNLOCK_ZONE(zone);
18980 dns_zone_getloadtime(dns_zone_t *zone, isc_time_t *loadtime) {
18981 REQUIRE(DNS_ZONE_VALID(zone));
18984 LOCK_ZONE(zone);
18985 *loadtime = zone->loadtime;
18986 UNLOCK_ZONE(zone);
18991 dns_zone_getexpiretime(dns_zone_t *zone, isc_time_t *expiretime) {
18992 REQUIRE(DNS_ZONE_VALID(zone));
18995 LOCK_ZONE(zone);
18996 *expiretime = zone->expiretime;
18997 UNLOCK_ZONE(zone);
19002 dns_zone_getrefreshtime(dns_zone_t *zone, isc_time_t *refreshtime) {
19003 REQUIRE(DNS_ZONE_VALID(zone));
19006 LOCK_ZONE(zone);
19007 *refreshtime = zone->refreshtime;
19008 UNLOCK_ZONE(zone);
19013 dns_zone_getrefreshkeytime(dns_zone_t *zone, isc_time_t *refreshkeytime) {
19014 REQUIRE(DNS_ZONE_VALID(zone));
19017 LOCK_ZONE(zone);
19018 *refreshkeytime = zone->refreshkeytime;
19019 UNLOCK_ZONE(zone);
19024 dns_zone_getincludes(dns_zone_t *zone, char ***includesp) {
19029 REQUIRE(DNS_ZONE_VALID(zone));
19032 LOCK_ZONE(zone);
19033 if (zone->nincludes == 0)
19036 array = isc_mem_allocate(zone->mctx, sizeof(char *) * zone->nincludes);
19039 for (include = ISC_LIST_HEAD(zone->includes);
19042 INSIST(n < zone->nincludes);
19043 array[n++] = isc_mem_strdup(zone->mctx, include->name);
19045 INSIST(n == zone->nincludes);
19049 UNLOCK_ZONE(zone);
19054 dns_zone_setstatlevel(dns_zone_t *zone, dns_zonestat_level_t level) {
19055 REQUIRE(DNS_ZONE_VALID(zone));
19057 zone->statlevel = level;
19061 dns_zone_getstatlevel(dns_zone_t *zone) {
19062 REQUIRE(DNS_ZONE_VALID(zone));
19064 return (zone->statlevel);
19074 dns_zone_t *zone;
19083 zone = event->ev_arg;
19084 INSIST(DNS_ZONE_VALID(zone));
19088 if (zone->update_disabled)
19093 dns_diff_init(zone->mctx, &diff);
19095 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
19096 if (zone->db != NULL)
19097 dns_db_attach(zone->db, &db);
19098 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
19105 dns_zone_log(zone, ISC_LOG_ERROR,
19121 dns_zone_log(zone, ISC_LOG_INFO,
19131 result = dns_update_signatures(&log, zone, db,
19133 zone->sigvalidityinterval);
19138 CHECK(zone_journal(zone, &diff, NULL, "setserial"));
19141 LOCK_ZONE(zone);
19142 zone_needdump(zone, 30);
19143 UNLOCK_ZONE(zone);
19158 dns_zone_idetach(&zone);
19165 dns_zone_setserial(dns_zone_t *zone, isc_uint32_t serial) {
19171 REQUIRE(DNS_ZONE_VALID(zone));
19173 LOCK_ZONE(zone);
19175 if (!inline_secure(zone)) {
19176 if (!dns_zone_isdynamic(zone, ISC_TRUE)) {
19182 if (zone->update_disabled) {
19187 e = isc_event_allocate(zone->mctx, zone, DNS_EVENT_SETSERIAL,
19188 setserial, zone, sizeof(struct ssevent));
19197 zone_iattach(zone, &dummy);
19198 isc_task_send(zone->task, &e);
19203 UNLOCK_ZONE(zone);