Lines Matching refs:zone
76 #include <dns/zone.h>
81 #define DNS_ZONE_VALID(zone) ISC_MAGIC_VALID(zone, ZONE_MAGIC)
268 * Zones in certain states such as "waiting for zone transfer"
269 * or "zone transfer in progress" are kept on per-state linked lists
270 * in the zone manager using the 'statelink' field. The 'statelist'
271 * field points at the list the zone is currently on. It the zone
277 * Statistics counters about zone management.
281 * Optional per-zone statistics counters. Counted outside of this
300 * Keys that are signing the zone for the first time.
338 /* XXX MPA these may need to go back into zone.h */
340 #define DNS_ZONEFLG_NEEDDUMP 0x00000002U /*%< zone need consolidation */
343 #define DNS_ZONEFLG_HASINCLUDE 0x00000010U /*%< $INCLUDE in zone file */
345 #define DNS_ZONEFLG_EXITING 0x00000040U /*%< zone is being destroyed */
346 #define DNS_ZONEFLG_EXPIRED 0x00000080U /*%< zone has expired */
348 #define DNS_ZONEFLG_UPTODATE 0x00000200U /*%< zone contents are
355 * zone with no masters
362 #define DNS_ZONEFLG_FORCEXFER 0x00008000U /*%< Force a zone xfer */
380 #define DNS_ZONELOADFLAG_THAW 0x00000002U /* Thaw the zone on successful
442 dns_zone_t *zone;
454 * 'db' is the zone's 'db' or a new one if this is the initial
461 dns_zone_t *zone;
472 dns_zone_t *zone;
484 dns_zone_t *zone;
507 * Hold state for when we are signing a zone with a new
544 * 'seen_nsec' will be set to true if, while iterating the zone to create a
560 static void zone_debuglog(dns_zone_t *zone, const char *, int debuglevel,
562 static void notify_log(dns_zone_t *zone, int level, const char *fmt, ...)
564 static void queue_xfrin(dns_zone_t *zone);
565 static void zone_unload(dns_zone_t *zone);
566 static void zone_expire(dns_zone_t *zone);
569 static isc_result_t zone_replacedb(dns_zone_t *zone, dns_db_t *db,
571 static inline void zone_attachdb(dns_zone_t *zone, dns_db_t *db);
572 static inline void zone_detachdb(dns_zone_t *zone);
573 static isc_result_t default_journal(dns_zone_t *zone);
574 static void zone_xfrdone(dns_zone_t *zone, isc_result_t result);
575 static isc_result_t zone_postload(dns_zone_t *zone, dns_db_t *db,
577 static void zone_needdump(dns_zone_t *zone, unsigned int delay);
580 static isc_result_t zone_startload(dns_db_t *db, dns_zone_t *zone,
582 static void zone_namerd_tostr(dns_zone_t *zone, char *buf, size_t length);
583 static void zone_name_tostr(dns_zone_t *zone, char *buf, size_t length);
584 static void zone_rdclass_tostr(dns_zone_t *zone, char *buf, size_t length);
585 static void zone_viewname_tostr(dns_zone_t *zone, char *buf, size_t length);
594 static void queue_soa_query(dns_zone_t *zone);
596 static void ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset,
600 static void notify_cancel(dns_zone_t *zone);
603 static isc_result_t notify_createmessage(dns_zone_t *zone,
611 dns_zone_t *zone);
621 zone_get_from_db(dns_zone_t *zone, dns_db_t *db, unsigned int *nscount,
627 static void zone_freedbargs(dns_zone_t *zone);
629 static void zone_saveunique(dns_zone_t *zone, const char *path,
631 static void zone_maintenance(dns_zone_t *zone);
632 static void zone_notify(dns_zone_t *zone, isc_time_t *now);
634 static isc_result_t zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm,
637 #define ENTER zone_debuglog(zone, me, 1, "enter")
649 dns_zone_log(zone, ISC_LOG_WARNING, \
662 dns_zone_log(zone, ISC_LOG_WARNING, \
674 inc_stats(dns_zone_t *zone, isc_statscounter_t counter) {
675 if (zone->stats != NULL)
676 isc_stats_increment(zone->stats, counter);
686 dns_zone_t *zone;
693 zone = isc_mem_get(mctx, sizeof(*zone));
694 if (zone == NULL)
697 zone->mctx = NULL;
698 isc_mem_attach(mctx, &zone->mctx);
700 result = isc_mutex_init(&zone->lock);
704 result = ZONEDB_INITLOCK(&zone->dblock);
710 zone->locked = ISC_FALSE;
712 zone->db = NULL;
713 zone->zmgr = NULL;
714 ISC_LINK_INIT(zone, link);
715 result = isc_refcount_init(&zone->erefs, 1); /* Implicit attach. */
718 zone->irefs = 0;
719 dns_name_init(&zone->origin, NULL);
720 zone->strnamerd = NULL;
721 zone->strname = NULL;
722 zone->strrdclass = NULL;
723 zone->strviewname = NULL;
724 zone->masterfile = NULL;
725 zone->masterformat = dns_masterformat_none;
726 zone->keydirectory = NULL;
727 zone->journalsize = -1;
728 zone->journal = NULL;
729 zone->rdclass = dns_rdataclass_none;
730 zone->type = dns_zone_none;
731 zone->flags = 0;
732 zone->options = 0;
733 zone->db_argc = 0;
734 zone->db_argv = NULL;
735 isc_time_settoepoch(&zone->expiretime);
736 isc_time_settoepoch(&zone->refreshtime);
737 isc_time_settoepoch(&zone->dumptime);
738 isc_time_settoepoch(&zone->loadtime);
739 zone->notifytime = now;
740 isc_time_settoepoch(&zone->resigntime);
741 isc_time_settoepoch(&zone->keywarntime);
742 isc_time_settoepoch(&zone->signingtime);
743 isc_time_settoepoch(&zone->nsec3chaintime);
744 zone->refresh = DNS_ZONE_DEFAULTREFRESH;
745 zone->retry = DNS_ZONE_DEFAULTRETRY;
746 zone->expire = 0;
747 zone->minimum = 0;
748 zone->maxrefresh = DNS_ZONE_MAXREFRESH;
749 zone->minrefresh = DNS_ZONE_MINREFRESH;
750 zone->maxretry = DNS_ZONE_MAXRETRY;
751 zone->minretry = DNS_ZONE_MINRETRY;
752 zone->masters = NULL;
753 zone->masterkeynames = NULL;
754 zone->mastersok = NULL;
755 zone->masterscnt = 0;
756 zone->curmaster = 0;
757 zone->notify = NULL;
758 zone->notifytype = dns_notifytype_yes;
759 zone->notifycnt = 0;
760 zone->task = NULL;
761 zone->update_acl = NULL;
762 zone->forward_acl = NULL;
763 zone->notify_acl = NULL;
764 zone->query_acl = NULL;
765 zone->queryon_acl = NULL;
766 zone->xfr_acl = NULL;
767 zone->update_disabled = ISC_FALSE;
768 zone->zero_no_soa_ttl = ISC_TRUE;
769 zone->check_names = dns_severity_ignore;
770 zone->request = NULL;
771 zone->lctx = NULL;
772 zone->readio = NULL;
773 zone->dctx = NULL;
774 zone->writeio = NULL;
775 zone->timer = NULL;
776 zone->idlein = DNS_DEFAULT_IDLEIN;
777 zone->idleout = DNS_DEFAULT_IDLEOUT;
778 ISC_LIST_INIT(zone->notifies);
779 isc_sockaddr_any(&zone->notifysrc4);
780 isc_sockaddr_any6(&zone->notifysrc6);
781 isc_sockaddr_any(&zone->xfrsource4);
782 isc_sockaddr_any6(&zone->xfrsource6);
783 isc_sockaddr_any(&zone->altxfrsource4);
784 isc_sockaddr_any6(&zone->altxfrsource6);
785 zone->xfr = NULL;
786 zone->tsigkey = NULL;
787 zone->maxxfrin = MAX_XFER_TIME;
788 zone->maxxfrout = MAX_XFER_TIME;
789 zone->ssutable = NULL;
790 zone->sigvalidityinterval = 30 * 24 * 3600;
791 zone->sigresigninginterval = 7 * 24 * 3600;
792 zone->view = NULL;
793 zone->acache = NULL;
794 zone->checkmx = NULL;
795 zone->checksrv = NULL;
796 zone->checkns = NULL;
797 ISC_LINK_INIT(zone, statelink);
798 zone->statelist = NULL;
799 zone->stats = NULL;
800 zone->requeststats_on = ISC_FALSE;
801 zone->requeststats = NULL;
802 zone->notifydelay = 5;
803 zone->isself = NULL;
804 zone->isselfarg = NULL;
805 ISC_LIST_INIT(zone->signing);
806 ISC_LIST_INIT(zone->nsec3chain);
807 zone->signatures = 10;
808 zone->nodes = 100;
809 zone->privatetype = (dns_rdatatype_t)0xffffU;
810 ISC_LIST_INIT(zone->forwards);
812 zone->magic = ZONE_MAGIC;
815 result = dns_zone_setdbtype(zone, dbargc_default, dbargv_default);
819 ISC_EVENT_INIT(&zone->ctlevent, sizeof(zone->ctlevent), 0, NULL,
820 DNS_EVENT_ZONECONTROL, zone_shutdown, zone, zone,
822 *zonep = zone;
826 isc_refcount_decrement(&zone->erefs, NULL);
827 isc_refcount_destroy(&zone->erefs);
830 ZONEDB_DESTROYLOCK(&zone->dblock);
833 DESTROYLOCK(&zone->lock);
836 isc_mem_putanddetach(&zone->mctx, zone, sizeof(*zone));
841 * Free a zone. Because we require that there be no more
845 zone_free(dns_zone_t *zone) {
850 REQUIRE(DNS_ZONE_VALID(zone));
851 REQUIRE(isc_refcount_current(&zone->erefs) == 0);
852 REQUIRE(zone->irefs == 0);
853 REQUIRE(!LOCKED_ZONE(zone));
854 REQUIRE(zone->timer == NULL);
859 if (zone->request != NULL)
860 dns_request_destroy(&zone->request); /* XXXMPA */
861 INSIST(zone->readio == NULL);
862 INSIST(zone->statelist == NULL);
863 INSIST(zone->writeio == NULL);
865 if (zone->task != NULL)
866 isc_task_detach(&zone->task);
867 if (zone->zmgr != NULL)
868 dns_zonemgr_releasezone(zone->zmgr, zone);
871 for (signing = ISC_LIST_HEAD(zone->signing);
873 signing = ISC_LIST_HEAD(zone->signing)) {
874 ISC_LIST_UNLINK(zone->signing, signing, link);
877 isc_mem_put(zone->mctx, signing, sizeof *signing);
879 for (nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
881 nsec3chain = ISC_LIST_HEAD(zone->nsec3chain)) {
882 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain, link);
885 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
887 if (zone->masterfile != NULL)
888 isc_mem_free(zone->mctx, zone->masterfile);
889 zone->masterfile = NULL;
890 if (zone->keydirectory != NULL)
891 isc_mem_free(zone->mctx, zone->keydirectory);
892 zone->keydirectory = NULL;
893 zone->journalsize = -1;
894 if (zone->journal != NULL)
895 isc_mem_free(zone->mctx, zone->journal);
896 zone->journal = NULL;
897 if (zone->stats != NULL)
898 isc_stats_detach(&zone->stats);
899 if (zone->requeststats != NULL)
900 isc_stats_detach(&zone->requeststats);
901 if (zone->db != NULL)
902 zone_detachdb(zone);
903 if (zone->acache != NULL)
904 dns_acache_detach(&zone->acache);
905 zone_freedbargs(zone);
906 RUNTIME_CHECK(dns_zone_setmasterswithkeys(zone, NULL, NULL, 0)
908 RUNTIME_CHECK(dns_zone_setalsonotify(zone, NULL, 0)
910 zone->check_names = dns_severity_ignore;
911 if (zone->update_acl != NULL)
912 dns_acl_detach(&zone->update_acl);
913 if (zone->forward_acl != NULL)
914 dns_acl_detach(&zone->forward_acl);
915 if (zone->notify_acl != NULL)
916 dns_acl_detach(&zone->notify_acl);
917 if (zone->query_acl != NULL)
918 dns_acl_detach(&zone->query_acl);
919 if (zone->queryon_acl != NULL)
920 dns_acl_detach(&zone->queryon_acl);
921 if (zone->xfr_acl != NULL)
922 dns_acl_detach(&zone->xfr_acl);
923 if (dns_name_dynamic(&zone->origin))
924 dns_name_free(&zone->origin, zone->mctx);
925 if (zone->strnamerd != NULL)
926 isc_mem_free(zone->mctx, zone->strnamerd);
927 if (zone->strname != NULL)
928 isc_mem_free(zone->mctx, zone->strname);
929 if (zone->strrdclass != NULL)
930 isc_mem_free(zone->mctx, zone->strrdclass);
931 if (zone->strviewname != NULL)
932 isc_mem_free(zone->mctx, zone->strviewname);
933 if (zone->ssutable != NULL)
934 dns_ssutable_detach(&zone->ssutable);
937 ZONEDB_DESTROYLOCK(&zone->dblock);
938 DESTROYLOCK(&zone->lock);
939 isc_refcount_destroy(&zone->erefs);
940 zone->magic = 0;
941 mctx = zone->mctx;
942 isc_mem_put(mctx, zone, sizeof(*zone));
950 dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass) {
953 REQUIRE(DNS_ZONE_VALID(zone));
959 LOCK_ZONE(zone);
960 REQUIRE(zone->rdclass == dns_rdataclass_none ||
961 zone->rdclass == rdclass);
962 zone->rdclass = rdclass;
964 if (zone->strnamerd != NULL)
965 isc_mem_free(zone->mctx, zone->strnamerd);
966 if (zone->strrdclass != NULL)
967 isc_mem_free(zone->mctx, zone->strrdclass);
969 zone_namerd_tostr(zone, namebuf, sizeof namebuf);
970 zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf);
971 zone_rdclass_tostr(zone, namebuf, sizeof namebuf);
972 zone->strrdclass = isc_mem_strdup(zone->mctx, namebuf);
974 UNLOCK_ZONE(zone);
978 dns_zone_getclass(dns_zone_t *zone) {
979 REQUIRE(DNS_ZONE_VALID(zone));
981 return (zone->rdclass);
985 dns_zone_setnotifytype(dns_zone_t *zone, dns_notifytype_t notifytype) {
986 REQUIRE(DNS_ZONE_VALID(zone));
988 LOCK_ZONE(zone);
989 zone->notifytype = notifytype;
990 UNLOCK_ZONE(zone);
994 dns_zone_getserial2(dns_zone_t *zone, isc_uint32_t *serialp) {
998 REQUIRE(DNS_ZONE_VALID(zone));
1001 LOCK_ZONE(zone);
1002 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
1003 if (zone->db != NULL) {
1004 result = zone_get_from_db(zone, zone->db, NULL, &soacount,
1011 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
1012 UNLOCK_ZONE(zone);
1018 dns_zone_getserial(dns_zone_t *zone) {
1022 result = dns_zone_getserial2(zone, &serial);
1033 dns_zone_settype(dns_zone_t *zone, dns_zonetype_t type) {
1035 REQUIRE(DNS_ZONE_VALID(zone));
1041 LOCK_ZONE(zone);
1042 REQUIRE(zone->type == dns_zone_none || zone->type == type);
1043 zone->type = type;
1044 UNLOCK_ZONE(zone);
1048 zone_freedbargs(dns_zone_t *zone) {
1052 if (zone->db_argv != NULL) {
1053 for (i = 0; i < zone->db_argc; i++)
1054 isc_mem_free(zone->mctx, zone->db_argv[i]);
1055 isc_mem_put(zone->mctx, zone->db_argv,
1056 zone->db_argc * sizeof(*zone->db_argv));
1058 zone->db_argc = 0;
1059 zone->db_argv = NULL;
1063 dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx) {
1070 REQUIRE(DNS_ZONE_VALID(zone));
1073 LOCK_ZONE(zone);
1074 size = (zone->db_argc + 1) * sizeof(char *);
1075 for (i = 0; i < zone->db_argc; i++)
1076 size += strlen(zone->db_argv[i]) + 1;
1081 tmp2 += (zone->db_argc + 1) * sizeof(char *);
1082 for (i = 0; i < zone->db_argc; i++) {
1084 strcpy(tmp2, zone->db_argv[i]);
1090 UNLOCK_ZONE(zone);
1096 dns_zone_setdbtype(dns_zone_t *zone,
1102 REQUIRE(DNS_ZONE_VALID(zone));
1106 LOCK_ZONE(zone);
1109 new = isc_mem_get(zone->mctx, dbargc * sizeof(*new));
1115 new[i] = isc_mem_strdup(zone->mctx, dbargv[i]);
1121 zone_freedbargs(zone);
1123 zone->db_argc = dbargc;
1124 zone->db_argv = new;
1132 isc_mem_free(zone->mctx, new[i]);
1133 isc_mem_put(zone->mctx, new, dbargc * sizeof(*new));
1138 UNLOCK_ZONE(zone);
1143 dns_zone_setview(dns_zone_t *zone, dns_view_t *view) {
1145 REQUIRE(DNS_ZONE_VALID(zone));
1147 LOCK_ZONE(zone);
1148 if (zone->view != NULL)
1149 dns_view_weakdetach(&zone->view);
1150 dns_view_weakattach(view, &zone->view);
1152 if (zone->strviewname != NULL)
1153 isc_mem_free(zone->mctx, zone->strviewname);
1154 if (zone->strnamerd != NULL)
1155 isc_mem_free(zone->mctx, zone->strnamerd);
1157 zone_namerd_tostr(zone, namebuf, sizeof namebuf);
1158 zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf);
1159 zone_viewname_tostr(zone, namebuf, sizeof namebuf);
1160 zone->strviewname = isc_mem_strdup(zone->mctx, namebuf);
1162 UNLOCK_ZONE(zone);
1167 dns_zone_getview(dns_zone_t *zone) {
1168 REQUIRE(DNS_ZONE_VALID(zone));
1170 return (zone->view);
1175 dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin) {
1179 REQUIRE(DNS_ZONE_VALID(zone));
1182 LOCK_ZONE(zone);
1183 if (dns_name_dynamic(&zone->origin)) {
1184 dns_name_free(&zone->origin, zone->mctx);
1185 dns_name_init(&zone->origin, NULL);
1187 result = dns_name_dup(origin, zone->mctx, &zone->origin);
1189 if (zone->strnamerd != NULL)
1190 isc_mem_free(zone->mctx, zone->strnamerd);
1191 if (zone->strname != NULL)
1192 isc_mem_free(zone->mctx, zone->strname);
1194 zone_namerd_tostr(zone, namebuf, sizeof namebuf);
1195 zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf);
1196 zone_name_tostr(zone, namebuf, sizeof namebuf);
1197 zone->strname = isc_mem_strdup(zone->mctx, namebuf);
1199 UNLOCK_ZONE(zone);
1204 dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache) {
1205 REQUIRE(DNS_ZONE_VALID(zone));
1208 LOCK_ZONE(zone);
1209 if (zone->acache != NULL)
1210 dns_acache_detach(&zone->acache);
1211 dns_acache_attach(acache, &zone->acache);
1212 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
1213 if (zone->db != NULL) {
1217 * If the zone reuses an existing DB, the DB needs to be
1222 result = dns_acache_setdb(acache, zone->db);
1229 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
1230 UNLOCK_ZONE(zone);
1234 dns_zone_setstring(dns_zone_t *zone, char **field, const char *value) {
1238 copy = isc_mem_strdup(zone->mctx, value);
1246 isc_mem_free(zone->mctx, *field);
1253 dns_zone_setfile(dns_zone_t *zone, const char *file) {
1254 return (dns_zone_setfile2(zone, file, dns_masterformat_text));
1258 dns_zone_setfile2(dns_zone_t *zone, const char *file,
1262 REQUIRE(DNS_ZONE_VALID(zone));
1264 LOCK_ZONE(zone);
1265 result = dns_zone_setstring(zone, &zone->masterfile, file);
1267 zone->masterformat = format;
1268 result = default_journal(zone);
1270 UNLOCK_ZONE(zone);
1276 dns_zone_getfile(dns_zone_t *zone) {
1277 REQUIRE(DNS_ZONE_VALID(zone));
1279 return (zone->masterfile);
1283 default_journal(dns_zone_t *zone) {
1287 REQUIRE(DNS_ZONE_VALID(zone));
1288 REQUIRE(LOCKED_ZONE(zone));
1290 if (zone->masterfile != NULL) {
1292 int len = strlen(zone->masterfile) + sizeof(".jnl");
1293 journal = isc_mem_allocate(zone->mctx, len);
1296 strcpy(journal, zone->masterfile);
1301 result = dns_zone_setstring(zone, &zone->journal, journal);
1303 isc_mem_free(zone->mctx, journal);
1308 dns_zone_setjournal(dns_zone_t *zone, const char *journal) {
1311 REQUIRE(DNS_ZONE_VALID(zone));
1313 LOCK_ZONE(zone);
1314 result = dns_zone_setstring(zone, &zone->journal, journal);
1315 UNLOCK_ZONE(zone);
1321 dns_zone_getjournal(dns_zone_t *zone) {
1322 REQUIRE(DNS_ZONE_VALID(zone));
1324 return (zone->journal);
1328 * Return true iff the zone is "dynamic", in the sense that the zone's
1337 zone_isdynamic(dns_zone_t *zone) {
1338 REQUIRE(DNS_ZONE_VALID(zone));
1340 return (ISC_TF(zone->type == dns_zone_slave ||
1341 zone->type == dns_zone_stub ||
1342 (!zone->update_disabled && zone->ssutable != NULL) ||
1343 (!zone->update_disabled && zone->update_acl != NULL &&
1344 !dns_acl_isnone(zone->update_acl))));
1349 zone_load(dns_zone_t *zone, unsigned int flags) {
1356 REQUIRE(DNS_ZONE_VALID(zone));
1358 LOCK_ZONE(zone);
1361 INSIST(zone->type != dns_zone_none);
1363 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADING)) {
1365 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_THAW);
1371 INSIST(zone->db_argc >= 1);
1373 rbt = strcmp(zone->db_argv[0], "rbt") == 0 ||
1374 strcmp(zone->db_argv[0], "rbt64") == 0;
1376 if (zone->db != NULL && zone->masterfile == NULL && rbt) {
1378 * The zone has no master file configured.
1384 if (zone->db != NULL && zone_isdynamic(zone)) {
1387 * zone being reloaded. Do nothing - the database
1390 if (zone->type == dns_zone_master)
1398 * Store the current time before the zone is loaded, so that if the
1400 * zone->loadtime is set, then the file will still be reloaded
1406 * Don't do the load if the file that stores the zone is older
1407 * than the last time the zone was loaded. If the zone has not
1408 * been loaded yet, zone->loadtime will be the epoch.
1410 if (zone->masterfile != NULL) {
1415 if (!isc_time_isepoch(&zone->loadtime) &&
1421 result = isc_file_getmodtime(zone->masterfile, &filetime);
1423 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
1424 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HASINCLUDE) &&
1425 isc_time_compare(&filetime, &zone->loadtime) <= 0) {
1426 dns_zone_log(zone, ISC_LOG_DEBUG(1),
1440 if (zone->type == dns_zone_master &&
1441 strcmp(zone->db_argv[0], "_builtin") == 0 &&
1442 (zone->db_argc < 2 || strcmp(zone->db_argv[1], "empty") != 0) &&
1443 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
1448 if ((zone->type == dns_zone_slave || zone->type == dns_zone_stub) &&
1450 if (zone->masterfile == NULL ||
1451 !isc_file_exists(zone->masterfile)) {
1452 if (zone->masterfile != NULL) {
1453 dns_zone_log(zone, ISC_LOG_DEBUG(1),
1456 zone->refreshtime = now;
1457 if (zone->task != NULL)
1458 zone_settimer(zone, &now);
1464 dns_zone_log(zone, ISC_LOG_DEBUG(1), "starting load");
1466 result = dns_db_create(zone->mctx, zone->db_argv[0],
1467 &zone->origin, (zone->type == dns_zone_stub) ?
1469 zone->rdclass,
1470 zone->db_argc - 1, zone->db_argv + 1,
1474 dns_zone_log(zone, ISC_LOG_ERROR,
1475 "loading zone: creating database: %s",
1479 dns_db_settask(db, zone->task);
1482 if (zone->masterfile != NULL) {
1483 result = zone_startload(db, zone, loadtime);
1486 if (zone->type == dns_zone_master) {
1487 dns_zone_log(zone, ISC_LOG_ERROR,
1488 "loading zone: "
1492 dns_zone_log(zone, ISC_LOG_INFO, "loading zone: "
1498 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADING);
1500 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_THAW);
1504 result = zone_postload(zone, db, loadtime, result);
1507 UNLOCK_ZONE(zone);
1514 dns_zone_load(dns_zone_t *zone) {
1515 return (zone_load(zone, 0));
1519 dns_zone_loadnew(dns_zone_t *zone) {
1520 return (zone_load(zone, DNS_ZONELOADFLAG_NOSTAT));
1524 dns_zone_loadandthaw(dns_zone_t *zone) {
1527 result = zone_load(zone, DNS_ZONELOADFLAG_THAW);
1535 zone->update_disabled = ISC_FALSE;
1538 zone->update_disabled = ISC_FALSE;
1548 get_master_options(dns_zone_t *zone) {
1552 if (zone->type == dns_zone_slave)
1554 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNS))
1556 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_FATALNS))
1558 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMES))
1560 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL))
1562 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMX))
1564 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMXFAIL))
1566 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKWILDCARD))
1568 if (zone->type == dns_zone_master &&
1569 ((zone->update_acl != NULL && !dns_acl_isnone(zone->update_acl)) ||
1570 zone->ssutable != NULL))
1589 options = get_master_options(load->zone);
1591 result = dns_master_loadfileinc3(load->zone->masterfile,
1594 load->zone->rdclass, options, 0,
1597 &load->zone->lctx, load->zone->mctx,
1598 load->zone->masterformat);
1611 dns_zone_t *zone = event->ev_arg;
1615 REQUIRE(DNS_ZONE_VALID(zone));
1616 INSIST(task == zone->task);
1625 LOCK_ZONE(zone);
1626 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
1627 if (zone->db != NULL) {
1628 dns_db_currentversion(zone->db, &version);
1629 result = dns_master_dumpinc2(zone->mctx, zone->db, version,
1631 zone->masterfile, zone->task,
1632 dump_done, zone, &zone->dctx,
1633 zone->masterformat);
1634 dns_db_closeversion(zone->db, &version, ISC_FALSE);
1637 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
1638 UNLOCK_ZONE(zone);
1644 dump_done(zone, result);
1648 zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
1654 options = get_master_options(zone);
1656 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MANYERRORS))
1659 if (zone->zmgr != NULL && zone->db != NULL && zone->task != NULL) {
1660 load = isc_mem_get(zone->mctx, sizeof(*load));
1665 load->zone = NULL;
1670 isc_mem_attach(zone->mctx, &load->mctx);
1671 zone_iattach(zone, &load->zone);
1678 result = zonemgr_getio(zone->zmgr, ISC_TRUE, zone->task,
1680 &zone->readio);
1699 result = dns_master_loadfile3(zone->masterfile, &zone->origin,
1700 &zone->origin, zone->rdclass,
1702 zone->mctx, zone->masterformat);
1713 zone_idetach(&load->zone);
1715 isc_mem_put(zone->mctx, load, sizeof(*load));
1720 zone_check_mx(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
1738 * Outside of zone.
1740 if (!dns_name_issubdomain(name, &zone->origin)) {
1741 if (zone->checkmx != NULL)
1742 return ((zone->checkmx)(zone, name, owner));
1746 if (zone->type == dns_zone_master)
1770 dns_zone_log(zone, level,
1778 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNMXCNAME) ||
1779 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME))
1781 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME))
1782 dns_zone_log(zone, level,
1789 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNMXCNAME) ||
1790 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME))
1792 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME)) {
1794 dns_zone_log(zone, level, "%s/MX '%s' is below a DNAME"
1801 if (zone->checkmx != NULL && result == DNS_R_DELEGATION)
1802 return ((zone->checkmx)(zone, name, owner));
1808 zone_check_srv(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
1826 * Outside of zone.
1828 if (!dns_name_issubdomain(name, &zone->origin)) {
1829 if (zone->checksrv != NULL)
1830 return ((zone->checksrv)(zone, name, owner));
1834 if (zone->type == dns_zone_master)
1858 dns_zone_log(zone, level,
1866 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNSRVCNAME) ||
1867 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME))
1869 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME))
1870 dns_zone_log(zone, level,
1877 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNSRVCNAME) ||
1878 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME))
1880 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME)) {
1882 dns_zone_log(zone, level, "%s/SRV '%s' is below a "
1889 if (zone->checksrv != NULL && result == DNS_R_DELEGATION)
1890 return ((zone->checksrv)(zone, name, owner));
1896 zone_check_glue(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
1911 * Outside of zone.
1913 if (!dns_name_issubdomain(name, &zone->origin)) {
1914 if (zone->checkns != NULL)
1915 return ((zone->checkns)(zone, name, owner, NULL, NULL));
1919 if (zone->type == dns_zone_master)
1952 * Check glue against child zone.
1954 if (zone->checkns != NULL)
1955 answer = (zone->checkns)(zone, name, owner,
1980 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKSIBLING)) {
1981 dns_zone_log(zone, level, "%s/NS '%s' has no %s"
1987 if (result == DNS_R_DELEGATION && zone->checkns != NULL)
1988 (void)(zone->checkns)(zone, name, owner,
1994 dns_zone_log(zone, level, "%s/NS '%s' is a CNAME (illegal)",
2000 dns_zone_log(zone, level,
2043 integrity_checks(dns_zone_t *zone, dns_db_t *db) {
2076 * Is this name visible in the zone?
2078 if (!dns_name_issubdomain(name, &zone->origin) ||
2086 if (dns_name_equal(name, &zone->origin))
2094 * Remember bottom of zone.
2103 if (!zone_check_glue(zone, db, &ns.name, name))
2120 if (!zone_check_mx(zone, db, &mx.mx, name))
2128 if (zone->rdclass != dns_rdataclass_in)
2139 if (!zone_check_srv(zone, db, &srv.target, name))
2151 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKSPF))
2153 if (zone->rdclass != dns_rdataclass_in)
2184 dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found SPF/%s "
2209 zone_check_dnskeys(dns_zone_t *zone, dns_db_t *db) {
2219 result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
2253 dns_zone_log(zone, ISC_LOG_WARNING,
2273 resume_signingwithkey(dns_zone_t *zone) {
2280 result = dns_db_findnode(zone->db, &zone->origin, ISC_FALSE, &node);
2284 dns_db_currentversion(zone->db, &version);
2286 result = dns_db_findrdataset(zone->db, node, version,
2287 zone->privatetype,
2303 result = zone_signwithkey(zone, rdata.data[0],
2307 dns_zone_log(zone, ISC_LOG_ERROR,
2317 dns_db_detachnode(zone->db, &node);
2319 dns_db_closeversion(zone->db, &version, ISC_FALSE);
2324 zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
2330 nsec3chain = isc_mem_get(zone->mctx, sizeof *nsec3chain);
2350 for (current = ISC_LIST_HEAD(zone->nsec3chain);
2353 if (current->db == zone->db &&
2362 if (zone->db != NULL) {
2363 dns_db_attach(zone->db, &nsec3chain->db);
2372 ISC_LIST_INITANDAPPEND(zone->nsec3chain,
2375 if (isc_time_isepoch(&zone->nsec3chaintime)) {
2377 zone->nsec3chaintime = now;
2378 if (zone->task != NULL)
2379 zone_settimer(zone, &now);
2390 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
2396 resume_addnsec3chain(dns_zone_t *zone) {
2404 result = dns_db_findnode(zone->db, &zone->origin, ISC_FALSE, &node);
2408 dns_db_currentversion(zone->db, &version);
2410 result = dns_db_findrdataset(zone->db, node, version,
2426 result = zone_addnsec3chain(zone, &nsec3param);
2428 dns_zone_log(zone, ISC_LOG_ERROR,
2439 dns_db_detachnode(zone->db, &node);
2441 dns_db_closeversion(zone->db, &version, ISC_FALSE);
2445 set_resigntime(dns_zone_t *zone) {
2456 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
2457 if (zone->db != NULL)
2458 dns_db_attach(zone->db, &db);
2459 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
2461 isc_time_settoepoch(&zone->resigntime);
2468 isc_time_settoepoch(&zone->resigntime);
2471 resign = rdataset.resign - zone->sigresigninginterval;
2475 isc_time_set(&zone->resigntime, resign, nanosecs);
2482 check_nsec3param(dns_zone_t *zone, dns_db_t *db) {
2490 isc_boolean_t dynamic = (zone->type == dns_zone_master) ?
2491 zone_isdynamic(zone) : ISC_FALSE;
2494 result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
2496 dns_zone_log(zone, ISC_LOG_ERROR,
2511 dns_zone_log(zone, ISC_LOG_ERROR,
2530 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NSEC3TESTZONE) &&
2533 dns_zone_log(zone, ISC_LOG_WARNING,
2539 dns_zone_log(zone, ISC_LOG_ERROR,
2541 " in dynamic zone: %u",
2548 dns_zone_log(zone, ISC_LOG_WARNING,
2559 dns_zone_log(zone, ISC_LOG_ERROR,
2572 zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
2582 isc_boolean_t hasinclude = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HASINCLUDE);
2588 * Initiate zone transfer? We may need a error code that
2593 if (zone->type == dns_zone_slave ||
2594 zone->type == dns_zone_stub) {
2596 dns_zone_log(zone, ISC_LOG_DEBUG(1),
2599 dns_zone_log(zone, ISC_LOG_ERROR,
2602 zone->masterfile,
2605 dns_zone_log(zone, ISC_LOG_ERROR,
2607 zone->masterfile,
2612 dns_zone_log(zone, ISC_LOG_DEBUG(2),
2617 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HASINCLUDE);
2619 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HASINCLUDE);
2624 if (zone->journal != NULL &&
2625 ! DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOMERGE) &&
2626 ! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED))
2628 if (zone->type == dns_zone_master &&
2629 (zone->update_acl != NULL || zone->ssutable != NULL))
2633 result = dns_journal_rollforward2(zone->mctx, db, options,
2634 zone->sigresigninginterval,
2635 zone->journal);
2639 dns_zone_log(zone, ISC_LOG_ERROR,
2645 dns_zone_log(zone, ISC_LOG_ERROR,
2647 "journal out of sync with zone");
2650 dns_zone_log(zone, ISC_LOG_DEBUG(1),
2658 dns_zone_log(zone, ISC_LOG_DEBUG(1), "loaded; checking validity");
2660 * Obtain ns, soa and cname counts for top of zone.
2663 result = zone_get_from_db(zone, db, &nscount, &soacount, &serial,
2667 dns_zone_log(zone, ISC_LOG_ERROR,
2673 * the top of the zone.
2676 switch (zone->type) {
2681 dns_zone_log(zone, ISC_LOG_ERROR,
2686 dns_zone_log(zone, ISC_LOG_ERROR,
2692 if (zone->type == dns_zone_master && errors != 0) {
2696 if (zone->type != dns_zone_stub) {
2697 result = check_nsec3param(zone, db);
2701 if (zone->type == dns_zone_master &&
2702 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKINTEGRITY) &&
2703 !integrity_checks(zone, db)) {
2708 if (zone->db != NULL) {
2713 result = zone_get_from_db(zone, zone->db, NULL,
2718 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS) &&
2722 INSIST(zone->type == dns_zone_master);
2727 dns_zone_log(zone, ISC_LOG_ERROR,
2735 dns_zone_log(zone, ISC_LOG_ERROR,
2736 "zone serial has gone backwards");
2738 strcmp(zone->db_argv[0], "_builtin") != 0)
2739 dns_zone_log(zone, ISC_LOG_ERROR,
2740 "zone serial unchanged. "
2741 "zone may fail to transfer "
2745 if (zone->type == dns_zone_master &&
2746 (zone->update_acl != NULL || zone->ssutable != NULL) &&
2747 zone->sigresigninginterval < (3 * refresh) &&
2750 dns_zone_log(zone, ISC_LOG_WARNING,
2755 zone->refresh = RANGE(refresh,
2756 zone->minrefresh, zone->maxrefresh);
2757 zone->retry = RANGE(retry,
2758 zone->minretry, zone->maxretry);
2759 zone->expire = RANGE(expire, zone->refresh + zone->retry,
2761 zone->minimum = minimum;
2762 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
2764 if (zone->type == dns_zone_slave ||
2765 zone->type == dns_zone_stub) {
2769 result = isc_file_getmodtime(zone->journal, &t);
2771 result = isc_file_getmodtime(zone->masterfile,
2774 DNS_ZONE_TIME_ADD(&t, zone->expire,
2775 &zone->expiretime);
2777 DNS_ZONE_TIME_ADD(&now, zone->retry,
2778 &zone->expiretime);
2780 delay = isc_random_jitter(zone->retry,
2781 (zone->retry * 3) / 4);
2782 DNS_ZONE_TIME_ADD(&now, delay, &zone->refreshtime);
2783 if (isc_time_compare(&zone->refreshtime,
2784 &zone->expiretime) >= 0)
2785 zone->refreshtime = now;
2790 "unexpected zone type %d", zone->type);
2798 if (zone->type == dns_zone_master)
2799 zone_check_dnskeys(zone, db);
2804 isc_event_t *e = isc_event_allocate(zone->mctx, NULL,
2807 zone,
2809 dns_db_ondestroy(db, zone->task, &e);
2813 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
2814 if (zone->db != NULL) {
2815 result = zone_replacedb(zone, db, ISC_FALSE);
2816 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
2820 zone_attachdb(zone, db);
2821 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
2822 DNS_ZONE_SETFLAG(zone,
2827 zone_needdump(zone, DNS_DUMP_DELAY);
2828 if (zone->task != NULL) {
2829 if (zone->type == dns_zone_master) {
2830 set_resigntime(zone);
2831 resume_signingwithkey(zone);
2832 resume_addnsec3chain(zone);
2834 zone_settimer(zone, &now);
2838 dns_zone_log(zone, ISC_LOG_INFO, "loaded serial %u%s", serial,
2841 zone->loadtime = loadtime;
2845 if (zone->type == dns_zone_slave ||
2846 zone->type == dns_zone_stub) {
2847 if (zone->journal != NULL)
2848 zone_saveunique(zone, zone->journal, "jn-XXXXXXXX");
2849 if (zone->masterfile != NULL)
2850 zone_saveunique(zone, zone->masterfile, "db-XXXXXXXX");
2852 /* Mark the zone for immediate refresh. */
2853 zone->refreshtime = now;
2854 if (zone->task != NULL)
2855 zone_settimer(zone, &now);
2857 } else if (zone->type == dns_zone_master)
2858 dns_zone_log(zone, ISC_LOG_ERROR, "not loaded due to errors.");
2863 exit_check(dns_zone_t *zone) {
2865 REQUIRE(LOCKED_ZONE(zone));
2867 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SHUTDOWN) &&
2868 zone->irefs == 0)
2873 INSIST(isc_refcount_current(&zone->erefs) == 0);
2880 zone_check_ns(dns_zone_t *zone, dns_db_t *db, dns_name_t *name) {
2888 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOCHECKNS))
2891 if (zone->type == dns_zone_master)
2914 dns_zone_log(zone, level,
2922 dns_zone_log(zone, level, "NS '%s' is a CNAME (illegal)",
2930 dns_zone_log(zone, level,
2941 zone_count_ns_rr(dns_zone_t *zone, dns_db_t *db, dns_dbnode_t *node,
2962 if (errors != NULL && zone->rdclass == dns_rdataclass_in &&
2963 (zone->type == dns_zone_master ||
2964 zone->type == dns_zone_slave)) {
2969 if (dns_name_issubdomain(&ns.name, &zone->origin) &&
2970 !zone_check_ns(zone, db, &ns.name))
3068 * zone must be locked.
3071 zone_get_from_db(dns_zone_t *zone, dns_db_t *db, unsigned int *nscount,
3083 REQUIRE(zone != NULL);
3089 result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
3096 result = zone_count_ns_rr(zone, db, node, version,
3128 dns_zone_t *zone;
3134 zone = *zonep;
3136 isc_refcount_decrement(&zone->erefs, &refs);
3139 LOCK_ZONE(zone);
3143 if (zone->task != NULL) {
3145 * This zone is being managed. Post
3150 isc_event_t *ev = &zone->ctlevent;
3151 isc_task_send(zone->task, &ev);
3154 * This zone is not being managed; it has
3164 INSIST(zone->view == NULL);
3167 UNLOCK_ZONE(zone);
3171 zone_free(zone);
3200 dns_zone_t *zone;
3203 * 'zone' locked by caller.
3206 zone = *zonep;
3210 INSIST(zone->irefs > 0);
3211 zone->irefs--;
3212 INSIST(zone->irefs + isc_refcount_current(&zone->erefs) > 0);
3217 dns_zone_t *zone;
3221 zone = *zonep;
3224 LOCK_ZONE(zone);
3225 INSIST(zone->irefs > 0);
3226 zone->irefs--;
3227 free_needed = exit_check(zone);
3228 UNLOCK_ZONE(zone);
3230 zone_free(zone);
3234 dns_zone_getmctx(dns_zone_t *zone) {
3235 REQUIRE(DNS_ZONE_VALID(zone));
3237 return (zone->mctx);
3241 dns_zone_getmgr(dns_zone_t *zone) {
3242 REQUIRE(DNS_ZONE_VALID(zone));
3244 return (zone->zmgr);
3248 dns_zone_setflag(dns_zone_t *zone, unsigned int flags, isc_boolean_t value) {
3249 REQUIRE(DNS_ZONE_VALID(zone));
3251 LOCK_ZONE(zone);
3253 DNS_ZONE_SETFLAG(zone, flags);
3255 DNS_ZONE_CLRFLAG(zone, flags);
3256 UNLOCK_ZONE(zone);
3260 dns_zone_setoption(dns_zone_t *zone, unsigned int option, isc_boolean_t value)
3262 REQUIRE(DNS_ZONE_VALID(zone));
3264 LOCK_ZONE(zone);
3266 zone->options |= option;
3268 zone->options &= ~option;
3269 UNLOCK_ZONE(zone);
3273 dns_zone_getoptions(dns_zone_t *zone) {
3275 REQUIRE(DNS_ZONE_VALID(zone));
3277 return (zone->options);
3281 dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) {
3282 REQUIRE(DNS_ZONE_VALID(zone));
3284 LOCK_ZONE(zone);
3285 zone->xfrsource4 = *xfrsource;
3286 UNLOCK_ZONE(zone);
3292 dns_zone_getxfrsource4(dns_zone_t *zone) {
3293 REQUIRE(DNS_ZONE_VALID(zone));
3294 return (&zone->xfrsource4);
3298 dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) {
3299 REQUIRE(DNS_ZONE_VALID(zone));
3301 LOCK_ZONE(zone);
3302 zone->xfrsource6 = *xfrsource;
3303 UNLOCK_ZONE(zone);
3309 dns_zone_getxfrsource6(dns_zone_t *zone) {
3310 REQUIRE(DNS_ZONE_VALID(zone));
3311 return (&zone->xfrsource6);
3315 dns_zone_setaltxfrsource4(dns_zone_t *zone,
3318 REQUIRE(DNS_ZONE_VALID(zone));
3320 LOCK_ZONE(zone);
3321 zone->altxfrsource4 = *altxfrsource;
3322 UNLOCK_ZONE(zone);
3328 dns_zone_getaltxfrsource4(dns_zone_t *zone) {
3329 REQUIRE(DNS_ZONE_VALID(zone));
3330 return (&zone->altxfrsource4);
3334 dns_zone_setaltxfrsource6(dns_zone_t *zone,
3337 REQUIRE(DNS_ZONE_VALID(zone));
3339 LOCK_ZONE(zone);
3340 zone->altxfrsource6 = *altxfrsource;
3341 UNLOCK_ZONE(zone);
3347 dns_zone_getaltxfrsource6(dns_zone_t *zone) {
3348 REQUIRE(DNS_ZONE_VALID(zone));
3349 return (&zone->altxfrsource6);
3353 dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) {
3354 REQUIRE(DNS_ZONE_VALID(zone));
3356 LOCK_ZONE(zone);
3357 zone->notifysrc4 = *notifysrc;
3358 UNLOCK_ZONE(zone);
3364 dns_zone_getnotifysrc4(dns_zone_t *zone) {
3365 REQUIRE(DNS_ZONE_VALID(zone));
3366 return (&zone->notifysrc4);
3370 dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) {
3371 REQUIRE(DNS_ZONE_VALID(zone));
3373 LOCK_ZONE(zone);
3374 zone->notifysrc6 = *notifysrc;
3375 UNLOCK_ZONE(zone);
3381 dns_zone_getnotifysrc6(dns_zone_t *zone) {
3382 REQUIRE(DNS_ZONE_VALID(zone));
3383 return (&zone->notifysrc6);
3387 dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify,
3392 REQUIRE(DNS_ZONE_VALID(zone));
3395 LOCK_ZONE(zone);
3396 if (zone->notify != NULL) {
3397 isc_mem_put(zone->mctx, zone->notify,
3398 zone->notifycnt * sizeof(*new));
3399 zone->notify = NULL;
3400 zone->notifycnt = 0;
3403 new = isc_mem_get(zone->mctx, count * sizeof(*new));
3405 UNLOCK_ZONE(zone);
3409 zone->notify = new;
3410 zone->notifycnt = count;
3412 UNLOCK_ZONE(zone);
3417 dns_zone_setmasters(dns_zone_t *zone, const isc_sockaddr_t *masters,
3422 result = dns_zone_setmasterswithkeys(zone, masters, NULL, count);
3458 dns_zone_setmasterswithkeys(dns_zone_t *zone,
3469 REQUIRE(DNS_ZONE_VALID(zone));
3475 LOCK_ZONE(zone);
3482 if (count != zone->masterscnt ||
3483 !same_masters(zone->masters, masters, count) ||
3484 !same_keynames(zone->masterkeynames, keynames, count)) {
3485 if (zone->request != NULL)
3486 dns_request_cancel(zone->request);
3489 if (zone->masters != NULL) {
3490 isc_mem_put(zone->mctx, zone->masters,
3491 zone->masterscnt * sizeof(*new));
3492 zone->masters = NULL;
3494 if (zone->masterkeynames != NULL) {
3495 for (i = 0; i < zone->masterscnt; i++) {
3496 if (zone->masterkeynames[i] != NULL) {
3497 dns_name_free(zone->masterkeynames[i],
3498 zone->mctx);
3499 isc_mem_put(zone->mctx,
3500 zone->masterkeynames[i],
3502 zone->masterkeynames[i] = NULL;
3505 isc_mem_put(zone->mctx, zone->masterkeynames,
3506 zone->masterscnt * sizeof(dns_name_t *));
3507 zone->masterkeynames = NULL;
3509 if (zone->mastersok != NULL) {
3510 isc_mem_put(zone->mctx, zone->mastersok,
3511 zone->masterscnt * sizeof(isc_boolean_t));
3512 zone->mastersok = NULL;
3514 zone->masterscnt = 0;
3525 new = isc_mem_get(zone->mctx, count * sizeof(*new));
3535 newok = isc_mem_get(zone->mctx, count * sizeof(*newok));
3538 isc_mem_put(zone->mctx, new, count * sizeof(*new));
3549 newname = isc_mem_get(zone->mctx, count * sizeof(*newname));
3552 isc_mem_put(zone->mctx, new, count * sizeof(*new));
3553 isc_mem_put(zone->mctx, newok, count * sizeof(*newok));
3560 newname[i] = isc_mem_get(zone->mctx,
3565 result = dns_name_dup(keynames[i], zone->mctx,
3573 zone->mctx);
3574 isc_mem_put(zone->mctx, new,
3576 isc_mem_put(zone->mctx, newok,
3578 isc_mem_put(zone->mctx, newname,
3587 * Everything is ok so attach to the zone.
3589 zone->curmaster = 0;
3590 zone->masters = new;
3591 zone->mastersok = newok;
3592 zone->masterkeynames = newname;
3593 zone->masterscnt = count;
3594 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOMASTERS);
3597 UNLOCK_ZONE(zone);
3602 dns_zone_getdb(dns_zone_t *zone, dns_db_t **dpb) {
3605 REQUIRE(DNS_ZONE_VALID(zone));
3607 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
3608 if (zone->db == NULL)
3611 dns_db_attach(zone->db, dpb);
3612 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
3622 dns_zone_maintenance(dns_zone_t *zone) {
3626 REQUIRE(DNS_ZONE_VALID(zone));
3629 LOCK_ZONE(zone);
3631 zone_settimer(zone, &now);
3632 UNLOCK_ZONE(zone);
3636 was_dumping(dns_zone_t *zone) {
3639 REQUIRE(LOCKED_ZONE(zone));
3641 dumping = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING);
3642 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DUMPING);
3644 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
3645 isc_time_settoepoch(&zone->dumptime);
3770 find_zone_keys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
3776 const char *directory = dns_zone_getkeydirectory(zone);
3810 set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when, isc_stdtime_t now)
3814 zone->key_expiry = when;
3816 dns_zone_log(zone, ISC_LOG_ERROR,
3818 isc_time_settoepoch(&zone->keywarntime);
3820 dns_zone_log(zone, ISC_LOG_WARNING,
3827 isc_time_set(&zone->keywarntime, when - delta, 0);
3829 dns_zone_log(zone, ISC_LOG_NOTICE, /* XXMPA ISC_LOG_DEBUG(1) */
3832 isc_time_set(&zone->keywarntime, when - 7 * 24 * 3600, 0);
3841 del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
3950 set_key_expiry_warning(zone, (isc_stdtime_t)warn, now);
3953 dns_zone_log(zone, ISC_LOG_ERROR,
4023 zone_resigninc(dns_zone_t *zone) {
4047 dns_diff_init(zone->mctx, &_sig_diff);
4053 if (zone->update_disabled) {
4058 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
4059 dns_db_attach(zone->db, &db);
4060 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
4064 dns_zone_log(zone, ISC_LOG_ERROR,
4070 result = find_zone_keys(zone, db, version, zone->mctx, DNS_MAXZONEKEYS,
4073 dns_zone_log(zone, ISC_LOG_ERROR,
4081 soaexpire = now + dns_zone_getsigvalidityinterval(zone);
4091 check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
4098 dns_zone_log(zone, ISC_LOG_ERROR,
4105 resign = rdataset.resign - zone->sigresigninginterval;
4109 * entire zone. The SOA record should always be the most
4113 if (covers == dns_rdatatype_soa || i++ > zone->signatures ||
4127 result = del_sigs(zone, db, version, name, covers, &zonediff,
4130 dns_zone_log(zone, ISC_LOG_ERROR,
4136 zone_keys, nkeys, zone->mctx, inception,
4139 dns_zone_log(zone, ISC_LOG_ERROR,
4151 dns_zone_log(zone, ISC_LOG_ERROR,
4159 result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa,
4162 dns_zone_log(zone, ISC_LOG_ERROR,
4168 result = increment_soa_serial(db, version, zonediff.diff, zone->mctx);
4170 dns_zone_log(zone, ISC_LOG_ERROR,
4180 result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
4181 zonediff.diff, zone_keys, nkeys, zone->mctx,
4184 dns_zone_log(zone, ISC_LOG_ERROR,
4190 journalfile = dns_zone_getjournal(zone);
4193 result = dns_journal_open(zone->mctx, journalfile,
4196 dns_zone_log(zone, ISC_LOG_ERROR,
4205 dns_zone_log(zone, ISC_LOG_ERROR,
4222 dns_db_closeversion(zone->db, &version, ISC_FALSE);
4227 set_resigntime(zone);
4228 LOCK_ZONE(zone);
4229 zone_needdump(zone, DNS_DUMP_DELAY);
4230 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
4231 UNLOCK_ZONE(zone);
4238 isc_time_nowplusinterval(&zone->resigntime, &ival);
4342 * partially secure zone.
4840 zone_nsec3chain(dns_zone_t *zone) {
4883 dns_diff_init(zone->mctx, ¶m_diff);
4884 dns_diff_init(zone->mctx, &nsec3_diff);
4885 dns_diff_init(zone->mctx, &nsec_diff);
4886 dns_diff_init(zone->mctx, &_sig_diff);
4893 if (zone->update_disabled) {
4898 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
4899 dns_db_attach(zone->db, &db);
4900 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
4904 dns_zone_log(zone, ISC_LOG_ERROR,
4910 result = find_zone_keys(zone, db, version, zone->mctx,
4913 dns_zone_log(zone, ISC_LOG_ERROR,
4921 soaexpire = now + dns_zone_getsigvalidityinterval(zone);
4931 check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
4940 nodes = zone->nodes;
4941 signatures = zone->signatures;
4942 LOCK_ZONE(zone);
4943 nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
4944 UNLOCK_ZONE(zone);
4953 LOCK_ZONE(zone);
4956 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
4957 if (nsec3chain->done || nsec3chain->db != zone->db) {
4958 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain, link);
4961 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
4962 UNLOCK_ZONE(zone);
5013 * Check to see if this is a bottom of zone node.
5057 zone->minimum, unsecure, &nsec3_diff));
5081 LOCK_ZONE(zone);
5082 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain,
5084 UNLOCK_ZONE(zone);
5100 LOCK_ZONE(zone);
5101 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain,
5103 UNLOCK_ZONE(zone);
5107 dns_zone_log(zone, ISC_LOG_ERROR,
5139 LOCK_ZONE(zone);
5140 nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
5141 UNLOCK_ZONE(zone);
5145 LOCK_ZONE(zone);
5147 UNLOCK_ZONE(zone);
5209 * Check to see if this is a bottom of zone node.
5244 CHECK(add_nsec(db, version, name, node, zone->minimum,
5261 LOCK_ZONE(zone);
5262 ISC_LIST_UNLINK(zone->nsec3chain, nsec3chain,
5264 UNLOCK_ZONE(zone);
5271 dns_zone_log(zone, ISC_LOG_ERROR,
5311 result = del_sigs(zone, db, version, &tuple->name,
5315 dns_zone_log(zone, ISC_LOG_ERROR,
5322 nkeys, zone->mctx, inception, expire,
5325 dns_zone_log(zone, ISC_LOG_ERROR,
5350 result = del_sigs(zone, db, version, &tuple->name,
5354 dns_zone_log(zone, ISC_LOG_ERROR,
5361 zone_keys, nkeys, zone->mctx, inception,
5364 dns_zone_log(zone, ISC_LOG_ERROR,
5375 CHECK(updatesecure(db, version, &zone->origin, zone->minimum,
5381 result = del_sigs(zone, db, version, &tuple->name,
5385 dns_zone_log(zone, ISC_LOG_ERROR,
5392 zone_keys, nkeys, zone->mctx, inception,
5395 dns_zone_log(zone, ISC_LOG_ERROR,
5406 * If we made no effective changes to the zone then we can just
5417 result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa,
5420 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
5425 result = increment_soa_serial(db, version, zonediff.diff, zone->mctx);
5427 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
5433 result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
5434 zonediff.diff, zone_keys, nkeys, zone->mctx,
5437 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
5442 journalfile = dns_zone_getjournal(zone);
5445 result = dns_journal_open(zone->mctx, journalfile,
5448 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
5457 dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
5464 LOCK_ZONE(zone);
5465 zone_needdump(zone, DNS_DUMP_DELAY);
5466 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
5467 UNLOCK_ZONE(zone);
5473 LOCK_ZONE(zone);
5474 for (nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
5478 UNLOCK_ZONE(zone);
5493 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
5497 set_resigntime(zone);
5507 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
5525 isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
5527 LOCK_ZONE(zone);
5528 ISC_LIST_PREPEND(zone->nsec3chain, nsec3chain, link);
5529 UNLOCK_ZONE(zone);
5538 LOCK_ZONE(zone);
5539 for (nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
5543 UNLOCK_ZONE(zone);
5562 LOCK_ZONE(zone);
5563 if (ISC_LIST_HEAD(zone->nsec3chain) != NULL) {
5565 if (zone->update_disabled || result != ISC_R_SUCCESS)
5569 isc_time_nowplusinterval(&zone->nsec3chaintime, &i);
5571 isc_time_settoepoch(&zone->nsec3chaintime);
5572 UNLOCK_ZONE(zone);
5643 * Incrementally sign the zone using the keys requested.
5647 zone_sign(dns_zone_t *zone) {
5681 dns_diff_init(zone->mctx, &_sig_diff);
5688 if (zone->update_disabled) {
5693 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
5694 dns_db_attach(zone->db, &db);
5695 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
5699 dns_zone_log(zone, ISC_LOG_ERROR,
5705 result = find_zone_keys(zone, db, version, zone->mctx,
5708 dns_zone_log(zone, ISC_LOG_ERROR,
5716 soaexpire = now + dns_zone_getsigvalidityinterval(zone);
5726 check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
5735 nodes = zone->nodes;
5736 signatures = zone->signatures;
5737 signing = ISC_LIST_HEAD(zone->signing);
5776 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
5777 if (signing->done || signing->db != zone->db) {
5779 * The zone has been reloaded. We will have
5783 ISC_LIST_UNLINK(zone->signing, signing, link);
5785 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
5788 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
5851 expire, zone->minimum, is_ksk,
5853 &signatures, zone->mctx));
5865 ISC_LIST_UNLINK(zone->signing, signing, link);
5873 * zone with a zone signing key.
5876 * for the zone. We can now clear the
5880 &zone->origin,
5881 zone->minimum,
5885 dns_zone_log(zone,
5893 &zone->origin,
5894 zone->privatetype,
5897 dns_zone_log(zone, ISC_LOG_ERROR,
5904 dns_zone_log(zone, ISC_LOG_ERROR,
5930 result = del_sigs(zone, db, version, &zone->origin,
5934 dns_zone_log(zone, ISC_LOG_ERROR,
5939 result = add_sigs(db, version, &zone->origin,
5941 nkeys, zone->mctx, inception, soaexpire,
5944 dns_zone_log(zone, ISC_LOG_ERROR,
5956 result = del_sigs(zone, db, version, &zone->origin,
5957 zone->privatetype, &zonediff,
5960 dns_zone_log(zone, ISC_LOG_ERROR,
5965 result = add_sigs(db, version, &zone->origin,
5966 zone->privatetype, zonediff.diff,
5967 zone_keys, nkeys, zone->mctx, inception,
5970 dns_zone_log(zone, ISC_LOG_ERROR,
5991 result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa,
5994 dns_zone_log(zone, ISC_LOG_ERROR,
6000 result = increment_soa_serial(db, version, zonediff.diff, zone->mctx);
6002 dns_zone_log(zone, ISC_LOG_ERROR,
6012 result = add_sigs(db, version, &zone->origin, dns_rdatatype_soa,
6013 zonediff.diff, zone_keys, nkeys, zone->mctx,
6016 dns_zone_log(zone, ISC_LOG_ERROR,
6025 journalfile = dns_zone_getjournal(zone);
6028 result = dns_journal_open(zone->mctx, journalfile,
6031 dns_zone_log(zone, ISC_LOG_ERROR,
6040 dns_zone_log(zone, ISC_LOG_ERROR,
6051 for (signing = ISC_LIST_HEAD(zone->signing);
6074 isc_mem_put(zone->mctx, signing, sizeof *signing);
6078 set_resigntime(zone);
6081 LOCK_ZONE(zone);
6082 zone_needdump(zone, DNS_DUMP_DELAY);
6083 UNLOCK_ZONE(zone);
6093 ISC_LIST_APPEND(zone->signing, signing, link);
6099 for (signing = ISC_LIST_HEAD(zone->signing);
6115 if (ISC_LIST_HEAD(zone->signing) != NULL) {
6117 if (zone->update_disabled || result != ISC_R_SUCCESS)
6121 isc_time_nowplusinterval(&zone->signingtime, &i);
6123 isc_time_settoepoch(&zone->signingtime);
6127 zone_maintenance(dns_zone_t *zone) {
6133 REQUIRE(DNS_ZONE_VALID(zone));
6137 * Configuring the view of this zone may have
6143 if (zone->view == NULL || zone->view->adb == NULL)
6151 switch (zone->type) {
6154 LOCK_ZONE(zone);
6155 if (isc_time_compare(&now, &zone->expiretime) >= 0 &&
6156 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
6157 zone_expire(zone);
6158 zone->refreshtime = now;
6160 UNLOCK_ZONE(zone);
6169 switch (zone->type) {
6172 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH) &&
6173 isc_time_compare(&now, &zone->refreshtime) >= 0)
6174 dns_zone_refresh(zone);
6183 switch (zone->type) {
6187 LOCK_ZONE(zone);
6188 if (zone->masterfile != NULL &&
6189 isc_time_compare(&now, &zone->dumptime) >= 0 &&
6190 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
6191 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP)) {
6192 dumping = was_dumping(zone);
6195 UNLOCK_ZONE(zone);
6197 result = zone_dump(zone, ISC_TRUE); /* task locked */
6199 dns_zone_log(zone, ISC_LOG_WARNING,
6208 switch (zone->type) {
6214 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY) &&
6215 isc_time_compare(&now, &zone->notifytime) >= 0)
6216 zone_notify(zone, &now);
6220 if (!isc_time_isepoch(&zone->signingtime) &&
6221 isc_time_compare(&now, &zone->signingtime) >= 0)
6222 zone_sign(zone);
6223 else if (!isc_time_isepoch(&zone->resigntime) &&
6224 isc_time_compare(&now, &zone->resigntime) >= 0)
6225 zone_resigninc(zone);
6226 else if (!isc_time_isepoch(&zone->nsec3chaintime) &&
6227 isc_time_compare(&now, &zone->nsec3chaintime) >= 0)
6228 zone_nsec3chain(zone);
6232 if (!isc_time_isepoch(&zone->keywarntime) &&
6233 isc_time_compare(&now, &zone->keywarntime) >= 0)
6234 set_key_expiry_warning(zone, zone->key_expiry,
6240 zone_settimer(zone, &now);
6244 dns_zone_markdirty(dns_zone_t *zone) {
6246 LOCK_ZONE(zone);
6247 if (zone->type == dns_zone_master)
6248 set_resigntime(zone); /* XXXMPA make separate call back */
6249 zone_needdump(zone, DNS_DUMP_DELAY);
6250 UNLOCK_ZONE(zone);
6254 dns_zone_expire(dns_zone_t *zone) {
6255 REQUIRE(DNS_ZONE_VALID(zone));
6257 LOCK_ZONE(zone);
6258 zone_expire(zone);
6259 UNLOCK_ZONE(zone);
6263 zone_expire(dns_zone_t *zone) {
6265 * 'zone' locked by caller.
6268 REQUIRE(LOCKED_ZONE(zone));
6270 dns_zone_log(zone, ISC_LOG_WARNING, "expired");
6272 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_EXPIRED);
6273 zone->refresh = DNS_ZONE_DEFAULTREFRESH;
6274 zone->retry = DNS_ZONE_DEFAULTRETRY;
6275 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
6276 zone_unload(zone);
6280 dns_zone_refresh(dns_zone_t *zone) {
6286 REQUIRE(DNS_ZONE_VALID(zone));
6288 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
6296 LOCK_ZONE(zone);
6297 oldflags = zone->flags;
6298 if (zone->masterscnt == 0) {
6299 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOMASTERS);
6301 dns_zone_log(zone, ISC_LOG_ERROR,
6305 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH);
6306 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
6307 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
6314 * If we are successful it will be reset using zone->refresh.
6316 isc_interval_set(&i, isc_random_jitter(zone->retry, zone->retry / 4),
6318 result = isc_time_nowplusinterval(&zone->refreshtime, &i);
6320 dns_zone_log(zone, ISC_LOG_WARNING,
6329 if (! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HAVETIMERS))
6330 zone->retry = ISC_MIN(zone->retry * 2, 6 * 3600);
6332 zone->curmaster = 0;
6333 for (j = 0; j < zone->masterscnt; j++)
6334 zone->mastersok[j] = ISC_FALSE;
6336 queue_soa_query(zone);
6338 UNLOCK_ZONE(zone);
6342 dns_zone_flush(dns_zone_t *zone) {
6346 REQUIRE(DNS_ZONE_VALID(zone));
6348 LOCK_ZONE(zone);
6349 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_FLUSH);
6350 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
6351 zone->masterfile != NULL) {
6353 dumping = was_dumping(zone);
6356 UNLOCK_ZONE(zone);
6358 result = zone_dump(zone, ISC_FALSE); /* Unknown task. */
6363 dns_zone_dump(dns_zone_t *zone) {
6367 REQUIRE(DNS_ZONE_VALID(zone));
6369 LOCK_ZONE(zone);
6370 dumping = was_dumping(zone);
6371 UNLOCK_ZONE(zone);
6373 result = zone_dump(zone, ISC_FALSE); /* Unknown task. */
6378 zone_needdump(dns_zone_t *zone, unsigned int delay) {
6383 * 'zone' locked by caller
6386 REQUIRE(DNS_ZONE_VALID(zone));
6387 REQUIRE(LOCKED_ZONE(zone));
6392 if (zone->masterfile == NULL ||
6393 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) == 0)
6400 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
6401 if (isc_time_isepoch(&zone->dumptime) ||
6402 isc_time_compare(&zone->dumptime, &dumptime) > 0)
6403 zone->dumptime = dumptime;
6404 if (zone->task != NULL)
6405 zone_settimer(zone, &now);
6411 dns_zone_t *zone = arg;
6419 REQUIRE(DNS_ZONE_VALID(zone));
6423 if (result == ISC_R_SUCCESS && zone->journal != NULL &&
6424 zone->journalsize != -1) {
6427 * We don't own these, zone->dctx must stay valid.
6429 db = dns_dumpctx_db(zone->dctx);
6430 version = dns_dumpctx_version(zone->dctx);
6435 * zone->xfr safely.
6437 if (tresult == ISC_R_SUCCESS && zone->xfr == NULL) {
6438 tresult = dns_journal_compact(zone->mctx,
6439 zone->journal,
6441 zone->journalsize);
6446 dns_zone_log(zone, ISC_LOG_DEBUG(3),
6451 dns_zone_log(zone, ISC_LOG_ERROR,
6458 zone->compact_serial = serial;
6462 LOCK_ZONE(zone);
6463 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_DUMPING);
6465 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDCOMPACT);
6470 zone_needdump(zone, DNS_DUMP_DELAY);
6472 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FLUSH) &&
6473 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
6474 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
6475 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
6476 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DUMPING);
6477 isc_time_settoepoch(&zone->dumptime);
6480 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_FLUSH);
6482 if (zone->dctx != NULL)
6483 dns_dumpctx_detach(&zone->dctx);
6484 zonemgr_putio(&zone->writeio);
6485 UNLOCK_ZONE(zone);
6487 (void)zone_dump(zone, ISC_FALSE);
6488 dns_zone_idetach(&zone);
6492 zone_dump(dns_zone_t *zone, isc_boolean_t compact) {
6505 REQUIRE(DNS_ZONE_VALID(zone));
6509 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
6510 if (zone->db != NULL)
6511 dns_db_attach(zone->db, &db);
6512 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
6513 LOCK_ZONE(zone);
6514 if (zone->masterfile != NULL) {
6515 masterfile = isc_mem_strdup(zone->mctx, zone->masterfile);
6516 masterformat = zone->masterformat;
6518 UNLOCK_ZONE(zone);
6528 if (compact && zone->type != dns_zone_stub) {
6530 LOCK_ZONE(zone);
6531 zone_iattach(zone, &dummy);
6532 result = zonemgr_getio(zone->zmgr, ISC_FALSE, zone->task,
6533 zone_gotwritehandle, zone,
6534 &zone->writeio);
6539 UNLOCK_ZONE(zone);
6542 result = dns_master_dump2(zone->mctx, db, version,
6551 isc_mem_free(zone->mctx, masterfile);
6558 LOCK_ZONE(zone);
6559 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_DUMPING);
6564 zone_needdump(zone, DNS_DUMP_DELAY);
6565 } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FLUSH) &&
6566 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
6567 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
6568 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
6569 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DUMPING);
6570 isc_time_settoepoch(&zone->dumptime);
6573 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_FLUSH);
6574 UNLOCK_ZONE(zone);
6582 dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style,
6589 REQUIRE(DNS_ZONE_VALID(zone));
6591 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
6592 if (zone->db != NULL)
6593 dns_db_attach(zone->db, &db);
6594 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
6599 result = dns_master_dumptostream2(zone->mctx, db, version, style,
6607 dns_zone_dumptostream2(dns_zone_t *zone, FILE *fd, dns_masterformat_t format,
6609 return dumptostream(zone, fd, style, format);
6613 dns_zone_dumptostream(dns_zone_t *zone, FILE *fd) {
6614 return dumptostream(zone, fd, &dns_master_style_default,
6619 dns_zone_fulldumptostream(dns_zone_t *zone, FILE *fd) {
6620 return dumptostream(zone, fd, &dns_master_style_full,
6625 dns_zone_unload(dns_zone_t *zone) {
6626 REQUIRE(DNS_ZONE_VALID(zone));
6628 LOCK_ZONE(zone);
6629 zone_unload(zone);
6630 UNLOCK_ZONE(zone);
6634 notify_cancel(dns_zone_t *zone) {
6638 * 'zone' locked by caller.
6641 REQUIRE(LOCKED_ZONE(zone));
6643 for (notify = ISC_LIST_HEAD(zone->notifies);
6654 forward_cancel(dns_zone_t *zone) {
6658 * 'zone' locked by caller.
6661 REQUIRE(LOCKED_ZONE(zone));
6663 for (forward = ISC_LIST_HEAD(zone->forwards);
6672 zone_unload(dns_zone_t *zone) {
6675 * 'zone' locked by caller.
6678 REQUIRE(LOCKED_ZONE(zone));
6680 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FLUSH) ||
6681 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
6682 if (zone->writeio != NULL)
6683 zonemgr_cancelio(zone->writeio);
6685 if (zone->dctx != NULL)
6686 dns_dumpctx_cancel(zone->dctx);
6688 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
6689 zone_detachdb(zone);
6690 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
6691 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADED);
6692 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
6696 dns_zone_setminrefreshtime(dns_zone_t *zone, isc_uint32_t val) {
6697 REQUIRE(DNS_ZONE_VALID(zone));
6700 zone->minrefresh = val;
6704 dns_zone_setmaxrefreshtime(dns_zone_t *zone, isc_uint32_t val) {
6705 REQUIRE(DNS_ZONE_VALID(zone));
6708 zone->maxrefresh = val;
6712 dns_zone_setminretrytime(dns_zone_t *zone, isc_uint32_t val) {
6713 REQUIRE(DNS_ZONE_VALID(zone));
6716 zone->minretry = val;
6720 dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val) {
6721 REQUIRE(DNS_ZONE_VALID(zone));
6724 zone->maxretry = val;
6728 notify_isqueued(dns_zone_t *zone, dns_name_t *name, isc_sockaddr_t *addr) {
6731 for (notify = ISC_LIST_HEAD(zone->notifies);
6746 notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
6754 if (zone->view == NULL || zone->isself == NULL)
6759 src = zone->notifysrc4;
6763 src = zone->notifysrc6;
6778 result = dns_view_getpeertsig(zone->view, &dstaddr, &key);
6781 isself = (zone->isself)(zone->view, key, &src, dst, zone->rdclass,
6782 zone->isselfarg);
6793 * Caller holds zone lock.
6797 if (notify->zone != NULL) {
6799 LOCK_ZONE(notify->zone);
6800 REQUIRE(LOCKED_ZONE(notify->zone));
6802 ISC_LIST_UNLINK(notify->zone->notifies, notify, link);
6804 UNLOCK_ZONE(notify->zone);
6806 zone_idetach(¬ify->zone);
6808 dns_zone_idetach(¬ify->zone);
6834 notify->zone = NULL;
6857 INSIST(task == notify->zone->task);
6866 LOCK_ZONE(notify->zone);
6868 UNLOCK_ZONE(notify->zone);
6882 if (notify->zone->view->adb == NULL)
6885 result = dns_adb_createfind(notify->zone->view->adb,
6886 notify->zone->task,
6890 notify->zone->view->dstport,
6902 LOCK_ZONE(notify->zone);
6904 UNLOCK_ZONE(notify->zone);
6924 result = isc_ratelimiter_enqueue(notify->zone->zmgr->notifyrl,
6925 notify->zone->task, &e);
6948 LOCK_ZONE(notify->zone);
6950 if (DNS_ZONE_FLAG(notify->zone, DNS_ZONEFLG_LOADED) == 0) {
6956 DNS_ZONE_FLAG(notify->zone, DNS_ZONEFLG_EXITING) ||
6957 notify->zone->view->requestmgr == NULL ||
6958 notify->zone->db == NULL) {
6970 notify_log(notify->zone, ISC_LOG_DEBUG(3),
6977 result = notify_createmessage(notify->zone, notify->flags, &message);
6983 result = dns_view_getpeertsig(notify->zone->view, &dstip, &key);
6985 notify_log(notify->zone, ISC_LOG_ERROR, "NOTIFY to %s not "
6990 notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to %s",
6992 if (notify->zone->view->peers != NULL) {
6994 result = dns_peerlist_peerbyaddr(notify->zone->view->peers,
7005 src = notify->zone->notifysrc4;
7009 src = notify->zone->notifysrc6;
7016 if (DNS_ZONE_FLAG(notify->zone, DNS_ZONEFLG_DIALNOTIFY))
7018 result = dns_request_createvia2(notify->zone->view->requestmgr,
7021 notify->zone->task, notify_done,
7025 inc_stats(notify->zone,
7028 inc_stats(notify->zone,
7039 UNLOCK_ZONE(notify->zone);
7056 REQUIRE(LOCKED_ZONE(notify->zone));
7062 if (notify_isqueued(notify->zone, NULL, &dst))
7064 if (notify_isself(notify->zone, &dst))
7072 zone_iattach(notify->zone, &new->zone);
7073 ISC_LIST_APPEND(new->zone->notifies, new, link);
7087 dns_zone_notify(dns_zone_t *zone) {
7090 REQUIRE(DNS_ZONE_VALID(zone));
7092 LOCK_ZONE(zone);
7093 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
7096 zone_settimer(zone, &now);
7097 UNLOCK_ZONE(zone);
7101 zone_notify(dns_zone_t *zone, isc_time_t *now) {
7122 REQUIRE(DNS_ZONE_VALID(zone));
7124 LOCK_ZONE(zone);
7125 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
7126 notifytype = zone->notifytype;
7127 DNS_ZONE_TIME_ADD(now, zone->notifydelay, &zone->notifytime);
7128 UNLOCK_ZONE(zone);
7130 if (! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED))
7137 zone->type != dns_zone_master)
7140 origin = &zone->origin;
7143 * If the zone is dialup we are done as we don't want to send
7146 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALNOTIFY))
7152 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
7153 if (zone->db != NULL)
7154 dns_db_attach(zone->db, &zonedb);
7155 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
7180 result = dns_name_dup(&soa.origin, zone->mctx, &master);
7189 LOCK_ZONE(zone);
7190 for (i = 0; i < zone->notifycnt; i++) {
7191 dst = zone->notify[i];
7192 if (notify_isqueued(zone, NULL, &dst))
7194 result = notify_create(zone->mctx, flags, ¬ify);
7197 zone_iattach(zone, ¬ify->zone);
7199 ISC_LIST_APPEND(zone->notifies, notify, link);
7204 notify_log(zone, ISC_LOG_INFO,
7211 UNLOCK_ZONE(zone);
7236 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOTIFYTOSOA) &&
7243 notify_log(zone, ISC_LOG_INFO,
7249 LOCK_ZONE(zone);
7250 isqueued = notify_isqueued(zone, &ns.name, NULL);
7251 UNLOCK_ZONE(zone);
7256 result = notify_create(zone->mctx, flags, ¬ify);
7259 dns_zone_iattach(zone, ¬ify->zone);
7260 result = dns_name_dup(&ns.name, zone->mctx, ¬ify->ns);
7262 LOCK_ZONE(zone);
7264 UNLOCK_ZONE(zone);
7267 LOCK_ZONE(zone);
7268 ISC_LIST_APPEND(zone->notifies, notify, link);
7269 UNLOCK_ZONE(zone);
7278 dns_name_free(&master, zone->mctx);
7381 dns_zone_t *zone = NULL;
7396 zone = stub->zone;
7402 LOCK_ZONE(zone);
7404 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
7405 zone_debuglog(zone, me, 1, "exiting");
7410 isc_sockaddr_format(&zone->masteraddr, master, sizeof(master));
7411 isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source));
7415 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
7416 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
7417 dns_zone_log(zone, ISC_LOG_DEBUG(1),
7423 dns_zonemgr_unreachableadd(zone->zmgr, &zone->masteraddr,
7424 &zone->sourceaddr, &now);
7425 dns_zone_log(zone, ISC_LOG_INFO,
7432 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTPARSE, &msg);
7450 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS) &&
7454 dns_zone_log(zone, ISC_LOG_DEBUG(1),
7458 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
7462 dns_zone_log(zone, ISC_LOG_INFO,
7474 dns_zone_log(zone, ISC_LOG_INFO,
7480 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEVC);
7488 dns_zone_log(zone, ISC_LOG_INFO, "refreshing stub: "
7501 dns_zone_log(zone, ISC_LOG_INFO,
7508 dns_zone_log(zone, ISC_LOG_INFO,
7517 result = save_nsrrset(msg, &zone->origin, stub->db, stub->version);
7519 dns_zone_log(zone, ISC_LOG_INFO,
7529 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
7530 if (zone->db == NULL)
7531 zone_attachdb(zone, stub->db);
7532 result = zone_get_from_db(zone, zone->db, NULL, &soacount, NULL,
7535 zone->refresh = RANGE(refresh, zone->minrefresh,
7536 zone->maxrefresh);
7537 zone->retry = RANGE(retry, zone->minretry, zone->maxretry);
7538 zone->expire = RANGE(expire, zone->refresh + zone->retry,
7540 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
7542 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
7547 dns_request_destroy(&zone->request);
7549 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
7550 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED);
7551 DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime);
7552 isc_interval_set(&i, zone->expire, 0);
7553 DNS_ZONE_TIME_ADD(&now, zone->expire, &zone->expiretime);
7555 if (zone->masterfile != NULL)
7556 zone_needdump(zone, 0);
7558 zone_settimer(zone, &now);
7569 dns_request_destroy(&zone->request);
7574 zone->curmaster++;
7575 } while (zone->curmaster < zone->masterscnt &&
7576 zone->mastersok[zone->curmaster]);
7577 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
7578 if (exiting || zone->curmaster >= zone->masterscnt) {
7581 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
7582 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
7586 for (j = 0; j < zone->masterscnt; j++)
7587 if (zone->mastersok[j] == ISC_FALSE) {
7594 zone->curmaster = 0;
7598 while (zone->curmaster < zone->masterscnt &&
7599 zone->mastersok[zone->curmaster])
7600 zone->curmaster++;
7601 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
7603 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
7605 zone_settimer(zone, &now);
7609 queue_soa_query(zone);
7616 dns_request_destroy(&zone->request);
7617 ns_query(zone, NULL, stub);
7618 UNLOCK_ZONE(zone);
7622 UNLOCK_ZONE(zone);
7624 dns_zone_idetach(&stub->zone);
7641 dns_zone_t *zone;
7655 zone = revent->ev_arg;
7656 INSIST(DNS_ZONE_VALID(zone));
7664 LOCK_ZONE(zone);
7670 isc_sockaddr_format(&zone->masteraddr, master, sizeof(master));
7671 isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source));
7675 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
7676 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
7677 dns_zone_log(zone, ISC_LOG_DEBUG(1),
7684 dns_zone_log(zone, ISC_LOG_INFO,
7689 if (zone->type == dns_zone_slave &&
7690 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_TRYTCPREFRESH)) {
7691 if (!dns_zonemgr_unreachable(zone->zmgr,
7692 &zone->masteraddr,
7693 &zone->sourceaddr,
7696 DNS_ZONE_SETFLAG(zone,
7700 dns_zone_log(zone, ISC_LOG_DEBUG(1),
7707 dns_zone_log(zone, ISC_LOG_INFO,
7714 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTPARSE, &msg);
7719 dns_zone_log(zone, ISC_LOG_INFO,
7736 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS) &&
7740 dns_zone_log(zone, ISC_LOG_DEBUG(1),
7744 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
7747 dns_zone_log(zone, ISC_LOG_INFO,
7755 zone->type == dns_zone_slave)
7761 * If truncated punt to zone transfer which will query again.
7764 if (zone->type == dns_zone_slave) {
7765 dns_zone_log(zone, ISC_LOG_INFO,
7767 "initiating TCP zone xfer "
7770 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR);
7773 INSIST(zone->type == dns_zone_stub);
7775 dns_zone_log(zone, ISC_LOG_INFO,
7781 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEVC);
7790 dns_zone_log(zone, ISC_LOG_INFO,
7803 * There should not be a CNAME record at top of zone.
7806 dns_zone_log(zone, ISC_LOG_INFO,
7807 "refresh: CNAME at top of zone "
7816 dns_zone_log(zone, ISC_LOG_INFO,
7826 dns_zone_log(zone, ISC_LOG_INFO,
7833 * Only one soa at top of zone.
7836 dns_zone_log(zone, ISC_LOG_INFO,
7847 result = dns_message_findname(msg, DNS_SECTION_ANSWER, &zone->origin,
7851 dns_zone_log(zone, ISC_LOG_INFO,
7859 dns_zone_log(zone, ISC_LOG_INFO,
7869 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
7870 result = zone_get_from_db(zone, zone->db, NULL, &oldsoacount,
7875 zone_debuglog(zone, me, 1, "serial: new %u, old %u",
7878 zone_debuglog(zone, me, 1, "serial: new %u, old not loaded",
7881 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) ||
7882 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER) ||
7884 if (dns_zonemgr_unreachable(zone->zmgr, &zone->masteraddr,
7885 &zone->sourceaddr, &now))
7887 dns_zone_log(zone, ISC_LOG_INFO,
7890 zone->type == dns_zone_slave ?
7891 "zone transfer" : "NS query",
7897 dns_request_destroy(&zone->request);
7898 if (zone->type == dns_zone_slave) {
7901 INSIST(zone->type == dns_zone_stub);
7902 ns_query(zone, rdataset, NULL);
7907 if (zone->masterfile != NULL) {
7909 if (zone->journal != NULL)
7910 result = isc_file_settime(zone->journal, &now);
7912 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
7913 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
7914 result = isc_file_settime(zone->masterfile,
7917 result = isc_file_settime(zone->masterfile,
7921 zone_needdump(zone, DNS_DUMP_DELAY);
7923 dns_zone_log(zone, ISC_LOG_ERROR,
7926 zone->masterfile,
7929 DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime);
7930 DNS_ZONE_TIME_ADD(&now, zone->expire, &zone->expiretime);
7931 zone->mastersok[zone->curmaster] = ISC_TRUE;
7934 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MULTIMASTER))
7935 dns_zone_log(zone, ISC_LOG_INFO, "serial number (%u) "
7939 zone_debuglog(zone, me, 1, "ahead");
7940 zone->mastersok[zone->curmaster] = ISC_TRUE;
7951 dns_request_destroy(&zone->request);
7956 zone->curmaster++;
7957 } while (zone->curmaster < zone->masterscnt &&
7958 zone->mastersok[zone->curmaster]);
7959 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
7960 if (zone->curmaster >= zone->masterscnt) {
7962 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
7963 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
7967 for (j = 0; j < zone->masterscnt; j++)
7968 if (zone->mastersok[j] == ISC_FALSE) {
7975 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
7976 zone->curmaster = 0;
7980 while (zone->curmaster < zone->masterscnt &&
7981 zone->mastersok[zone->curmaster])
7982 zone->curmaster++;
7985 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
7986 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDREFRESH)) {
7987 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDREFRESH);
7988 zone->refreshtime = now;
7990 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
7991 zone_settimer(zone, &now);
7996 queue_soa_query(zone);
8003 dns_request_destroy(&zone->request);
8004 queue_soa_query(zone);
8007 UNLOCK_ZONE(zone);
8009 queue_xfrin(zone);
8010 dns_zone_idetach(&zone);
8015 queue_soa_query(dns_zone_t *zone) {
8025 REQUIRE(LOCKED_ZONE(zone));
8027 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
8028 cancel_refresh(zone);
8032 e = isc_event_allocate(zone->mctx, NULL, DNS_EVENT_ZONE,
8033 soa_query, zone, sizeof(isc_event_t));
8035 cancel_refresh(zone);
8043 zone_iattach(zone, &dummy);
8045 e->ev_arg = zone;
8047 result = isc_ratelimiter_enqueue(zone->zmgr->refreshrl, zone->task, &e);
8051 cancel_refresh(zone);
8056 create_query(dns_zone_t *zone, dns_rdatatype_t rdtype,
8064 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTRENDER,
8070 message->rdclass = zone->rdclass;
8084 dns_name_clone(&zone->origin, qname);
8086 dns_rdataset_makequestion(qrdataset, zone->rdclass, rdtype);
8176 dns_zone_t *zone = event->ev_arg;
8186 REQUIRE(DNS_ZONE_VALID(zone));
8192 LOCK_ZONE(zone);
8194 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) ||
8195 zone->view->requestmgr == NULL) {
8196 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
8202 * XXX Optimisation: Create message when zone is setup and reuse.
8204 result = create_query(zone, dns_rdatatype_soa, &message);
8209 INSIST(zone->masterscnt > 0);
8210 INSIST(zone->curmaster < zone->masterscnt);
8212 zone->masteraddr = zone->masters[zone->curmaster];
8214 isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
8219 if ((zone->masterkeynames != NULL) &&
8220 (zone->masterkeynames[zone->curmaster] != NULL)) {
8221 dns_view_t *view = dns_zone_getview(zone);
8222 dns_name_t *keyname = zone->masterkeynames[zone->curmaster];
8227 dns_zone_log(zone, ISC_LOG_ERROR,
8233 result = dns_view_getpeertsig(zone->view, &masterip, &key);
8237 dns_zone_log(zone, ISC_LOG_ERROR,
8244 reqnsid = zone->view->requestnsid;
8245 if (zone->view->peers != NULL) {
8248 result = dns_peerlist_peerbyaddr(zone->view->peers,
8253 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
8255 &zone->sourceaddr);
8258 if (zone->view->resolver != NULL)
8260 dns_resolver_getudpsize(zone->view->resolver);
8266 switch (isc_sockaddr_pf(&zone->masteraddr)) {
8268 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
8269 if (isc_sockaddr_equal(&zone->altxfrsource4,
8270 &zone->xfrsource4))
8272 zone->sourceaddr = zone->altxfrsource4;
8274 zone->sourceaddr = zone->xfrsource4;
8277 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
8278 if (isc_sockaddr_equal(&zone->altxfrsource6,
8279 &zone->xfrsource6))
8281 zone->sourceaddr = zone->altxfrsource6;
8283 zone->sourceaddr = zone->xfrsource6;
8290 options = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEVC) ?
8293 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
8296 zone_debuglog(zone, me, 1,
8301 zone_iattach(zone, &dummy);
8303 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH))
8305 result = dns_request_createvia2(zone->view->requestmgr, message,
8306 &zone->sourceaddr, &zone->masteraddr,
8308 zone->task, refresh_callback, zone,
8309 &zone->request);
8312 zone_debuglog(zone, me, 1,
8317 if (isc_sockaddr_pf(&zone->masteraddr) == PF_INET)
8318 inc_stats(zone, dns_zonestatscounter_soaoutv4);
8320 inc_stats(zone, dns_zonestatscounter_soaoutv6);
8328 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
8332 cancel_refresh(zone);
8334 UNLOCK_ZONE(zone);
8335 dns_zone_idetach(&zone);
8345 zone->curmaster++;
8346 } while (zone->curmaster < zone->masterscnt &&
8347 zone->mastersok[zone->curmaster]);
8348 if (zone->curmaster < zone->masterscnt)
8350 zone->curmaster = 0;
8355 ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
8366 REQUIRE(DNS_ZONE_VALID(zone));
8367 REQUIRE(LOCKED_ZONE(zone));
8375 stub = isc_mem_get(zone->mctx, sizeof(*stub));
8379 stub->mctx = zone->mctx;
8380 stub->zone = NULL;
8385 * Attach so that the zone won't disappear from under us.
8387 zone_iattach(zone, &stub->zone);
8391 * new one and attach it to the zone once we have the NS
8394 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
8395 if (zone->db != NULL) {
8396 dns_db_attach(zone->db, &stub->db);
8397 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
8399 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
8401 INSIST(zone->db_argc >= 1);
8402 result = dns_db_create(zone->mctx, zone->db_argv[0],
8403 &zone->origin, dns_dbtype_stub,
8404 zone->rdclass,
8405 zone->db_argc - 1,
8406 zone->db_argv + 1,
8409 dns_zone_log(zone, ISC_LOG_ERROR,
8416 dns_db_settask(stub->db, zone->task);
8424 result = dns_db_findnode(stub->db, &zone->origin, ISC_TRUE,
8427 dns_zone_log(zone, ISC_LOG_INFO,
8438 dns_zone_log(zone, ISC_LOG_INFO,
8447 * XXX Optimisation: Create message when zone is setup and reuse.
8449 result = create_query(zone, dns_rdatatype_ns, &message);
8452 INSIST(zone->masterscnt > 0);
8453 INSIST(zone->curmaster < zone->masterscnt);
8454 zone->masteraddr = zone->masters[zone->curmaster];
8456 isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
8461 if ((zone->masterkeynames != NULL) &&
8462 (zone->masterkeynames[zone->curmaster] != NULL)) {
8463 dns_view_t *view = dns_zone_getview(zone);
8464 dns_name_t *keyname = zone->masterkeynames[zone->curmaster];
8469 dns_zone_log(zone, ISC_LOG_ERROR,
8474 (void)dns_view_getpeertsig(zone->view, &masterip, &key);
8476 reqnsid = zone->view->requestnsid;
8477 if (zone->view->peers != NULL) {
8480 result = dns_peerlist_peerbyaddr(zone->view->peers,
8485 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOEDNS);
8487 &zone->sourceaddr);
8490 if (zone->view->resolver != NULL)
8492 dns_resolver_getudpsize(zone->view->resolver);
8498 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
8501 zone_debuglog(zone, me, 1,
8509 switch (isc_sockaddr_pf(&zone->masteraddr)) {
8511 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC))
8512 zone->sourceaddr = zone->altxfrsource4;
8514 zone->sourceaddr = zone->xfrsource4;
8517 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC))
8518 zone->sourceaddr = zone->altxfrsource6;
8520 zone->sourceaddr = zone->xfrsource6;
8528 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH))
8530 result = dns_request_createvia2(zone->view->requestmgr, message,
8531 &zone->sourceaddr, &zone->masteraddr,
8533 timeout, zone->task, stub_callback,
8534 stub, &zone->request);
8536 zone_debuglog(zone, me, 1,
8545 cancel_refresh(zone);
8553 if (stub->zone != NULL)
8554 zone_idetach(&stub->zone);
8566 * Handle the control event. Note that although this event causes the zone
8571 dns_zone_t *zone = (dns_zone_t *) event->ev_arg;
8575 REQUIRE(DNS_ZONE_VALID(zone));
8577 INSIST(isc_refcount_current(&zone->erefs) == 0);
8579 zone_debuglog(zone, "zone_shutdown", 3, "shutting down");
8584 LOCK_ZONE(zone);
8585 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_EXITING);
8586 UNLOCK_ZONE(zone);
8591 * If there's no zone manager, we can't be waiting for the
8594 if (zone->zmgr != NULL) {
8595 RWLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write);
8596 if (zone->statelist == &zone->zmgr->waiting_for_xfrin) {
8597 ISC_LIST_UNLINK(zone->zmgr->waiting_for_xfrin, zone,
8600 zone->statelist = NULL;
8602 RWUNLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write);
8608 if (zone->xfr != NULL)
8609 dns_xfrin_shutdown(zone->xfr);
8611 LOCK_ZONE(zone);
8613 INSIST(zone->irefs > 0);
8614 zone->irefs--;
8616 if (zone->request != NULL) {
8617 dns_request_cancel(zone->request);
8620 if (zone->readio != NULL)
8621 zonemgr_cancelio(zone->readio);
8623 if (zone->lctx != NULL)
8624 dns_loadctx_cancel(zone->lctx);
8626 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FLUSH) ||
8627 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
8628 if (zone->writeio != NULL)
8629 zonemgr_cancelio(zone->writeio);
8631 if (zone->dctx != NULL)
8632 dns_dumpctx_cancel(zone->dctx);
8635 notify_cancel(zone);
8637 forward_cancel(zone);
8639 if (zone->timer != NULL) {
8640 isc_timer_detach(&zone->timer);
8641 INSIST(zone->irefs > 0);
8642 zone->irefs--;
8645 if (zone->view != NULL)
8646 dns_view_weakdetach(&zone->view);
8653 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_SHUTDOWN);
8654 free_needed = exit_check(zone);
8655 UNLOCK_ZONE(zone);
8657 zone_free(zone);
8663 dns_zone_t *zone = (dns_zone_t *)event->ev_arg;
8666 REQUIRE(DNS_ZONE_VALID(zone));
8670 zone_maintenance(zone);
8676 zone_settimer(dns_zone_t *zone, isc_time_t *now) {
8681 REQUIRE(DNS_ZONE_VALID(zone));
8682 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
8687 switch (zone->type) {
8689 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY))
8690 next = zone->notifytime;
8691 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
8692 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
8693 INSIST(!isc_time_isepoch(&zone->dumptime));
8695 isc_time_compare(&zone->dumptime, &next) < 0)
8696 next = zone->dumptime;
8698 if (!isc_time_isepoch(&zone->resigntime)) {
8700 isc_time_compare(&zone->resigntime, &next) < 0)
8701 next = zone->resigntime;
8703 if (!isc_time_isepoch(&zone->keywarntime)) {
8705 isc_time_compare(&zone->keywarntime, &next) < 0)
8706 next = zone->keywarntime;
8708 if (!isc_time_isepoch(&zone->signingtime)) {
8710 isc_time_compare(&zone->signingtime, &next) < 0)
8711 next = zone->signingtime;
8713 if (!isc_time_isepoch(&zone->nsec3chaintime)) {
8715 isc_time_compare(&zone->nsec3chaintime, &next) < 0)
8716 next = zone->nsec3chaintime;
8721 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY))
8722 next = zone->notifytime;
8726 if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESH) &&
8727 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOMASTERS) &&
8728 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOREFRESH) &&
8729 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADING)) {
8730 INSIST(!isc_time_isepoch(&zone->refreshtime));
8732 isc_time_compare(&zone->refreshtime, &next) < 0)
8733 next = zone->refreshtime;
8735 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
8736 !isc_time_isepoch(&zone->expiretime)) {
8738 isc_time_compare(&zone->expiretime, &next) < 0)
8739 next = zone->expiretime;
8741 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) &&
8742 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
8743 INSIST(!isc_time_isepoch(&zone->dumptime));
8745 isc_time_compare(&zone->dumptime, &next) < 0)
8746 next = zone->dumptime;
8755 zone_debuglog(zone, me, 10, "settimer inactive");
8756 result = isc_timer_reset(zone->timer, isc_timertype_inactive,
8759 dns_zone_log(zone, ISC_LOG_ERROR,
8760 "could not deactivate zone timer: %s",
8765 result = isc_timer_reset(zone->timer, isc_timertype_once,
8768 dns_zone_log(zone, ISC_LOG_ERROR,
8769 "could not reset zone timer: %s",
8775 cancel_refresh(dns_zone_t *zone) {
8780 * 'zone' locked by caller.
8783 REQUIRE(DNS_ZONE_VALID(zone));
8784 REQUIRE(LOCKED_ZONE(zone));
8788 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
8790 zone_settimer(zone, &now);
8794 notify_createmessage(dns_zone_t *zone, unsigned int flags,
8813 REQUIRE(DNS_ZONE_VALID(zone));
8816 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTRENDER,
8823 message->rdclass = zone->rdclass;
8837 dns_name_clone(&zone->origin, tempname);
8839 dns_rdataset_makequestion(temprdataset, zone->rdclass,
8862 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
8863 INSIST(zone->db != NULL); /* XXXJT: is this assumption correct? */
8864 dns_db_attach(zone->db, &zonedb);
8865 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
8868 dns_name_clone(&zone->origin, tempname);
8886 result = isc_buffer_allocate(zone->mctx, &b, r.length);
8947 dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from,
8960 REQUIRE(DNS_ZONE_VALID(zone));
8967 * Check that 'from' is a valid notify source, (zone->masters).
8987 LOCK_ZONE(zone);
8989 inc_stats(zone, dns_zonestatscounter_notifyinv4);
8991 inc_stats(zone, dns_zonestatscounter_notifyinv6);
8993 dns_message_findname(msg, DNS_SECTION_QUESTION, &zone->origin,
8996 UNLOCK_ZONE(zone);
8998 dns_zone_log(zone, ISC_LOG_NOTICE,
9003 dns_zone_log(zone, ISC_LOG_NOTICE,
9004 "NOTIFY zone does not match");
9009 * If we are a master zone just succeed.
9011 if (zone->type == dns_zone_master) {
9012 UNLOCK_ZONE(zone);
9017 for (i = 0; i < zone->masterscnt; i++) {
9018 if (isc_sockaddr_eqaddr(from, &zone->masters[i]))
9020 if (zone->view->aclenv.match_mapped &&
9022 isc_sockaddr_pf(&zone->masters[i]) == AF_INET) {
9025 isc_netaddr_fromsockaddr(&na2, &zone->masters[i]);
9033 * 'zone->notify_acl'.
9035 if (i >= zone->masterscnt && zone->notify_acl != NULL &&
9036 dns_acl_match(&netaddr, NULL, zone->notify_acl,
9037 &zone->view->aclenv,
9042 } else if (i >= zone->masterscnt) {
9043 UNLOCK_ZONE(zone);
9044 dns_zone_log(zone, ISC_LOG_INFO,
9046 inc_stats(zone, dns_zonestatscounter_notifyrej);
9051 * If the zone is loaded and there are answers check the serial
9053 * check if we are a dialup zone as we use the notify request
9057 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
9058 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOREFRESH)) {
9060 &zone->origin,
9078 result = zone_get_from_db(zone, zone->db, NULL,
9083 dns_zone_log(zone, ISC_LOG_INFO,
9085 "zone is up to date",
9087 UNLOCK_ZONE(zone);
9098 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESH)) {
9099 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDREFRESH);
9100 zone->notifyfrom = *from;
9101 UNLOCK_ZONE(zone);
9102 dns_zone_log(zone, ISC_LOG_INFO,
9108 zone->notifyfrom = *from;
9109 local = zone->masteraddr;
9110 remote = zone->sourceaddr;
9111 UNLOCK_ZONE(zone);
9112 dns_zonemgr_unreachabledel(zone->zmgr, &local, &remote);
9113 dns_zone_refresh(zone);
9118 dns_zone_setnotifyacl(dns_zone_t *zone, dns_acl_t *acl) {
9120 REQUIRE(DNS_ZONE_VALID(zone));
9122 LOCK_ZONE(zone);
9123 if (zone->notify_acl != NULL)
9124 dns_acl_detach(&zone->notify_acl);
9125 dns_acl_attach(acl, &zone->notify_acl);
9126 UNLOCK_ZONE(zone);
9130 dns_zone_setqueryacl(dns_zone_t *zone, dns_acl_t *acl) {
9132 REQUIRE(DNS_ZONE_VALID(zone));
9134 LOCK_ZONE(zone);
9135 if (zone->query_acl != NULL)
9136 dns_acl_detach(&zone->query_acl);
9137 dns_acl_attach(acl, &zone->query_acl);
9138 UNLOCK_ZONE(zone);
9142 dns_zone_setqueryonacl(dns_zone_t *zone, dns_acl_t *acl) {
9144 REQUIRE(DNS_ZONE_VALID(zone));
9146 LOCK_ZONE(zone);
9147 if (zone->queryon_acl != NULL)
9148 dns_acl_detach(&zone->queryon_acl);
9149 dns_acl_attach(acl, &zone->queryon_acl);
9150 UNLOCK_ZONE(zone);
9154 dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl) {
9156 REQUIRE(DNS_ZONE_VALID(zone));
9158 LOCK_ZONE(zone);
9159 if (zone->update_acl != NULL)
9160 dns_acl_detach(&zone->update_acl);
9161 dns_acl_attach(acl, &zone->update_acl);
9162 UNLOCK_ZONE(zone);
9166 dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl) {
9168 REQUIRE(DNS_ZONE_VALID(zone));
9170 LOCK_ZONE(zone);
9171 if (zone->forward_acl != NULL)
9172 dns_acl_detach(&zone->forward_acl);
9173 dns_acl_attach(acl, &zone->forward_acl);
9174 UNLOCK_ZONE(zone);
9178 dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl) {
9180 REQUIRE(DNS_ZONE_VALID(zone));
9182 LOCK_ZONE(zone);
9183 if (zone->xfr_acl != NULL)
9184 dns_acl_detach(&zone->xfr_acl);
9185 dns_acl_attach(acl, &zone->xfr_acl);
9186 UNLOCK_ZONE(zone);
9190 dns_zone_getnotifyacl(dns_zone_t *zone) {
9192 REQUIRE(DNS_ZONE_VALID(zone));
9194 return (zone->notify_acl);
9198 dns_zone_getqueryacl(dns_zone_t *zone) {
9200 REQUIRE(DNS_ZONE_VALID(zone));
9202 return (zone->query_acl);
9206 dns_zone_getqueryonacl(dns_zone_t *zone) {
9208 REQUIRE(DNS_ZONE_VALID(zone));
9210 return (zone->queryon_acl);
9214 dns_zone_getupdateacl(dns_zone_t *zone) {
9216 REQUIRE(DNS_ZONE_VALID(zone));
9218 return (zone->update_acl);
9222 dns_zone_getforwardacl(dns_zone_t *zone) {
9224 REQUIRE(DNS_ZONE_VALID(zone));
9226 return (zone->forward_acl);
9230 dns_zone_getxfracl(dns_zone_t *zone) {
9232 REQUIRE(DNS_ZONE_VALID(zone));
9234 return (zone->xfr_acl);
9238 dns_zone_clearupdateacl(dns_zone_t *zone) {
9240 REQUIRE(DNS_ZONE_VALID(zone));
9242 LOCK_ZONE(zone);
9243 if (zone->update_acl != NULL)
9244 dns_acl_detach(&zone->update_acl);
9245 UNLOCK_ZONE(zone);
9249 dns_zone_clearforwardacl(dns_zone_t *zone) {
9251 REQUIRE(DNS_ZONE_VALID(zone));
9253 LOCK_ZONE(zone);
9254 if (zone->forward_acl != NULL)
9255 dns_acl_detach(&zone->forward_acl);
9256 UNLOCK_ZONE(zone);
9260 dns_zone_clearnotifyacl(dns_zone_t *zone) {
9262 REQUIRE(DNS_ZONE_VALID(zone));
9264 LOCK_ZONE(zone);
9265 if (zone->notify_acl != NULL)
9266 dns_acl_detach(&zone->notify_acl);
9267 UNLOCK_ZONE(zone);
9271 dns_zone_clearqueryacl(dns_zone_t *zone) {
9273 REQUIRE(DNS_ZONE_VALID(zone));
9275 LOCK_ZONE(zone);
9276 if (zone->query_acl != NULL)
9277 dns_acl_detach(&zone->query_acl);
9278 UNLOCK_ZONE(zone);
9282 dns_zone_clearqueryonacl(dns_zone_t *zone) {
9284 REQUIRE(DNS_ZONE_VALID(zone));
9286 LOCK_ZONE(zone);
9287 if (zone->queryon_acl != NULL)
9288 dns_acl_detach(&zone->queryon_acl);
9289 UNLOCK_ZONE(zone);
9293 dns_zone_clearxfracl(dns_zone_t *zone) {
9295 REQUIRE(DNS_ZONE_VALID(zone));
9297 LOCK_ZONE(zone);
9298 if (zone->xfr_acl != NULL)
9299 dns_acl_detach(&zone->xfr_acl);
9300 UNLOCK_ZONE(zone);
9304 dns_zone_getupdatedisabled(dns_zone_t *zone) {
9305 REQUIRE(DNS_ZONE_VALID(zone));
9306 return (zone->update_disabled);
9311 dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state) {
9312 REQUIRE(DNS_ZONE_VALID(zone));
9313 zone->update_disabled = state;
9317 dns_zone_getzeronosoattl(dns_zone_t *zone) {
9318 REQUIRE(DNS_ZONE_VALID(zone));
9319 return (zone->zero_no_soa_ttl);
9324 dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state) {
9325 REQUIRE(DNS_ZONE_VALID(zone));
9326 zone->zero_no_soa_ttl = state;
9330 dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity) {
9332 REQUIRE(DNS_ZONE_VALID(zone));
9334 zone->check_names = severity;
9338 dns_zone_getchecknames(dns_zone_t *zone) {
9340 REQUIRE(DNS_ZONE_VALID(zone));
9342 return (zone->check_names);
9346 dns_zone_setjournalsize(dns_zone_t *zone, isc_int32_t size) {
9348 REQUIRE(DNS_ZONE_VALID(zone));
9350 zone->journalsize = size;
9354 dns_zone_getjournalsize(dns_zone_t *zone) {
9356 REQUIRE(DNS_ZONE_VALID(zone));
9358 return (zone->journalsize);
9362 zone_namerd_tostr(dns_zone_t *zone, char *buf, size_t length) {
9373 if (dns_name_dynamic(&zone->origin))
9374 result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer);
9381 (void)dns_rdataclass_totext(zone->rdclass, &buffer);
9383 if (zone->view != NULL && strcmp(zone->view->name, "_bind") != 0 &&
9384 strcmp(zone->view->name, "_default") != 0 &&
9385 strlen(zone->view->name) < isc_buffer_availablelength(&buffer)) {
9387 isc_buffer_putstr(&buffer, zone->view->name);
9394 zone_name_tostr(dns_zone_t *zone, char *buf, size_t length) {
9405 if (dns_name_dynamic(&zone->origin))
9406 result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer);
9415 zone_rdclass_tostr(dns_zone_t *zone, char *buf, size_t length) {
9425 (void)dns_rdataclass_totext(zone->rdclass, &buffer);
9431 zone_viewname_tostr(dns_zone_t *zone, char *buf, size_t length) {
9443 if (zone->view == NULL) {
9445 } else if (strlen(zone->view->name)
9447 isc_buffer_putstr(&buffer, zone->view->name);
9456 dns_zone_name(dns_zone_t *zone, char *buf, size_t length) {
9457 REQUIRE(DNS_ZONE_VALID(zone));
9459 zone_namerd_tostr(zone, buf, length);
9463 notify_log(dns_zone_t *zone, int level, const char *fmt, ...) {
9474 level, "zone %s: %s", zone->strnamerd, message);
9478 dns_zone_logc(dns_zone_t *zone, isc_logcategory_t *category,
9490 level, "zone %s: %s", zone->strnamerd, message);
9494 dns_zone_log(dns_zone_t *zone, int level, const char *fmt, ...) {
9505 level, "zone %s: %s", zone->strnamerd, message);
9509 zone_debuglog(dns_zone_t *zone, const char *me, int debuglevel,
9523 level, "%s: zone %s: %s", me, zone->strnamerd, message);
9551 dns_zone_setmaxxfrin(dns_zone_t *zone, isc_uint32_t maxxfrin) {
9552 REQUIRE(DNS_ZONE_VALID(zone));
9554 zone->maxxfrin = maxxfrin;
9558 dns_zone_getmaxxfrin(dns_zone_t *zone) {
9559 REQUIRE(DNS_ZONE_VALID(zone));
9561 return (zone->maxxfrin);
9565 dns_zone_setmaxxfrout(dns_zone_t *zone, isc_uint32_t maxxfrout) {
9566 REQUIRE(DNS_ZONE_VALID(zone));
9567 zone->maxxfrout = maxxfrout;
9571 dns_zone_getmaxxfrout(dns_zone_t *zone) {
9572 REQUIRE(DNS_ZONE_VALID(zone));
9574 return (zone->maxxfrout);
9578 dns_zone_gettype(dns_zone_t *zone) {
9579 REQUIRE(DNS_ZONE_VALID(zone));
9581 return (zone->type);
9585 dns_zone_getorigin(dns_zone_t *zone) {
9586 REQUIRE(DNS_ZONE_VALID(zone));
9588 return (&zone->origin);
9592 dns_zone_settask(dns_zone_t *zone, isc_task_t *task) {
9593 REQUIRE(DNS_ZONE_VALID(zone));
9595 LOCK_ZONE(zone);
9596 if (zone->task != NULL)
9597 isc_task_detach(&zone->task);
9598 isc_task_attach(task, &zone->task);
9599 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
9600 if (zone->db != NULL)
9601 dns_db_settask(zone->db, zone->task);
9602 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
9603 UNLOCK_ZONE(zone);
9607 dns_zone_gettask(dns_zone_t *zone, isc_task_t **target) {
9608 REQUIRE(DNS_ZONE_VALID(zone));
9609 isc_task_attach(zone->task, target);
9613 dns_zone_setidlein(dns_zone_t *zone, isc_uint32_t idlein) {
9614 REQUIRE(DNS_ZONE_VALID(zone));
9618 zone->idlein = idlein;
9622 dns_zone_getidlein(dns_zone_t *zone) {
9623 REQUIRE(DNS_ZONE_VALID(zone));
9625 return (zone->idlein);
9629 dns_zone_setidleout(dns_zone_t *zone, isc_uint32_t idleout) {
9630 REQUIRE(DNS_ZONE_VALID(zone));
9632 zone->idleout = idleout;
9636 dns_zone_getidleout(dns_zone_t *zone) {
9637 REQUIRE(DNS_ZONE_VALID(zone));
9639 return (zone->idleout);
9656 INSIST(task == notify->zone->task);
9663 result = dns_message_create(notify->zone->mctx,
9671 notify_log(notify->zone, ISC_LOG_DEBUG(3),
9675 notify_log(notify->zone, ISC_LOG_DEBUG(2),
9693 notify_log(notify->zone, ISC_LOG_DEBUG(1),
9702 dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
9705 REQUIRE(DNS_ZONE_VALID(zone));
9706 LOCK_ZONE(zone);
9707 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
9708 result = zone_replacedb(zone, db, dump);
9709 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
9710 UNLOCK_ZONE(zone);
9715 zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
9722 * 'zone' and 'zonedb' locked by caller.
9724 REQUIRE(DNS_ZONE_VALID(zone));
9725 REQUIRE(LOCKED_ZONE(zone));
9727 result = zone_get_from_db(zone, db, &nscount, &soacount,
9731 dns_zone_log(zone, ISC_LOG_ERROR,
9736 dns_zone_log(zone, ISC_LOG_ERROR, "has no NS records");
9742 dns_zone_log(zone, ISC_LOG_ERROR,
9748 result = check_nsec3param(zone, db);
9756 * The initial version of a slave zone is always dumped;
9760 if (zone->db != NULL && zone->journal != NULL &&
9761 DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS) &&
9762 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER)) {
9766 dns_zone_log(zone, ISC_LOG_DEBUG(3), "generating diffs");
9770 dns_zone_log(zone, ISC_LOG_ERROR,
9779 result = zone_get_from_db(zone, zone->db, NULL, &oldsoacount,
9784 if (zone->type == dns_zone_slave &&
9789 dns_zone_log(zone, ISC_LOG_ERROR,
9797 result = dns_db_diff(zone->mctx, db, ver, zone->db, NULL,
9798 zone->journal);
9802 zone_needdump(zone, DNS_DUMP_DELAY);
9803 else if (zone->journalsize != -1) {
9804 result = dns_journal_compact(zone->mctx, zone->journal,
9805 serial, zone->journalsize);
9810 dns_zone_log(zone, ISC_LOG_DEBUG(3),
9815 dns_zone_log(zone, ISC_LOG_ERROR,
9822 if (dump && zone->masterfile != NULL) {
9825 "dumping new zone version");
9826 result = dns_db_dump2(db, ver, zone->masterfile,
9827 zone->masterformat);
9832 * Update the time the zone was updated, so
9838 TIME_NOW(&zone->loadtime);
9841 if (dump && zone->journal != NULL) {
9849 * no longer be used to bring the zone
9856 if (remove(zone->journal) < 0 && errno != ENOENT) {
9865 zone->journal, strbuf);
9874 "replacing zone database");
9876 if (zone->db != NULL)
9877 zone_detachdb(zone);
9878 zone_attachdb(zone, db);
9879 dns_db_settask(zone->db, zone->task);
9880 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED|DNS_ZONEFLG_NEEDNOTIFY);
9890 zone_attachdb(dns_zone_t *zone, dns_db_t *db) {
9891 REQUIRE(zone->db == NULL && db != NULL);
9893 dns_db_attach(db, &zone->db);
9894 if (zone->acache != NULL) {
9896 result = dns_acache_setdb(zone->acache, db);
9907 zone_detachdb(dns_zone_t *zone) {
9908 REQUIRE(zone->db != NULL);
9910 if (zone->acache != NULL)
9911 (void)dns_acache_putdb(zone->acache, zone->db);
9912 dns_db_detach(&zone->db);
9916 zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
9925 REQUIRE(DNS_ZONE_VALID(zone));
9927 dns_zone_log(zone, ISC_LOG_DEBUG(1),
9928 "zone transfer finished: %s", dns_result_totext(result));
9930 LOCK_ZONE(zone);
9931 INSIST((zone->flags & DNS_ZONEFLG_REFRESH) != 0);
9932 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
9933 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR);
9938 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
9941 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_FORCEXFER);
9943 * Has the zone expired underneath us?
9945 ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
9946 if (zone->db == NULL) {
9947 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
9952 * Update the zone structure's data from the actual
9957 INSIST(zone->db != NULL);
9958 result = zone_get_from_db(zone, zone->db, &nscount,
9961 ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
9964 dns_zone_log(zone, ISC_LOG_ERROR,
9965 "transferred zone "
9969 dns_zone_log(zone, ISC_LOG_ERROR,
9970 "transferred zone "
9972 if (DNS_ZONE_FLAG(zone,
9974 zone->refresh = DNS_ZONE_DEFAULTREFRESH;
9975 zone->retry = DNS_ZONE_DEFAULTRETRY;
9977 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
9978 zone_unload(zone);
9981 zone->refresh = RANGE(refresh, zone->minrefresh,
9982 zone->maxrefresh);
9983 zone->retry = RANGE(retry, zone->minretry,
9984 zone->maxretry);
9985 zone->expire = RANGE(expire,
9986 zone->refresh + zone->retry,
9988 zone->minimum = minimum;
9989 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HAVETIMERS);
9995 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDREFRESH)) {
9996 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDREFRESH);
9997 zone->refreshtime = now;
9998 DNS_ZONE_TIME_ADD(&now, zone->expire,
9999 &zone->expiretime);
10001 DNS_ZONE_JITTER_ADD(&now, zone->refresh,
10002 &zone->refreshtime);
10003 DNS_ZONE_TIME_ADD(&now, zone->expire,
10004 &zone->expiretime);
10008 if (zone->tsigkey != NULL) {
10010 dns_name_format(&zone->tsigkey->name, namebuf,
10016 dns_zone_log(zone, ISC_LOG_INFO,
10026 if (zone->masterfile != NULL || zone->journal != NULL) {
10028 if (zone->journal != NULL)
10029 result = isc_file_settime(zone->journal, &now);
10031 zone->masterfile != NULL)
10032 result = isc_file_settime(zone->masterfile,
10036 zone->masterfile != NULL)
10037 zone_needdump(zone, DNS_DUMP_DELAY);
10039 dns_zone_log(zone, ISC_LOG_ERROR,
10042 zone->masterfile,
10046 inc_stats(zone, dns_zonestatscounter_xfrsuccess);
10051 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLAG_NOIXFR);
10060 zone->curmaster++;
10061 } while (zone->curmaster < zone->masterscnt &&
10062 zone->mastersok[zone->curmaster]);
10065 if (zone->curmaster >= zone->masterscnt) {
10066 zone->curmaster = 0;
10067 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
10068 !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
10069 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH);
10070 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
10071 while (zone->curmaster < zone->masterscnt &&
10072 zone->mastersok[zone->curmaster])
10073 zone->curmaster++;
10076 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
10078 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH);
10081 inc_stats(zone, dns_zonestatscounter_xfrfail);
10084 zone_settimer(zone, &now);
10087 * If creating the transfer object failed, zone->xfr is NULL.
10088 * Otherwise, we are called as the done callback of a zone
10093 if (zone->xfr != NULL)
10094 dns_xfrin_detach(&zone->xfr);
10096 if (zone->tsigkey != NULL)
10097 dns_tsigkey_detach(&zone->tsigkey);
10102 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDCOMPACT)) {
10103 result = dns_journal_compact(zone->mctx, zone->journal,
10104 zone->compact_serial,
10105 zone->journalsize);
10110 dns_zone_log(zone, ISC_LOG_DEBUG(3),
10115 dns_zone_log(zone, ISC_LOG_ERROR,
10120 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDCOMPACT);
10127 UNLOCK_ZONE(zone);
10128 RWLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write);
10129 ISC_LIST_UNLINK(zone->zmgr->xfrin_in_progress, zone, statelink);
10130 zone->statelist = NULL;
10131 zmgr_resume_xfrs(zone->zmgr, ISC_FALSE);
10132 RWUNLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write);
10133 LOCK_ZONE(zone);
10138 if (again && !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
10139 queue_soa_query(zone);
10141 INSIST(zone->irefs > 0);
10142 zone->irefs--;
10143 free_needed = exit_check(zone);
10144 UNLOCK_ZONE(zone);
10146 zone_free(zone);
10153 dns_zone_t *zone;
10157 zone = load->zone;
10166 LOCK_ZONE(load->zone);
10167 (void)zone_postload(load->zone, load->db, load->loadtime, result);
10168 zonemgr_putio(&load->zone->readio);
10169 DNS_ZONE_CLRFLAG(load->zone, DNS_ZONEFLG_LOADING);
10171 * Leave the zone frozen if the reload fails.
10174 DNS_ZONE_FLAG(load->zone, DNS_ZONEFLG_THAW))
10175 zone->update_disabled = ISC_FALSE;
10176 DNS_ZONE_CLRFLAG(load->zone, DNS_ZONEFLG_THAW);
10177 UNLOCK_ZONE(load->zone);
10181 if (load->zone->lctx != NULL)
10182 dns_loadctx_detach(&load->zone->lctx);
10183 dns_zone_idetach(&load->zone);
10188 dns_zone_getssutable(dns_zone_t *zone, dns_ssutable_t **table) {
10189 REQUIRE(DNS_ZONE_VALID(zone));
10193 LOCK_ZONE(zone);
10194 if (zone->ssutable != NULL)
10195 dns_ssutable_attach(zone->ssutable, table);
10196 UNLOCK_ZONE(zone);
10200 dns_zone_setssutable(dns_zone_t *zone, dns_ssutable_t *table) {
10201 REQUIRE(DNS_ZONE_VALID(zone));
10203 LOCK_ZONE(zone);
10204 if (zone->ssutable != NULL)
10205 dns_ssutable_detach(&zone->ssutable);
10207 dns_ssutable_attach(table, &zone->ssutable);
10208 UNLOCK_ZONE(zone);
10212 dns_zone_setsigvalidityinterval(dns_zone_t *zone, isc_uint32_t interval) {
10213 REQUIRE(DNS_ZONE_VALID(zone));
10215 zone->sigvalidityinterval = interval;
10219 dns_zone_getsigvalidityinterval(dns_zone_t *zone) {
10220 REQUIRE(DNS_ZONE_VALID(zone));
10222 return (zone->sigvalidityinterval);
10226 dns_zone_setsigresigninginterval(dns_zone_t *zone, isc_uint32_t interval) {
10229 REQUIRE(DNS_ZONE_VALID(zone));
10231 LOCK_ZONE(zone);
10232 zone->sigresigninginterval = interval;
10233 set_resigntime(zone);
10234 if (zone->task != NULL) {
10236 zone_settimer(zone, &now);
10238 UNLOCK_ZONE(zone);
10242 dns_zone_getsigresigninginterval(dns_zone_t *zone) {
10243 REQUIRE(DNS_ZONE_VALID(zone));
10245 return (zone->sigresigninginterval);
10249 queue_xfrin(dns_zone_t *zone) {
10252 dns_zonemgr_t *zmgr = zone->zmgr;
10256 INSIST(zone->statelist == NULL);
10259 ISC_LIST_APPEND(zmgr->waiting_for_xfrin, zone, statelink);
10260 LOCK_ZONE(zone);
10261 zone->irefs++;
10262 UNLOCK_ZONE(zone);
10263 zone->statelist = &zmgr->waiting_for_xfrin;
10264 result = zmgr_start_xfrin_ifquota(zmgr, zone);
10268 dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_INFO,
10269 "zone transfer deferred due to quota");
10271 dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_ERROR,
10272 "starting zone transfer: %s",
10278 * This event callback is called when a zone has received
10279 * any necessary zone transfer quota. This is the time
10289 dns_zone_t *zone = event->ev_arg;
10298 INSIST(task == zone->task);
10300 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
10307 isc_sockaddr_format(&zone->masteraddr, master, sizeof(master));
10308 if (dns_zonemgr_unreachable(zone->zmgr, &zone->masteraddr,
10309 &zone->sourceaddr, &now))
10311 isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source));
10312 dns_zone_log(zone, ISC_LOG_INFO,
10313 "got_transfer_quota: skipping zone transfer as "
10320 isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
10321 (void)dns_peerlist_peerbyaddr(zone->view->peers, &masterip, &peer);
10323 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR))
10328 if (zone->db == NULL) {
10329 dns_zone_log(zone, ISC_LOG_DEBUG(1),
10333 } else if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS)) {
10334 dns_zone_log(zone, ISC_LOG_DEBUG(1), "ixfr-from-differences "
10337 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR))
10341 } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER)) {
10342 dns_zone_log(zone, ISC_LOG_DEBUG(1),
10346 } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLAG_NOIXFR)) {
10347 dns_zone_log(zone, ISC_LOG_DEBUG(1),
10351 LOCK_ZONE(zone);
10352 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLAG_NOIXFR);
10353 UNLOCK_ZONE(zone);
10361 use_ixfr = zone->view->requestixfr;
10364 dns_zone_log(zone, ISC_LOG_DEBUG(1),
10367 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR))
10372 dns_zone_log(zone, ISC_LOG_DEBUG(1),
10386 if ((zone->masterkeynames != NULL) &&
10387 (zone->masterkeynames[zone->curmaster] != NULL)) {
10388 dns_view_t *view = dns_zone_getview(zone);
10389 dns_name_t *keyname = zone->masterkeynames[zone->curmaster];
10390 result = dns_view_gettsig(view, keyname, &zone->tsigkey);
10392 if (zone->tsigkey == NULL)
10393 result = dns_view_getpeertsig(zone->view, &masterip,
10394 &zone->tsigkey);
10397 dns_zone_log(zone, ISC_LOG_ERROR,
10398 "could not get TSIG key for zone transfer: %s",
10402 LOCK_ZONE(zone);
10403 masteraddr = zone->masteraddr;
10404 sourceaddr = zone->sourceaddr;
10405 UNLOCK_ZONE(zone);
10407 result = dns_xfrin_create2(zone, xfrtype, &masteraddr, &sourceaddr,
10408 zone->tsigkey, zone->mctx,
10409 zone->zmgr->timermgr, zone->zmgr->socketmgr,
10410 zone->task, zone_xfrdone, &zone->xfr);
10412 LOCK_ZONE(zone);
10415 inc_stats(zone, dns_zonestatscounter_axfrreqv4);
10417 inc_stats(zone, dns_zonestatscounter_axfrreqv6);
10420 inc_stats(zone, dns_zonestatscounter_ixfrreqv4);
10422 inc_stats(zone, dns_zonestatscounter_ixfrreqv6);
10424 UNLOCK_ZONE(zone);
10429 * zone transfer. This ensures that we get removed from
10433 zone_xfrdone(zone, result);
10450 if (forward->zone != NULL) {
10451 LOCK(&forward->zone->lock);
10453 ISC_LIST_UNLINK(forward->zone->forwards, forward, link);
10454 UNLOCK(&forward->zone->lock);
10455 dns_zone_idetach(&forward->zone);
10465 LOCK_ZONE(forward->zone);
10467 if (DNS_ZONE_FLAG(forward->zone, DNS_ZONEFLG_EXITING)) {
10468 UNLOCK_ZONE(forward->zone);
10472 if (forward->which >= forward->zone->masterscnt) {
10473 UNLOCK_ZONE(forward->zone);
10477 forward->addr = forward->zone->masters[forward->which];
10486 src = forward->zone->xfrsource4;
10489 src = forward->zone->xfrsource6;
10495 result = dns_request_createraw(forward->zone->view->requestmgr,
10499 forward->zone->task,
10504 ISC_LIST_APPEND(forward->zone->forwards, forward, link);
10508 UNLOCK_ZONE(forward->zone);
10520 dns_zone_t *zone;
10526 zone = forward->zone;
10527 INSIST(DNS_ZONE_VALID(zone));
10534 dns_zone_log(zone, ISC_LOG_INFO,
10540 result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTPARSE, &msg);
10562 /* These should not occur if the masters/zone are valid. */
10570 dns_zone_log(zone, ISC_LOG_WARNING,
10603 dns_zone_log(zone, ISC_LOG_DEBUG(3),
10611 dns_zone_forwardupdate(dns_zone_t *zone, dns_message_t *msg,
10618 REQUIRE(DNS_ZONE_VALID(zone));
10622 forward = isc_mem_get(zone->mctx, sizeof(*forward));
10627 forward->zone = NULL;
10642 result = isc_buffer_allocate(zone->mctx, &forward->msgbuf, mr->length);
10649 isc_mem_attach(zone->mctx, &forward->mctx);
10650 dns_zone_iattach(zone, &forward->zone);
10661 dns_zone_next(dns_zone_t *zone, dns_zone_t **next) {
10662 REQUIRE(DNS_ZONE_VALID(zone));
10665 *next = ISC_LIST_NEXT(zone, link);
10787 dns_zonemgr_managezone(dns_zonemgr_t *zmgr, dns_zone_t *zone) {
10790 REQUIRE(DNS_ZONE_VALID(zone));
10797 LOCK_ZONE(zone);
10798 REQUIRE(zone->task == NULL);
10799 REQUIRE(zone->timer == NULL);
10800 REQUIRE(zone->zmgr == NULL);
10802 isc_taskpool_gettask(zmgr->zonetasks, &zone->task);
10809 isc_task_setname(zone->task, "zone", zone);
10813 zone->task, zone_timer, zone,
10814 &zone->timer);
10822 zone->irefs++;
10823 INSIST(zone->irefs != 0);
10825 ISC_LIST_APPEND(zmgr->zones, zone, link);
10826 zone->zmgr = zmgr;
10832 isc_task_detach(&zone->task);
10835 UNLOCK_ZONE(zone);
10841 dns_zonemgr_releasezone(dns_zonemgr_t *zmgr, dns_zone_t *zone) {
10844 REQUIRE(DNS_ZONE_VALID(zone));
10846 REQUIRE(zone->zmgr == zmgr);
10849 LOCK_ZONE(zone);
10851 ISC_LIST_UNLINK(zmgr->zones, zone, link);
10852 zone->zmgr = NULL;
10857 UNLOCK_ZONE(zone);
10862 ENSURE(zone->zmgr == NULL);
10937 dns_zone_t *zone;
10950 for (zone = ISC_LIST_HEAD(zmgr->zones);
10951 zone != NULL;
10952 zone = ISC_LIST_NEXT(zone, link))
10954 LOCK_ZONE(zone);
10955 forward_cancel(zone);
10956 UNLOCK_ZONE(zone);
10977 /* Create or resize the zone task pool. */
11039 * Try to start a new incoming zone transfer to fill a quota
11043 * The zone manager is locked by the caller.
11047 dns_zone_t *zone;
11050 for (zone = ISC_LIST_HEAD(zmgr->waiting_for_xfrin);
11051 zone != NULL;
11052 zone = next)
11055 next = ISC_LIST_NEXT(zone, statelink);
11056 result = zmgr_start_xfrin_ifquota(zmgr, zone);
11069 * zone, it may succeed if it uses another master.
11073 dns_zone_log(zone, ISC_LOG_DEBUG(1),
11074 "starting zone transfer: %s",
11082 * Try to start an incoming zone transfer for 'zone', quota permitting.
11085 * The zone manager is locked by the caller.
11095 zmgr_start_xfrin_ifquota(dns_zonemgr_t *zmgr, dns_zone_t *zone) {
11104 * If we are exiting just pretend we got quota so the zone will
11105 * be cleaned up in the zone's task context.
11107 LOCK_ZONE(zone);
11108 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
11109 UNLOCK_ZONE(zone);
11115 * like to transfer this zone from.
11117 isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
11118 (void)dns_peerlist_peerbyaddr(zone->view->peers, &masterip, &peer);
11119 UNLOCK_ZONE(zone);
11162 * We have sufficient quota. Move the zone to the "xfrin_in_progress"
11167 got_transfer_quota, zone, sizeof(isc_event_t));
11171 LOCK_ZONE(zone);
11172 INSIST(zone->statelist == &zmgr->waiting_for_xfrin);
11173 ISC_LIST_UNLINK(zmgr->waiting_for_xfrin, zone, statelink);
11174 ISC_LIST_APPEND(zmgr->xfrin_in_progress, zone, statelink);
11175 zone->statelist = &zmgr->xfrin_in_progress;
11176 isc_task_send(zone->task, &e);
11177 dns_zone_log(zone, ISC_LOG_INFO, "Transfer started.");
11178 UNLOCK_ZONE(zone);
11320 zone_saveunique(dns_zone_t *zone, const char *path, const char *templat) {
11327 buf = isc_mem_get(zone->mctx, buflen);
11339 dns_zone_log(zone, ISC_LOG_WARNING, "unable to load from '%s'; "
11344 isc_mem_put(zone->mctx, buf, buflen);
11538 dns_zone_forcereload(dns_zone_t *zone) {
11539 REQUIRE(DNS_ZONE_VALID(zone));
11541 if (zone->type == dns_zone_master)
11544 LOCK_ZONE(zone);
11545 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_FORCEXFER);
11546 UNLOCK_ZONE(zone);
11547 dns_zone_refresh(zone);
11551 dns_zone_isforced(dns_zone_t *zone) {
11552 REQUIRE(DNS_ZONE_VALID(zone));
11554 return (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER));
11558 dns_zone_setstatistics(dns_zone_t *zone, isc_boolean_t on) {
11562 UNUSED(zone);
11568 dns_zone_getstatscounters(dns_zone_t *zone) {
11572 UNUSED(zone);
11577 dns_zone_setstats(dns_zone_t *zone, isc_stats_t *stats) {
11578 REQUIRE(DNS_ZONE_VALID(zone));
11579 REQUIRE(zone->stats == NULL);
11581 LOCK_ZONE(zone);
11582 zone->stats = NULL;
11583 isc_stats_attach(stats, &zone->stats);
11584 UNLOCK_ZONE(zone);
11588 dns_zone_setrequeststats(dns_zone_t *zone, isc_stats_t *stats) {
11589 REQUIRE(DNS_ZONE_VALID(zone));
11591 LOCK_ZONE(zone);
11592 if (zone->requeststats_on && stats == NULL)
11593 zone->requeststats_on = ISC_FALSE;
11594 else if (!zone->requeststats_on && stats != NULL) {
11595 if (zone->requeststats == NULL) {
11596 isc_stats_attach(stats, &zone->requeststats);
11597 zone->requeststats_on = ISC_TRUE;
11600 UNLOCK_ZONE(zone);
11606 dns_zone_getrequeststats(dns_zone_t *zone) {
11608 * We don't lock zone for efficiency reason. This is not catastrophic
11615 if (zone->requeststats_on)
11616 return (zone->requeststats);
11622 dns_zone_dialup(dns_zone_t *zone) {
11624 REQUIRE(DNS_ZONE_VALID(zone));
11626 zone_debuglog(zone, "dns_zone_dialup", 3,
11628 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALNOTIFY),
11629 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH));
11631 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALNOTIFY))
11632 dns_zone_notify(zone);
11633 if (zone->type != dns_zone_master &&
11634 DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DIALREFRESH))
11635 dns_zone_refresh(zone);
11639 dns_zone_setdialup(dns_zone_t *zone, dns_dialuptype_t dialup) {
11640 REQUIRE(DNS_ZONE_VALID(zone));
11642 LOCK_ZONE(zone);
11643 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_DIALNOTIFY |
11650 DNS_ZONE_SETFLAG(zone, (DNS_ZONEFLG_DIALNOTIFY |
11655 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALNOTIFY);
11658 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALNOTIFY);
11659 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
11662 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALREFRESH);
11663 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
11666 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
11671 UNLOCK_ZONE(zone);
11675 dns_zone_setkeydirectory(dns_zone_t *zone, const char *directory) {
11678 REQUIRE(DNS_ZONE_VALID(zone));
11680 LOCK_ZONE(zone);
11681 result = dns_zone_setstring(zone, &zone->keydirectory, directory);
11682 UNLOCK_ZONE(zone);
11688 dns_zone_getkeydirectory(dns_zone_t *zone) {
11689 REQUIRE(DNS_ZONE_VALID(zone));
11691 return (zone->keydirectory);
11696 dns_zone_t *zone;
11704 for (zone = ISC_LIST_HEAD(zmgr->xfrin_in_progress);
11705 zone != NULL;
11706 zone = ISC_LIST_NEXT(zone, statelink))
11710 for (zone = ISC_LIST_HEAD(zmgr->waiting_for_xfrin);
11711 zone != NULL;
11712 zone = ISC_LIST_NEXT(zone, statelink))
11716 for (zone = ISC_LIST_HEAD(zmgr->zones);
11717 zone != NULL;
11718 zone = ISC_LIST_NEXT(zone, link))
11719 if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_REFRESH))
11723 for (zone = ISC_LIST_HEAD(zmgr->zones);
11724 zone != NULL;
11725 zone = ISC_LIST_NEXT(zone, link)) {
11726 dns_view_t *view = zone->view;
11742 dns_zone_checknames(dns_zone_t *zone, dns_name_t *name, dns_rdata_t *rdata) {
11751 REQUIRE(DNS_ZONE_VALID(zone));
11753 if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMES))
11756 if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL)) {
11765 dns_zone_log(zone, level, "%s/%s: %s", namebuf, typebuf,
11777 dns_zone_log(zone, level, "%s/%s: %s: %s ", namebuf, typebuf,
11787 dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx) {
11788 REQUIRE(DNS_ZONE_VALID(zone));
11789 zone->checkmx = checkmx;
11793 dns_zone_setchecksrv(dns_zone_t *zone, dns_checksrvfunc_t checksrv) {
11794 REQUIRE(DNS_ZONE_VALID(zone));
11795 zone->checksrv = checksrv;
11799 dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns) {
11800 REQUIRE(DNS_ZONE_VALID(zone));
11801 zone->checkns = checkns;
11805 dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg) {
11806 REQUIRE(DNS_ZONE_VALID(zone));
11808 LOCK_ZONE(zone);
11809 zone->isself = isself;
11810 zone->isselfarg = arg;
11811 UNLOCK_ZONE(zone);
11815 dns_zone_setnotifydelay(dns_zone_t *zone, isc_uint32_t delay) {
11816 REQUIRE(DNS_ZONE_VALID(zone));
11818 LOCK_ZONE(zone);
11819 zone->notifydelay = delay;
11820 UNLOCK_ZONE(zone);
11824 dns_zone_getnotifydelay(dns_zone_t *zone) {
11825 REQUIRE(DNS_ZONE_VALID(zone));
11827 return (zone->notifydelay);
11831 dns_zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm,
11835 REQUIRE(DNS_ZONE_VALID(zone));
11837 dns_zone_log(zone, ISC_LOG_NOTICE,
11840 LOCK_ZONE(zone);
11841 result = zone_signwithkey(zone, algorithm, keyid, delete);
11842 UNLOCK_ZONE(zone);
11850 dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
11855 REQUIRE(DNS_ZONE_VALID(zone));
11866 dns_zone_log(zone, ISC_LOG_NOTICE,
11870 LOCK_ZONE(zone);
11871 result = zone_addnsec3chain(zone, nsec3param);
11872 UNLOCK_ZONE(zone);
11878 dns_zone_setnodes(dns_zone_t *zone, isc_uint32_t nodes) {
11879 REQUIRE(DNS_ZONE_VALID(zone));
11883 zone->nodes = nodes;
11887 dns_zone_setsignatures(dns_zone_t *zone, isc_uint32_t signatures) {
11888 REQUIRE(DNS_ZONE_VALID(zone));
11898 zone->signatures = signatures;
11902 dns_zone_setprivatetype(dns_zone_t *zone, dns_rdatatype_t type) {
11903 REQUIRE(DNS_ZONE_VALID(zone));
11904 zone->privatetype = type;
11908 dns_zone_getprivatetype(dns_zone_t *zone) {
11909 REQUIRE(DNS_ZONE_VALID(zone));
11910 return (zone->privatetype);
11914 zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm, isc_uint16_t keyid,
11922 signing = isc_mem_get(zone->mctx, sizeof *signing);
11936 for (current = ISC_LIST_HEAD(zone->signing);
11939 if (current->db == zone->db &&
11949 if (zone->db != NULL) {
11950 dns_db_attach(zone->db, &signing->db);
11958 ISC_LIST_INITANDAPPEND(zone->signing, signing, link);
11960 if (isc_time_isepoch(&zone->signingtime)) {
11961 zone->signingtime = now;
11962 if (zone->task != NULL)
11963 zone_settimer(zone, &now);
11975 isc_mem_put(zone->mctx, signing, sizeof *signing);