server.c revision 80cc19dc262cead5a8af41838ebfae5a6e587605
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington/*
7d32c065c7bb56f281651ae3dd2888f32ce4f1d9Bob Halley * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * Copyright (C) 1999-2003 Internet Software Consortium.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington *
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * Permission to use, copy, modify, and distribute this software for any
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * purpose with or without fee is hereby granted, provided that the above
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * copyright notice and this permission notice appear in all copies.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington *
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * PERFORMANCE OF THIS SOFTWARE.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington */
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington/* $Id: server.c,v 1.421 2004/04/10 05:03:27 marka Exp $ */
7077846f3bf941f626a8623bd29a56a5ce7a1e11Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <config.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <stdlib.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
7bb0f11636e097c7c5fff0fcd3c0cc11f679e7a3David Lawrence#include <isc/app.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/base64.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/dir.h>
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington#include <isc/entropy.h>
6028d1ce0380d0ba7f6c6ecd1ad20b31ddd1becbDavid Lawrence#include <isc/file.h>
364a82f7c25b62967678027043425201a5e5171aBob Halley#include <isc/hash.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/lex.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/parseint.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/print.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/resource.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/stdio.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/string.h>
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence#include <isc/task.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/timer.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isc/util.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <isccfg/namedconf.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <bind9/check.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington#include <dns/adb.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/cache.h>
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington#include <dns/db.h>
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington#include <dns/dispatch.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/forward.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/journal.h>
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington#include <dns/keytable.h>
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington#include <dns/master.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/masterdump.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/order.h>
3f6dc1703f76a24b34ed3bc839447291c33ca837Brian Wellington#include <dns/peer.h>
ac335315cddc0a42b9235001197dcf719ae737b6Brian Wellington#include <dns/portlist.h>
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington#include <dns/rdataclass.h>
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington#include <dns/rdataset.h>
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington#include <dns/rdatastruct.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/resolver.h>
a9bc95f22ef2dd4a12e79be99412c9f18b814a5dBrian Wellington#include <dns/rootns.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/secalg.h>
3f6dc1703f76a24b34ed3bc839447291c33ca837Brian Wellington#include <dns/stats.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/tkey.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/view.h>
e552b980379e3a7ffce1411a939c62e27f953133Brian Wellington#include <dns/zone.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dns/zt.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dst/dst.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <dst/result.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/client.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/config.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/control.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/interfacemgr.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/log.h>
d92543b36036157e06025c7f44cf870c7e363a23Brian Wellington#include <named/logconf.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/lwresd.h>
e552b980379e3a7ffce1411a939c62e27f953133Brian Wellington#include <named/main.h>
e552b980379e3a7ffce1411a939c62e27f953133Brian Wellington#include <named/os.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/server.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/tkeyconf.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/tsigconf.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#include <named/zoneconf.h>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington/*
d2524f38d22998efb4196410643280b14f8b6febBob Halley * Check an operation for failure. Assumes that the function
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * using it has a 'result' variable and a 'cleanup' label.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington */
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#define CHECK(op) \
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington do { result = (op); \
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (result != ISC_R_SUCCESS) goto cleanup; \
d2524f38d22998efb4196410643280b14f8b6febBob Halley } while (0)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington#define CHECKM(op, msg) \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington do { result = (op); \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington if (result != ISC_R_SUCCESS) { \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington isc_log_write(ns_g_lctx, \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington NS_LOGCATEGORY_GENERAL, \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington NS_LOGMODULE_SERVER, \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington ISC_LOG_ERROR, \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington "%s: %s", msg, \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington isc_result_totext(result)); \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington goto cleanup; \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington } \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington } while (0) \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington
4a2f65ad8a26261e758d9682d88eb29395422fb9Brian Wellington#define CHECKMF(op, msg, file) \
4a2f65ad8a26261e758d9682d88eb29395422fb9Brian Wellington do { result = (op); \
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington if (result != ISC_R_SUCCESS) { \
e492431068bde45f2d0b3a5d4e62f708c8ef9f2eBrian Wellington isc_log_write(ns_g_lctx, \
e492431068bde45f2d0b3a5d4e62f708c8ef9f2eBrian Wellington NS_LOGCATEGORY_GENERAL, \
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington NS_LOGMODULE_SERVER, \
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington ISC_LOG_ERROR, \
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington "%s '%s': %s", msg, file, \
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence isc_result_totext(result)); \
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington goto cleanup; \
a9bc95f22ef2dd4a12e79be99412c9f18b814a5dBrian Wellington } \
1fd4766e5b732c04c06ef44c0338b3b6bdbf2457Brian Wellington } while (0) \
1fd4766e5b732c04c06ef44c0338b3b6bdbf2457Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington#define CHECKFATAL(op, msg) \
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington do { result = (op); \
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (result != ISC_R_SUCCESS) \
183d6e8b51170e57e7268120d475927fffcf08a5Brian Wellington fatal(msg, result); \
183d6e8b51170e57e7268120d475927fffcf08a5Brian Wellington } while (0) \
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellingtonstruct ns_dispatch {
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington isc_sockaddr_t addr;
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellington unsigned int dispatchgen;
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellington dns_dispatch_t *dispatch;
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellington ISC_LINK(struct ns_dispatch) link;
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington};
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellingtonstruct dumpcontext {
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington isc_mem_t *mctx;
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington isc_boolean_t dumpcache;
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington isc_boolean_t dumpzones;
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington FILE *fp;
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington ISC_LIST(struct viewlistentry) viewlist;
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington struct viewlistentry *view;
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellington struct zonelistentry *zone;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_dumpctx_t *mdctx;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_db_t *db;
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington dns_db_t *cache;
e552b980379e3a7ffce1411a939c62e27f953133Brian Wellington isc_task_t *task;
e552b980379e3a7ffce1411a939c62e27f953133Brian Wellington dns_dbversion_t *version;
ac335315cddc0a42b9235001197dcf719ae737b6Brian Wellington};
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellingtonstruct viewlistentry {
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington dns_view_t *view;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington ISC_LINK(struct viewlistentry) link;
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington ISC_LIST(struct zonelistentry) zonelist;
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington};
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellingtonstruct zonelistentry {
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington dns_zone_t *zone;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff ISC_LINK(struct zonelistentry) link;
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington};
15660bccc162db0a7df281f5d743757c527580d5Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonstatic void
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellingtonfatal(const char *msg, isc_result_t result);
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellington
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellingtonstatic void
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellingtonns_server_reload(isc_task_t *task, isc_event_t *event);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonstatic isc_result_t
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonns_listenelt_fromconfig(cfg_obj_t *listener, cfg_obj_t *config,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington ns_aclconfctx_t *actx,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_mem_t *mctx, ns_listenelt_t **target);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonstatic isc_result_t
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config,
3f6dc1703f76a24b34ed3bc839447291c33ca837Brian Wellington ns_aclconfctx_t *actx,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_mem_t *mctx, ns_listenlist_t **target);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonstatic isc_result_t
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonconfigure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington cfg_obj_t *forwarders, cfg_obj_t *forwardtype);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellingtonstatic isc_result_t
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellingtonconfigure_alternates(cfg_obj_t *config, dns_view_t *view,
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington cfg_obj_t *alternates);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellingtonstatic isc_result_t
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellingtonconfigure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig,
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington isc_mem_t *mctx, dns_view_t *view,
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington ns_aclconfctx_t *aclconf);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington
d0345e08f26267c1d11e02af57a6555868068415Brian Wellingtonstatic void
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellingtonend_reserved_dispatches(ns_server_t *server, isc_boolean_t all);
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington/*
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington * Configure a single view ACL at '*aclp'. Get its configuration by
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington * calling 'getvcacl' (for per-view configuration) and maybe 'getscacl'
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * (for a global default).
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington */
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellingtonstatic isc_result_t
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellingtonconfigure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config,
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington const char *aclname, ns_aclconfctx_t *actx,
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington isc_mem_t *mctx, dns_acl_t **aclp)
183d6e8b51170e57e7268120d475927fffcf08a5Brian Wellington{
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington isc_result_t result;
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington cfg_obj_t *maps[3];
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington cfg_obj_t *aclobj = NULL;
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington int i = 0;
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington if (*aclp != NULL)
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington dns_acl_detach(aclp);
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington if (vconfig != NULL)
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington maps[i++] = cfg_tuple_get(vconfig, "options");
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (config != NULL) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *options = NULL;
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington (void)cfg_map_get(config, "options", &options);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington if (options != NULL)
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington maps[i++] = options;
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington }
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington maps[i] = NULL;
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington result = ns_config_get(maps, aclname, &aclobj);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington if (aclobj == NULL)
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington /*
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington * No value available. *aclp == NULL.
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington */
b6666e61dc9b91f4ac6af3aa1172bfd8a5f2d6ffBrian Wellington return (ISC_R_SUCCESS);
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington result = ns_acl_fromconfig(aclobj, config, actx, mctx, aclp);
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington return (result);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington}
d0345e08f26267c1d11e02af57a6555868068415Brian Wellington
d0345e08f26267c1d11e02af57a6555868068415Brian Wellingtonstatic isc_result_t
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellingtonconfigure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key,
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington dns_keytable_t *keytable, isc_mem_t *mctx)
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington{
15660bccc162db0a7df281f5d743757c527580d5Brian Wellington dns_rdataclass_t viewclass;
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington dns_rdata_dnskey_t keystruct;
15660bccc162db0a7df281f5d743757c527580d5Brian Wellington isc_uint32_t flags, proto, alg;
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington char *keystr, *keynamestr;
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington unsigned char keydata[4096];
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_buffer_t keydatabuf;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington unsigned char rrdata[4096];
3f6dc1703f76a24b34ed3bc839447291c33ca837Brian Wellington isc_buffer_t rrdatabuf;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington isc_region_t r;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_fixedname_t fkeyname;
3b2b306f47867d0037fb851623fb5a5736d64348Michael Graff dns_name_t *keyname;
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff isc_buffer_t namebuf;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_result_t result;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dst_key_t *dstkey = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags"));
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington proto = cfg_obj_asuint32(cfg_tuple_get(key, "protocol"));
d692d9991a731d60b63e6389da1ebf2b2839cfabBrian Wellington alg = cfg_obj_asuint32(cfg_tuple_get(key, "algorithm"));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keyname = dns_fixedname_name(&fkeyname);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington if (vconfig == NULL)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington viewclass = dns_rdataclass_in;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington else {
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington cfg_obj_t *classobj = cfg_tuple_get(vconfig, "class");
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(ns_config_getclass(classobj, dns_rdataclass_in,
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington &viewclass));
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence }
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence keystruct.common.rdclass = viewclass;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence keystruct.common.rdtype = dns_rdatatype_dnskey;
452123247dcc4c6d30ea3f33f5174df62d84e9aeBrian Wellington /*
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington * The key data in keystruct is not dynamically allocated.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington */
c3a4d8072ccd3b33aa3fc84cdeadd1a6fac87e08Michael Graff keystruct.mctx = NULL;
c3a4d8072ccd3b33aa3fc84cdeadd1a6fac87e08Michael Graff
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington ISC_LINK_INIT(&keystruct.common, link);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (flags > 0xffff)
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington CHECKM(ISC_R_RANGE, "key flags");
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington if (proto > 0xff)
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington CHECKM(ISC_R_RANGE, "key protocol");
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington if (alg > 0xff)
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington CHECKM(ISC_R_RANGE, "key algorithm");
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington keystruct.flags = (isc_uint16_t)flags;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keystruct.protocol = (isc_uint8_t)proto;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keystruct.algorithm = (isc_uint8_t)alg;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
58aaab3687aac838542ee4ef65a9c094a5d34ab0Michael Graff isc_buffer_init(&keydatabuf, keydata, sizeof(keydata));
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata));
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keystr = cfg_obj_asstring(cfg_tuple_get(key, "key"));
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington CHECK(isc_base64_decodestring(keystr, &keydatabuf));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_buffer_usedregion(&keydatabuf, &r);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence keystruct.datalen = r.length;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keystruct.data = r.base;
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington CHECK(dns_rdata_fromstruct(NULL,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keystruct.common.rdclass,
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington keystruct.common.rdtype,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington &keystruct, &rrdatabuf));
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington dns_fixedname_init(&fkeyname);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington isc_buffer_init(&namebuf, keynamestr, strlen(keynamestr));
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington isc_buffer_add(&namebuf, strlen(keynamestr));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(dns_name_fromtext(keyname, &namebuf,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_rootname, ISC_FALSE,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington NULL));
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington CHECK(dst_key_fromdns(keyname, viewclass, &rrdatabuf,
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington mctx, &dstkey));
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(dns_keytable_add(keytable, &dstkey));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(dstkey == NULL);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington return (ISC_R_SUCCESS);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence cleanup:
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington if (result == DST_R_NOCRYPTO) {
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington "ignoring trusted key for '%s': no crypto support",
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence keynamestr);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ISC_R_SUCCESS;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington } else {
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington "configuring trusted key for '%s': %s",
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keynamestr, isc_result_totext(result));
d5334bc18380d25e8a7ee804f68f22dc746b9c20Brian Wellington result = ISC_R_FAILURE;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington if (dstkey != NULL)
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington dst_key_free(&dstkey);
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington return (result);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence}
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence/*
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington * Configure DNSSEC keys for a view. Currently used only for
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington * the security roots.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence *
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington * The per-view configuration values and the server-global defaults are read
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington * from 'vconfig' and 'config'. The variable to be configured is '*target'.
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington */
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellingtonstatic isc_result_t
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellingtonconfigure_view_dnsseckeys(cfg_obj_t *vconfig, cfg_obj_t *config,
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence isc_mem_t *mctx, dns_keytable_t **target)
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington{
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington isc_result_t result;
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington cfg_obj_t *keys = NULL;
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington cfg_obj_t *voptions = NULL;
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington cfg_listelt_t *element, *element2;
d84ce5d5c69a7e144fb90fd4b3c349e88e4dcdddBrian Wellington cfg_obj_t *keylist;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence cfg_obj_t *key;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence dns_keytable_t *keytable = NULL;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence CHECK(dns_keytable_create(mctx, &keytable));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence if (vconfig != NULL)
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington voptions = cfg_tuple_get(vconfig, "options");
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keys = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (voptions != NULL)
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington (void)cfg_map_get(voptions, "trusted-keys", &keys);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (keys == NULL)
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence (void)cfg_map_get(config, "trusted-keys", &keys);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence for (element = cfg_list_first(keys);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington element != NULL;
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington element = cfg_list_next(element))
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington keylist = cfg_listelt_value(element);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington for (element2 = cfg_list_first(keylist);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington element2 != NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington element2 = cfg_list_next(element2))
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence {
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence key = cfg_listelt_value(element2);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence CHECK(configure_view_dnsseckey(vconfig, key,
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington keytable, mctx));
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington }
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_keytable_detach(target);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington *target = keytable; /* Transfer ownership. */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington keytable = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington result = ISC_R_SUCCESS;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence cleanup:
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington return (result);
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington}
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington/*
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington * Get a dispatch appropriate for the resolver of a given view.
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington */
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellingtonstatic isc_result_t
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellingtonget_view_querysource_dispatch(cfg_obj_t **maps,
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington int af, dns_dispatch_t **dispatchp)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington{
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington isc_result_t result;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_dispatch_t *disp;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_sockaddr_t sa;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington unsigned int attrs, attrmask;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *obj = NULL;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence /*
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * Make compiler happy.
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington */
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence result = ISC_R_FAILURE;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington switch (af) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington case AF_INET:
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "query-source", &obj);
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence INSIST(result == ISC_R_SUCCESS);
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington break;
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence case AF_INET6:
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence result = ns_config_get(maps, "query-source-v6", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(result == ISC_R_SUCCESS);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington break;
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence default:
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington INSIST(0);
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington }
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington sa = *(cfg_obj_assockaddr(obj));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(isc_sockaddr_pf(&sa) == af);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence /*
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * If we don't support this address family, we're done!
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington switch (af) {
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington case AF_INET:
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington result = isc_net_probeipv4();
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington break;
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence case AF_INET6:
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington result = isc_net_probeipv6();
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington break;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington default:
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(0);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (result != ISC_R_SUCCESS)
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence return (ISC_R_SUCCESS);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington /*
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington * Try to find a dispatcher that we can share.
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington */
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence attrs = 0;
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence attrs |= DNS_DISPATCHATTR_UDP;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington switch (af) {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington case AF_INET:
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington attrs |= DNS_DISPATCHATTR_IPV4;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington break;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington case AF_INET6:
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington attrs |= DNS_DISPATCHATTR_IPV6;
d5334bc18380d25e8a7ee804f68f22dc746b9c20Brian Wellington break;
d5334bc18380d25e8a7ee804f68f22dc746b9c20Brian Wellington }
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington attrmask = 0;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington attrmask |= DNS_DISPATCHATTR_UDP;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington attrmask |= DNS_DISPATCHATTR_TCP;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington attrmask |= DNS_DISPATCHATTR_IPV4;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington attrmask |= DNS_DISPATCHATTR_IPV6;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington disp = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington ns_g_taskmgr, &sa, 4096,
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington 1000, 32768, 16411, 16433,
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington attrs, attrmask, &disp);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (result != ISC_R_SUCCESS) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_sockaddr_t any;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington char buf[ISC_SOCKADDR_FORMATSIZE];
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington switch (af) {
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington case AF_INET:
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_sockaddr_any(&any);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington break;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington case AF_INET6:
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_sockaddr_any6(&any);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington break;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence if (isc_sockaddr_equal(&sa, &any))
0dc4e6a6aef01175b8cdd71cb757f09ba1e69c49Brian Wellington return (ISC_R_SUCCESS);
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington isc_sockaddr_format(&sa, buf, sizeof(buf));
c3a4d8072ccd3b33aa3fc84cdeadd1a6fac87e08Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
0dc4e6a6aef01175b8cdd71cb757f09ba1e69c49Brian Wellington "could not get query source dispatcher (%s)",
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington buf);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington return (result);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington }
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington *dispatchp = disp;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington return (ISC_R_SUCCESS);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington}
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellingtonstatic isc_result_t
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellingtonconfigure_order(dns_order_t *order, cfg_obj_t *ent) {
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington dns_rdataclass_t rdclass;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington dns_rdatatype_t rdtype;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington cfg_obj_t *obj;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington dns_fixedname_t fixed;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington unsigned int mode = 0;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington const char *str;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington isc_buffer_t b;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington isc_result_t result;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington result = ns_config_getclass(cfg_tuple_get(ent, "class"),
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington dns_rdataclass_any, &rdclass);
c3a4d8072ccd3b33aa3fc84cdeadd1a6fac87e08Michael Graff if (result != ISC_R_SUCCESS)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington return (result);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_gettype(cfg_tuple_get(ent, "type"),
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_rdatatype_any, &rdtype);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington if (result != ISC_R_SUCCESS)
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington return (result);
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence obj = cfg_tuple_get(ent, "name");
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington if (cfg_obj_isstring(obj))
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington str = cfg_obj_asstring(obj);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence else
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington str = "*";
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_buffer_init(&b, str, strlen(str));
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington isc_buffer_add(&b, strlen(str));
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington dns_fixedname_init(&fixed);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_rootname, ISC_FALSE, NULL);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (result != ISC_R_SUCCESS)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington return (result);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = cfg_tuple_get(ent, "ordering");
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(cfg_obj_isstring(obj));
0dc4e6a6aef01175b8cdd71cb757f09ba1e69c49Brian Wellington str = cfg_obj_asstring(obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (!strcasecmp(str, "fixed"))
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington mode = DNS_RDATASETATTR_FIXEDORDER;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington else if (!strcasecmp(str, "random"))
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington mode = DNS_RDATASETATTR_RANDOMIZE;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington else if (!strcasecmp(str, "cyclic"))
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington mode = 0;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington else
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(0);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington return (dns_order_add(order, dns_fixedname_name(&fixed),
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington rdtype, rdclass, mode));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington}
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonstatic isc_result_t
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellingtonconfigure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington isc_sockaddr_t *sa;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington isc_netaddr_t na;
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington dns_peer_t *peer;
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington cfg_obj_t *obj;
2c12fc4d63f1d5f9d55fc0ecb198d582da6fd7d3Brian Wellington char *str;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_result_t result;
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington sa = cfg_obj_assockaddr(cfg_map_getname(cpeer));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_netaddr_fromsockaddr(&na, sa);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington peer = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = dns_peer_new(mctx, &na, &peer);
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington if (result != ISC_R_SUCCESS)
7e8dd00fce7057d1da8158b65395a09ced43a892Brian Wellington return (result);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (void)cfg_map_get(cpeer, "bogus", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (obj != NULL)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(dns_peer_setbogus(peer, cfg_obj_asboolean(obj)));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington (void)cfg_map_get(cpeer, "provide-ixfr", &obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington if (obj != NULL)
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington CHECK(dns_peer_setprovideixfr(peer, cfg_obj_asboolean(obj)));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (void)cfg_map_get(cpeer, "request-ixfr", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (obj != NULL)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(dns_peer_setrequestixfr(peer, cfg_obj_asboolean(obj)));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
d692d9991a731d60b63e6389da1ebf2b2839cfabBrian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (void)cfg_map_get(cpeer, "edns", &obj);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington if (obj != NULL)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(dns_peer_setsupportedns(peer, cfg_obj_asboolean(obj)));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (void)cfg_map_get(cpeer, "transfers", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (obj != NULL)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(dns_peer_settransfers(peer, cfg_obj_asuint32(obj)));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
a523752c602dc6bdb69a8d9c6267a1e4188a9782Andreas Gustafsson obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (void)cfg_map_get(cpeer, "transfer-format", &obj);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington if (obj != NULL) {
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington str = cfg_obj_asstring(obj);
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington if (strcasecmp(str, "many-answers") == 0)
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington CHECK(dns_peer_settransferformat(peer,
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington dns_many_answers));
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington else if (strcasecmp(str, "one-answer") == 0)
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington CHECK(dns_peer_settransferformat(peer,
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington dns_one_answer));
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence else
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence INSIST(0);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence }
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington obj = NULL;
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington (void)cfg_map_get(cpeer, "keys", &obj);
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington if (obj != NULL) {
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington result = dns_peer_setkeybycharp(peer, cfg_obj_asstring(obj));
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington if (result != ISC_R_SUCCESS)
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington goto cleanup;
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington }
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington
05b6b2e6802d503a9e131415b4720f35ab9f08d1Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (isc_sockaddr_pf(sa) == AF_INET)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (void)cfg_map_get(cpeer, "transfer-source", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington else
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (void)cfg_map_get(cpeer, "transfer-source-v6", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (obj != NULL) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = dns_peer_settransfersource(peer,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_assockaddr(obj));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (result != ISC_R_SUCCESS)
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington goto cleanup;
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington }
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington *peerp = peer;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington return (ISC_R_SUCCESS);
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cleanup:
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_peer_detach(&peer);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington return (result);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington}
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonstatic isc_result_t
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtondisable_algorithms(cfg_obj_t *disabled, dns_resolver_t *resolver) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_result_t result;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *algorithms;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence cfg_listelt_t *element;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence const char *str;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence dns_fixedname_t fixed;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_name_t *name;
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington isc_buffer_t b;
452123247dcc4c6d30ea3f33f5174df62d84e9aeBrian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_fixedname_init(&fixed);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington name = dns_fixedname_name(&fixed);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington str = cfg_obj_asstring(cfg_tuple_get(disabled, "name"));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_buffer_init(&b, str, strlen(str));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_buffer_add(&b, strlen(str));
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence CHECK(dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL));
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence algorithms = cfg_tuple_get(disabled, "algorithms");
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington for (element = cfg_list_first(algorithms);
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington element != NULL;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence element = cfg_list_next(element))
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence {
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence isc_textregion_t r;
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington dns_secalg_t alg;
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington r.base = cfg_obj_asstring(cfg_listelt_value(element));
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington r.length = strlen(r.base);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington result = dns_secalg_fromtext(&alg, &r);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington if (result != ISC_R_SUCCESS) {
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington isc_uint8_t ui;
0f0162e6297ddf5e4abe848d27f3bcdb373189daBrian Wellington result = isc_parse_uint8(&ui, r.base, 10);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington alg = ui;
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington }
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington if (result != ISC_R_SUCCESS) {
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington cfg_obj_log(cfg_listelt_value(element),
0f0162e6297ddf5e4abe848d27f3bcdb373189daBrian Wellington ns_g_lctx, ISC_LOG_ERROR,
0f0162e6297ddf5e4abe848d27f3bcdb373189daBrian Wellington "invalid algorithm");
0f0162e6297ddf5e4abe848d27f3bcdb373189daBrian Wellington CHECK(result);
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington }
7077846f3bf941f626a8623bd29a56a5ce7a1e11Brian Wellington CHECK(dns_resolver_disable_algorithm(resolver, name, alg));
0f0162e6297ddf5e4abe848d27f3bcdb373189daBrian Wellington }
0f0162e6297ddf5e4abe848d27f3bcdb373189daBrian Wellington cleanup:
0f0162e6297ddf5e4abe848d27f3bcdb373189daBrian Wellington return (result);
0f0162e6297ddf5e4abe848d27f3bcdb373189daBrian Wellington}
7077846f3bf941f626a8623bd29a56a5ce7a1e11Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington/*
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * Configure 'view' according to 'vconfig', taking defaults from 'config'
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * where values are missing in 'vconfig'.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington *
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * When configuring the default view, 'vconfig' will be NULL and the
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * global defaults in 'config' used exclusively.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence */
d692d9991a731d60b63e6389da1ebf2b2839cfabBrian Wellingtonstatic isc_result_t
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonconfigure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_mem_t *mctx, ns_aclconfctx_t *actx,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_boolean_t need_hints)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington{
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *maps[4];
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *cfgmaps[3];
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *options = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *voptions = NULL;
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence cfg_obj_t *forwardtype;
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence cfg_obj_t *forwarders;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *alternates;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *zonelist;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *disabled;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *obj;
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence cfg_listelt_t *element;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington in_port_t port;
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence dns_cache_t *cache = NULL;
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington isc_result_t result;
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington isc_uint32_t max_adb_size;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_uint32_t max_cache_size;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_uint32_t lame_ttl;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_tsig_keyring_t *ring;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_view_t *pview = NULL; /* Production view */
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_mem_t *cmctx;
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington dns_dispatch_t *dispatch4 = NULL;
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington dns_dispatch_t *dispatch6 = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_boolean_t reused_cache = ISC_FALSE;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington int i;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington const char *str;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_order_t *order = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_uint32_t udpsize;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence unsigned int check = 0;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence REQUIRE(DNS_VIEW_VALID(view));
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington cmctx = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (config != NULL)
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence (void)cfg_map_get(config, "options", &options);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence i = 0;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (vconfig != NULL) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington voptions = cfg_tuple_get(vconfig, "options");
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington maps[i++] = voptions;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (options != NULL)
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence maps[i++] = options;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence maps[i++] = ns_g_defaults;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington maps[i] = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington i = 0;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (voptions != NULL)
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence cfgmaps[i++] = voptions;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (config != NULL)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfgmaps[i++] = config;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfgmaps[i] = NULL;
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington /*
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * Set the view's port number for outgoing queries.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington */
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECKM(ns_config_getport(config, &port), "port");
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence dns_view_setdstport(view, port);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence /*
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence * Configure the zones.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington */
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington zonelist = NULL;
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence if (voptions != NULL)
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence (void)cfg_map_get(voptions, "zone", &zonelist);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington else
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (void)cfg_map_get(config, "zone", &zonelist);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington for (element = cfg_list_first(zonelist);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence element != NULL;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence element = cfg_list_next(element))
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_t *zconfig = cfg_listelt_value(element);
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence CHECK(configure_zone(config, zconfig, vconfig, mctx, view,
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence actx));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington /*
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence * Configure the view's cache. Try to reuse an existing
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * cache if possible, otherwise create a new cache.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington * Note that the ADB is not preserved in either case.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence *
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence * XXX Determining when it is safe to reuse a cache is
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence * tricky. When the view's configuration changes, the cached
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * data may become invalid because it reflects our old
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * view of the world. As more view attributes become
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * configurable, we will have to add code here to check
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * whether they have changed in ways that could
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * invalidate the cache.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence */
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = dns_viewlist_find(&ns_g_server->viewlist,
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence view->name, view->rdclass,
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence &pview);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington goto cleanup;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (pview != NULL) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(pview->cache != NULL);
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(3),
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence "reusing existing cache");
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence reused_cache = ISC_TRUE;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_cache_attach(pview->cache, &cache);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_view_detach(&pview);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington } else {
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence CHECK(isc_mem_create(0, 0, &cmctx));
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence CHECK(dns_cache_create(cmctx, ns_g_taskmgr, ns_g_timermgr,
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence view->rdclass, "rbt", 0, NULL, &cache));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_view_setcache(view, cache);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington /*
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington * cache-file cannot be inherited if views are present, but this
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington * should be caught by the configuration checking stage.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington */
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "cache-file", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (result == ISC_R_SUCCESS && strcmp(view->name, "_bind") != 0) {
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington CHECK(dns_cache_setfilename(cache, cfg_obj_asstring(obj)));
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington if (!reused_cache)
1fd4766e5b732c04c06ef44c0338b3b6bdbf2457Brian Wellington CHECK(dns_cache_load(cache));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "cleaning-interval", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(result == ISC_R_SUCCESS);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_cache_setcleaninginterval(cache, cfg_obj_asuint32(obj) * 60);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "max-cache-size", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(result == ISC_R_SUCCESS);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (cfg_obj_isstring(obj)) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington str = cfg_obj_asstring(obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(strcasecmp(str, "unlimited") == 0);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington max_cache_size = ISC_UINT32_MAX;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington } else {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington isc_resourcevalue_t value;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington value = cfg_obj_asuint64(obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (value > ISC_UINT32_MAX) {
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington "'max-cache-size "
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington "%" ISC_PRINT_QUADFORMAT "d' is too large",
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington value);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ISC_R_RANGE;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington goto cleanup;
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington }
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington max_cache_size = (isc_uint32_t)value;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_cache_setcachesize(cache, max_cache_size);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington dns_cache_detach(&cache);
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington /*
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * Check-names.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington */
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington str = "";
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "check-names", &obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington INSIST(result == ISC_R_SUCCESS);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington for (element = cfg_list_first(obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington element != NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington element = cfg_list_next(element)) {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington cfg_obj_t *value, *type;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington value = cfg_listelt_value(element);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington type = cfg_tuple_get(value, "type");
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (strcasecmp(cfg_obj_asstring(type), "response") == 0) {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington str = cfg_obj_asstring(cfg_tuple_get(value, "mode"));
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington break;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (strcasecmp(str, "fail") == 0) {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington check = DNS_RESOLVER_CHECKNAMES |
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington DNS_RESOLVER_CHECKNAMESFAIL;
ac335315cddc0a42b9235001197dcf719ae737b6Brian Wellington view->checknames = ISC_TRUE;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington } else if (strcasecmp(str, "warn") == 0) {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington check = DNS_RESOLVER_CHECKNAMES;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington view->checknames = ISC_FALSE;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington } else if (strcasecmp(str, "ignore") == 0) {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington check = 0;
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington view->checknames = ISC_FALSE;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington } else
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington INSIST(0);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington /*
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington * Resolver.
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington *
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington * XXXRTH Hardwired number of tasks.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington */
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4));
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6));
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (dispatch4 == NULL && dispatch6 == NULL) {
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington UNEXPECTED_ERROR(__FILE__, __LINE__,
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington "unable to obtain neither an IPv4 nor"
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington " an IPv6 dispatch");
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington result = ISC_R_UNEXPECTED;
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington goto cleanup;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington CHECK(dns_view_createresolver(view, ns_g_taskmgr, 31,
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington ns_g_socketmgr, ns_g_timermgr,
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington check, ns_g_dispatchmgr,
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dispatch4, dispatch6));
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington /*
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington * Set the ADB cache size to 1/8th of the max-cache-size.
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington */
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence max_adb_size = 0;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (max_cache_size != 0) {
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence max_adb_size = max_cache_size / 8;
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington if (max_adb_size == 0)
452123247dcc4c6d30ea3f33f5174df62d84e9aeBrian Wellington max_adb_size = 1; /* Force minimum. */
452123247dcc4c6d30ea3f33f5174df62d84e9aeBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_adb_setadbsize(view->adb, max_adb_size);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington /*
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington * Set resolver's lame-ttl.
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington */
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence obj = NULL;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence result = ns_config_get(maps, "lame-ttl", &obj);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence INSIST(result == ISC_R_SUCCESS);
58aaab3687aac838542ee4ef65a9c094a5d34ab0Michael Graff lame_ttl = cfg_obj_asuint32(obj);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (lame_ttl > 1800)
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington lame_ttl = 1800;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_resolver_setlamettl(view->resolver, lame_ttl);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington /*
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington * Set the resolver's EDNS UDP size.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington obj = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington result = ns_config_get(maps, "edns-udp-size", &obj);
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington INSIST(result == ISC_R_SUCCESS);
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington udpsize = cfg_obj_asuint32(obj);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (udpsize < 512)
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington udpsize = 512;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (udpsize > 4096)
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence udpsize = 4096;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_resolver_setudpsize(view->resolver, udpsize);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington /*
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington * Set supported DNSSEC algorithms.
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_resolver_reset_algorithms(view->resolver);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington disabled = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington (void)ns_config_get(maps, "disable-algorithms", &disabled);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (disabled != NULL) {
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington for (element = cfg_list_first(disabled);
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington element != NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington element = cfg_list_next(element))
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington CHECK(disable_algorithms(cfg_listelt_value(element),
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington view->resolver));
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence /*
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * A global or view "forwarders" option, if present,
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * creates an entry for "." in the forwarding table.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington forwardtype = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington forwarders = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington (void)ns_config_get(maps, "forward", &forwardtype);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence (void)ns_config_get(maps, "forwarders", &forwarders);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (forwarders != NULL)
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence CHECK(configure_forward(config, view, dns_rootname,
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington forwarders, forwardtype));
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington /*
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington * Dual Stack Servers.
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington alternates = NULL;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence (void)ns_config_get(maps, "dual-stack-servers", &alternates);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (alternates != NULL)
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence CHECK(configure_alternates(config, view, alternates));
dc3fc5830a90b170c0a2fbf2e8fe057aad209678Brian Wellington
dc3fc5830a90b170c0a2fbf2e8fe057aad209678Brian Wellington /*
dc3fc5830a90b170c0a2fbf2e8fe057aad209678Brian Wellington * We have default hints for class IN if we need them.
dc3fc5830a90b170c0a2fbf2e8fe057aad209678Brian Wellington */
dc3fc5830a90b170c0a2fbf2e8fe057aad209678Brian Wellington if (view->rdclass == dns_rdataclass_in && view->hints == NULL)
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_view_sethints(view, ns_g_server->in_roothints);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence /*
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * If we still have no hints, this is a non-IN view with no
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington * "hints zone" configured. Issue a warning, except if this
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington * is a root server. Root servers never need to consult
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington * their hints, so it's no point requiring users to configure
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington * them.
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (view->hints == NULL) {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_zone_t *rootzone = NULL;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence (void)dns_view_findzone(view, dns_rootname, &rootzone);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (rootzone != NULL) {
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence dns_zone_detach(&rootzone);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence need_hints = ISC_FALSE;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington if (need_hints)
d598338952797df77417e69fcb8782b73651f9a9Brian Wellington isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington "no root hints for view '%s'",
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington view->name);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington /*
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * Configure the view's TSIG keys.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence */
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence ring = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington CHECK(ns_tsigkeyring_fromconfig(config, vconfig, view->mctx, &ring));
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence dns_view_setkeyring(view, ring);
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence /*
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence * Configure the view's peer list.
83e4218f6c6497eeaec7fb422b5f662cd98b2ba6David Lawrence */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington {
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence cfg_obj_t *peers = NULL;
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence cfg_listelt_t *element;
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence dns_peerlist_t *newpeers = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington (void)ns_config_get(cfgmaps, "server", &peers);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington CHECK(dns_peerlist_new(mctx, &newpeers));
5766ea1011051b4a9f7560041a03d9a562722df3Brian Wellington for (element = cfg_list_first(peers);
5766ea1011051b4a9f7560041a03d9a562722df3Brian Wellington element != NULL;
5766ea1011051b4a9f7560041a03d9a562722df3Brian Wellington element = cfg_list_next(element))
5766ea1011051b4a9f7560041a03d9a562722df3Brian Wellington {
5766ea1011051b4a9f7560041a03d9a562722df3Brian Wellington cfg_obj_t *cpeer = cfg_listelt_value(element);
5766ea1011051b4a9f7560041a03d9a562722df3Brian Wellington dns_peer_t *peer;
5766ea1011051b4a9f7560041a03d9a562722df3Brian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington CHECK(configure_peer(cpeer, mctx, &peer));
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington dns_peerlist_addpeer(newpeers, peer);
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington dns_peer_detach(&peer);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington dns_peerlist_detach(&view->peers);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington view->peers = newpeers; /* Transfer ownership. */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington }
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington /*
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington * Configure the views rrset-order.
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington */
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington cfg_obj_t *rrsetorder = NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington cfg_listelt_t *element;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington (void)ns_config_get(maps, "rrset-order", &rrsetorder);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington CHECK(dns_order_create(mctx, &order));
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington for (element = cfg_list_first(rrsetorder);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington element != NULL;
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington element = cfg_list_next(element))
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington {
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington cfg_obj_t *ent = cfg_listelt_value(element);
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington
c7f13217d11f26739a79f0dab391ec372b49b96bBrian Wellington CHECK(configure_order(order, ent));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
3f6dc1703f76a24b34ed3bc839447291c33ca837Brian Wellington if (view->order != NULL)
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington dns_order_detach(&view->order);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_order_attach(order, &view->order);
3f6dc1703f76a24b34ed3bc839447291c33ca837Brian Wellington dns_order_detach(&order);
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington }
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington /*
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * Copy the aclenv object.
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington */
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington dns_aclenv_copy(&view->aclenv, &ns_g_server->aclenv);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington /*
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington * Configure the "match-clients" and "match-destinations" ACL.
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington */
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington CHECK(configure_view_acl(vconfig, config, "match-clients", actx,
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington ns_g_mctx, &view->matchclients));
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(configure_view_acl(vconfig, config, "match-destinations", actx,
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington ns_g_mctx, &view->matchdestinations));
1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20Brian Wellington
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington /*
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington * Configure the "match-recursive-only" option.
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington */
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington obj = NULL;
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington (void) ns_config_get(maps, "match-recursive-only", &obj);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence if (obj != NULL && cfg_obj_asboolean(obj))
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence view->matchrecursiveonly = ISC_TRUE;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence else
768125e5e51a2eac913f2afbd85566eb468b412cMark Andrews view->matchrecursiveonly = ISC_FALSE;
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington
fb01226bcd598c36b5edc566489c890c39f03ed3Brian Wellington /*
15660bccc162db0a7df281f5d743757c527580d5Brian Wellington * Configure other configurable data.
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington */
15660bccc162db0a7df281f5d743757c527580d5Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "recursion", &obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington INSIST(result == ISC_R_SUCCESS);
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington view->recursion = cfg_obj_asboolean(obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "auth-nxdomain", &obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington INSIST(result == ISC_R_SUCCESS);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington view->auth_nxdomain = cfg_obj_asboolean(obj);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "minimal-responses", &obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington INSIST(result == ISC_R_SUCCESS);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington view->minimalresponses = cfg_obj_asboolean(obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
859ee7da20989e6c4e3cc4e282135668f15c1419Bob Halley obj = NULL;
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington result = ns_config_get(maps, "transfer-format", &obj);
859ee7da20989e6c4e3cc4e282135668f15c1419Bob Halley INSIST(result == ISC_R_SUCCESS);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington str = cfg_obj_asstring(obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington if (strcasecmp(str, "many-answers") == 0)
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington view->transfer_format = dns_many_answers;
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington else if (strcasecmp(str, "one-answer") == 0)
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington view->transfer_format = dns_one_answer;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington else
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson INSIST(0);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington /*
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson * Set sources where additional data and CNAME/DNAME
ffdcf33647eb0345dfe84be2c0e7b28264377436Brian Wellington * targets for authoritative answers may be found.
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington */
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington obj = NULL;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington result = ns_config_get(maps, "additional-from-auth", &obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington INSIST(result == ISC_R_SUCCESS);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington view->additionalfromauth = cfg_obj_asboolean(obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington if (view->recursion && ! view->additionalfromauth) {
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington "'additional-from-auth no' is only supported "
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington "with 'recursion no'");
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington view->additionalfromauth = ISC_TRUE;
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington }
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington obj = NULL;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff result = ns_config_get(maps, "additional-from-cache", &obj);
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington INSIST(result == ISC_R_SUCCESS);
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington view->additionalfromcache = cfg_obj_asboolean(obj);
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington if (view->recursion && ! view->additionalfromcache) {
e552b980379e3a7ffce1411a939c62e27f953133Brian Wellington cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington "'additional-from-cache no' is only supported "
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington "with 'recursion no'");
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington view->additionalfromcache = ISC_TRUE;
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington }
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington CHECK(configure_view_acl(vconfig, config, "allow-query",
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson actx, ns_g_mctx, &view->queryacl));
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington if (strcmp(view->name, "_bind") != 0)
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington CHECK(configure_view_acl(vconfig, config, "allow-recursion",
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington actx, ns_g_mctx, &view->recursionacl));
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington /*
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington * Warning if both "recursion no;" and allow-recursion are active
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington * except for "allow-recursion { none; };".
949d406b57fe80fabc6a60d36a0dcee927c780b3Brian Wellington */
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington if (!view->recursion && view->recursionacl != NULL &&
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington (view->recursionacl->length != 1 ||
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington view->recursionacl->elements[0].type != dns_aclelementtype_any ||
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington view->recursionacl->elements[0].negative != ISC_TRUE)) {
8dd915daf3f75ac9d04395e61157fdea825f3ebaBrian Wellington const char *forview = " for view ";
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington const char *viewname = view->name;
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington if (!strcmp(view->name, "_bind") ||
!strcmp(view->name, "_default")) {
forview = "";
viewname = "";
}
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"both \"recursion no;\" and \"allow-recursion\" "
"active%s%s", forview, viewname);
}
CHECK(configure_view_acl(vconfig, config, "sortlist",
actx, ns_g_mctx, &view->sortlist));
obj = NULL;
result = ns_config_get(maps, "request-ixfr", &obj);
INSIST(result == ISC_R_SUCCESS);
view->requestixfr = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "provide-ixfr", &obj);
INSIST(result == ISC_R_SUCCESS);
view->provideixfr = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS);
view->enablednssec = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "dnssec-lookaside", &obj);
if (result == ISC_R_SUCCESS) {
const char *dlv;
isc_buffer_t b;
dlv = cfg_obj_asstring(obj);
isc_buffer_init(&b, dlv, strlen(dlv));
isc_buffer_add(&b, strlen(dlv));
CHECK(dns_name_fromtext(dns_fixedname_name(&view->dlv_fixed),
&b, dns_rootname, ISC_TRUE, NULL));
view->dlv = dns_fixedname_name(&view->dlv_fixed);
} else
view->dlv = NULL;
/*
* For now, there is only one kind of trusted keys, the
* "security roots".
*/
if (view->enablednssec)
CHECK(configure_view_dnsseckeys(vconfig, config, mctx,
&view->secroots));
obj = NULL;
result = ns_config_get(maps, "max-cache-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
view->maxcachettl = cfg_obj_asuint32(obj);
obj = NULL;
result = ns_config_get(maps, "max-ncache-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
view->maxncachettl = cfg_obj_asuint32(obj);
if (view->maxncachettl > 7 * 24 * 3600)
view->maxncachettl = 7 * 24 * 3600;
obj = NULL;
result = ns_config_get(maps, "preferred-glue", &obj);
if (result == ISC_R_SUCCESS) {
str = cfg_obj_asstring(obj);
if (strcasecmp(str, "a") == 0)
view->preferred_glue = dns_rdatatype_a;
else if (strcasecmp(str, "aaaa") == 0)
view->preferred_glue = dns_rdatatype_aaaa;
else
view->preferred_glue = 0;
} else
view->preferred_glue = 0;
obj = NULL;
result = ns_config_get(maps, "root-delegation-only", &obj);
if (result == ISC_R_SUCCESS) {
dns_view_setrootdelonly(view, ISC_TRUE);
if (!cfg_obj_isvoid(obj)) {
dns_fixedname_t fixed;
dns_name_t *name;
isc_buffer_t b;
char *str;
cfg_obj_t *exclude;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (element = cfg_list_first(obj);
element != NULL;
element = cfg_list_next(element)) {
exclude = cfg_listelt_value(element);
str = cfg_obj_asstring(exclude);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname,
ISC_FALSE, NULL));
CHECK(dns_view_excludedelegationonly(view,
name));
}
}
} else
dns_view_setrootdelonly(view, ISC_FALSE);
result = ISC_R_SUCCESS;
cleanup:
if (dispatch4 != NULL)
dns_dispatch_detach(&dispatch4);
if (dispatch6 != NULL)
dns_dispatch_detach(&dispatch6);
if (order != NULL)
dns_order_detach(&order);
if (cmctx != NULL)
isc_mem_detach(&cmctx);
if (cache != NULL)
dns_cache_detach(&cache);
return (result);
}
static isc_result_t
configure_hints(dns_view_t *view, const char *filename) {
isc_result_t result;
dns_db_t *db;
db = NULL;
result = dns_rootns_create(view->mctx, view->rdclass, filename, &db);
if (result == ISC_R_SUCCESS) {
dns_view_sethints(view, db);
dns_db_detach(&db);
}
return (result);
}
static isc_result_t
configure_alternates(cfg_obj_t *config, dns_view_t *view,
cfg_obj_t *alternates)
{
cfg_obj_t *portobj;
cfg_obj_t *addresses;
cfg_listelt_t *element;
isc_result_t result = ISC_R_SUCCESS;
in_port_t port;
/*
* Determine which port to send requests to.
*/
if (ns_g_lwresdonly && ns_g_port != 0)
port = ns_g_port;
else
CHECKM(ns_config_getport(config, &port), "port");
if (alternates != NULL) {
portobj = cfg_tuple_get(alternates, "port");
if (cfg_obj_isuint32(portobj)) {
isc_uint32_t val = cfg_obj_asuint32(portobj);
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port '%u' out of range", val);
return (ISC_R_RANGE);
}
port = (in_port_t) val;
}
}
addresses = NULL;
if (alternates != NULL)
addresses = cfg_tuple_get(alternates, "addresses");
for (element = cfg_list_first(addresses);
element != NULL;
element = cfg_list_next(element))
{
cfg_obj_t *alternate = cfg_listelt_value(element);
isc_sockaddr_t sa;
if (!cfg_obj_issockaddr(alternate)) {
dns_fixedname_t fixed;
dns_name_t *name;
char *str = cfg_obj_asstring(cfg_tuple_get(alternate,
"name"));
isc_buffer_t buffer;
in_port_t myport = port;
isc_buffer_init(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
CHECK(dns_name_fromtext(name, &buffer, dns_rootname,
ISC_FALSE, NULL));
portobj = cfg_tuple_get(alternates, "port");
if (cfg_obj_isuint32(portobj)) {
isc_uint32_t val = cfg_obj_asuint32(portobj);
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx,
ISC_LOG_ERROR,
"port '%u' out of range",
val);
return (ISC_R_RANGE);
}
myport = (in_port_t) val;
}
CHECK(dns_resolver_addalternate(view->resolver, NULL,
name, myport));
continue;
}
sa = *cfg_obj_assockaddr(alternate);
if (isc_sockaddr_getport(&sa) == 0)
isc_sockaddr_setport(&sa, port);
CHECK(dns_resolver_addalternate(view->resolver, &sa,
NULL, 0));
}
cleanup:
return (result);
}
static isc_result_t
configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
cfg_obj_t *forwarders, cfg_obj_t *forwardtype)
{
cfg_obj_t *portobj;
cfg_obj_t *faddresses;
cfg_listelt_t *element;
dns_fwdpolicy_t fwdpolicy = dns_fwdpolicy_none;
isc_sockaddrlist_t addresses;
isc_sockaddr_t *sa;
isc_result_t result;
in_port_t port;
/*
* Determine which port to send forwarded requests to.
*/
if (ns_g_lwresdonly && ns_g_port != 0)
port = ns_g_port;
else
CHECKM(ns_config_getport(config, &port), "port");
if (forwarders != NULL) {
portobj = cfg_tuple_get(forwarders, "port");
if (cfg_obj_isuint32(portobj)) {
isc_uint32_t val = cfg_obj_asuint32(portobj);
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port '%u' out of range", val);
return (ISC_R_RANGE);
}
port = (in_port_t) val;
}
}
faddresses = NULL;
if (forwarders != NULL)
faddresses = cfg_tuple_get(forwarders, "addresses");
ISC_LIST_INIT(addresses);
for (element = cfg_list_first(faddresses);
element != NULL;
element = cfg_list_next(element))
{
cfg_obj_t *forwarder = cfg_listelt_value(element);
sa = isc_mem_get(view->mctx, sizeof(isc_sockaddr_t));
if (sa == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
*sa = *cfg_obj_assockaddr(forwarder);
if (isc_sockaddr_getport(sa) == 0)
isc_sockaddr_setport(sa, port);
ISC_LINK_INIT(sa, link);
ISC_LIST_APPEND(addresses, sa, link);
}
if (ISC_LIST_EMPTY(addresses)) {
if (forwardtype != NULL)
cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
"no forwarders seen; disabling "
"forwarding");
fwdpolicy = dns_fwdpolicy_none;
} else {
if (forwardtype == NULL)
fwdpolicy = dns_fwdpolicy_first;
else {
char *forwardstr = cfg_obj_asstring(forwardtype);
if (strcasecmp(forwardstr, "first") == 0)
fwdpolicy = dns_fwdpolicy_first;
else if (strcasecmp(forwardstr, "only") == 0)
fwdpolicy = dns_fwdpolicy_only;
else
INSIST(0);
}
}
result = dns_fwdtable_add(view->fwdtable, origin, &addresses,
fwdpolicy);
if (result != ISC_R_SUCCESS) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(origin, namebuf, sizeof(namebuf));
cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
"could not set up forwarding for domain '%s': %s",
namebuf, isc_result_totext(result));
goto cleanup;
}
result = ISC_R_SUCCESS;
cleanup:
while (!ISC_LIST_EMPTY(addresses)) {
sa = ISC_LIST_HEAD(addresses);
ISC_LIST_UNLINK(addresses, sa, link);
isc_mem_put(view->mctx, sa, sizeof(isc_sockaddr_t));
}
return (result);
}
/*
* Create a new view and add it to the list.
*
* If 'vconfig' is NULL, create the default view.
*
* The view created is attached to '*viewp'.
*/
static isc_result_t
create_view(cfg_obj_t *vconfig, dns_viewlist_t *viewlist, dns_view_t **viewp) {
isc_result_t result;
const char *viewname;
dns_rdataclass_t viewclass;
dns_view_t *view = NULL;
if (vconfig != NULL) {
cfg_obj_t *classobj = NULL;
viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
classobj = cfg_tuple_get(vconfig, "class");
result = ns_config_getclass(classobj, dns_rdataclass_in,
&viewclass);
} else {
viewname = "_default";
viewclass = dns_rdataclass_in;
}
result = dns_viewlist_find(viewlist, viewname, viewclass, &view);
if (result == ISC_R_SUCCESS)
return (ISC_R_EXISTS);
if (result != ISC_R_NOTFOUND)
return (result);
INSIST(view == NULL);
result = dns_view_create(ns_g_mctx, viewclass, viewname, &view);
if (result != ISC_R_SUCCESS)
return (result);
ISC_LIST_APPEND(*viewlist, view, link);
dns_view_attach(view, viewp);
return (ISC_R_SUCCESS);
}
/*
* Configure or reconfigure a zone.
*/
static isc_result_t
configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig,
isc_mem_t *mctx, dns_view_t *view,
ns_aclconfctx_t *aclconf)
{
dns_view_t *pview = NULL; /* Production view */
dns_zone_t *zone = NULL; /* New or reused zone */
dns_zone_t *dupzone = NULL;
cfg_obj_t *options = NULL;
cfg_obj_t *zoptions = NULL;
cfg_obj_t *typeobj = NULL;
cfg_obj_t *forwarders = NULL;
cfg_obj_t *forwardtype = NULL;
cfg_obj_t *only = NULL;
isc_result_t result;
isc_result_t tresult;
isc_buffer_t buffer;
dns_fixedname_t fixorigin;
dns_name_t *origin;
const char *zname;
dns_rdataclass_t zclass;
const char *ztypestr;
options = NULL;
(void)cfg_map_get(config, "options", &options);
zoptions = cfg_tuple_get(zconfig, "options");
/*
* Get the zone origin as a dns_name_t.
*/
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
isc_buffer_init(&buffer, zname, strlen(zname));
isc_buffer_add(&buffer, strlen(zname));
dns_fixedname_init(&fixorigin);
CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin),
&buffer, dns_rootname, ISC_FALSE, NULL));
origin = dns_fixedname_name(&fixorigin);
CHECK(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
view->rdclass, &zclass));
if (zclass != view->rdclass) {
const char *vname = NULL;
if (vconfig != NULL)
vname = cfg_obj_asstring(cfg_tuple_get(vconfig,
"name"));
else
vname = "<default view>";
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"zone '%s': wrong class for view '%s'",
zname, vname);
result = ISC_R_FAILURE;
goto cleanup;
}
(void)cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL) {
cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
"zone '%s' 'type' not specified", zname);
return (ISC_R_FAILURE);
}
ztypestr = cfg_obj_asstring(typeobj);
/*
* "hints zones" aren't zones. If we've got one,
* configure it and return.
*/
if (strcasecmp(ztypestr, "hint") == 0) {
cfg_obj_t *fileobj = NULL;
if (cfg_map_get(zoptions, "file", &fileobj) != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"zone '%s': 'file' not specified",
zname);
result = ISC_R_FAILURE;
goto cleanup;
}
if (dns_name_equal(origin, dns_rootname)) {
char *hintsfile = cfg_obj_asstring(fileobj);
result = configure_hints(view, hintsfile);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_ERROR,
"could not configure root hints "
"from '%s': %s", hintsfile,
isc_result_totext(result));
goto cleanup;
}
/*
* Hint zones may also refer to delegation only points.
*/
only = NULL;
tresult = cfg_map_get(zoptions, "delegation-only",
&only);
if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only))
CHECK(dns_view_adddelegationonly(view, origin));
} else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"ignoring non-root hint zone '%s'",
zname);
result = ISC_R_SUCCESS;
}
/* Skip ordinary zone processing. */
goto cleanup;
}
/*
* "forward zones" aren't zones either. Translate this syntax into
* the appropriate selective forwarding configuration and return.
*/
if (strcasecmp(ztypestr, "forward") == 0) {
forwardtype = NULL;
forwarders = NULL;
(void)cfg_map_get(zoptions, "forward", &forwardtype);
(void)cfg_map_get(zoptions, "forwarders", &forwarders);
result = configure_forward(config, view, origin, forwarders,
forwardtype);
goto cleanup;
}
/*
* "delegation-only zones" aren't zones either.
*/
if (strcasecmp(ztypestr, "delegation-only") == 0) {
result = dns_view_adddelegationonly(view, origin);
goto cleanup;
}
/*
* Check for duplicates in the new zone table.
*/
result = dns_view_findzone(view, origin, &dupzone);
if (result == ISC_R_SUCCESS) {
/*
* We already have this zone!
*/
cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
"zone '%s' already exists", zname);
dns_zone_detach(&dupzone);
result = ISC_R_EXISTS;
goto cleanup;
}
INSIST(dupzone == NULL);
/*
* See if we can reuse an existing zone. This is
* only possible if all of these are true:
* - The zone's view exists
* - A zone with the right name exists in the view
* - The zone is compatible with the config
* options (e.g., an existing master zone cannot
* be reused if the options specify a slave zone)
*/
result = dns_viewlist_find(&ns_g_server->viewlist,
view->name, view->rdclass,
&pview);
if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
goto cleanup;
if (pview != NULL)
result = dns_view_findzone(pview, origin, &zone);
if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
goto cleanup;
if (zone != NULL) {
if (! ns_zone_reusable(zone, zconfig))
dns_zone_detach(&zone);
}
if (zone != NULL) {
/*
* We found a reusable zone. Make it use the
* new view.
*/
dns_zone_setview(zone, view);
} else {
/*
* We cannot reuse an existing zone, we have
* to create a new one.
*/
CHECK(dns_zone_create(&zone, mctx));
CHECK(dns_zone_setorigin(zone, origin));
dns_zone_setview(zone, view);
CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
}
/*
* If the zone contains a 'forwarders' statement, configure
* selective forwarding.
*/
forwarders = NULL;
if (cfg_map_get(zoptions, "forwarders", &forwarders) == ISC_R_SUCCESS)
{
forwardtype = NULL;
(void)cfg_map_get(zoptions, "forward", &forwardtype);
CHECK(configure_forward(config, view, origin, forwarders,
forwardtype));
}
/*
* Stub and forward zones may also refer to delegation only points.
*/
only = NULL;
if (cfg_map_get(zoptions, "delegation-only", &only) == ISC_R_SUCCESS)
{
if (cfg_obj_asboolean(only))
CHECK(dns_view_adddelegationonly(view, origin));
}
/*
* Configure the zone.
*/
CHECK(ns_zone_configure(config, vconfig, zconfig, aclconf, zone));
/*
* Add the zone to its view in the new view list.
*/
CHECK(dns_view_addzone(view, zone));
cleanup:
if (zone != NULL)
dns_zone_detach(&zone);
if (pview != NULL)
dns_view_detach(&pview);
return (result);
}
/*
* Configure a single server quota.
*/
static void
configure_server_quota(cfg_obj_t **maps, const char *name, isc_quota_t *quota)
{
cfg_obj_t *obj = NULL;
isc_result_t result;
result = ns_config_get(maps, name, &obj);
INSIST(result == ISC_R_SUCCESS);
quota->max = cfg_obj_asuint32(obj);
}
/*
* This function is called as soon as the 'directory' statement has been
* parsed. This can be extended to support other options if necessary.
*/
static isc_result_t
directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
isc_result_t result;
char *directory;
REQUIRE(strcasecmp("directory", clausename) == 0);
UNUSED(arg);
UNUSED(clausename);
/*
* Change directory.
*/
directory = cfg_obj_asstring(obj);
if (! isc_file_ischdiridempotent(directory))
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
"option 'directory' contains relative path '%s'",
directory);
result = isc_dir_chdir(directory);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
"change directory to '%s' failed: %s",
directory, isc_result_totext(result));
return (result);
}
return (ISC_R_SUCCESS);
}
static void
scan_interfaces(ns_server_t *server, isc_boolean_t verbose) {
isc_boolean_t match_mapped = server->aclenv.match_mapped;
ns_interfacemgr_scan(server->interfacemgr, verbose);
/*
* Update the "localhost" and "localnets" ACLs to match the
* current set of network interfaces.
*/
dns_aclenv_copy(&server->aclenv,
ns_interfacemgr_getaclenv(server->interfacemgr));
server->aclenv.match_mapped = match_mapped;
}
static isc_result_t
add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr) {
ns_listenelt_t *lelt = NULL;
dns_acl_t *src_acl = NULL;
dns_aclelement_t aelt;
isc_result_t result;
isc_sockaddr_t any_sa6;
REQUIRE(isc_sockaddr_pf(addr) == AF_INET6);
isc_sockaddr_any6(&any_sa6);
if (!isc_sockaddr_equal(&any_sa6, addr)) {
aelt.type = dns_aclelementtype_ipprefix;
aelt.negative = ISC_FALSE;
aelt.u.ip_prefix.prefixlen = 128;
isc_netaddr_fromin6(&aelt.u.ip_prefix.address,
&addr->type.sin6.sin6_addr);
result = dns_acl_create(mctx, 1, &src_acl);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_acl_appendelement(src_acl, &aelt);
if (result != ISC_R_SUCCESS)
goto clean;
result = ns_listenelt_create(mctx, isc_sockaddr_getport(addr),
src_acl, &lelt);
if (result != ISC_R_SUCCESS)
goto clean;
ISC_LIST_APPEND(list->elts, lelt, link);
}
return (ISC_R_SUCCESS);
clean:
INSIST(lelt == NULL);
if (src_acl != NULL)
dns_acl_detach(&src_acl);
return (result);
}
/*
* Make a list of xxx-source addresses and call ns_interfacemgr_adjust()
* to update the listening interfaces accordingly.
* We currently only consider IPv6, because this only affects IPv6 wildcard
* sockets.
*/
static void
adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
isc_result_t result;
ns_listenlist_t *list = NULL;
dns_view_t *view;
dns_zone_t *zone, *next;
isc_sockaddr_t addr, *addrp;
result = ns_listenlist_create(mctx, &list);
if (result != ISC_R_SUCCESS)
return;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
dns_dispatch_t *dispatch6;
dispatch6 = dns_resolver_dispatchv6(view->resolver);
INSIST(dispatch6 != NULL);
result = dns_dispatch_getlocaladdress(dispatch6, &addr);
if (result != ISC_R_SUCCESS)
goto fail;
result = add_listenelt(mctx, list, &addr);
if (result != ISC_R_SUCCESS)
goto fail;
}
zone = NULL;
for (result = dns_zone_first(server->zonemgr, &zone);
result == ISC_R_SUCCESS;
next = NULL, result = dns_zone_next(zone, &next), zone = next) {
dns_view_t *zoneview;
/*
* At this point the zone list may contain a stale zone
* just removed from the configuration. To see the validity,
* check if the corresponding view is in our current view list.
*/
zoneview = dns_zone_getview(zone);
INSIST(zoneview != NULL);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL && view != zoneview;
view = ISC_LIST_NEXT(view, link))
;
if (view == NULL)
continue;
addrp = dns_zone_getnotifysrc6(zone);
result = add_listenelt(mctx, list, addrp);
if (result != ISC_R_SUCCESS)
goto fail;
addrp = dns_zone_getxfrsource6(zone);
result = add_listenelt(mctx, list, addrp);
if (result != ISC_R_SUCCESS)
goto fail;
}
ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE);
clean:
ns_listenlist_detach(&list);
return;
fail:
/*
* Even when we failed the procedure, most of other interfaces
* should work correctly. We therefore just warn it.
*/
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"could not adjust the listen-on list; "
"some interfaces may not work");
goto clean;
}
/*
* This event callback is invoked to do periodic network
* interface scanning.
*/
static void
interface_timer_tick(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
ns_server_t *server = (ns_server_t *) event->ev_arg;
INSIST(task == server->task);
UNUSED(task);
isc_event_free(&event);
/*
* XXX should scan interfaces unlocked and get exclusive access
* only to replace ACLs.
*/
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
scan_interfaces(server, ISC_FALSE);
isc_task_endexclusive(server->task);
}
static void
heartbeat_timer_tick(isc_task_t *task, isc_event_t *event) {
ns_server_t *server = (ns_server_t *) event->ev_arg;
dns_view_t *view;
UNUSED(task);
isc_event_free(&event);
view = ISC_LIST_HEAD(server->viewlist);
while (view != NULL) {
dns_view_dialup(view);
view = ISC_LIST_NEXT(view, link);
}
}
/*
* Replace the current value of '*field', a dynamically allocated
* string or NULL, with a dynamically allocated copy of the
* null-terminated string pointed to by 'value', or NULL.
*/
static isc_result_t
setstring(ns_server_t *server, char **field, const char *value) {
char *copy;
if (value != NULL) {
copy = isc_mem_strdup(server->mctx, value);
if (copy == NULL)
return (ISC_R_NOMEMORY);
} else {
copy = NULL;
}
if (*field != NULL)
isc_mem_free(server->mctx, *field);
*field = copy;
return (ISC_R_SUCCESS);
}
/*
* Replace the current value of '*field', a dynamically allocated
* string or NULL, with another dynamically allocated string
* or NULL if whether 'obj' is a string or void value, respectively.
*/
static isc_result_t
setoptstring(ns_server_t *server, char **field, cfg_obj_t *obj) {
if (cfg_obj_isvoid(obj))
return (setstring(server, field, NULL));
else
return (setstring(server, field, cfg_obj_asstring(obj)));
}
static void
set_limit(cfg_obj_t **maps, const char *configname, const char *description,
isc_resource_t resourceid, isc_resourcevalue_t defaultvalue)
{
cfg_obj_t *obj = NULL;
char *resource;
isc_resourcevalue_t value;
isc_result_t result;
if (ns_config_get(maps, configname, &obj) != ISC_R_SUCCESS)
return;
if (cfg_obj_isstring(obj)) {
resource = cfg_obj_asstring(obj);
if (strcasecmp(resource, "unlimited") == 0)
value = ISC_RESOURCE_UNLIMITED;
else {
INSIST(strcasecmp(resource, "default") == 0);
value = defaultvalue;
}
} else
value = cfg_obj_asuint64(obj);
result = isc_resource_setlimit(resourceid, value);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
result == ISC_R_SUCCESS ?
ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
"set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s",
description, value, isc_result_totext(result));
}
#define SETLIMIT(cfgvar, resource, description) \
set_limit(maps, cfgvar, description, isc_resource_ ## resource, \
ns_g_init ## resource)
static void
set_limits(cfg_obj_t **maps) {
SETLIMIT("stacksize", stacksize, "stack size");
SETLIMIT("datasize", datasize, "data size");
SETLIMIT("coresize", coresize, "core size");
SETLIMIT("files", openfiles, "open files");
}
static isc_result_t
portlist_fromconf(dns_portlist_t *portlist, unsigned int family,
cfg_obj_t *ports)
{
cfg_listelt_t *element;
isc_result_t result = ISC_R_SUCCESS;
for (element = cfg_list_first(ports);
element != NULL;
element = cfg_list_next(element)) {
cfg_obj_t *obj = cfg_listelt_value(element);
in_port_t port = cfg_obj_asuint32(obj);
result = dns_portlist_add(portlist, family, port);
if (result != ISC_R_SUCCESS)
break;
}
return (result);
}
static isc_result_t
load_configuration(const char *filename, ns_server_t *server,
isc_boolean_t first_time)
{
isc_result_t result;
cfg_parser_t *parser = NULL;
cfg_obj_t *config;
cfg_obj_t *options;
cfg_obj_t *views;
cfg_obj_t *obj;
cfg_obj_t *v4ports, *v6ports;
cfg_obj_t *maps[3];
cfg_obj_t *builtin_views;
cfg_listelt_t *element;
dns_view_t *view = NULL;
dns_view_t *view_next;
dns_viewlist_t viewlist;
dns_viewlist_t tmpviewlist;
ns_aclconfctx_t aclconfctx;
isc_uint32_t interface_interval;
isc_uint32_t heartbeat_interval;
isc_uint32_t udpsize;
in_port_t listen_port;
int i;
ns_aclconfctx_init(&aclconfctx);
ISC_LIST_INIT(viewlist);
/* Ensure exclusive access to configuration data. */
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Parse the global default pseudo-config file.
*/
if (first_time) {
CHECK(ns_config_parsedefaults(ns_g_parser, &ns_g_config));
RUNTIME_CHECK(cfg_map_get(ns_g_config, "options",
&ns_g_defaults) ==
ISC_R_SUCCESS);
}
/*
* Parse the configuration file using the new config code.
*/
result = ISC_R_FAILURE;
config = NULL;
/*
* Unless this is lwresd with the -C option, parse the config file.
*/
if (!(ns_g_lwresdonly && lwresd_g_useresolvconf)) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "loading configuration from '%s'",
filename);
CHECK(cfg_parser_create(ns_g_mctx, ns_g_lctx, &parser));
cfg_parser_setcallback(parser, directory_callback, NULL);
result = cfg_parse_file(parser, filename, &cfg_type_namedconf,
&config);
}
/*
* If this is lwresd with the -C option, or lwresd with no -C or -c
* option where the above parsing failed, parse resolv.conf.
*/
if (ns_g_lwresdonly &&
(lwresd_g_useresolvconf ||
(!ns_g_conffileset && result == ISC_R_FILENOTFOUND)))
{
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "loading configuration from '%s'",
lwresd_g_resolvconffile);
if (parser != NULL)
cfg_parser_destroy(&parser);
CHECK(cfg_parser_create(ns_g_mctx, ns_g_lctx, &parser));
result = ns_lwresd_parseeresolvconf(ns_g_mctx, parser,
&config);
}
CHECK(result);
/*
* Check the validity of the configuration.
*/
CHECK(bind9_check_namedconf(config, ns_g_lctx, ns_g_mctx));
/*
* Fill in the maps array, used for resolving defaults.
*/
i = 0;
options = NULL;
result = cfg_map_get(config, "options", &options);
if (result == ISC_R_SUCCESS)
maps[i++] = options;
maps[i++] = ns_g_defaults;
maps[i++] = NULL;
/*
* Set process limits, which (usually) needs to be done as root.
*/
set_limits(maps);
/*
* Configure various server options.
*/
configure_server_quota(maps, "transfers-out", &server->xfroutquota);
configure_server_quota(maps, "tcp-clients", &server->tcpquota);
configure_server_quota(maps, "recursive-clients",
&server->recursionquota);
CHECK(configure_view_acl(NULL, config, "blackhole", &aclconfctx,
ns_g_mctx, &server->blackholeacl));
if (server->blackholeacl != NULL)
dns_dispatchmgr_setblackhole(ns_g_dispatchmgr,
server->blackholeacl);
obj = NULL;
result = ns_config_get(maps, "match-mapped-addresses", &obj);
INSIST(result == ISC_R_SUCCESS);
server->aclenv.match_mapped = cfg_obj_asboolean(obj);
v4ports = NULL;
v6ports = NULL;
(void)ns_config_get(maps, "avoid-v4-udp-ports", &v4ports);
(void)ns_config_get(maps, "avoid-v6-udp-ports", &v6ports);
if (v4ports != NULL || v6ports != NULL) {
dns_portlist_t *portlist = NULL;
result = dns_portlist_create(ns_g_mctx, &portlist);
if (result == ISC_R_SUCCESS && v4ports != NULL)
result = portlist_fromconf(portlist, AF_INET, v4ports);
if (result == ISC_R_SUCCESS && v6ports != NULL)
portlist_fromconf(portlist, AF_INET6, v6ports);
if (result == ISC_R_SUCCESS)
dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, portlist);
if (portlist != NULL)
dns_portlist_detach(&portlist);
CHECK(result);
} else
dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, NULL);
/*
* Set the EDNS UDP size when we don't match a view.
*/
obj = NULL;
result = ns_config_get(maps, "edns-udp-size", &obj);
INSIST(result == ISC_R_SUCCESS);
udpsize = cfg_obj_asuint32(obj);
if (udpsize < 512)
udpsize = 512;
if (udpsize > 4096)
udpsize = 4096;
ns_g_udpsize = udpsize;
/*
* Configure the zone manager.
*/
obj = NULL;
result = ns_config_get(maps, "transfers-in", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_zonemgr_settransfersin(server->zonemgr, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "transfers-per-ns", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_zonemgr_settransfersperns(server->zonemgr, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "serial-query-rate", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_zonemgr_setserialqueryrate(server->zonemgr, cfg_obj_asuint32(obj));
/*
* Determine which port to use for listening for incoming connections.
*/
if (ns_g_port != 0)
listen_port = ns_g_port;
else
CHECKM(ns_config_getport(config, &listen_port), "port");
/*
* Find the listen queue depth.
*/
obj = NULL;
result = ns_config_get(maps, "tcp-listen-queue", &obj);
INSIST(result == ISC_R_SUCCESS);
ns_g_listen = cfg_obj_asuint32(obj);
if (ns_g_listen < 3)
ns_g_listen = 3;
/*
* Configure the interface manager according to the "listen-on"
* statement.
*/
{
cfg_obj_t *clistenon = NULL;
ns_listenlist_t *listenon = NULL;
clistenon = NULL;
/*
* Even though listen-on is present in the default
* configuration, we can't use it here, since it isn't
* used if we're in lwresd mode. This way is easier.
*/
if (options != NULL)
(void)cfg_map_get(options, "listen-on", &clistenon);
if (clistenon != NULL) {
result = ns_listenlist_fromconfig(clistenon,
config,
&aclconfctx,
ns_g_mctx,
&listenon);
} else if (!ns_g_lwresdonly) {
/*
* Not specified, use default.
*/
CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
ISC_TRUE, &listenon));
}
if (listenon != NULL) {
ns_interfacemgr_setlistenon4(server->interfacemgr,
listenon);
ns_listenlist_detach(&listenon);
}
}
/*
* Ditto for IPv6.
*/
{
cfg_obj_t *clistenon = NULL;
ns_listenlist_t *listenon = NULL;
if (options != NULL)
(void)cfg_map_get(options, "listen-on-v6", &clistenon);
if (clistenon != NULL) {
result = ns_listenlist_fromconfig(clistenon,
config,
&aclconfctx,
ns_g_mctx,
&listenon);
} else if (!ns_g_lwresdonly) {
/*
* Not specified, use default.
*/
CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
ISC_FALSE, &listenon));
}
if (listenon != NULL) {
ns_interfacemgr_setlistenon6(server->interfacemgr,
listenon);
ns_listenlist_detach(&listenon);
}
}
/*
* Rescan the interface list to pick up changes in the
* listen-on option. It's important that we do this before we try
* to configure the query source, since the dispatcher we use might
* be shared with an interface.
*/
scan_interfaces(server, ISC_TRUE);
/*
* Arrange for further interface scanning to occur periodically
* as specified by the "interface-interval" option.
*/
obj = NULL;
result = ns_config_get(maps, "interface-interval", &obj);
INSIST(result == ISC_R_SUCCESS);
interface_interval = cfg_obj_asuint32(obj) * 60;
if (interface_interval == 0) {
CHECK(isc_timer_reset(server->interface_timer,
isc_timertype_inactive,
NULL, NULL, ISC_TRUE));
} else if (server->interface_interval != interface_interval) {
isc_interval_t interval;
isc_interval_set(&interval, interface_interval, 0);
CHECK(isc_timer_reset(server->interface_timer,
isc_timertype_ticker,
NULL, &interval, ISC_FALSE));
}
server->interface_interval = interface_interval;
/*
* Configure the dialup heartbeat timer.
*/
obj = NULL;
result = ns_config_get(maps, "heartbeat-interval", &obj);
INSIST(result == ISC_R_SUCCESS);
heartbeat_interval = cfg_obj_asuint32(obj) * 60;
if (heartbeat_interval == 0) {
CHECK(isc_timer_reset(server->heartbeat_timer,
isc_timertype_inactive,
NULL, NULL, ISC_TRUE));
} else if (server->heartbeat_interval != heartbeat_interval) {
isc_interval_t interval;
isc_interval_set(&interval, heartbeat_interval, 0);
CHECK(isc_timer_reset(server->heartbeat_timer,
isc_timertype_ticker,
NULL, &interval, ISC_FALSE));
}
server->heartbeat_interval = heartbeat_interval;
/*
* Configure and freeze all explicit views. Explicit
* views that have zones were already created at parsing
* time, but views with no zones must be created here.
*/
views = NULL;
(void)cfg_map_get(config, "view", &views);
for (element = cfg_list_first(views);
element != NULL;
element = cfg_list_next(element))
{
cfg_obj_t *vconfig = cfg_listelt_value(element);
view = NULL;
CHECK(create_view(vconfig, &viewlist, &view));
INSIST(view != NULL);
CHECK(configure_view(view, config, vconfig,
ns_g_mctx, &aclconfctx, ISC_TRUE));
dns_view_freeze(view);
dns_view_detach(&view);
}
/*
* Make sure we have a default view if and only if there
* were no explicit views.
*/
if (views == NULL) {
/*
* No explicit views; there ought to be a default view.
* There may already be one created as a side effect
* of zone statements, or we may have to create one.
* In either case, we need to configure and freeze it.
*/
CHECK(create_view(NULL, &viewlist, &view));
CHECK(configure_view(view, config, NULL, ns_g_mctx,
&aclconfctx, ISC_TRUE));
dns_view_freeze(view);
dns_view_detach(&view);
}
/*
* Create (or recreate) the built-in views. Currently
* there is only one, the _bind view.
*/
builtin_views = NULL;
RUNTIME_CHECK(cfg_map_get(ns_g_config, "view",
&builtin_views) == ISC_R_SUCCESS);
for (element = cfg_list_first(builtin_views);
element != NULL;
element = cfg_list_next(element))
{
cfg_obj_t *vconfig = cfg_listelt_value(element);
CHECK(create_view(vconfig, &viewlist, &view));
CHECK(configure_view(view, config, vconfig, ns_g_mctx,
&aclconfctx, ISC_FALSE));
dns_view_freeze(view);
dns_view_detach(&view);
view = NULL;
}
/*
* Swap our new view list with the production one.
*/
tmpviewlist = server->viewlist;
server->viewlist = viewlist;
viewlist = tmpviewlist;
/*
* Load the TKEY information from the configuration.
*/
if (options != NULL) {
dns_tkeyctx_t *t = NULL;
CHECKM(ns_tkeyctx_fromconfig(options, ns_g_mctx, ns_g_entropy,
&t),
"configuring TKEY");
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
server->tkeyctx = t;
}
/*
* Bind the control port(s).
*/
CHECKM(ns_controls_configure(ns_g_server->controls, config,
&aclconfctx),
"binding control channel(s)");
/*
* Bind the lwresd port(s).
*/
CHECKM(ns_lwresd_configure(ns_g_mctx, config),
"binding lightweight resolver ports");
/*
* Open the source of entropy.
*/
if (first_time) {
obj = NULL;
result = ns_config_get(maps, "random-device", &obj);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"no source of entropy found");
} else {
const char *randomdev = cfg_obj_asstring(obj);
result = isc_entropy_createfilesource(ns_g_entropy,
randomdev);
if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_INFO,
"could not open entropy source "
"%s: %s",
randomdev,
isc_result_totext(result));
#ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) {
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_INFO,
"using pre-chroot entropy source "
"%s",
PATH_RANDOMDEV);
isc_entropy_detach(&ns_g_entropy);
isc_entropy_attach(ns_g_fallbackentropy,
&ns_g_entropy);
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
#endif
}
}
/*
* Relinquish root privileges.
*/
if (first_time)
ns_os_changeuser();
/*
* Configure the logging system.
*
* Do this after changing UID to make sure that any log
* files specified in named.conf get created by the
* unprivileged user, not root.
*/
if (ns_g_logstderr) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"ignoring config file logging "
"statement due to -g option");
} else {
cfg_obj_t *logobj = NULL;
isc_logconfig_t *logc = NULL;
CHECKM(isc_logconfig_create(ns_g_lctx, &logc),
"creating new logging configuration");
logobj = NULL;
(void)cfg_map_get(config, "logging", &logobj);
if (logobj != NULL) {
CHECKM(ns_log_configure(logc, logobj),
"configuring logging");
} else {
CHECKM(ns_log_setdefaultchannels(logc),
"setting up default logging channels");
CHECKM(ns_log_setunmatchedcategory(logc),
"setting up default 'category unmatched'");
CHECKM(ns_log_setdefaultcategory(logc),
"setting up default 'category default'");
}
result = isc_logconfig_use(ns_g_lctx, logc);
if (result != ISC_R_SUCCESS) {
isc_logconfig_destroy(&logc);
CHECKM(result, "installing logging configuration");
}
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
"now using logging configuration from "
"config file");
}
/*
* Set the default value of the query logging flag depending
* whether a "queries" category has been defined. This is
* a disgusting hack, but we need to do this for BIND 8
* compatibility.
*/
if (first_time) {
cfg_obj_t *logobj = NULL;
cfg_obj_t *categories = NULL;
obj = NULL;
if (ns_config_get(maps, "querylog", &obj) == ISC_R_SUCCESS) {
server->log_queries = cfg_obj_asboolean(obj);
} else {
(void)cfg_map_get(config, "logging", &logobj);
if (logobj != NULL)
(void)cfg_map_get(logobj, "category",
&categories);
if (categories != NULL) {
cfg_listelt_t *element;
for (element = cfg_list_first(categories);
element != NULL;
element = cfg_list_next(element))
{
cfg_obj_t *catobj;
char *str;
obj = cfg_listelt_value(element);
catobj = cfg_tuple_get(obj, "name");
str = cfg_obj_asstring(catobj);
if (strcasecmp(str, "queries") == 0)
server->log_queries = ISC_TRUE;
}
}
}
}
obj = NULL;
if (ns_config_get(maps, "pid-file", &obj) == ISC_R_SUCCESS)
if (cfg_obj_isvoid(obj))
ns_os_writepidfile(NULL, first_time);
else
ns_os_writepidfile(cfg_obj_asstring(obj), first_time);
else if (ns_g_lwresdonly)
ns_os_writepidfile(lwresd_g_defaultpidfile, first_time);
else
ns_os_writepidfile(ns_g_defaultpidfile, first_time);
obj = NULL;
if (options != NULL &&
cfg_map_get(options, "memstatistics-file", &obj) == ISC_R_SUCCESS)
ns_main_setmemstats(cfg_obj_asstring(obj));
else
ns_main_setmemstats(NULL);
obj = NULL;
result = ns_config_get(maps, "statistics-file", &obj);
INSIST(result == ISC_R_SUCCESS);
CHECKM(setstring(server, &server->statsfile, cfg_obj_asstring(obj)),
"strdup");
obj = NULL;
result = ns_config_get(maps, "dump-file", &obj);
INSIST(result == ISC_R_SUCCESS);
CHECKM(setstring(server, &server->dumpfile, cfg_obj_asstring(obj)),
"strdup");
obj = NULL;
result = ns_config_get(maps, "recursing-file", &obj);
INSIST(result == ISC_R_SUCCESS);
CHECKM(setstring(server, &server->recfile, cfg_obj_asstring(obj)),
"strdup");
obj = NULL;
result = ns_config_get(maps, "version", &obj);
if (result == ISC_R_SUCCESS) {
CHECKM(setoptstring(server, &server->version, obj), "strdup");
server->version_set = ISC_TRUE;
} else {
server->version_set = ISC_FALSE;
}
obj = NULL;
result = ns_config_get(maps, "hostname", &obj);
if (result == ISC_R_SUCCESS) {
CHECKM(setoptstring(server, &server->hostname, obj), "strdup");
server->hostname_set = ISC_TRUE;
} else {
server->hostname_set = ISC_FALSE;
}
obj = NULL;
result = ns_config_get(maps, "server-id", &obj);
server->server_usehostname = ISC_FALSE;
if (result == ISC_R_SUCCESS && cfg_obj_isboolean(obj)) {
server->server_usehostname = ISC_TRUE;
} else if (result == ISC_R_SUCCESS) {
CHECKM(setoptstring(server, &server->server_id, obj), "strdup");
} else {
result = setoptstring(server, &server->server_id, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
}
obj = NULL;
result = ns_config_get(maps, "flush-zones-on-shutdown", &obj);
if (result == ISC_R_SUCCESS) {
server->flushonshutdown = cfg_obj_asboolean(obj);
} else {
server->flushonshutdown = ISC_FALSE;
}
result = ISC_R_SUCCESS;
cleanup:
ns_aclconfctx_destroy(&aclconfctx);
if (parser != NULL) {
if (config != NULL)
cfg_obj_destroy(parser, &config);
cfg_parser_destroy(&parser);
}
if (view != NULL)
dns_view_detach(&view);
/*
* This cleans up either the old production view list
* or our temporary list depending on whether they
* were swapped above or not.
*/
for (view = ISC_LIST_HEAD(viewlist);
view != NULL;
view = view_next) {
view_next = ISC_LIST_NEXT(view, link);
ISC_LIST_UNLINK(viewlist, view, link);
dns_view_detach(&view);
}
/*
* Adjust the listening interfaces in accordance with the source
* addresses specified in views and zones.
*/
if (isc_net_probeipv6() == ISC_R_SUCCESS)
adjust_interfaces(server, ns_g_mctx);
/* Relinquish exclusive access to configuration data. */
isc_task_endexclusive(server->task);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_DEBUG(1), "load_configuration: %s",
isc_result_totext(result));
return (result);
}
static isc_result_t
load_zones(ns_server_t *server, isc_boolean_t stop) {
isc_result_t result;
dns_view_t *view;
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Load zone data from disk.
*/
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
CHECK(dns_view_load(view, stop));
}
/*
* Force zone maintenance. Do this after loading
* so that we know when we need to force AXFR of
* slave zones whose master files are missing.
*/
CHECK(dns_zonemgr_forcemaint(server->zonemgr));
cleanup:
isc_task_endexclusive(server->task);
return (result);
}
static isc_result_t
load_new_zones(ns_server_t *server, isc_boolean_t stop) {
isc_result_t result;
dns_view_t *view;
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Load zone data from disk.
*/
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
CHECK(dns_view_loadnew(view, stop));
}
/*
* Force zone maintenance. Do this after loading
* so that we know when we need to force AXFR of
* slave zones whose master files are missing.
*/
dns_zonemgr_resumexfrs(server->zonemgr);
cleanup:
isc_task_endexclusive(server->task);
return (result);
}
static void
run_server(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
ns_server_t *server = (ns_server_t *)event->ev_arg;
UNUSED(task);
isc_event_free(&event);
CHECKFATAL(dns_dispatchmgr_create(ns_g_mctx, ns_g_entropy,
&ns_g_dispatchmgr),
"creating dispatch manager");
CHECKFATAL(ns_interfacemgr_create(ns_g_mctx, ns_g_taskmgr,
ns_g_socketmgr, ns_g_dispatchmgr,
&server->interfacemgr),
"creating interface manager");
CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive,
NULL, NULL, server->task,
interface_timer_tick,
server, &server->interface_timer),
"creating interface timer");
CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive,
NULL, NULL, server->task,
heartbeat_timer_tick,
server, &server->heartbeat_timer),
"creating heartbeat timer");
CHECKFATAL(cfg_parser_create(ns_g_mctx, NULL, &ns_g_parser),
"creating default configuration parser");
if (ns_g_lwresdonly)
CHECKFATAL(load_configuration(lwresd_g_conffile, server,
ISC_TRUE),
"loading configuration");
else
CHECKFATAL(load_configuration(ns_g_conffile, server, ISC_TRUE),
"loading configuration");
isc_hash_init();
CHECKFATAL(load_zones(server, ISC_FALSE),
"loading zones");
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "running");
}
void
ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) {
REQUIRE(NS_SERVER_VALID(server));
server->flushonshutdown = flush;
}
static void
shutdown_server(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
dns_view_t *view, *view_next;
ns_server_t *server = (ns_server_t *)event->ev_arg;
isc_boolean_t flush = server->flushonshutdown;
UNUSED(task);
INSIST(task == server->task);
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "shutting down%s",
flush ? ": flushing changes" : "");
ns_controls_shutdown(server->controls);
end_reserved_dispatches(server, ISC_TRUE);
cfg_obj_destroy(ns_g_parser, &ns_g_config);
cfg_parser_destroy(&ns_g_parser);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = view_next) {
view_next = ISC_LIST_NEXT(view, link);
ISC_LIST_UNLINK(server->viewlist, view, link);
if (flush)
dns_view_flushanddetach(&view);
else
dns_view_detach(&view);
}
isc_timer_detach(&server->interface_timer);
isc_timer_detach(&server->heartbeat_timer);
ns_interfacemgr_shutdown(server->interfacemgr);
ns_interfacemgr_detach(&server->interfacemgr);
dns_dispatchmgr_destroy(&ns_g_dispatchmgr);
dns_zonemgr_shutdown(server->zonemgr);
if (server->blackholeacl != NULL)
dns_acl_detach(&server->blackholeacl);
isc_task_endexclusive(server->task);
isc_task_detach(&server->task);
isc_event_free(&event);
}
void
ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
isc_result_t result;
ns_server_t *server = isc_mem_get(mctx, sizeof(*server));
if (server == NULL)
fatal("allocating server object", ISC_R_NOMEMORY);
server->mctx = mctx;
server->task = NULL;
/* Initialize configuration data with default values. */
result = isc_quota_init(&server->xfroutquota, 10);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = isc_quota_init(&server->tcpquota, 10);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = isc_quota_init(&server->recursionquota, 100);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_quota_soft(&server->recursionquota, ISC_FALSE);
result = dns_aclenv_init(mctx, &server->aclenv);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/* Initialize server data structures. */
server->zonemgr = NULL;
server->interfacemgr = NULL;
ISC_LIST_INIT(server->viewlist);
server->in_roothints = NULL;
server->blackholeacl = NULL;
CHECKFATAL(dns_rootns_create(mctx, dns_rdataclass_in, NULL,
&server->in_roothints),
"setting up root hints");
CHECKFATAL(isc_mutex_init(&server->reload_event_lock),
"initializing reload event lock");
server->reload_event =
isc_event_allocate(ns_g_mctx, server,
NS_EVENT_RELOAD,
ns_server_reload,
server,
sizeof(isc_event_t));
CHECKFATAL(server->reload_event == NULL ?
ISC_R_NOMEMORY : ISC_R_SUCCESS,
"allocating reload event");
CHECKFATAL(dst_lib_init(ns_g_mctx, ns_g_entropy, ISC_ENTROPY_GOODONLY),
"initializing DST");
server->tkeyctx = NULL;
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx),
"creating TKEY context");
/*
* Setup the server task, which is responsible for coordinating
* startup and shutdown of the server.
*/
CHECKFATAL(isc_task_create(ns_g_taskmgr, 0, &server->task),
"creating server task");
isc_task_setname(server->task, "server", server);
CHECKFATAL(isc_task_onshutdown(server->task, shutdown_server, server),
"isc_task_onshutdown");
CHECKFATAL(isc_app_onrun(ns_g_mctx, server->task, run_server, server),
"isc_app_onrun");
server->interface_timer = NULL;
server->heartbeat_timer = NULL;
server->interface_interval = 0;
server->heartbeat_interval = 0;
CHECKFATAL(dns_zonemgr_create(ns_g_mctx, ns_g_taskmgr, ns_g_timermgr,
ns_g_socketmgr, &server->zonemgr),
"dns_zonemgr_create");
server->statsfile = isc_mem_strdup(server->mctx, "named.stats");
CHECKFATAL(server->statsfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
"isc_mem_strdup");
server->querystats = NULL;
server->dumpfile = isc_mem_strdup(server->mctx, "named_dump.db");
CHECKFATAL(server->dumpfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
"isc_mem_strdup");
server->recfile = isc_mem_strdup(server->mctx, "named.recursing");
CHECKFATAL(server->recfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
"isc_mem_strdup");
server->hostname_set = ISC_FALSE;
server->hostname = NULL;
server->version_set = ISC_FALSE;
server->version = NULL;
server->server_usehostname = ISC_FALSE;
server->server_id = NULL;
CHECKFATAL(dns_stats_alloccounters(ns_g_mctx, &server->querystats),
"dns_stats_alloccounters");
server->flushonshutdown = ISC_FALSE;
server->log_queries = ISC_FALSE;
server->controls = NULL;
CHECKFATAL(ns_controls_create(server, &server->controls),
"ns_controls_create");
server->dispatchgen = 0;
ISC_LIST_INIT(server->dispatches);
server->magic = NS_SERVER_MAGIC;
*serverp = server;
}
void
ns_server_destroy(ns_server_t **serverp) {
ns_server_t *server = *serverp;
REQUIRE(NS_SERVER_VALID(server));
ns_controls_destroy(&server->controls);
dns_stats_freecounters(server->mctx, &server->querystats);
isc_mem_free(server->mctx, server->statsfile);
isc_mem_free(server->mctx, server->dumpfile);
isc_mem_free(server->mctx, server->recfile);
if (server->version != NULL)
isc_mem_free(server->mctx, server->version);
if (server->hostname != NULL)
isc_mem_free(server->mctx, server->hostname);
if (server->server_id != NULL)
isc_mem_free(server->mctx, server->server_id);
dns_zonemgr_detach(&server->zonemgr);
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
dst_lib_destroy();
isc_event_free(&server->reload_event);
INSIST(ISC_LIST_EMPTY(server->viewlist));
dns_db_detach(&server->in_roothints);
dns_aclenv_destroy(&server->aclenv);
isc_quota_destroy(&server->recursionquota);
isc_quota_destroy(&server->tcpquota);
isc_quota_destroy(&server->xfroutquota);
server->magic = 0;
isc_mem_put(server->mctx, server, sizeof(*server));
*serverp = NULL;
}
static void
fatal(const char *msg, isc_result_t result) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_CRITICAL, "%s: %s", msg,
isc_result_totext(result));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_CRITICAL, "exiting (due to fatal error)");
exit(1);
}
static void
start_reserved_dispatches(ns_server_t *server) {
REQUIRE(NS_SERVER_VALID(server));
server->dispatchgen++;
}
static void
end_reserved_dispatches(ns_server_t *server, isc_boolean_t all) {
ns_dispatch_t *dispatch;
REQUIRE(NS_SERVER_VALID(server));
for (dispatch = ISC_LIST_HEAD(server->dispatches);
dispatch != NULL;
dispatch = ISC_LIST_NEXT(dispatch, link)) {
if (!all && server->dispatchgen == dispatch-> dispatchgen)
continue;
dns_dispatch_detach(&dispatch->dispatch);
isc_mem_put(server->mctx, dispatch, sizeof(*dispatch));
}
}
void
ns_add_reserved_dispatch(ns_server_t *server, isc_sockaddr_t *addr) {
ns_dispatch_t *dispatch;
in_port_t port;
char addrbuf[ISC_SOCKADDR_FORMATSIZE];
isc_result_t result;
unsigned int attrs, attrmask;
REQUIRE(NS_SERVER_VALID(server));
port = isc_sockaddr_getport(addr);
if (port == 0 || port >= 1024)
return;
for (dispatch = ISC_LIST_HEAD(server->dispatches);
dispatch != NULL;
dispatch = ISC_LIST_NEXT(dispatch, link)) {
if (isc_sockaddr_equal(&dispatch->addr, addr))
break;
}
if (dispatch != NULL) {
dispatch->dispatchgen = server->dispatchgen;
return;
}
dispatch = isc_mem_get(server->mctx, sizeof(*dispatch));
if (dispatch == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
dispatch->addr = *addr;
dispatch->dispatchgen = server->dispatchgen;
dispatch->dispatch = NULL;
attrs = 0;
attrs |= DNS_DISPATCHATTR_UDP;
switch (isc_sockaddr_pf(addr)) {
case AF_INET:
attrs |= DNS_DISPATCHATTR_IPV4;
break;
case AF_INET6:
attrs |= DNS_DISPATCHATTR_IPV6;
break;
default:
result = ISC_R_NOTIMPLEMENTED;
goto cleanup;
}
attrmask = 0;
attrmask |= DNS_DISPATCHATTR_UDP;
attrmask |= DNS_DISPATCHATTR_TCP;
attrmask |= DNS_DISPATCHATTR_IPV4;
attrmask |= DNS_DISPATCHATTR_IPV6;
result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
ns_g_taskmgr, &dispatch->addr, 4096,
1000, 32768, 16411, 16433,
attrs, attrmask, &dispatch->dispatch);
if (result != ISC_R_SUCCESS)
goto cleanup;
ISC_LIST_INITANDPREPEND(server->dispatches, dispatch, link);
return;
cleanup:
if (dispatch != NULL)
isc_mem_put(server->mctx, dispatch, sizeof(*dispatch));
isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"unable to create dispatch for reserved port %s: %s",
addrbuf, isc_result_totext(result));
}
static isc_result_t
loadconfig(ns_server_t *server) {
isc_result_t result;
start_reserved_dispatches(server);
result = load_configuration(ns_g_lwresdonly ?
lwresd_g_conffile : ns_g_conffile,
server,
ISC_FALSE);
if (result == ISC_R_SUCCESS)
end_reserved_dispatches(server, ISC_FALSE);
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"reloading configuration failed: %s",
isc_result_totext(result));
return (result);
}
static isc_result_t
reload(ns_server_t *server) {
isc_result_t result;
CHECK(loadconfig(server));
result = load_zones(server, ISC_FALSE);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"reloading zones failed: %s",
isc_result_totext(result));
}
cleanup:
return (result);
}
static void
reconfig(ns_server_t *server) {
isc_result_t result;
CHECK(loadconfig(server));
result = load_new_zones(server, ISC_FALSE);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"loading new zones failed: %s",
isc_result_totext(result));
}
cleanup: ;
}
/*
* Handle a reload event (from SIGHUP).
*/
static void
ns_server_reload(isc_task_t *task, isc_event_t *event) {
ns_server_t *server = (ns_server_t *)event->ev_arg;
INSIST(task = server->task);
UNUSED(task);
(void)reload(server);
LOCK(&server->reload_event_lock);
INSIST(server->reload_event == NULL);
server->reload_event = event;
UNLOCK(&server->reload_event_lock);
}
void
ns_server_reloadwanted(ns_server_t *server) {
LOCK(&server->reload_event_lock);
if (server->reload_event != NULL)
isc_task_send(server->task, &server->reload_event);
UNLOCK(&server->reload_event_lock);
}
static char *
next_token(char **stringp, const char *delim) {
char *res;
do {
res = strsep(stringp, delim);
if (res == NULL)
break;
} while (*res == '\0');
return (res);
}
/*
* Find the zone specified in the control channel command 'args',
* if any. If a zone is specified, point '*zonep' at it, otherwise
* set '*zonep' to NULL.
*/
static isc_result_t
zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) {
char *input, *ptr;
const char *zonetxt;
char *classtxt;
const char *viewtxt = NULL;
dns_fixedname_t name;
isc_result_t result;
isc_buffer_t buf;
dns_view_t *view = NULL;
dns_rdataclass_t rdclass;
REQUIRE(zonep != NULL && *zonep == NULL);
input = args;
/* Skip the command name. */
ptr = next_token(&input, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Look for the zone name. */
zonetxt = next_token(&input, " \t");
if (zonetxt == NULL)
return (ISC_R_SUCCESS);
/* Look for the optional class name. */
classtxt = next_token(&input, " \t");
if (classtxt != NULL) {
/* Look for the optional view name. */
viewtxt = next_token(&input, " \t");
}
isc_buffer_init(&buf, zonetxt, strlen(zonetxt));
isc_buffer_add(&buf, strlen(zonetxt));
dns_fixedname_init(&name);
result = dns_name_fromtext(dns_fixedname_name(&name),
&buf, dns_rootname, ISC_FALSE, NULL);
if (result != ISC_R_SUCCESS)
goto fail1;
if (classtxt != NULL) {
isc_textregion_t r;
r.base = classtxt;
r.length = strlen(classtxt);
result = dns_rdataclass_fromtext(&rdclass, &r);
if (result != ISC_R_SUCCESS)
goto fail1;
} else {
rdclass = dns_rdataclass_in;
}
if (viewtxt == NULL)
viewtxt = "_default";
result = dns_viewlist_find(&server->viewlist, viewtxt,
rdclass, &view);
if (result != ISC_R_SUCCESS)
goto fail1;
result = dns_zt_find(view->zonetable, dns_fixedname_name(&name),
0, NULL, zonep);
/* Partial match? */
if (result != ISC_R_SUCCESS && *zonep != NULL)
dns_zone_detach(zonep);
dns_view_detach(&view);
fail1:
return (result);
}
/*
* Act on a "retransfer" command from the command channel.
*/
isc_result_t
ns_server_retransfercommand(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub)
dns_zone_forcereload(zone);
else
result = ISC_R_NOTFOUND;
dns_zone_detach(&zone);
return (result);
}
/*
* Act on a "reload" command from the command channel.
*/
isc_result_t
ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
const char *msg = NULL;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
result = reload(server);
if (result == ISC_R_SUCCESS)
msg = "server reload successful";
} else {
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub) {
dns_zone_refresh(zone);
msg = "zone refresh queued";
} else {
result = dns_zone_load(zone);
dns_zone_detach(&zone);
switch (result) {
case ISC_R_SUCCESS:
msg = "zone reload successful";
break;
case DNS_R_CONTINUE:
msg = "zone reload queued";
result = ISC_R_SUCCESS;
break;
case DNS_R_UPTODATE:
msg = "zone reload up-to-date";
result = ISC_R_SUCCESS;
break;
default:
/* failure message will be generated by rndc */
break;
}
}
}
if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
isc_buffer_putmem(text, (const unsigned char *)msg,
strlen(msg) + 1);
return (result);
}
/*
* Act on a "reconfig" command from the command channel.
*/
isc_result_t
ns_server_reconfigcommand(ns_server_t *server, char *args) {
UNUSED(args);
reconfig(server);
return (ISC_R_SUCCESS);
}
/*
* Act on a "refresh" command from the command channel.
*/
isc_result_t
ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result;
dns_zone_t *zone = NULL;
const unsigned char msg[] = "zone refresh queued";
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
dns_zone_refresh(zone);
dns_zone_detach(&zone);
if (sizeof(msg) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg, sizeof(msg));
return (ISC_R_SUCCESS);
}
isc_result_t
ns_server_togglequerylog(ns_server_t *server) {
server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"query logging is now %s",
server->log_queries ? "on" : "off");
return (ISC_R_SUCCESS);
}
static isc_result_t
ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config,
ns_aclconfctx_t *actx,
isc_mem_t *mctx, ns_listenlist_t **target)
{
isc_result_t result;
cfg_listelt_t *element;
ns_listenlist_t *dlist = NULL;
REQUIRE(target != NULL && *target == NULL);
result = ns_listenlist_create(mctx, &dlist);
if (result != ISC_R_SUCCESS)
return (result);
for (element = cfg_list_first(listenlist);
element != NULL;
element = cfg_list_next(element))
{
ns_listenelt_t *delt = NULL;
cfg_obj_t *listener = cfg_listelt_value(element);
result = ns_listenelt_fromconfig(listener, config, actx,
mctx, &delt);
if (result != ISC_R_SUCCESS)
goto cleanup;
ISC_LIST_APPEND(dlist->elts, delt, link);
}
*target = dlist;
return (ISC_R_SUCCESS);
cleanup:
ns_listenlist_detach(&dlist);
return (result);
}
/*
* Create a listen list from the corresponding configuration
* data structure.
*/
static isc_result_t
ns_listenelt_fromconfig(cfg_obj_t *listener, cfg_obj_t *config,
ns_aclconfctx_t *actx,
isc_mem_t *mctx, ns_listenelt_t **target)
{
isc_result_t result;
cfg_obj_t *portobj;
in_port_t port;
ns_listenelt_t *delt = NULL;
REQUIRE(target != NULL && *target == NULL);
portobj = cfg_tuple_get(listener, "port");
if (!cfg_obj_isuint32(portobj)) {
if (ns_g_port != 0) {
port = ns_g_port;
} else {
result = ns_config_getport(config, &port);
if (result != ISC_R_SUCCESS)
return (result);
}
} else {
if (cfg_obj_asuint32(portobj) >= ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port value '%u' is out of range",
cfg_obj_asuint32(portobj));
return (ISC_R_RANGE);
}
port = (in_port_t)cfg_obj_asuint32(portobj);
}
result = ns_listenelt_create(mctx, port, NULL, &delt);
if (result != ISC_R_SUCCESS)
return (result);
result = ns_acl_fromconfig(cfg_tuple_get(listener, "acl"),
config, actx, mctx, &delt->acl);
if (result != ISC_R_SUCCESS) {
ns_listenelt_destroy(delt);
return (result);
}
*target = delt;
return (ISC_R_SUCCESS);
}
isc_result_t
ns_server_dumpstats(ns_server_t *server) {
isc_result_t result;
dns_zone_t *zone, *next;
isc_stdtime_t now;
FILE *fp = NULL;
int i;
int ncounters;
isc_stdtime_get(&now);
CHECKMF(isc_stdio_open(server->statsfile, "a", &fp),
"could not open statistics dump file", server->statsfile);
ncounters = DNS_STATS_NCOUNTERS;
fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now);
for (i = 0; i < ncounters; i++)
fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT "u\n",
dns_statscounter_names[i],
server->querystats[i]);
zone = NULL;
for (result = dns_zone_first(server->zonemgr, &zone);
result == ISC_R_SUCCESS;
next = NULL, result = dns_zone_next(zone, &next), zone = next)
{
isc_uint64_t *zonestats = dns_zone_getstatscounters(zone);
if (zonestats != NULL) {
char zonename[DNS_NAME_FORMATSIZE];
dns_view_t *view;
char *viewname;
dns_name_format(dns_zone_getorigin(zone),
zonename, sizeof(zonename));
view = dns_zone_getview(zone);
viewname = view->name;
for (i = 0; i < ncounters; i++) {
fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT
"u %s",
dns_statscounter_names[i],
zonestats[i],
zonename);
if (strcmp(viewname, "_default") != 0)
fprintf(fp, " %s", viewname);
fprintf(fp, "\n");
}
}
}
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
CHECK(result);
fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now);
cleanup:
if (fp != NULL)
(void)isc_stdio_close(fp);
return (result);
}
static isc_result_t
add_zone_tolist(dns_zone_t *zone, void *uap) {
struct dumpcontext *dctx = uap;
struct zonelistentry *zle;
zle = isc_mem_get(dctx->mctx, sizeof *zle);
if (zle == NULL)
return (ISC_R_NOMEMORY);
zle->zone = NULL;
dns_zone_attach(zone, &zle->zone);
ISC_LINK_INIT(zle, link);
ISC_LIST_APPEND(ISC_LIST_TAIL(dctx->viewlist)->zonelist, zle, link);
return (ISC_R_SUCCESS);
}
static isc_result_t
add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) {
struct viewlistentry *vle;
isc_result_t result = ISC_R_SUCCESS;
vle = isc_mem_get(dctx->mctx, sizeof *vle);
if (vle == NULL)
return (ISC_R_NOMEMORY);
vle->view = NULL;
dns_view_attach(view, &vle->view);
ISC_LINK_INIT(vle, link);
ISC_LIST_INIT(vle->zonelist);
ISC_LIST_APPEND(dctx->viewlist, vle, link);
if (dctx->dumpzones)
result = dns_zt_apply(view->zonetable, ISC_TRUE,
add_zone_tolist, dctx);
return (result);
}
static void
dumpcontext_destroy(struct dumpcontext *dctx) {
struct viewlistentry *vle;
struct zonelistentry *zle;
vle = ISC_LIST_HEAD(dctx->viewlist);
while (vle != NULL) {
ISC_LIST_UNLINK(dctx->viewlist, vle, link);
zle = ISC_LIST_HEAD(vle->zonelist);
while (zle != NULL) {
ISC_LIST_UNLINK(vle->zonelist, zle, link);
dns_zone_detach(&zle->zone);
isc_mem_put(dctx->mctx, zle, sizeof *zle);
zle = ISC_LIST_HEAD(vle->zonelist);
}
dns_view_detach(&vle->view);
isc_mem_put(dctx->mctx, vle, sizeof *vle);
vle = ISC_LIST_HEAD(dctx->viewlist);
}
if (dctx->version != NULL)
dns_db_closeversion(dctx->db, &dctx->version, ISC_FALSE);
if (dctx->db != NULL)
dns_db_detach(&dctx->db);
if (dctx->cache != NULL)
dns_db_detach(&dctx->cache);
if (dctx->task != NULL)
isc_task_detach(&dctx->task);
if (dctx->fp != NULL)
(void)isc_stdio_close(dctx->fp);
if (dctx->mdctx != NULL)
dns_dumpctx_detach(&dctx->mdctx);
isc_mem_put(dctx->mctx, dctx, sizeof *dctx);
}
static void
dumpdone(void *arg, isc_result_t result) {
struct dumpcontext *dctx = arg;
char buf[1024+32];
const dns_master_style_t *style;
if (result != ISC_R_SUCCESS)
goto cleanup;
if (dctx->mdctx != NULL)
dns_dumpctx_detach(&dctx->mdctx);
if (dctx->view == NULL) {
dctx->view = ISC_LIST_HEAD(dctx->viewlist);
if (dctx->view == NULL)
goto done;
INSIST(dctx->zone == NULL);
}
nextview:
fprintf(dctx->fp, ";\n; Start view %s\n;\n", dctx->view->view->name);
if (dctx->zone == NULL && dctx->cache == NULL && dctx->dumpcache) {
style = &dns_master_style_cache;
/* start cache dump */
if (dctx->view->view->cachedb != NULL)
dns_db_attach(dctx->view->view->cachedb, &dctx->cache);
if (dctx->cache != NULL) {
fprintf(dctx->fp, ";\n; Cache dump of view '%s'\n;\n",
dctx->view->view->name);
result = dns_master_dumptostreaminc(dctx->mctx,
dctx->cache, NULL,
style, dctx->fp,
dctx->task,
dumpdone, dctx,
&dctx->mdctx);
if (result == DNS_R_CONTINUE)
return;
if (result == ISC_R_NOTIMPLEMENTED)
fprintf(dctx->fp, "; %s\n",
dns_result_totext(result));
else if (result != ISC_R_SUCCESS)
goto cleanup;
}
}
if (dctx->cache != NULL) {
dns_adb_dump(dctx->view->view->adb, dctx->fp);
dns_db_detach(&dctx->cache);
}
if (dctx->dumpzones) {
style = &dns_master_style_full;
nextzone:
if (dctx->version != NULL)
dns_db_closeversion(dctx->db, &dctx->version,
ISC_FALSE);
if (dctx->db != NULL)
dns_db_detach(&dctx->db);
if (dctx->zone == NULL)
dctx->zone = ISC_LIST_HEAD(dctx->view->zonelist);
else
dctx->zone = ISC_LIST_NEXT(dctx->zone, link);
if (dctx->zone != NULL) {
/* start zone dump */
dns_zone_name(dctx->zone->zone, buf, sizeof(buf));
fprintf(dctx->fp, ";\n; Zone dump of '%s'\n;\n", buf);
result = dns_zone_getdb(dctx->zone->zone, &dctx->db);
if (result != ISC_R_SUCCESS) {
fprintf(dctx->fp, "; %s\n",
dns_result_totext(result));
goto nextzone;
}
dns_db_currentversion(dctx->db, &dctx->version);
result = dns_master_dumptostreaminc(dctx->mctx,
dctx->db,
dctx->version,
style, dctx->fp,
dctx->task,
dumpdone, dctx,
&dctx->mdctx);
if (result == DNS_R_CONTINUE)
return;
if (result == ISC_R_NOTIMPLEMENTED)
fprintf(dctx->fp, "; %s\n",
dns_result_totext(result));
if (result != ISC_R_SUCCESS)
goto cleanup;
}
}
if (dctx->view != NULL)
dctx->view = ISC_LIST_NEXT(dctx->view, link);
if (dctx->view != NULL)
goto nextview;
done:
fprintf(dctx->fp, "; Dump complete\n");
result = isc_stdio_flush(dctx->fp);
if (result == ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumpdb complete");
cleanup:
if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumpdb failed: %s", dns_result_totext(result));
dumpcontext_destroy(dctx);
}
isc_result_t
ns_server_dumpdb(ns_server_t *server, char *args) {
struct dumpcontext *dctx = NULL;
dns_view_t *view;
isc_result_t result;
char *ptr;
const char *sep;
dctx = isc_mem_get(server->mctx, sizeof(*dctx));
if (dctx == NULL)
return (ISC_R_NOMEMORY);
dctx->mctx = server->mctx;
dctx->dumpcache = ISC_TRUE;
dctx->dumpzones = ISC_FALSE;
dctx->fp = NULL;
ISC_LIST_INIT(dctx->viewlist);
dctx->view = NULL;
dctx->zone = NULL;
dctx->cache = NULL;
dctx->mdctx = NULL;
dctx->db = NULL;
dctx->cache = NULL;
dctx->task = NULL;
dctx->version = NULL;
isc_task_attach(server->task, &dctx->task);
CHECKMF(isc_stdio_open(server->dumpfile, "w", &dctx->fp),
"could not open dump file", server->dumpfile);
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
sep = (args == NULL) ? "" : ": ";
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumpdb started%s%s", sep, (args != NULL) ? args : "");
ptr = next_token(&args, " \t");
if (ptr != NULL && strcmp(ptr, "-all") == 0) {
dctx->dumpzones = ISC_TRUE;
dctx->dumpcache = ISC_TRUE;
ptr = next_token(&args, " \t");
} else if (ptr != NULL && strcmp(ptr, "-cache") == 0) {
dctx->dumpzones = ISC_FALSE;
dctx->dumpcache = ISC_TRUE;
ptr = next_token(&args, " \t");
} else if (ptr != NULL && strcmp(ptr, "-zones") == 0) {
dctx->dumpzones = ISC_TRUE;
dctx->dumpcache = ISC_FALSE;
ptr = next_token(&args, " \t");
}
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (ptr != NULL && strcmp(view->name, ptr) != 0)
continue;
CHECK(add_view_tolist(dctx, view));
}
dumpdone(dctx, ISC_R_SUCCESS);
return (ISC_R_SUCCESS);
cleanup:
if (dctx != NULL)
dumpcontext_destroy(dctx);
return (result);
}
isc_result_t
ns_server_dumprecursing(ns_server_t *server) {
FILE *fp = NULL;
isc_result_t result;
CHECKMF(isc_stdio_open(server->recfile, "w", &fp),
"could not open dump file", server->recfile);
fprintf(fp,";\n; Recursing Queries\n;\n");
ns_interfacemgr_dumprecursing(fp, server->interfacemgr);
fprintf(fp, "; Dump complete\n");
cleanup:
if (fp != NULL)
result = isc_stdio_close(fp);
return (result);
}
isc_result_t
ns_server_setdebuglevel(ns_server_t *server, char *args) {
char *ptr;
char *levelstr;
char *endp;
long newlevel;
UNUSED(server);
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Look for the new level name. */
levelstr = next_token(&args, " \t");
if (levelstr == NULL) {
if (ns_g_debuglevel < 99)
ns_g_debuglevel++;
} else {
newlevel = strtol(levelstr, &endp, 10);
if (*endp != '\0' || newlevel < 0 || newlevel > 99)
return (ISC_R_RANGE);
ns_g_debuglevel = (unsigned int)newlevel;
}
isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
return (ISC_R_SUCCESS);
}
isc_result_t
ns_server_flushcache(ns_server_t *server, char *args) {
char *ptr, *viewname;
dns_view_t *view;
isc_boolean_t flushed = ISC_FALSE;
isc_result_t result;
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Look for the view name. */
viewname = next_token(&args, " \t");
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
continue;
result = dns_view_flushcache(view);
if (result != ISC_R_SUCCESS)
goto out;
flushed = ISC_TRUE;
}
if (flushed)
result = ISC_R_SUCCESS;
else
result = ISC_R_FAILURE;
out:
isc_task_endexclusive(server->task);
return (result);
}
isc_result_t
ns_server_flushname(ns_server_t *server, char *args) {
char *ptr, *target, *viewname;
dns_view_t *view;
isc_boolean_t flushed = ISC_FALSE;
isc_result_t result;
isc_buffer_t b;
dns_fixedname_t fixed;
dns_name_t *name;
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Find the domain name to flush. */
target = next_token(&args, " \t");
if (target == NULL)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_init(&b, target, strlen(target));
isc_buffer_add(&b, strlen(target));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
result = dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL);
if (result != ISC_R_SUCCESS)
return (result);
/* Look for the view name. */
viewname = next_token(&args, " \t");
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
flushed = ISC_TRUE;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
continue;
result = dns_view_flushname(view, name);
if (result != ISC_R_SUCCESS)
flushed = ISC_FALSE;
}
if (flushed)
result = ISC_R_SUCCESS;
else
result = ISC_R_FAILURE;
isc_task_endexclusive(server->task);
return (result);
}
isc_result_t
ns_server_status(ns_server_t *server, isc_buffer_t *text) {
int zonecount, xferrunning, xferdeferred, soaqueries;
unsigned int n;
zonecount = dns_zonemgr_getcount(server->zonemgr, DNS_ZONESTATE_ANY);
xferrunning = dns_zonemgr_getcount(server->zonemgr,
DNS_ZONESTATE_XFERRUNNING);
xferdeferred = dns_zonemgr_getcount(server->zonemgr,
DNS_ZONESTATE_XFERDEFERRED);
soaqueries = dns_zonemgr_getcount(server->zonemgr,
DNS_ZONESTATE_SOAQUERY);
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"number of zones: %u\n"
"debug level: %d\n"
"xfers running: %u\n"
"xfers deferred: %u\n"
"soa queries in progress: %u\n"
"query logging is %s\n"
"recursive clients: %d/%d\n"
"tcp clients: %d/%d\n"
"server is up and running",
zonecount, ns_g_debuglevel, xferrunning, xferdeferred,
soaqueries, server->log_queries ? "ON" : "OFF",
server->recursionquota.used, server->recursionquota.max,
server->tcpquota.used, server->tcpquota.max);
if (n >= isc_buffer_availablelength(text))
return (ISC_R_NOSPACE);
isc_buffer_add(text, n);
return (ISC_R_SUCCESS);
}
/*
* Act on a "freeze" or "unfreeze" command from the command channel.
*/
isc_result_t
ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
char classstr[DNS_RDATACLASS_FORMATSIZE];
char zonename[DNS_NAME_FORMATSIZE];
dns_view_t *view;
char *journal;
const char *vname, *sep;
isc_boolean_t frozen;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
type = dns_zone_gettype(zone);
if (type != dns_zone_master) {
dns_zone_detach(&zone);
return (ISC_R_NOTFOUND);
}
frozen = dns_zone_getupdatedisabled(zone);
if (freeze) {
if (frozen)
result = DNS_R_FROZEN;
if (result == ISC_R_SUCCESS)
result = dns_zone_flush(zone);
if (result == ISC_R_SUCCESS) {
journal = dns_zone_getjournal(zone);
if (journal != NULL)
(void)isc_file_remove(journal);
}
} else {
if (frozen) {
result = dns_zone_load(zone);
if (result == DNS_R_CONTINUE ||
result == DNS_R_UPTODATE)
result = ISC_R_SUCCESS;
}
}
if (result == ISC_R_SUCCESS)
dns_zone_setupdatedisabled(zone, freeze);
view = dns_zone_getview(zone);
if (strcmp(view->name, "_bind") == 0 ||
strcmp(view->name, "_default") == 0)
{
vname = "";
sep = "";
} else {
vname = view->name;
sep = " ";
}
dns_rdataclass_format(dns_zone_getclass(zone), classstr,
sizeof(classstr));
dns_name_format(dns_zone_getorigin(zone),
zonename, sizeof(zonename));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"%s zone '%s/%s'%s%s: %s",
freeze ? "freezing" : "unfreezing",
zonename, classstr, sep, vname,
isc_result_totext(result));
dns_zone_detach(&zone);
return (result);
}