server.c revision 349f684cf175422918d10e91e7bee747c18ae840
28d9fd53819cc163629c867466b20d8ebcae8842David Lawrence * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * Copyright (C) 1999-2003 Internet Software Consortium.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Permission to use, copy, modify, and distribute this software for any
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * purpose with or without fee is hereby granted, provided that the above
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15a44745412679c30a6d022733925af70a38b715David Lawrence * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15a44745412679c30a6d022733925af70a38b715David Lawrence * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15a44745412679c30a6d022733925af70a38b715David Lawrence * PERFORMANCE OF THIS SOFTWARE.
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews/* $Id: server.c,v 1.424 2004/04/20 07:16:23 marka Exp $ */
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson * Check an operation for failure. Assumes that the function
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence * using it has a 'result' variable and a 'cleanup' label.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence } while (0) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence } while (0) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence } while (0) \
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrencens_server_reload(isc_task_t *task, isc_event_t *event);
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrewsns_listenelt_fromconfig(cfg_obj_t *listener, cfg_obj_t *config,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrencens_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config,
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrewsconfigure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews cfg_obj_t *forwarders, cfg_obj_t *forwardtype);
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrewsconfigure_alternates(cfg_obj_t *config, dns_view_t *view,
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrewsconfigure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig,
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrewsend_reserved_dispatches(ns_server_t *server, isc_boolean_t all);
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews * Configure a single view ACL at '*aclp'. Get its configuration by
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews * calling 'getvcacl' (for per-view configuration) and maybe 'getscacl'
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews * (for a global default).
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsconfigure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config,
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews (void)cfg_map_get(config, "options", &options);
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews result = ns_config_get(maps, aclname, &aclobj);
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews * No value available. *aclp == NULL.
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington result = ns_acl_fromconfig(aclobj, config, actx, mctx, aclp);
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellingtonconfigure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key,
87ecd67dae468cf5c9bae213c6fa321449b2ebc2Andreas Gustafsson dns_keytable_t *keytable, isc_mem_t *mctx)
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags"));
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews proto = cfg_obj_asuint32(cfg_tuple_get(key, "protocol"));
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews alg = cfg_obj_asuint32(cfg_tuple_get(key, "algorithm"));
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson cfg_obj_t *classobj = cfg_tuple_get(vconfig, "class");
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(ns_config_getclass(classobj, dns_rdataclass_in,
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson keystruct.common.rdtype = dns_rdatatype_dnskey;
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff * The key data in keystruct is not dynamically allocated.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson isc_buffer_init(&keydatabuf, keydata, sizeof(keydata));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson keystr = cfg_obj_asstring(cfg_tuple_get(key, "key"));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(isc_base64_decodestring(keystr, &keydatabuf));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson isc_buffer_init(&namebuf, keynamestr, strlen(keynamestr));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson isc_buffer_add(&namebuf, strlen(keynamestr));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(dns_name_fromtext(keyname, &namebuf,
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(dst_key_fromdns(keyname, viewclass, &rrdatabuf,
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(dns_keytable_add(keytable, &dstkey));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson "ignoring trusted key for '%s': no crypto support",
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews "configuring trusted key for '%s': %s",
d981ca645597116d227a48bf37cc5edc061c854dBob Halley * Configure DNSSEC keys for a view. Currently used only for
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * the security roots.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * The per-view configuration values and the server-global defaults are read
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * from 'vconfig' and 'config'. The variable to be configured is '*target'.
29c818c7d40fc8898b062903ec703851328a4deaMark Andrewsconfigure_view_dnsseckeys(cfg_obj_t *vconfig, cfg_obj_t *config,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(voptions, "trusted-keys", &keys);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(config, "trusted-keys", &keys);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsmustbesecure(cfg_obj_t *mbs, dns_resolver_t *resolver)
19d365e4448f1782611280b020987988b7ac3210Mark Andrews str = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_name_fromtext(name, &b, dns_rootname,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews value = cfg_obj_asboolean(cfg_tuple_get(obj, "value"));
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff CHECK(dns_resolver_setmustbesecure(resolver, name, value));
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews * Get a dispatch appropriate for the resolver of a given view.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Make compiler happy.
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews result = ns_config_get(maps, "query-source", &obj);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews result = ns_config_get(maps, "query-source-v6", &obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * If we don't support this address family, we're done!
52637f592f705ca93fadc218e403fd55e8ce4aeaMark Andrews * Try to find a dispatcher that we can share.
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halley result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews "could not get query source dispatcher (%s)",
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrewsconfigure_order(dns_order_t *order, cfg_obj_t *ent) {
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews unsigned int mode = 0;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews const char *str;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews result = ns_config_getclass(cfg_tuple_get(ent, "class"),
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews result = ns_config_gettype(cfg_tuple_get(ent, "type"),
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews result = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews return (dns_order_add(order, dns_fixedname_name(&fixed),
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrewsconfigure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews sa = cfg_obj_assockaddr(cfg_map_getname(cpeer));
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews CHECK(dns_peer_setbogus(peer, cfg_obj_asboolean(obj)));
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews (void)cfg_map_get(cpeer, "provide-ixfr", &obj);
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff CHECK(dns_peer_setprovideixfr(peer, cfg_obj_asboolean(obj)));
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews (void)cfg_map_get(cpeer, "request-ixfr", &obj);
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews CHECK(dns_peer_setrequestixfr(peer, cfg_obj_asboolean(obj)));
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews CHECK(dns_peer_setsupportedns(peer, cfg_obj_asboolean(obj)));
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence CHECK(dns_peer_settransfers(peer, cfg_obj_asuint32(obj)));
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence (void)cfg_map_get(cpeer, "transfer-format", &obj);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews result = dns_peer_setkeybycharp(peer, cfg_obj_asstring(obj));
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews (void)cfg_map_get(cpeer, "transfer-source", &obj);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews (void)cfg_map_get(cpeer, "transfer-source-v6", &obj);
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrewsdisable_algorithms(cfg_obj_t *disabled, dns_resolver_t *resolver) {
fdd04623a6a36aad8449ef0877d8801a558873b8Mark Andrews const char *str;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews str = cfg_obj_asstring(cfg_tuple_get(disabled, "name"));
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews CHECK(dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL));
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews algorithms = cfg_tuple_get(disabled, "algorithms");
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews r.base = cfg_obj_asstring(cfg_listelt_value(element));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "invalid algorithm");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_resolver_disable_algorithm(resolver, name, alg));
19d365e4448f1782611280b020987988b7ac3210Mark Andrews * Configure 'view' according to 'vconfig', taking defaults from 'config'
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff * where values are missing in 'vconfig'.
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews * When configuring the default view, 'vconfig' will be NULL and the
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews * global defaults in 'config' used exclusively.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrenceconfigure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews dns_view_t *pview = NULL; /* Production view */
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews const char *str;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews unsigned int check = 0;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence (void)cfg_map_get(config, "options", &options);
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson voptions = cfg_tuple_get(vconfig, "options");
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson * Set the view's port number for outgoing queries.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson CHECKM(ns_config_getport(config, &port), "port");
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson * Configure the zones.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson (void)cfg_map_get(voptions, "zone", &zonelist);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews cfg_obj_t *zconfig = cfg_listelt_value(element);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(configure_zone(config, zconfig, vconfig, mctx, view,
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff * Configure the view's cache. Try to reuse an existing
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * cache if possible, otherwise create a new cache.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Note that the ADB is not preserved in either case.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * XXX Determining when it is safe to reuse a cache is
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews * tricky. When the view's configuration changes, the cached
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews * data may become invalid because it reflects our old
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * view of the world. As more view attributes become
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff * configurable, we will have to add code here to check
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * whether they have changed in ways that could
d981ca645597116d227a48bf37cc5edc061c854dBob Halley * invalidate the cache.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff result = dns_viewlist_find(&ns_g_server->viewlist,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "reusing existing cache");
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews CHECK(dns_cache_create(cmctx, ns_g_taskmgr, ns_g_timermgr,
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews * cache-file cannot be inherited if views are present, but this
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews * should be caught by the configuration checking stage.
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews result = ns_config_get(maps, "cache-file", &obj);
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews if (result == ISC_R_SUCCESS && strcmp(view->name, "_bind") != 0) {
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews CHECK(dns_cache_setfilename(cache, cfg_obj_asstring(obj)));
d981ca645597116d227a48bf37cc5edc061c854dBob Halley result = ns_config_get(maps, "cleaning-interval", &obj);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley dns_cache_setcleaninginterval(cache, cfg_obj_asuint32(obj) * 60);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley result = ns_config_get(maps, "max-cache-size", &obj);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley "'max-cache-size "
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley * Check-names.
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley result = ns_config_get(maps, "check-names", &obj);
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley if (strcasecmp(cfg_obj_asstring(type), "response") == 0) {
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff str = cfg_obj_asstring(cfg_tuple_get(value, "mode"));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson } else if (strcasecmp(str, "ignore") == 0) {
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson * XXXRTH Hardwired number of tasks.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6));
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson if (dispatch4 == NULL && dispatch6 == NULL) {
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson "unable to obtain neither an IPv4 nor"
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson " an IPv6 dispatch");
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(dns_view_createresolver(view, ns_g_taskmgr, 31,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * Set the ADB cache size to 1/8th of the max-cache-size.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson dns_adb_setadbsize(view->adb, max_adb_size);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson * Set resolver's lame-ttl.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson result = ns_config_get(maps, "lame-ttl", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson dns_resolver_setlamettl(view->resolver, lame_ttl);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson * Set the resolver's EDNS UDP size.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson result = ns_config_get(maps, "edns-udp-size", &obj);
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize);
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * Set supported DNSSEC algorithms.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff dns_resolver_reset_algorithms(view->resolver);
16996a04884731d647f43a5eb54f678581f09f68David Lawrence (void)ns_config_get(maps, "disable-algorithms", &disabled);
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence CHECK(disable_algorithms(cfg_listelt_value(element),
600cfa2ba4c50017581b6c14e3a688a82ecebbe0David Lawrence * A global or view "forwarders" option, if present,
600cfa2ba4c50017581b6c14e3a688a82ecebbe0David Lawrence * creates an entry for "." in the forwarding table.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff (void)ns_config_get(maps, "forward", &forwardtype);
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff (void)ns_config_get(maps, "forwarders", &forwarders);
fc024be774c7cdee938da018aa3994be746e36deDavid Lawrence CHECK(configure_forward(config, view, dns_rootname,
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * Dual Stack Servers.
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson (void)ns_config_get(maps, "dual-stack-servers", &alternates);
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson CHECK(configure_alternates(config, view, alternates));
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * We have default hints for class IN if we need them.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff if (view->rdclass == dns_rdataclass_in && view->hints == NULL)
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff dns_view_sethints(view, ns_g_server->in_roothints);
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * If we still have no hints, this is a non-IN view with no
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * "hints zone" configured. Issue a warning, except if this
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * is a root server. Root servers never need to consult
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * their hints, so it's no point requiring users to configure
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff (void)dns_view_findzone(view, dns_rootname, &rootzone);
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
16996a04884731d647f43a5eb54f678581f09f68David Lawrence "no root hints for view '%s'",
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * Configure the view's TSIG keys.
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff CHECK(ns_tsigkeyring_fromconfig(config, vconfig, view->mctx, &ring));
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff * Configure the view's peer list.
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews (void)ns_config_get(cfgmaps, "server", &peers);
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence view->peers = newpeers; /* Transfer ownership. */
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff * Configure the views rrset-order.
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff (void)ns_config_get(maps, "rrset-order", &rrsetorder);
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews * Copy the aclenv object.
79eec6934923f97a61edb8dbe2641ce56dc30085Bob Halley dns_aclenv_copy(&view->aclenv, &ns_g_server->aclenv);
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington * Configure the "match-clients" and "match-destinations" ACL.
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington CHECK(configure_view_acl(vconfig, config, "match-clients", actx,
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews CHECK(configure_view_acl(vconfig, config, "match-destinations", actx,
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * Configure the "match-recursive-only" option.
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington (void) ns_config_get(maps, "match-recursive-only", &obj);
5d83b561ad7eb84885a8ec63dee4c51b335f067aBrian Wellington * Configure other configurable data.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence result = ns_config_get(maps, "recursion", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson result = ns_config_get(maps, "auth-nxdomain", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson view->auth_nxdomain = cfg_obj_asboolean(obj);
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews result = ns_config_get(maps, "minimal-responses", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson view->minimalresponses = cfg_obj_asboolean(obj);
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews result = ns_config_get(maps, "transfer-format", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson if (strcasecmp(str, "many-answers") == 0)
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson view->transfer_format = dns_many_answers;
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson else if (strcasecmp(str, "one-answer") == 0)
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson * Set sources where additional data and CNAME/DNAME
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews * targets for authoritative answers may be found.
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson result = ns_config_get(maps, "additional-from-auth", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson view->additionalfromauth = cfg_obj_asboolean(obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson if (view->recursion && ! view->additionalfromauth) {
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson "'additional-from-auth no' is only supported "
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews "with 'recursion no'");
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews result = ns_config_get(maps, "additional-from-cache", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson view->additionalfromcache = cfg_obj_asboolean(obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson if (view->recursion && ! view->additionalfromcache) {
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson "'additional-from-cache no' is only supported "
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson "with 'recursion no'");
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(configure_view_acl(vconfig, config, "allow-query",
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(configure_view_acl(vconfig, config, "allow-recursion",
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson * Warning if both "recursion no;" and allow-recursion are active
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * except for "allow-recursion { none; };".
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson if (!view->recursion && view->recursionacl != NULL &&
34b394b43e2207e8f8f3703f0402422121455638David Lawrence view->recursionacl->elements[0].type != dns_aclelementtype_any ||
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson view->recursionacl->elements[0].negative != ISC_TRUE)) {
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson "both \"recursion no;\" and \"allow-recursion\" "
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson CHECK(configure_view_acl(vconfig, config, "sortlist",
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson result = ns_config_get(maps, "request-ixfr", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson result = ns_config_get(maps, "provide-ixfr", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson view->provideixfr = cfg_obj_asboolean(obj);
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence result = ns_config_get(maps, "dnssec-enable", &obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson view->enablednssec = cfg_obj_asboolean(obj);
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson result = ns_config_get(maps, "dnssec-lookaside", &obj);
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews const char *dlv;
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews CHECK(dns_name_fromtext(dns_fixedname_name(&view->dlv_fixed),
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews view->dlv = dns_fixedname_name(&view->dlv_fixed);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * For now, there is only one kind of trusted keys, the
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * "security roots".
fe47f41b13620bfafc4f8cf65d5df24f1e568764Bob Halley CHECK(configure_view_dnsseckeys(vconfig, config, mctx,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_resolver_resetmustbesecure(view->resolver);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = ns_config_get(maps, "dnssec-must-be-secure", &obj);
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews result = ns_config_get(maps, "max-cache-ttl", &obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = ns_config_get(maps, "max-ncache-ttl", &obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = ns_config_get(maps, "preferred-glue", &obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = ns_config_get(maps, "root-delegation-only", &obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_name_fromtext(name, &b, dns_rootname,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrewsconfigure_hints(dns_view_t *view, const char *filename) {
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews result = dns_rootns_create(view->mctx, view->rdclass, filename, &db);
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrewsconfigure_alternates(cfg_obj_t *config, dns_view_t *view,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff * Determine which port to send requests to.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECKM(ns_config_getport(config, &port), "port");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews addresses = cfg_tuple_get(alternates, "addresses");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews cfg_obj_t *alternate = cfg_listelt_value(element);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews char *str = cfg_obj_asstring(cfg_tuple_get(alternate,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_name_fromtext(name, &buffer, dns_rootname,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "port '%u' out of range",
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence CHECK(dns_resolver_addalternate(view->resolver, NULL,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff CHECK(dns_resolver_addalternate(view->resolver, &sa,
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrenceconfigure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence cfg_obj_t *forwarders, cfg_obj_t *forwardtype)
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff dns_fwdpolicy_t fwdpolicy = dns_fwdpolicy_none;
e4653123ecc6cdbfc0b9eda6e98e44af3b1f9a08Mark Andrews * Determine which port to send forwarded requests to.
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews CHECKM(ns_config_getport(config, &port), "port");
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence isc_uint32_t val = cfg_obj_asuint32(portobj);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
34b394b43e2207e8f8f3703f0402422121455638David Lawrence faddresses = cfg_tuple_get(forwarders, "addresses");
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson cfg_obj_t *forwarder = cfg_listelt_value(element);
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson sa = isc_mem_get(view->mctx, sizeof(isc_sockaddr_t));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "no forwarders seen; disabling "
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "forwarding");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews char *forwardstr = cfg_obj_asstring(forwardtype);
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson result = dns_fwdtable_add(view->fwdtable, origin, &addresses,
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews dns_name_format(origin, namebuf, sizeof(namebuf));
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews "could not set up forwarding for domain '%s': %s",
035504dbd8ca5949e8380b860873b3385a4e61e5Mark Andrews isc_mem_put(view->mctx, sa, sizeof(isc_sockaddr_t));
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews * Create a new view and add it to the list.
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews * If 'vconfig' is NULL, create the default view.
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews * The view created is attached to '*viewp'.
2192b4497348ccab94ca6f3f779cec399c72a8efMark Andrewscreate_view(cfg_obj_t *vconfig, dns_viewlist_t *viewlist, dns_view_t **viewp) {
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews result = ns_config_getclass(classobj, dns_rdataclass_in,
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews result = dns_viewlist_find(viewlist, viewname, viewclass, &view);
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews result = dns_view_create(ns_g_mctx, viewclass, viewname, &view);
904294c0c952227f7778fd0ba2ccea08c097b872Mark Andrews * Configure or reconfigure a zone.
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrewsconfigure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig,
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence dns_view_t *pview = NULL; /* Production view */
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence dns_zone_t *zone = NULL; /* New or reused zone */
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence (void)cfg_map_get(config, "options", &options);
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence zoptions = cfg_tuple_get(zconfig, "options");
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews * Get the zone origin as a dns_name_t.
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews isc_buffer_init(&buffer, zname, strlen(zname));
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin),
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews CHECK(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews vname = cfg_obj_asstring(cfg_tuple_get(vconfig,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "zone '%s': wrong class for view '%s'",
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * "hints zones" aren't zones. If we've got one,
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff * configure it and return.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (cfg_map_get(zoptions, "file", &fileobj) != ISC_R_SUCCESS) {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence "zone '%s': 'file' not specified",
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "could not configure root hints "
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Hint zones may also refer to delegation only points.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews tresult = cfg_map_get(zoptions, "delegation-only",
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only))
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews CHECK(dns_view_adddelegationonly(view, origin));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "ignoring non-root hint zone '%s'",
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews /* Skip ordinary zone processing. */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * "forward zones" aren't zones either. Translate this syntax into
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * the appropriate selective forwarding configuration and return.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews (void)cfg_map_get(zoptions, "forward", &forwardtype);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews (void)cfg_map_get(zoptions, "forwarders", &forwarders);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = configure_forward(config, view, origin, forwarders,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * "delegation-only zones" aren't zones either.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (strcasecmp(ztypestr, "delegation-only") == 0) {
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff result = dns_view_adddelegationonly(view, origin);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Check for duplicates in the new zone table.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence result = dns_view_findzone(view, origin, &dupzone);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * We already have this zone!
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
df8c9ee4819c97089664ccc035eb2aa7569034fdDavid Lawrence * See if we can reuse an existing zone. This is
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * only possible if all of these are true:
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * - The zone's view exists
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * - A zone with the right name exists in the view
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * - The zone is compatible with the config
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * options (e.g., an existing master zone cannot
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * be reused if the options specify a slave zone)
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = dns_viewlist_find(&ns_g_server->viewlist,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = dns_view_findzone(pview, origin, &zone);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * We found a reusable zone. Make it use the
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * We cannot reuse an existing zone, we have
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * to create a new one.
df8c9ee4819c97089664ccc035eb2aa7569034fdDavid Lawrence CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * If the zone contains a 'forwarders' statement, configure
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * selective forwarding.
df8c9ee4819c97089664ccc035eb2aa7569034fdDavid Lawrence if (cfg_map_get(zoptions, "forwarders", &forwarders) == ISC_R_SUCCESS)
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews (void)cfg_map_get(zoptions, "forward", &forwardtype);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews CHECK(configure_forward(config, view, origin, forwarders,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * Stub and forward zones may also refer to delegation only points.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (cfg_map_get(zoptions, "delegation-only", &only) == ISC_R_SUCCESS)
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews CHECK(dns_view_adddelegationonly(view, origin));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Configure the zone.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews CHECK(ns_zone_configure(config, vconfig, zconfig, aclconf, zone));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Add the zone to its view in the new view list.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Configure a single server quota.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrenceconfigure_server_quota(cfg_obj_t **maps, const char *name, isc_quota_t *quota)
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * This function is called as soon as the 'directory' statement has been
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff * parsed. This can be extended to support other options if necessary.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrewsdirectory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews REQUIRE(strcasecmp("directory", clausename) == 0);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Change directory.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "option 'directory' contains relative path '%s'",
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "change directory to '%s' failed: %s",
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrewsscan_interfaces(ns_server_t *server, isc_boolean_t verbose) {
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence isc_boolean_t match_mapped = server->aclenv.match_mapped;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews ns_interfacemgr_scan(server->interfacemgr, verbose);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Update the "localhost" and "localnets" ACLs to match the
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * current set of network interfaces.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews ns_interfacemgr_getaclenv(server->interfacemgr));
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrenceadd_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr) {
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = dns_acl_appendelement(src_acl, &aelt);
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence result = ns_listenelt_create(mctx, isc_sockaddr_getport(addr),
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence * Make a list of xxx-source addresses and call ns_interfacemgr_adjust()
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews * to update the listening interfaces accordingly.
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews * We currently only consider IPv6, because this only affects IPv6 wildcard
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrewsadjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews dispatch6 = dns_resolver_dispatchv6(view->resolver);
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley result = dns_dispatch_getlocaladdress(dispatch6, &addr);
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff for (result = dns_zone_first(server->zonemgr, &zone);
ebd68da027cfa8da0fb536c3db11bb88292f41c7Andreas Gustafsson next = NULL, result = dns_zone_next(zone, &next), zone = next) {
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff * At this point the zone list may contain a stale zone
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff * just removed from the configuration. To see the validity,
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff * check if the corresponding view is in our current view list.
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE);
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson * Even when we failed the procedure, most of other interfaces
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson * should work correctly. We therefore just warn it.
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff "could not adjust the listen-on list; "
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson "some interfaces may not work");
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff * This event callback is invoked to do periodic network
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff * interface scanning.
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafssoninterface_timer_tick(isc_task_t *task, isc_event_t *event) {
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson ns_server_t *server = (ns_server_t *) event->ev_arg;
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson * XXX should scan interfaces unlocked and get exclusive access
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson * only to replace ACLs.
static isc_result_t
char *copy;
return (ISC_R_NOMEMORY);
return (ISC_R_SUCCESS);
static isc_result_t
char *resource;
static isc_result_t
return (result);
static isc_result_t
if (first_time) {
&ns_g_defaults) ==
filename);
&config);
* option where the above parsing failed, parse resolv.conf.
if (ns_g_lwresdonly &&
&config);
if (ns_g_port != 0)
&listenon);
} else if (!ns_g_lwresdonly) {
listenon);
&listenon);
} else if (!ns_g_lwresdonly) {
listenon);
if (interface_interval == 0) {
if (heartbeat_interval == 0) {
&aclconfctx),
if (first_time) {
#ifdef PATH_RANDOMDEV
&ns_g_entropy);
if (first_time)
* files specified in named.conf get created by the
if (ns_g_logstderr) {
if (first_time) {
&categories);
char *str;
else if (ns_g_lwresdonly)
return (result);
static isc_result_t
return (result);
static isc_result_t
return (result);
if (ns_g_lwresdonly)
ISC_TRUE),
if (flush)
sizeof(isc_event_t));
goto cleanup;
attrs = 0;
case AF_INET:
case AF_INET6:
goto cleanup;
attrmask = 0;
goto cleanup;
static isc_result_t
return (result);
static isc_result_t
return (result);
cleanup: ;
char *res;
return (res);
static isc_result_t
const char *zonetxt;
char *classtxt;
return (ISC_R_UNEXPECTEDEND);
return (ISC_R_SUCCESS);
goto fail1;
goto fail1;
goto fail1;
return (result);
return (result);
return (ISC_R_UNEXPECTEDEND);
return (result);
return (result);
switch (result) {
case ISC_R_SUCCESS:
case DNS_R_CONTINUE:
case DNS_R_UPTODATE:
return (result);
return (ISC_R_SUCCESS);
return (result);
return (ISC_R_UNEXPECTEDEND);
return (ISC_R_SUCCESS);
return (ISC_R_SUCCESS);
static isc_result_t
return (result);
goto cleanup;
return (ISC_R_SUCCESS);
return (result);
static isc_result_t
if (ns_g_port != 0) {
return (result);
return (ISC_R_RANGE);
return (result);
return (result);
return (ISC_R_SUCCESS);
int ncounters;
for (i = 0; i < ncounters; i++)
char *viewname;
for (i = 0; i < ncounters; i++) {
zonestats[i],
zonename);
return (result);
static isc_result_t
return (ISC_R_NOMEMORY);
return (ISC_R_SUCCESS);
static isc_result_t
return (ISC_R_NOMEMORY);
return (result);
goto cleanup;
goto done;
goto cleanup;
goto nextzone;
goto cleanup;
goto nextview;
done:
char *ptr;
const char *sep;
return (ISC_R_NOMEMORY);
return (ISC_R_UNEXPECTEDEND);
return (ISC_R_SUCCESS);
return (result);
return (result);
char *ptr;
char *levelstr;
char *endp;
long newlevel;
return (ISC_R_UNEXPECTEDEND);
return (ISC_R_RANGE);
return (ISC_R_SUCCESS);
return (ISC_R_UNEXPECTEDEND);
goto out;
if (flushed)
out:
return (result);
isc_buffer_t b;
return (ISC_R_UNEXPECTEDEND);
return (ISC_R_UNEXPECTEDEND);
return (result);
if (flushed)
return (result);
return (ISC_R_NOSPACE);
return (ISC_R_SUCCESS);
char *journal;
return (result);
return (ISC_R_UNEXPECTEDEND);
return (ISC_R_NOTFOUND);
if (freeze) {
if (frozen)
if (frozen) {
sizeof(classstr));
return (result);