server.c revision dfbda37366414b6302ad7da2999d0c340705c452
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews/*
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews * Copyright (C) 1999-2003 Internet Software Consortium.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Permission to use, copy, modify, and/or distribute this software for any
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * purpose with or without fee is hereby granted, provided that the above
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * copyright notice and this permission notice appear in all copies.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * PERFORMANCE OF THIS SOFTWARE.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
2da53322f30495e9bcf30f3776def2da329d3343Mark Andrews/* $Id: server.c,v 1.574 2010/07/19 04:13:38 marka Exp $ */
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff/*! \file */
de153390f5a1f6d4fa86af91d4cae772d9846ca0Mark Andrews
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff#include <config.h>
822f6cdabb1edd44472c7a758b5cae71376fa9beBrian Wellington
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington#include <stdlib.h>
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews#include <unistd.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <limits.h>
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson#include <ctype.h>
25a66b4e41e2b0a2af4840749bac80ae78c678bfMark Andrews#include <sys/types.h>
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence#include <sys/stat.h>
21f1794606dce19928cf455029e173321f166380Mark Andrews
973a19342597823f111fce6a8cd5adfd0e2e7c0dMark Andrews#include <isc/app.h>
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff#include <isc/base64.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/dir.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/entropy.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/file.h>
28b863e609ff2d97b78663b46894494cfa2ea411Mark Andrews#include <isc/hash.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/httpd.h>
21825a8d005ccc2dfaf12889bf9eef3413555277Brian Wellington#include <isc/lex.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/parseint.h>
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews#include <isc/portset.h>
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews#include <isc/print.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/resource.h>
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews#include <isc/sha2.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/socket.h>
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews#include <isc/stat.h>
3ddd92da6651bc72aa79a04195ad389d86fd1a66Andreas Gustafsson#include <isc/stats.h>
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson#include <isc/stdio.h>
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson#include <isc/string.h>
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews#include <isc/task.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <isc/timer.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <isc/util.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <isc/xml.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <isccfg/namedconf.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews
c46f10e4a1702191b003cf8f8fc5059c15d29c48Mark Andrews#include <bind9/check.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <dns/acache.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <dns/adb.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <dns/cache.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <dns/db.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#include <dns/dispatch.h>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews#ifdef DLZ
eb6bd543c7d072efdca509eb17f8f301c1467b53Mark Andrews#include <dns/dlz.h>
deaaf94332abbfdb3aff53675546acfed16e5eb6Mark Andrews#endif
c46f10e4a1702191b003cf8f8fc5059c15d29c48Mark Andrews#include <dns/forward.h>
c46f10e4a1702191b003cf8f8fc5059c15d29c48Mark Andrews#include <dns/journal.h>
0b056755b2f423ba5f6adac8f7851d78f7d11437David Lawrence#include <dns/keytable.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/keyvalues.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <dns/lib.h>
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews#include <dns/master.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/masterdump.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/order.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/peer.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/portlist.h>
0b056755b2f423ba5f6adac8f7851d78f7d11437David Lawrence#include <dns/rbt.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/rdataclass.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <dns/rdataset.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/rdatastruct.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/resolver.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/rootns.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/secalg.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/stats.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/tkey.h>
0b056755b2f423ba5f6adac8f7851d78f7d11437David Lawrence#include <dns/tsig.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/view.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/zone.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dns/zt.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dst/dst.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <dst/result.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <named/client.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <named/config.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <named/control.h>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#include <named/interfacemgr.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <named/log.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <named/logconf.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <named/lwresd.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <named/main.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <named/os.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <named/server.h>
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#include <named/statschannel.h>
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence#include <named/tkeyconf.h>
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#include <named/tsigconf.h>
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#include <named/zoneconf.h>
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#ifdef HAVE_LIBSCF
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#include <named/ns_smf_globals.h>
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#include <stdlib.h>
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#endif
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence#ifndef PATH_MAX
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#define PATH_MAX 1024
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#endif
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence/*%
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * Check an operation for failure. Assumes that the function
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * using it has a 'result' variable and a 'cleanup' label.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence#define CHECK(op) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence do { result = (op); \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (result != ISC_R_SUCCESS) goto cleanup; \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence } while (0)
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence#define CHECKM(op, msg) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence do { result = (op); \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (result != ISC_R_SUCCESS) { \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_log_write(ns_g_lctx, \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence NS_LOGCATEGORY_GENERAL, \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence NS_LOGMODULE_SERVER, \
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence ISC_LOG_ERROR, \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence "%s: %s", msg, \
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington isc_result_totext(result)); \
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington goto cleanup; \
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington } \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence } while (0) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence#define CHECKMF(op, msg, file) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence do { result = (op); \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (result != ISC_R_SUCCESS) { \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_log_write(ns_g_lctx, \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence NS_LOGCATEGORY_GENERAL, \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence NS_LOGMODULE_SERVER, \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence ISC_LOG_ERROR, \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence "%s '%s': %s", msg, file, \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_result_totext(result)); \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence goto cleanup; \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence } \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence } while (0) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence#define CHECKFATAL(op, msg) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence do { result = (op); \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (result != ISC_R_SUCCESS) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence fatal(msg, result); \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence } while (0) \
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence/*%
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * Maximum ADB size for views that share a cache. Use this limit to suppress
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * the total of memory footprint, which should be the main reason for sharing
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * a cache. Only effective when a finite max-cache-size is specified.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * This is currently defined to be 8MB.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence#define MAX_ADB_SIZE_FOR_CACHESHARE 8388608
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrencestruct ns_dispatch {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_sockaddr_t addr;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence unsigned int dispatchgen;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_dispatch_t *dispatch;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence ISC_LINK(struct ns_dispatch) link;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence};
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrencestruct ns_cache {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_cache_t *cache;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_view_t *primaryview;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_boolean_t needflush;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_boolean_t adbsizeadjusted;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence ISC_LINK(ns_cache_t) link;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence};
76c8294c81fb48b1da6e1fc5b83322a4cedb8e58Andreas Gustafsson
76c8294c81fb48b1da6e1fc5b83322a4cedb8e58Andreas Gustafssonstruct dumpcontext {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_mem_t *mctx;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_boolean_t dumpcache;
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence isc_boolean_t dumpzones;
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence FILE *fp;
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence ISC_LIST(struct viewlistentry) viewlist;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence struct viewlistentry *view;
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews struct zonelistentry *zone;
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews dns_dumpctx_t *mdctx;
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews dns_db_t *db;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_db_t *cache;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_task_t *task;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_dbversion_t *version;
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson};
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrewsstruct viewlistentry {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews dns_view_t *view;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews ISC_LINK(struct viewlistentry) link;
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews ISC_LIST(struct zonelistentry) zonelist;
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews};
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrewsstruct zonelistentry {
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews dns_zone_t *zone;
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews ISC_LINK(struct zonelistentry) link;
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews};
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews/*
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews * These zones should not leak onto the Internet.
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews */
b6a0341bcb113e93bd0bc41a9f9a1fc117444da6Mark Andrewsstatic const struct {
b6a0341bcb113e93bd0bc41a9f9a1fc117444da6Mark Andrews const char *zone;
aa05bbdef7f7827dde158dcc913f4dade84c8511Brian Wellington isc_boolean_t rfc1918;
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews} empty_zones[] = {
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews#ifdef notyet
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews /* RFC 1918 */
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews { "10.IN-ADDR.ARPA", ISC_TRUE },
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews { "16.172.IN-ADDR.ARPA", ISC_TRUE },
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews { "17.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "18.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "19.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "20.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "21.172.IN-ADDR.ARPA", ISC_TRUE },
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellington { "22.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "23.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "24.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "25.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "26.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "27.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "28.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "29.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "30.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "31.172.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "168.192.IN-ADDR.ARPA", ISC_TRUE },
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews#endif
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews /* RFC 5735 and RFC 5737 */
f6407f9a0b890bebbfd5f738d9c4aef3d3315fe9Michael Graff { "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "254.169.IN-ADDR.ARPA", ISC_FALSE }, /* LINK LOCAL */
2002be4f65776451676df6ee21a2e28f52bcad6dMark Andrews { "2.0.192.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET */
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews { "100.51.198.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET 2 */
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews { "113.0.203.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET 3 */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { "255.255.255.255.IN-ADDR.ARPA", ISC_FALSE }, /* BROADCAST */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /* Local IPv6 Unicast Addresses */
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews { "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", ISC_FALSE },
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews { "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", ISC_FALSE },
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews /* LOCALLY ASSIGNED LOCAL ADDRESS SCOPE */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { "D.F.IP6.ARPA", ISC_FALSE },
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { "8.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { "9.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { "A.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { "B.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /* Example Prefix, RFC 3849. */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { "8.B.D.0.1.0.0.2.IP6.ARPA", ISC_FALSE },
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /* ORCHID Prefix, RFC 4843. */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { "0.1.1.0.0.2.IP6.ARPA", ISC_FALSE },
d981ca645597116d227a48bf37cc5edc061c854dBob Halley
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews { NULL, ISC_FALSE }
e6bd97dded968f82e26b270842b789bff7bca422Mark Andrews};
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark AndrewsISC_PLATFORM_NORETURN_PRE static void
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsfatal(const char *msg, isc_result_t result) ISC_PLATFORM_NORETURN_POST;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d2026ea7b5ae43bbd69d98b747f75ba3290bef1Mark Andrewsstatic void
f1cae4bcb7ee3060d893f5ab3ba55c1820bf3e4aBrian Wellingtonns_server_reload(isc_task_t *task, isc_event_t *event);
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsstatic isc_result_t
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
5d2026ea7b5ae43bbd69d98b747f75ba3290bef1Mark Andrews cfg_aclconfctx_t *actx,
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson isc_mem_t *mctx, ns_listenelt_t **target);
5d2026ea7b5ae43bbd69d98b747f75ba3290bef1Mark Andrewsstatic isc_result_t
5d2026ea7b5ae43bbd69d98b747f75ba3290bef1Mark Andrewsns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson cfg_aclconfctx_t *actx,
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson isc_mem_t *mctx, ns_listenlist_t **target);
5d2026ea7b5ae43bbd69d98b747f75ba3290bef1Mark Andrews
5f7a9845e900bc491db9feab137895721073631fMark Andrewsstatic isc_result_t
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsconfigure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype);
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrewsstatic isc_result_t
368b37b616234fce3d23099eb180f1dd38e1fb62Mark Andrewsconfigure_alternates(const cfg_obj_t *config, dns_view_t *view,
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews const cfg_obj_t *alternates);
cabaeca9ae5b98c80586b91e89cf552e17a75a9bBrian Wellington
cabaeca9ae5b98c80586b91e89cf552e17a75a9bBrian Wellingtonstatic isc_result_t
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrewsconfigure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view,
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews cfg_aclconfctx_t *aclconf);
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrewsstatic isc_result_t
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrewsadd_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx);
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrewsstatic void
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrewsend_reserved_dispatches(ns_server_t *server, isc_boolean_t all);
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews/*
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews * Stores config for building zones after the fact
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews */
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsstatic cfg_obj_t *nzf_config = NULL;
29c818c7d40fc8898b062903ec703851328a4deaMark Andrewsstatic cfg_parser_t *nzf_parser = NULL;
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsstatic const char *nzf_file = NULL;
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsstatic const cfg_obj_t *nzf_option = NULL;
cabaeca9ae5b98c80586b91e89cf552e17a75a9bBrian Wellingtonstatic cfg_aclconfctx_t nzf_actx;
cabaeca9ae5b98c80586b91e89cf552e17a75a9bBrian Wellington
cabaeca9ae5b98c80586b91e89cf552e17a75a9bBrian Wellington/*%
f1cae4bcb7ee3060d893f5ab3ba55c1820bf3e4aBrian Wellington * Configure a single view ACL at '*aclp'. Get its configuration from
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews * 'vconfig' (for per-view configuration) and maybe from 'config'
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews */
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsstatic isc_result_t
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrewsconfigure_view_acl(const cfg_obj_t *vconfig, const cfg_obj_t *config,
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews const char *aclname, const char *acltuplename,
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews cfg_aclconfctx_t *actx, isc_mem_t *mctx, dns_acl_t **aclp)
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews{
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews isc_result_t result;
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews const cfg_obj_t *maps[3];
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews const cfg_obj_t *aclobj = NULL;
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews int i = 0;
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (*aclp != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_acl_detach(aclp);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (vconfig != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews maps[i++] = cfg_tuple_get(vconfig, "options");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (config != NULL) {
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence const cfg_obj_t *options = NULL;
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews (void)cfg_map_get(config, "options", &options);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews if (options != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews maps[i++] = options;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews maps[i] = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)ns_config_get(maps, aclname, &aclobj);
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews if (aclobj == NULL)
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews /*
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * No value available. *aclp == NULL.
d981ca645597116d227a48bf37cc5edc061c854dBob Halley */
d981ca645597116d227a48bf37cc5edc061c854dBob Halley return (ISC_R_SUCCESS);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (acltuplename != NULL) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /*
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * If the ACL is given in an optional tuple, retrieve it.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * The parser should have ensured that a valid object be
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * returned.
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews */
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews aclobj = cfg_tuple_get(aclobj, acltuplename);
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews }
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx,
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews actx, mctx, 0, aclp);
90e303b114e56db5809fdd19805243457fa43cd9Olafur Gudmundsson
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews}
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews/*%
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Configure a sortlist at '*aclp'. Essentially the same as
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * configure_view_acl() except it calls cfg_acl_fromconfig with a
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * nest_level value of 2.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic isc_result_t
d981ca645597116d227a48bf37cc5edc061c854dBob Halleyconfigure_view_sortlist(const cfg_obj_t *vconfig, const cfg_obj_t *config,
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews cfg_aclconfctx_t *actx, isc_mem_t *mctx,
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews dns_acl_t **aclp)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence{
19d365e4448f1782611280b020987988b7ac3210Mark Andrews isc_result_t result;
f1cae4bcb7ee3060d893f5ab3ba55c1820bf3e4aBrian Wellington const cfg_obj_t *maps[3];
19d365e4448f1782611280b020987988b7ac3210Mark Andrews const cfg_obj_t *aclobj = NULL;
19d365e4448f1782611280b020987988b7ac3210Mark Andrews int i = 0;
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews if (*aclp != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_acl_detach(aclp);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (vconfig != NULL)
d981ca645597116d227a48bf37cc5edc061c854dBob Halley maps[i++] = cfg_tuple_get(vconfig, "options");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (config != NULL) {
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews const cfg_obj_t *options = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(config, "options", &options);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (options != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews maps[i++] = options;
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews maps[i] = NULL;
19d365e4448f1782611280b020987988b7ac3210Mark Andrews
19d365e4448f1782611280b020987988b7ac3210Mark Andrews (void)ns_config_get(maps, "sortlist", &aclobj);
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews if (aclobj == NULL)
19d365e4448f1782611280b020987988b7ac3210Mark Andrews return (ISC_R_SUCCESS);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /*
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Use a nest level of 3 for the "top level" of the sortlist;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * this means each entry in the top three levels will be stored
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff * as lists of separate, nested ACLs, rather than merged together
d981ca645597116d227a48bf37cc5edc061c854dBob Halley * into IP tables as is usually done with ACLs.
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews */
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx,
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews actx, mctx, 3, aclp);
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff return (result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews}
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic isc_result_t
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrewsconfigure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews const char *confname, const char *conftuplename,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_mem_t *mctx, dns_rbt_t **rbtp)
19d365e4448f1782611280b020987988b7ac3210Mark Andrews{
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews isc_result_t result;
f1cae4bcb7ee3060d893f5ab3ba55c1820bf3e4aBrian Wellington const cfg_obj_t *maps[3];
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews const cfg_obj_t *obj = NULL;
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews const cfg_listelt_t *element;
19d365e4448f1782611280b020987988b7ac3210Mark Andrews int i = 0;
6bebabb376b93e7d12f53a253b197a3fc0e0b001Andreas Gustafsson dns_fixedname_t fixed;
6bebabb376b93e7d12f53a253b197a3fc0e0b001Andreas Gustafsson dns_name_t *name;
6bebabb376b93e7d12f53a253b197a3fc0e0b001Andreas Gustafsson isc_buffer_t b;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const char *str;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const cfg_obj_t *nameobj;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews if (*rbtp != NULL)
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews dns_rbt_destroy(rbtp);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews if (vconfig != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews maps[i++] = cfg_tuple_get(vconfig, "options");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (config != NULL) {
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews const cfg_obj_t *options = NULL;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews (void)cfg_map_get(config, "options", &options);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews if (options != NULL)
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews maps[i++] = options;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews }
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews maps[i] = NULL;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews (void)ns_config_get(maps, confname, &obj);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews if (obj == NULL)
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews /*
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * No value available. *rbtp == NULL.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence return (ISC_R_SUCCESS);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if (conftuplename != NULL) {
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews obj = cfg_tuple_get(obj, conftuplename);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (cfg_obj_isvoid(obj))
ad7209ea70d346527ffdcda335153831341d9dcfAndreas Gustafsson return (ISC_R_SUCCESS);
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews }
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews result = dns_rbt_create(mctx, NULL, NULL, rbtp);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley if (result != ISC_R_SUCCESS)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff dns_fixedname_init(&fixed);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews name = dns_fixedname_name(&fixed);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews for (element = cfg_list_first(obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews element != NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews element = cfg_list_next(element)) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews nameobj = cfg_listelt_value(element);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews str = cfg_obj_asstring(nameobj);
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff isc_buffer_init(&b, str, strlen(str));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_add(&b, strlen(str));
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellington CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews /*
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff * We don't need the node data, but need to set dummy data to
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews * avoid a partial match with an empty node. For example, if
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halley * we have foo.example.com and bar.example.com, we'd get a match
52637f592f705ca93fadc218e403fd55e8ce4aeaMark Andrews * for baz.example.com, which is not the expected result.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * We simply use (void *)1 as the dummy data.
19d365e4448f1782611280b020987988b7ac3210Mark Andrews */
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews result = dns_rbt_addname(*rbtp, name, (void *)1);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence if (result != ISC_R_SUCCESS) {
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson cfg_obj_log(nameobj, ns_g_lctx, ISC_LOG_ERROR,
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson "failed to add %s for %s: %s",
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson str, confname, isc_result_totext(result));
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews goto cleanup;
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews }
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews }
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson
52637f592f705ca93fadc218e403fd55e8ce4aeaMark Andrews return (result);
19d365e4448f1782611280b020987988b7ac3210Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews cleanup:
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence dns_rbt_destroy(rbtp);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews return (result);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence}
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halleystatic isc_result_t
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halleydstkey_fromconfig(const cfg_obj_t *vconfig, const cfg_obj_t *key,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff isc_boolean_t managed, dst_key_t **target, isc_mem_t *mctx)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews{
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff dns_rdataclass_t viewclass;
52637f592f705ca93fadc218e403fd55e8ce4aeaMark Andrews dns_rdata_dnskey_t keystruct;
7c0378745269fe49a05904935afc42b85528f53aDavid Lawrence isc_uint32_t flags, proto, alg;
7c0378745269fe49a05904935afc42b85528f53aDavid Lawrence const char *keystr, *keynamestr;
52637f592f705ca93fadc218e403fd55e8ce4aeaMark Andrews unsigned char keydata[4096];
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_t keydatabuf;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews unsigned char rrdata[4096];
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_t rrdatabuf;
7e4cda9965e2edf2ec43c57967eec8eff7061ab0Andreas Gustafsson isc_region_t r;
7e4cda9965e2edf2ec43c57967eec8eff7061ab0Andreas Gustafsson dns_fixedname_t fkeyname;
7e4cda9965e2edf2ec43c57967eec8eff7061ab0Andreas Gustafsson dns_name_t *keyname;
7e4cda9965e2edf2ec43c57967eec8eff7061ab0Andreas Gustafsson isc_buffer_t namebuf;
7e4cda9965e2edf2ec43c57967eec8eff7061ab0Andreas Gustafsson isc_result_t result;
3a16668468060842e847ea6556e80e1405d35cd6Brian Wellington dst_key_t *dstkey = NULL;
7e4cda9965e2edf2ec43c57967eec8eff7061ab0Andreas Gustafsson
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington INSIST(target != NULL && *target == NULL);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags"));
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews proto = cfg_obj_asuint32(cfg_tuple_get(key, "protocol"));
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington alg = cfg_obj_asuint32(cfg_tuple_get(key, "algorithm"));
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington keyname = dns_fixedname_name(&fkeyname);
942d1a339b1fe617f7d17d66cb5fccce798d15aeBrian Wellington keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington if (managed) {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews const char *initmethod;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington initmethod = cfg_obj_asstring(cfg_tuple_get(key, "init"));
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews if (strcasecmp(initmethod, "initial-key") != 0) {
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews "managed key '%s': "
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington "invalid initialization method '%s'",
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington keynamestr, initmethod);
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington result = ISC_R_FAILURE;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington goto cleanup;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington }
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington }
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington if (vconfig == NULL)
de5247ae1683ce145662180ee50272d2214a0232Andreas Gustafsson viewclass = dns_rdataclass_in;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington else {
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington const cfg_obj_t *classobj = cfg_tuple_get(vconfig, "class");
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington CHECK(ns_config_getclass(classobj, dns_rdataclass_in,
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington &viewclass));
5eb91bd90e3ad3426e5e3213031556a737cf3809Mark Andrews }
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington keystruct.common.rdclass = viewclass;
f16495732753175e4a9fc144323a12fdcc29b561Brian Wellington keystruct.common.rdtype = dns_rdatatype_dnskey;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington /*
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington * The key data in keystruct is not dynamically allocated.
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington */
e086935752b6e2f51ef2985fee21ccfff617b115David Lawrence keystruct.mctx = NULL;
e086935752b6e2f51ef2985fee21ccfff617b115David Lawrence
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington ISC_LINK_INIT(&keystruct.common, link);
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington if (flags > 0xffff)
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington CHECKM(ISC_R_RANGE, "key flags");
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington if (proto > 0xff)
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington CHECKM(ISC_R_RANGE, "key protocol");
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington if (alg > 0xff)
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington CHECKM(ISC_R_RANGE, "key algorithm");
7e4cda9965e2edf2ec43c57967eec8eff7061ab0Andreas Gustafsson keystruct.flags = (isc_uint16_t)flags;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington keystruct.protocol = (isc_uint8_t)proto;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington keystruct.algorithm = (isc_uint8_t)alg;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington isc_buffer_init(&keydatabuf, keydata, sizeof(keydata));
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata));
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington keystr = cfg_obj_asstring(cfg_tuple_get(key, "key"));
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington CHECK(isc_base64_decodestring(keystr, &keydatabuf));
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington isc_buffer_usedregion(&keydatabuf, &r);
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington keystruct.datalen = r.length;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington keystruct.data = r.base;
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington if ((keystruct.algorithm == DST_ALG_RSASHA1 ||
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington keystruct.algorithm == DST_ALG_RSAMD5) &&
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington r.length > 1 && r.base[0] == 1 && r.base[1] == 3)
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff "%s key '%s' has a weak exponent",
d981ca645597116d227a48bf37cc5edc061c854dBob Halley managed ? "managed" : "trusted",
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews keynamestr);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews CHECK(dns_rdata_fromstruct(NULL,
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews keystruct.common.rdclass,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff keystruct.common.rdtype,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews &keystruct, &rrdatabuf));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_fixedname_init(&fkeyname);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews isc_buffer_init(&namebuf, keynamestr, strlen(keynamestr));
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews isc_buffer_add(&namebuf, strlen(keynamestr));
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews CHECK(dns_name_fromtext(keyname, &namebuf, dns_rootname, 0, NULL));
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews CHECK(dst_key_fromdns(keyname, viewclass, &rrdatabuf,
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence mctx, &dstkey));
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence
8dd5237a27e2e824d18f835dc711573aeb23a173Mark Andrews *target = dstkey;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (ISC_R_SUCCESS);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews cleanup:
f1cae4bcb7ee3060d893f5ab3ba55c1820bf3e4aBrian Wellington if (result == DST_R_NOCRYPTO) {
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews "ignoring %s key for '%s': no crypto support",
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews managed ? "managed" : "trusted",
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews keynamestr);
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews } else if (result == DST_R_UNSUPPORTEDALG) {
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
19d365e4448f1782611280b020987988b7ac3210Mark Andrews "skipping %s key for '%s': %s",
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews managed ? "managed" : "trusted",
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews keynamestr, isc_result_totext(result));
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews } else {
228c679d7a269423019f7c528db92e855f08240bMark Andrews cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
b6a0341bcb113e93bd0bc41a9f9a1fc117444da6Mark Andrews "configuring %s key for '%s': %s",
228c679d7a269423019f7c528db92e855f08240bMark Andrews managed ? "managed" : "trusted",
228c679d7a269423019f7c528db92e855f08240bMark Andrews keynamestr, isc_result_totext(result));
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington result = ISC_R_FAILURE;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington }
228c679d7a269423019f7c528db92e855f08240bMark Andrews
228c679d7a269423019f7c528db92e855f08240bMark Andrews if (dstkey != NULL)
228c679d7a269423019f7c528db92e855f08240bMark Andrews dst_key_free(&dstkey);
228c679d7a269423019f7c528db92e855f08240bMark Andrews
228c679d7a269423019f7c528db92e855f08240bMark Andrews return (result);
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington}
228c679d7a269423019f7c528db92e855f08240bMark Andrews
228c679d7a269423019f7c528db92e855f08240bMark Andrewsstatic isc_result_t
c46f10e4a1702191b003cf8f8fc5059c15d29c48Mark Andrewsload_view_keys(const cfg_obj_t *keys, const cfg_obj_t *vconfig,
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington dns_view_t *view, isc_boolean_t managed, isc_mem_t *mctx)
93ed317bb43658ed48ee7439f7a36bb9bcf80c94Brian Wellington{
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington const cfg_listelt_t *elt, *elt2;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington const cfg_obj_t *key, *keylist;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington dst_key_t *dstkey = NULL;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews isc_result_t result;
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews dns_keytable_t *secroots = NULL;
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews CHECK(dns_view_getsecroots(view, &secroots));
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews for (elt = cfg_list_first(keys);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews elt != NULL;
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews elt = cfg_list_next(elt)) {
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews keylist = cfg_listelt_value(elt);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews for (elt2 = cfg_list_first(keylist);
8dd5237a27e2e824d18f835dc711573aeb23a173Mark Andrews elt2 != NULL;
8dd5237a27e2e824d18f835dc711573aeb23a173Mark Andrews elt2 = cfg_list_next(elt2)) {
8dd5237a27e2e824d18f835dc711573aeb23a173Mark Andrews key = cfg_listelt_value(elt2);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = dstkey_fromconfig(vconfig, key, managed,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews &dstkey, mctx);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews if (result == DST_R_UNSUPPORTEDALG) {
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews result = ISC_R_SUCCESS;
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews continue;
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews }
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if (result != ISC_R_SUCCESS)
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews goto cleanup;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews CHECK(dns_keytable_add(secroots, managed, &dstkey));
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews }
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews }
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff cleanup:
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews if (secroots != NULL)
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews dns_keytable_detach(&secroots);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews if (result == DST_R_NOCRYPTO)
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews result = ISC_R_SUCCESS;
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews return (result);
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews}
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews/*%
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews * Configure DNSSEC keys for a view.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews *
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff * The per-view configuration values and the server-global defaults are read
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews * from 'vconfig' and 'config'.
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews */
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrewsstatic isc_result_t
d981ca645597116d227a48bf37cc5edc061c854dBob Halleyconfigure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const cfg_obj_t *config, const cfg_obj_t *bindkeys,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff isc_boolean_t auto_dlv, isc_mem_t *mctx)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews{
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_result_t result = ISC_R_SUCCESS;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const cfg_obj_t *view_keys = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const cfg_obj_t *global_keys = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const cfg_obj_t *view_managed_keys = NULL;
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff const cfg_obj_t *global_managed_keys = NULL;
ae70d32b67cf30e06553c01479e71c87b21d984cBob Halley const cfg_obj_t *builtin_keys = NULL;
ae70d32b67cf30e06553c01479e71c87b21d984cBob Halley const cfg_obj_t *builtin_managed_keys = NULL;
19d365e4448f1782611280b020987988b7ac3210Mark Andrews const cfg_obj_t *maps[4];
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff const cfg_obj_t *voptions = NULL;
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews const cfg_obj_t *options = NULL;
471e0563c7965c556c759775882cd3448dae78eaMark Andrews const cfg_obj_t *obj = NULL;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews const char *directory;
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence int i = 0;
19d365e4448f1782611280b020987988b7ac3210Mark Andrews
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence /* We don't need trust anchors for the _bind view */
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence if (strcmp(view->name, "_bind") == 0 &&
19d365e4448f1782611280b020987988b7ac3210Mark Andrews view->rdclass == dns_rdataclass_chaos) {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence return (ISC_R_SUCCESS);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence }
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews if (vconfig != NULL) {
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews voptions = cfg_tuple_get(vconfig, "options");
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if (voptions != NULL) {
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews (void) cfg_map_get(voptions, "trusted-keys",
f8aae502686e2448c48f56697c212a50e2a1cbaeAndreas Gustafsson &view_keys);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void) cfg_map_get(voptions, "managed-keys",
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews &view_managed_keys);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews maps[i++] = voptions;
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews }
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington }
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews if (config != NULL) {
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews (void)cfg_map_get(config, "trusted-keys", &global_keys);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews (void)cfg_map_get(config, "managed-keys", &global_managed_keys);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews (void)cfg_map_get(config, "options", &options);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews if (options != NULL) {
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews maps[i++] = options;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews }
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews }
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington maps[i++] = ns_g_defaults;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington maps[i] = NULL;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews result = dns_view_initsecroots(view, mctx);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews if (result != ISC_R_SUCCESS) {
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews "couldn't create keytable");
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews return (ISC_R_UNEXPECTED);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (auto_dlv && view->rdclass == dns_rdataclass_in) {
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson "using built-in trusted-keys for view %s",
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews view->name);
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews /*
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews * If bind.keys exists, it overrides the managed-keys
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * clause hard-coded in ns_g_config.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (bindkeys != NULL) {
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson (void)cfg_map_get(bindkeys, "trusted-keys",
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson &builtin_keys);
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson (void)cfg_map_get(bindkeys, "managed-keys",
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson &builtin_managed_keys);
ae70d32b67cf30e06553c01479e71c87b21d984cBob Halley } else {
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson (void)cfg_map_get(ns_g_config, "trusted-keys",
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson &builtin_keys);
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff (void)cfg_map_get(ns_g_config, "managed-keys",
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson &builtin_managed_keys);
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson }
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson if (builtin_keys != NULL)
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews CHECK(load_view_keys(builtin_keys, vconfig, view,
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews ISC_FALSE, mctx));
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews if (builtin_managed_keys != NULL)
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews CHECK(load_view_keys(builtin_managed_keys, vconfig,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence view, ISC_TRUE, mctx));
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence }
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson CHECK(load_view_keys(view_keys, vconfig, view, ISC_FALSE, mctx));
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson CHECK(load_view_keys(view_managed_keys, vconfig, view, ISC_TRUE, mctx));
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson if (view->rdclass == dns_rdataclass_in) {
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson CHECK(load_view_keys(global_keys, vconfig, view, ISC_FALSE,
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson mctx));
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson CHECK(load_view_keys(global_managed_keys, vconfig, view,
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington ISC_TRUE, mctx));
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson }
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson
ae70d32b67cf30e06553c01479e71c87b21d984cBob Halley /*
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson * Add key zone for managed-keys.
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson */
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff obj = NULL;
d981ca645597116d227a48bf37cc5edc061c854dBob Halley (void)ns_config_get(maps, "managed-keys-directory", &obj);
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews directory = obj != NULL ? cfg_obj_asstring(obj) : NULL;
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews CHECK(add_keydata_zone(view, directory, ns_g_mctx));
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff cleanup:
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews}
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic isc_result_t
19d365e4448f1782611280b020987988b7ac3210Mark Andrewsmustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) {
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews const cfg_listelt_t *element;
f1cae4bcb7ee3060d893f5ab3ba55c1820bf3e4aBrian Wellington const cfg_obj_t *obj;
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews const char *str;
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews dns_fixedname_t fixed;
19d365e4448f1782611280b020987988b7ac3210Mark Andrews dns_name_t *name;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_boolean_t value;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_result_t result;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_t b;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews dns_fixedname_init(&fixed);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews name = dns_fixedname_name(&fixed);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews for (element = cfg_list_first(mbs);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff element != NULL;
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews element = cfg_list_next(element))
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews {
7d8cdd869ed2162a5befda7cc1600136110f54d6Mark Andrews obj = cfg_listelt_value(element);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley str = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&b, str, strlen(str));
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff isc_buffer_add(&b, strlen(str));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews value = cfg_obj_asboolean(cfg_tuple_get(obj, "value"));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_resolver_setmustbesecure(resolver, name, value));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews result = ISC_R_SUCCESS;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews cleanup:
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (result);
19d365e4448f1782611280b020987988b7ac3210Mark Andrews}
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews
19d365e4448f1782611280b020987988b7ac3210Mark Andrews/*%
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Get a dispatch appropriate for the resolver of a given view.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews */
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrewsstatic isc_result_t
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrewsget_view_querysource_dispatch(const cfg_obj_t **maps,
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews int af, dns_dispatch_t **dispatchp,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_boolean_t is_firstview)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews{
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_result_t result;
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews dns_dispatch_t *disp;
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews isc_sockaddr_t sa;
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews unsigned int attrs, attrmask;
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews const cfg_obj_t *obj = NULL;
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews unsigned int maxdispatchbuffers;
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews /*
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews * Make compiler happy.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff */
d981ca645597116d227a48bf37cc5edc061c854dBob Halley result = ISC_R_FAILURE;
d981ca645597116d227a48bf37cc5edc061c854dBob Halley
d981ca645597116d227a48bf37cc5edc061c854dBob Halley switch (af) {
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff case AF_INET:
d981ca645597116d227a48bf37cc5edc061c854dBob Halley result = ns_config_get(maps, "query-source", &obj);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley INSIST(result == ISC_R_SUCCESS);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley break;
d981ca645597116d227a48bf37cc5edc061c854dBob Halley case AF_INET6:
d981ca645597116d227a48bf37cc5edc061c854dBob Halley result = ns_config_get(maps, "query-source-v6", &obj);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley INSIST(result == ISC_R_SUCCESS);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley break;
d981ca645597116d227a48bf37cc5edc061c854dBob Halley default:
d981ca645597116d227a48bf37cc5edc061c854dBob Halley INSIST(0);
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews }
d981ca645597116d227a48bf37cc5edc061c854dBob Halley
d981ca645597116d227a48bf37cc5edc061c854dBob Halley sa = *(cfg_obj_assockaddr(obj));
d981ca645597116d227a48bf37cc5edc061c854dBob Halley INSIST(isc_sockaddr_pf(&sa) == af);
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews
d981ca645597116d227a48bf37cc5edc061c854dBob Halley /*
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews * If we don't support this address family, we're done!
d981ca645597116d227a48bf37cc5edc061c854dBob Halley */
d981ca645597116d227a48bf37cc5edc061c854dBob Halley switch (af) {
d981ca645597116d227a48bf37cc5edc061c854dBob Halley case AF_INET:
d981ca645597116d227a48bf37cc5edc061c854dBob Halley result = isc_net_probeipv4();
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff break;
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley case AF_INET6:
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff result = isc_net_probeipv6();
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley break;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews default:
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley INSIST(0);
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley }
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley if (result != ISC_R_SUCCESS)
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley return (ISC_R_SUCCESS);
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley /*
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley * Try to find a dispatcher that we can share.
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews */
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley attrs = 0;
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley attrs |= DNS_DISPATCHATTR_UDP;
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley switch (af) {
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews case AF_INET:
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews attrs |= DNS_DISPATCHATTR_IPV4;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews break;
9916239908343b3eb17f0578de4c3cd6a313d85fMark Andrews case AF_INET6:
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley attrs |= DNS_DISPATCHATTR_IPV6;
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley break;
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley }
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley if (isc_sockaddr_getport(&sa) == 0) {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews attrs |= DNS_DISPATCHATTR_EXCLUSIVE;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews maxdispatchbuffers = 4096;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews } else {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews INSIST(obj != NULL);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews if (is_firstview) {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO,
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews "using specific query-source port "
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews "suppresses port randomization and can be "
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews "insecure.");
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews }
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews maxdispatchbuffers = 1000;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews }
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews attrmask = 0;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews attrmask |= DNS_DISPATCHATTR_UDP;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews attrmask |= DNS_DISPATCHATTR_TCP;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews attrmask |= DNS_DISPATCHATTR_IPV4;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews attrmask |= DNS_DISPATCHATTR_IPV6;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff disp = NULL;
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff ns_g_taskmgr, &sa, 4096,
28b863e609ff2d97b78663b46894494cfa2ea411Mark Andrews maxdispatchbuffers, 32768, 16411, 16433,
28b863e609ff2d97b78663b46894494cfa2ea411Mark Andrews attrs, attrmask, &disp);
28b863e609ff2d97b78663b46894494cfa2ea411Mark Andrews if (result != ISC_R_SUCCESS) {
471e0563c7965c556c759775882cd3448dae78eaMark Andrews isc_sockaddr_t any;
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff char buf[ISC_SOCKADDR_FORMATSIZE];
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff switch (af) {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence case AF_INET:
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff isc_sockaddr_any(&any);
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews break;
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff case AF_INET6:
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff isc_sockaddr_any6(&any);
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff break;
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff }
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff if (isc_sockaddr_equal(&sa, &any))
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff return (ISC_R_SUCCESS);
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff isc_sockaddr_format(&sa, buf, sizeof(buf));
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff "could not get query source dispatcher (%s)",
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff buf);
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff return (result);
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff }
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff *dispatchp = disp;
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff
94a537e6ab3069f8d34e12e5ea722250be2b89c8Michael Graff return (ISC_R_SUCCESS);
8695d7b357789bedff63e5b19c5ab25cd58fcd4bMark Andrews}
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews
8695d7b357789bedff63e5b19c5ab25cd58fcd4bMark Andrewsstatic isc_result_t
8695d7b357789bedff63e5b19c5ab25cd58fcd4bMark Andrewsconfigure_order(dns_order_t *order, const cfg_obj_t *ent) {
8695d7b357789bedff63e5b19c5ab25cd58fcd4bMark Andrews dns_rdataclass_t rdclass;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington dns_rdatatype_t rdtype;
9be230cfca126bea6b666f506a230ffcdfba60dbMark Andrews const cfg_obj_t *obj;
8695d7b357789bedff63e5b19c5ab25cd58fcd4bMark Andrews dns_fixedname_t fixed;
beed6a0e226fbd0c18c19a3e341a2003cba020a5Mark Andrews unsigned int mode = 0;
beed6a0e226fbd0c18c19a3e341a2003cba020a5Mark Andrews const char *str;
beed6a0e226fbd0c18c19a3e341a2003cba020a5Mark Andrews isc_buffer_t b;
9be230cfca126bea6b666f506a230ffcdfba60dbMark Andrews isc_result_t result;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington isc_boolean_t addroot;
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington result = ns_config_getclass(cfg_tuple_get(ent, "class"),
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington dns_rdataclass_any, &rdclass);
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington if (result != ISC_R_SUCCESS)
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews return (result);
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews result = ns_config_gettype(cfg_tuple_get(ent, "type"),
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff dns_rdatatype_any, &rdtype);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (result != ISC_R_SUCCESS)
471e0563c7965c556c759775882cd3448dae78eaMark Andrews return (result);
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff
28b863e609ff2d97b78663b46894494cfa2ea411Mark Andrews obj = cfg_tuple_get(ent, "name");
cc083bb7031c04d57cbad41b2f5a796a4fd1865cMark Andrews if (cfg_obj_isstring(obj))
471e0563c7965c556c759775882cd3448dae78eaMark Andrews str = cfg_obj_asstring(obj);
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews else
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews str = "*";
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson addroot = ISC_TF(strcmp(str, "*") == 0);
8c962eba3d6faebc008806ebb6bb9d08089118e9Andreas Gustafsson isc_buffer_init(&b, str, strlen(str));
8c962eba3d6faebc008806ebb6bb9d08089118e9Andreas Gustafsson isc_buffer_add(&b, strlen(str));
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson dns_fixedname_init(&fixed);
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson result = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson dns_rootname, 0, NULL);
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson if (result != ISC_R_SUCCESS)
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson return (result);
8c962eba3d6faebc008806ebb6bb9d08089118e9Andreas Gustafsson
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson obj = cfg_tuple_get(ent, "ordering");
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson INSIST(cfg_obj_isstring(obj));
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson str = cfg_obj_asstring(obj);
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson if (!strcasecmp(str, "fixed"))
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson mode = DNS_RDATASETATTR_FIXEDORDER;
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson else if (!strcasecmp(str, "random"))
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson mode = DNS_RDATASETATTR_RANDOMIZE;
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson else if (!strcasecmp(str, "cyclic"))
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson mode = 0;
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson else
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson INSIST(0);
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson /*
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson * "*" should match everything including the root (BIND 8 compat).
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson * As dns_name_matcheswildcard(".", "*.") returns FALSE add a
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * explicit entry for "." when the name is "*".
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (addroot) {
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews result = dns_order_add(order, dns_rootname,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews rdtype, rdclass, mode);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (result != ISC_R_SUCCESS)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff return (dns_order_add(order, dns_fixedname_name(&fixed),
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews rdtype, rdclass, mode));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews}
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic isc_result_t
fe47f41b13620bfafc4f8cf65d5df24f1e568764Bob Halleyconfigure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_netaddr_t na;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_peer_t *peer;
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence const cfg_obj_t *obj;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const char *str;
fe47f41b13620bfafc4f8cf65d5df24f1e568764Bob Halley isc_result_t result;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews unsigned int prefixlen;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews cfg_obj_asnetprefix(cfg_map_getname(cpeer), &na, &prefixlen);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews peer = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_peer_newprefix(mctx, &na, prefixlen, &peer);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (result != ISC_R_SUCCESS)
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff return (result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews obj = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(cpeer, "bogus", &obj);
ca2912424b1d7c348186a325dd2078a37bb8d818Andreas Gustafsson if (obj != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_peer_setbogus(peer, cfg_obj_asboolean(obj)));
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews obj = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(cpeer, "provide-ixfr", &obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (obj != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_peer_setprovideixfr(peer, cfg_obj_asboolean(obj)));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews obj = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(cpeer, "request-ixfr", &obj);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if (obj != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_peer_setrequestixfr(peer, cfg_obj_asboolean(obj)));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews obj = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(cpeer, "request-nsid", &obj);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if (obj != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_peer_setrequestnsid(peer, cfg_obj_asboolean(obj)));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews obj = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(cpeer, "edns", &obj);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if (obj != NULL)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_peer_setsupportedns(peer, cfg_obj_asboolean(obj)));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
fe47f41b13620bfafc4f8cf65d5df24f1e568764Bob Halley obj = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(cpeer, "edns-udp-size", &obj);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if (obj != NULL) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_uint32_t udpsize = cfg_obj_asuint32(obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (udpsize < 512)
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff udpsize = 512;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (udpsize > 4096)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews udpsize = 4096;
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews CHECK(dns_peer_setudpsize(peer, (isc_uint16_t)udpsize));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews }
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews obj = NULL;
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews (void)cfg_map_get(cpeer, "max-udp-size", &obj);
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (obj != NULL) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_uint32_t udpsize = cfg_obj_asuint32(obj);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence if (udpsize < 512)
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews udpsize = 512;
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (udpsize > 4096)
f0ff273b530afa730025e1c5ad311950f7ff4328Mark Andrews udpsize = 4096;
f0ff273b530afa730025e1c5ad311950f7ff4328Mark Andrews CHECK(dns_peer_setmaxudp(peer, (isc_uint16_t)udpsize));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews }
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff obj = NULL;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence (void)cfg_map_get(cpeer, "transfers", &obj);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (obj != NULL)
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence CHECK(dns_peer_settransfers(peer, cfg_obj_asuint32(obj)));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews obj = NULL;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence (void)cfg_map_get(cpeer, "transfer-format", &obj);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (obj != NULL) {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence str = cfg_obj_asstring(obj);
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (strcasecmp(str, "many-answers") == 0)
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews CHECK(dns_peer_settransferformat(peer,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews dns_many_answers));
ad493ef9ddb5a3e78e9d99f57abe75552f36a8f4Andreas Gustafsson else if (strcasecmp(str, "one-answer") == 0)
7c0378745269fe49a05904935afc42b85528f53aDavid Lawrence CHECK(dns_peer_settransferformat(peer,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews dns_one_answer));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews else
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews INSIST(0);
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews }
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews obj = NULL;
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews (void)cfg_map_get(cpeer, "keys", &obj);
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (obj != NULL) {
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews result = dns_peer_setkeybycharp(peer, cfg_obj_asstring(obj));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (result != ISC_R_SUCCESS)
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews goto cleanup;
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews }
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews obj = NULL;
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (na.family == AF_INET)
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews (void)cfg_map_get(cpeer, "transfer-source", &obj);
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews else
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews (void)cfg_map_get(cpeer, "transfer-source-v6", &obj);
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (obj != NULL) {
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews result = dns_peer_settransfersource(peer,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews cfg_obj_assockaddr(obj));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (result != ISC_R_SUCCESS)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence goto cleanup;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews }
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews obj = NULL;
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews if (na.family == AF_INET)
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews (void)cfg_map_get(cpeer, "notify-source", &obj);
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews else
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews (void)cfg_map_get(cpeer, "notify-source-v6", &obj);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if (obj != NULL) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_peer_setnotifysource(peer,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews cfg_obj_assockaddr(obj));
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff if (result != ISC_R_SUCCESS)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews goto cleanup;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews obj = NULL;
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence if (na.family == AF_INET)
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews (void)cfg_map_get(cpeer, "query-source", &obj);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff else
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (void)cfg_map_get(cpeer, "query-source-v6", &obj);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (obj != NULL) {
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff result = dns_peer_setquerysource(peer,
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence cfg_obj_assockaddr(obj));
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence if (result != ISC_R_SUCCESS)
bfb2a81b65579882a80855c279cedc45aebd62e8Mark Andrews goto cleanup;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews *peerp = peer;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (ISC_R_SUCCESS);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews cleanup:
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_peer_detach(&peer);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews}
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic isc_result_t
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsdisable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_result_t result;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const cfg_obj_t *algorithms;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const cfg_listelt_t *element;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const char *str;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_fixedname_t fixed;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_name_t *name;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_t b;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_fixedname_init(&fixed);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews name = dns_fixedname_name(&fixed);
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence str = cfg_obj_asstring(cfg_tuple_get(disabled, "name"));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&b, str, strlen(str));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_add(&b, strlen(str));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews algorithms = cfg_tuple_get(disabled, "algorithms");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews for (element = cfg_list_first(algorithms);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews element != NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews element = cfg_list_next(element))
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_textregion_t r;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_secalg_t alg;
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence DE_CONST(cfg_obj_asstring(cfg_listelt_value(element)), r.base);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews r.length = strlen(r.base);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_secalg_fromtext(&alg, &r);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence if (result != ISC_R_SUCCESS) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_uint8_t ui;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = isc_parse_uint8(&ui, r.base, 10);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews alg = ui;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (result != ISC_R_SUCCESS) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews cfg_obj_log(cfg_listelt_value(element),
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews ns_g_lctx, ISC_LOG_ERROR,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff "invalid algorithm");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews CHECK(result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington CHECK(dns_resolver_disable_algorithm(resolver, name, alg));
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington }
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington cleanup:
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington return (result);
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington}
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellingtonstatic isc_boolean_t
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellingtonon_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) {
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington const cfg_listelt_t *element;
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington dns_fixedname_t fixed;
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington dns_name_t *name;
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington isc_result_t result;
330705066b03f6ce0bc08a4bbfc5d2418038c68dBrian Wellington const cfg_obj_t *value;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews const char *str;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_t b;
26b0f58b6c4d65bc8b131debf40b8c376c2978bfBob Halley
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_fixedname_init(&fixed);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews name = dns_fixedname_name(&fixed);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence for (element = cfg_list_first(disablelist);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence element != NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews element = cfg_list_next(element))
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews value = cfg_listelt_value(element);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews str = cfg_obj_asstring(value);
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff isc_buffer_init(&b, str, strlen(str));
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews isc_buffer_add(&b, strlen(str));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_name_fromtext(name, &b, dns_rootname,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews 0, NULL);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence RUNTIME_CHECK(result == ISC_R_SUCCESS);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (dns_name_equal(name, zonename))
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff return (ISC_TRUE);
e4653123ecc6cdbfc0b9eda6e98e44af3b1f9a08Mark Andrews }
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff return (ISC_FALSE);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews}
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graffstatic void
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrewscheck_dbtype(dns_zone_t **zonep, unsigned int dbtypec, const char **dbargv,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_mem_t *mctx)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews{
1c3191528684f3dd93ebb122298c2f8ebfc6d397Mark Andrews char **argv = NULL;
34b394b43e2207e8f8f3703f0402422121455638David Lawrence unsigned int i;
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence isc_result_t result;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff result = dns_zone_getdbtype(*zonep, &argv, mctx);
7c0378745269fe49a05904935afc42b85528f53aDavid Lawrence if (result != ISC_R_SUCCESS) {
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff dns_zone_detach(zonep);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson /*
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson * Check that all the arguments match.
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson */
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson for (i = 0; i < dbtypec; i++)
34b394b43e2207e8f8f3703f0402422121455638David Lawrence if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) {
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence dns_zone_detach(zonep);
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson break;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff }
7c0378745269fe49a05904935afc42b85528f53aDavid Lawrence
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff /*
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson * Check that there are not extra arguments.
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson */
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson if (i == dbtypec && argv[i] != NULL)
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson dns_zone_detach(zonep);
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson isc_mem_free(mctx, argv);
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson}
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafsson
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafssonstatic isc_result_t
5466ce3f279d9fa83ce826bcdc9482bc591152aeAndreas Gustafssonsetquerystats(dns_zone_t *zone, isc_mem_t *mctx, isc_boolean_t on) {
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews isc_result_t result;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_stats_t *zoneqrystats;
2da53322f30495e9bcf30f3776def2da329d3343Mark Andrews
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence zoneqrystats = NULL;
035504dbd8ca5949e8380b860873b3385a4e61e5Mark Andrews if (on) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = isc_stats_create(mctx, &zoneqrystats,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_nsstatscounter_max);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (result != ISC_R_SUCCESS)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return (result);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_zone_setrequeststats(zone, zoneqrystats);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (zoneqrystats != NULL)
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews isc_stats_detach(&zoneqrystats);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence return (ISC_R_SUCCESS);
035504dbd8ca5949e8380b860873b3385a4e61e5Mark Andrews}
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic ns_cache_t *
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewscachelist_find(ns_cachelist_t *cachelist, const char *cachename) {
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews ns_cache_t *nsc;
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson for (nsc = ISC_LIST_HEAD(*cachelist);
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence nsc != NULL;
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson nsc = ISC_LIST_NEXT(nsc, link)) {
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson if (strcmp(dns_cache_getname(nsc->cache), cachename) == 0)
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson return (nsc);
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson }
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff return (NULL);
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews}
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrewsstatic isc_boolean_t
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrencecache_reusable(dns_view_t *originview, dns_view_t *view,
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellington isc_boolean_t new_zero_no_soattl)
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff{
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews if (originview->checknames != view->checknames ||
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews dns_resolver_getzeronosoattl(originview->resolver) !=
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff new_zero_no_soattl ||
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews originview->acceptexpired != view->acceptexpired ||
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews originview->enablevalidation != view->enablevalidation ||
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews originview->maxcachettl != view->maxcachettl ||
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews originview->maxncachettl != view->maxncachettl) {
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews return (ISC_FALSE);
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence }
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence return (ISC_TRUE);
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence}
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrewsstatic isc_boolean_t
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrencecache_sharable(dns_view_t *originview, dns_view_t *view,
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence isc_boolean_t new_zero_no_soattl,
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews unsigned int new_cleaning_interval,
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews isc_uint32_t new_max_cache_size)
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews{
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews /*
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews * If the cache cannot even reused for the same view, it cannot be
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews * shared with other views.
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews */
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews if (!cache_reusable(originview, view, new_zero_no_soattl))
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence return (ISC_FALSE);
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence /*
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence * Check other cache related parameters that must be consistent among
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence * the sharing views.
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence */
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews if (dns_cache_getcleaninginterval(originview->cache) !=
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews new_cleaning_interval ||
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews dns_cache_getcachesize(originview->cache) != new_max_cache_size) {
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews return (ISC_FALSE);
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews }
8a17d1e7cdba9fdcf71fb2f821a954a251204105Mark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews return (ISC_TRUE);
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence}
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews/*
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Configure 'view' according to 'vconfig', taking defaults from 'config'
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * where values are missing in 'vconfig'.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews *
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * When configuring the default view, 'vconfig' will be NULL and the
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * global defaults in 'config' used exclusively.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews */
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrewsstatic isc_result_t
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrewsconfigure_view(dns_view_t *view, const cfg_obj_t *config,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *vconfig, ns_cachelist_t *cachelist,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *bindkeys, isc_mem_t *mctx,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews cfg_aclconfctx_t *actx, isc_boolean_t need_hints)
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews{
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *maps[4];
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *cfgmaps[3];
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *optionmaps[3];
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews const cfg_obj_t *options = NULL;
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews const cfg_obj_t *voptions = NULL;
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews const cfg_obj_t *forwardtype;
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews const cfg_obj_t *forwarders;
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews const cfg_obj_t *alternates;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *zonelist;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews#ifdef DLZ
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *dlz;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews unsigned int dlzargc;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews char **dlzargv;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews#endif
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *disabled;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *obj;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_listelt_t *element;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews in_port_t port;
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff dns_cache_t *cache = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_result_t result;
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff isc_uint32_t max_adb_size;
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff unsigned int cleaning_interval;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_uint32_t max_cache_size;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence isc_uint32_t max_acache_size;
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence isc_uint32_t lame_ttl;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_tsig_keyring_t *ring = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews dns_view_t *pview = NULL; /* Production view */
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff isc_mem_t *cmctx;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews dns_dispatch_t *dispatch4 = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews dns_dispatch_t *dispatch6 = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_boolean_t reused_cache = ISC_FALSE;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_boolean_t shared_cache = ISC_FALSE;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews int i = 0, j = 0, k = 0;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const char *str;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const char *cachename = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews dns_order_t *order = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_uint32_t udpsize;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews unsigned int resopts = 0;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews dns_zone_t *zone = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_uint32_t max_clients_per_query;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const char *sep = ": view ";
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const char *viewname = view->name;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const char *forview = " for view ";
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_boolean_t rfc1918;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_boolean_t empty_zones_enable;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *disablelist = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_stats_t *resstats = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews dns_stats_t *resquerystats = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_boolean_t auto_dlv = ISC_FALSE;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews ns_cache_t *nsc;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_boolean_t zero_no_soattl;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews REQUIRE(DNS_VIEW_VALID(view));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews cmctx = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (config != NULL)
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews (void)cfg_map_get(config, "options", &options);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff /*
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * maps: view options, options, defaults
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * cfgmaps: view options, config
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * optionmaps: view options, options
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (vconfig != NULL) {
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff voptions = cfg_tuple_get(vconfig, "options");
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews maps[i++] = voptions;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews optionmaps[j++] = voptions;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews cfgmaps[k++] = voptions;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (options != NULL) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews maps[i++] = options;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews optionmaps[j++] = options;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews maps[i++] = ns_g_defaults;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews maps[i] = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews optionmaps[j] = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (config != NULL)
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence cfgmaps[k++] = config;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews cfgmaps[k] = NULL;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (!strcmp(viewname, "_default")) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews sep = "";
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff viewname = "";
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews forview = "";
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence /*
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * Set the view's port number for outgoing queries.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence CHECKM(ns_config_getport(config, &port), "port");
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_view_setdstport(view, port);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence /*
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * Create additional cache for this view and zones under the view
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * if explicitly enabled.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * XXX950 default to on.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews obj = NULL;
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff (void)ns_config_get(maps, "acache-enable", &obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (obj != NULL && cfg_obj_asboolean(obj)) {
df8c9ee4819c97089664ccc035eb2aa7569034fdDavid Lawrence cmctx = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews CHECK(isc_mem_create(0, 0, &cmctx));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews CHECK(dns_acache_create(&view->acache, cmctx, ns_g_taskmgr,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews ns_g_timermgr));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_mem_setname(cmctx, "acache", NULL);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_mem_detach(&cmctx);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (view->acache != NULL) {
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington obj = NULL;
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington result = ns_config_get(maps, "acache-cleaning-interval", &obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews INSIST(result == ISC_R_SUCCESS);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews dns_acache_setcleaninginterval(view->acache,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews cfg_obj_asuint32(obj) * 60);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews obj = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = ns_config_get(maps, "max-acache-size", &obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews INSIST(result == ISC_R_SUCCESS);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (cfg_obj_isstring(obj)) {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence str = cfg_obj_asstring(obj);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence INSIST(strcasecmp(str, "unlimited") == 0);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence max_acache_size = ISC_UINT32_MAX;
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington } else {
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington isc_resourcevalue_t value;
5eb91bd90e3ad3426e5e3213031556a737cf3809Mark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews value = cfg_obj_asuint64(obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (value > ISC_UINT32_MAX) {
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence "'max-acache-size "
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence "%" ISC_PRINT_QUADFORMAT
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington "d' is too large",
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington value);
c46f10e4a1702191b003cf8f8fc5059c15d29c48Mark Andrews result = ISC_R_RANGE;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews goto cleanup;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews max_acache_size = (isc_uint32_t)value;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence }
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_acache_setcachesize(view->acache, max_acache_size);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence }
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington /*
c46f10e4a1702191b003cf8f8fc5059c15d29c48Mark Andrews * Configure the zones.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews */
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews zonelist = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (voptions != NULL)
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence (void)cfg_map_get(voptions, "zone", &zonelist);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence else
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence (void)cfg_map_get(config, "zone", &zonelist);
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington for (element = cfg_list_first(zonelist);
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington element != NULL;
c46f10e4a1702191b003cf8f8fc5059c15d29c48Mark Andrews element = cfg_list_next(element))
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews const cfg_obj_t *zconfig = cfg_listelt_value(element);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews CHECK(configure_zone(config, zconfig, vconfig, mctx, view,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews actx));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews#ifdef DLZ
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews /*
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * Create Dynamically Loadable Zone driver.
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence */
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dlz = NULL;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (voptions != NULL)
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff (void)cfg_map_get(voptions, "dlz", &dlz);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews else
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews (void)cfg_map_get(config, "dlz", &dlz);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence obj = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (dlz != NULL) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews (void)cfg_map_get(cfg_tuple_get(dlz, "options"),
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "database", &obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (obj != NULL) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews char *s = isc_mem_strdup(mctx, cfg_obj_asstring(obj));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (s == NULL) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = ISC_R_NOMEMORY;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews goto cleanup;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = dns_dlzstrtoargv(mctx, s, &dlzargc, &dlzargv);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (result != ISC_R_SUCCESS) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_mem_free(mctx, s);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews goto cleanup;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff obj = cfg_tuple_get(dlz, "name");
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = dns_dlzcreate(mctx, cfg_obj_asstring(obj),
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews dlzargv[0], dlzargc, dlzargv,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews &view->dlzdatabase);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_mem_free(mctx, s);
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews isc_mem_put(mctx, dlzargv, dlzargc * sizeof(*dlzargv));
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence if (result != ISC_R_SUCCESS)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence goto cleanup;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence }
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence }
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence#endif
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
83ac7ce833930a5c6cb92ad9c04a58e775579e73Bob Halley /*
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * Obtain configuration parameters that affect the decision of whether
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews * we can reuse/share an existing cache.
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews */
83ac7ce833930a5c6cb92ad9c04a58e775579e73Bob Halley obj = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = ns_config_get(maps, "cleaning-interval", &obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews INSIST(result == ISC_R_SUCCESS);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff cleaning_interval = cfg_obj_asuint32(obj) * 60;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
83ac7ce833930a5c6cb92ad9c04a58e775579e73Bob Halley obj = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = ns_config_get(maps, "max-cache-size", &obj);
83ac7ce833930a5c6cb92ad9c04a58e775579e73Bob Halley INSIST(result == ISC_R_SUCCESS);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (cfg_obj_isstring(obj)) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews str = cfg_obj_asstring(obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews INSIST(strcasecmp(str, "unlimited") == 0);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews max_cache_size = ISC_UINT32_MAX;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews } else {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_resourcevalue_t value;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews value = cfg_obj_asuint64(obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (value > ISC_UINT32_MAX) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "'max-cache-size "
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews "%" ISC_PRINT_QUADFORMAT "d' is too large",
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews value);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = ISC_R_RANGE;
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff goto cleanup;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews max_cache_size = (isc_uint32_t)value;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews }
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews /* Check-names. */
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews obj = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = ns_checknames_get(maps, "response", &obj);
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff INSIST(result == ISC_R_SUCCESS);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews str = cfg_obj_asstring(obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews if (strcasecmp(str, "fail") == 0) {
f3ca27e9fe307b55e35ea8d7b37351650630e5a3Andreas Gustafsson resopts |= DNS_RESOLVER_CHECKNAMES |
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews DNS_RESOLVER_CHECKNAMESFAIL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews view->checknames = ISC_TRUE;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews } else if (strcasecmp(str, "warn") == 0) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews resopts |= DNS_RESOLVER_CHECKNAMES;
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence view->checknames = ISC_FALSE;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews } else if (strcasecmp(str, "ignore") == 0) {
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews view->checknames = ISC_FALSE;
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence } else
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews INSIST(0);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews obj = NULL;
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj);
806c235ecf533b98d068b3f8df9d7abbe1e30cf9Mark Andrews INSIST(result == ISC_R_SUCCESS);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews zero_no_soattl = cfg_obj_asboolean(obj);
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews obj = NULL;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = ns_config_get(maps, "dnssec-accept-expired", &obj);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews INSIST(result == ISC_R_SUCCESS);
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence view->acceptexpired = cfg_obj_asboolean(obj);
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence obj = NULL;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = ns_config_get(maps, "dnssec-validation", &obj);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews INSIST(result == ISC_R_SUCCESS);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence view->enablevalidation = cfg_obj_asboolean(obj);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews obj = NULL;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = ns_config_get(maps, "max-cache-ttl", &obj);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews INSIST(result == ISC_R_SUCCESS);
861cef13977886aca57ba95c2c93039b87bbbc43Brian Wellington view->maxcachettl = cfg_obj_asuint32(obj);
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews obj = NULL;
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews result = ns_config_get(maps, "max-ncache-ttl", &obj);
fd4810861c0c0ccb9aebde94e9d289442b2630dbMark Andrews INSIST(result == ISC_R_SUCCESS);
b6a0341bcb113e93bd0bc41a9f9a1fc117444da6Mark Andrews view->maxncachettl = cfg_obj_asuint32(obj);
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews if (view->maxncachettl > 7 * 24 * 3600)
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews view->maxncachettl = 7 * 24 * 3600;
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews /*
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews * Configure the view's cache.
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews *
b6a0341bcb113e93bd0bc41a9f9a1fc117444da6Mark Andrews * First, check to see if there are any attach-cache options. If yes,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews * attempt to lookup an existing cache at attach it to the view. If
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews * there is not one, then try to reuse an existing cache if possible;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * otherwise create a new cache.
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews *
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * Note that the ADB is not preserved or shared in either case.
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews *
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * When a matching view is found, the associated statistics are also
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * retrieved and reused.
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews *
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * XXX Determining when it is safe to reuse or share a cache is tricky.
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * When the view's configuration changes, the cached data may become
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * invalid because it reflects our old view of the world. We check
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * some of the configuration parameters that could invalidate the cache
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * or otherwise make it unsharable, but there are other configuration
0553f5554f2ecfa137565b83378f566edc8fe6abMark Andrews * options that should be checked. For example, if a view uses a
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * forwarder, changes in the forwarder configuration may invalidate
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * the cache. At the moment, it's the administrator's responsibility to
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews * ensure these configuration options don't invalidate reusing/sharing.
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews */
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews obj = NULL;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = ns_config_get(maps, "attach-cache", &obj);
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence if (result == ISC_R_SUCCESS)
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence cachename = cfg_obj_asstring(obj);
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence else
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews cachename = view->name;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews cache = NULL;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews nsc = cachelist_find(cachelist, cachename);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews if (nsc != NULL) {
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews if (!cache_sharable(nsc->primaryview, view, zero_no_soattl,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews cleaning_interval, max_cache_size)) {
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews "views %s and %s can't share the cache "
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews "due to configuration parameter mismatch",
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews nsc->primaryview->name, view->name);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = ISC_R_FAILURE;
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence goto cleanup;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews }
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews dns_cache_attach(nsc->cache, &cache);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews shared_cache = ISC_TRUE;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews } else {
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence if (strcmp(cachename, view->name) == 0) {
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = dns_viewlist_find(&ns_g_server->viewlist,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews cachename, view->rdclass,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews &pview);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews goto cleanup;
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews if (pview != NULL) {
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence if (!cache_reusable(pview, view,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews zero_no_soattl)) {
c46f10e4a1702191b003cf8f8fc5059c15d29c48Mark Andrews isc_log_write(ns_g_lctx,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews NS_LOGCATEGORY_GENERAL,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews NS_LOGMODULE_SERVER,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews ISC_LOG_DEBUG(1),
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence "cache cannot be reused "
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews "for view %s due to "
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews "configuration parameter "
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews "mismatch", view->name);
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews } else {
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews INSIST(pview->cache != NULL);
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence isc_log_write(ns_g_lctx,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews NS_LOGCATEGORY_GENERAL,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews NS_LOGMODULE_SERVER,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews ISC_LOG_DEBUG(3),
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson "reusing existing cache");
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley reused_cache = ISC_TRUE;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_cache_attach(pview->cache, &cache);
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews }
93d6dfaf66258337985427c86181f01fc51f0bb4Mark Andrews dns_view_getresstats(pview, &resstats);
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley dns_view_getresquerystats(pview,
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley &resquerystats);
0513f89e68f82f9ec54e7af9c979a7c43babbe31Bob Halley dns_view_detach(&pview);
ebd68da027cfa8da0fb536c3db11bb88292f41c7Andreas Gustafsson }
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence }
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff if (cache == NULL) {
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff /*
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff * Create a cache with the desired name. This normally
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff * equals the view name, but may also be a forward
ebd68da027cfa8da0fb536c3db11bb88292f41c7Andreas Gustafsson * reference to a view that share the cache with this
ebd68da027cfa8da0fb536c3db11bb88292f41c7Andreas Gustafsson * view but is not yet configured. If it is not the
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence * view name but not a forward reference either, then it
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff * is simply a named cache that is not shared.
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff */
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff CHECK(isc_mem_create(0, 0, &cmctx));
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff isc_mem_setname(cmctx, "cache", NULL);
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff CHECK(dns_cache_create2(cmctx, ns_g_taskmgr,
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff ns_g_timermgr, view->rdclass,
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff cachename, "rbt", 0, NULL,
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence &cache));
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff }
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff nsc = isc_mem_get(mctx, sizeof(*nsc));
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff if (nsc == NULL) {
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff result = ISC_R_NOMEMORY;
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff goto cleanup;
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff }
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff nsc->cache = NULL;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_cache_attach(cache, &nsc->cache);
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff nsc->primaryview = view;
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff nsc->needflush = ISC_FALSE;
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff nsc->adbsizeadjusted = ISC_FALSE;
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff ISC_LINK_INIT(nsc, link);
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff ISC_LIST_APPEND(*cachelist, nsc, link);
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff }
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews dns_view_setcache2(view, cache, shared_cache);
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews /*
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews * cache-file cannot be inherited if views are present, but this
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews * should be caught by the configuration checking stage.
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews */
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews obj = NULL;
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff result = ns_config_get(maps, "cache-file", &obj);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence if (result == ISC_R_SUCCESS && strcmp(view->name, "_bind") != 0) {
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff CHECK(dns_cache_setfilename(cache, cfg_obj_asstring(obj)));
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff if (!reused_cache && !shared_cache)
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff CHECK(dns_cache_load(cache));
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff }
fa460c223a69449eaac67ddb6abafe74f5e1ff02Michael Graff
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff dns_cache_setcleaninginterval(cache, cleaning_interval);
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence dns_cache_setcachesize(cache, max_cache_size);
f8aae502686e2448c48f56697c212a50e2a1cbaeAndreas Gustafsson
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson dns_cache_detach(&cache);
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence /*
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff * Resolver.
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff *
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff * XXXRTH Hardwired number of tasks.
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson */
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4,
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson ISC_TF(ISC_LIST_PREV(view, link)
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence == NULL)));
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6,
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff ISC_TF(ISC_LIST_PREV(view, link)
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff == NULL)));
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff if (dispatch4 == NULL && dispatch6 == NULL) {
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff UNEXPECTED_ERROR(__FILE__, __LINE__,
b469f0321d2bcea3914c57d26fd43319e506c313Andreas Gustafsson "unable to obtain neither an IPv4 nor"
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson " an IPv6 dispatch");
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson result = ISC_R_UNEXPECTED;
8abddcd3f24476b945419659e7cb73bcb970886bDavid Lawrence goto cleanup;
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson }
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson CHECK(dns_view_createresolver(view, ns_g_taskmgr, 31,
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson ns_g_socketmgr, ns_g_timermgr,
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson resopts, ns_g_dispatchmgr,
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson dispatch4, dispatch6));
if (resstats == NULL) {
CHECK(isc_stats_create(mctx, &resstats,
dns_resstatscounter_max));
}
dns_view_setresstats(view, resstats);
if (resquerystats == NULL)
CHECK(dns_rdatatypestats_create(mctx, &resquerystats));
dns_view_setresquerystats(view, resquerystats);
/*
* Set the ADB cache size to 1/8th of the max-cache-size or
* MAX_ADB_SIZE_FOR_CACHESHARE when the cache is shared.
*/
max_adb_size = 0;
if (max_cache_size != 0) {
max_adb_size = max_cache_size / 8;
if (max_adb_size == 0)
max_adb_size = 1; /* Force minimum. */
if (view != nsc->primaryview &&
max_adb_size > MAX_ADB_SIZE_FOR_CACHESHARE) {
max_adb_size = MAX_ADB_SIZE_FOR_CACHESHARE;
if (!nsc->adbsizeadjusted) {
dns_adb_setadbsize(nsc->primaryview->adb,
MAX_ADB_SIZE_FOR_CACHESHARE);
nsc->adbsizeadjusted = ISC_TRUE;
}
}
}
dns_adb_setadbsize(view->adb, max_adb_size);
/*
* Set resolver's lame-ttl.
*/
obj = NULL;
result = ns_config_get(maps, "lame-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
lame_ttl = cfg_obj_asuint32(obj);
if (lame_ttl > 1800)
lame_ttl = 1800;
dns_resolver_setlamettl(view->resolver, lame_ttl);
/* Specify whether to use 0-TTL for negative response for SOA query */
dns_resolver_setzeronosoattl(view->resolver, zero_no_soattl);
/*
* Set the resolver's EDNS UDP size.
*/
obj = NULL;
result = ns_config_get(maps, "edns-udp-size", &obj);
INSIST(result == ISC_R_SUCCESS);
udpsize = cfg_obj_asuint32(obj);
if (udpsize < 512)
udpsize = 512;
if (udpsize > 4096)
udpsize = 4096;
dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize);
/*
* Set the maximum UDP response size.
*/
obj = NULL;
result = ns_config_get(maps, "max-udp-size", &obj);
INSIST(result == ISC_R_SUCCESS);
udpsize = cfg_obj_asuint32(obj);
if (udpsize < 512)
udpsize = 512;
if (udpsize > 4096)
udpsize = 4096;
view->maxudp = udpsize;
/*
* Set supported DNSSEC algorithms.
*/
dns_resolver_reset_algorithms(view->resolver);
disabled = NULL;
(void)ns_config_get(maps, "disable-algorithms", &disabled);
if (disabled != NULL) {
for (element = cfg_list_first(disabled);
element != NULL;
element = cfg_list_next(element))
CHECK(disable_algorithms(cfg_listelt_value(element),
view->resolver));
}
/*
* A global or view "forwarders" option, if present,
* creates an entry for "." in the forwarding table.
*/
forwardtype = NULL;
forwarders = NULL;
(void)ns_config_get(maps, "forward", &forwardtype);
(void)ns_config_get(maps, "forwarders", &forwarders);
if (forwarders != NULL)
CHECK(configure_forward(config, view, dns_rootname,
forwarders, forwardtype));
/*
* Dual Stack Servers.
*/
alternates = NULL;
(void)ns_config_get(maps, "dual-stack-servers", &alternates);
if (alternates != NULL)
CHECK(configure_alternates(config, view, alternates));
/*
* We have default hints for class IN if we need them.
*/
if (view->rdclass == dns_rdataclass_in && view->hints == NULL)
dns_view_sethints(view, ns_g_server->in_roothints);
/*
* If we still have no hints, this is a non-IN view with no
* "hints zone" configured. Issue a warning, except if this
* is a root server. Root servers never need to consult
* their hints, so it's no point requiring users to configure
* them.
*/
if (view->hints == NULL) {
dns_zone_t *rootzone = NULL;
(void)dns_view_findzone(view, dns_rootname, &rootzone);
if (rootzone != NULL) {
dns_zone_detach(&rootzone);
need_hints = ISC_FALSE;
}
if (need_hints)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"no root hints for view '%s'",
view->name);
}
/*
* Configure the view's TSIG keys.
*/
CHECK(ns_tsigkeyring_fromconfig(config, vconfig, view->mctx, &ring));
if (ns_g_server->sessionkey != NULL) {
CHECK(dns_tsigkeyring_add(ring, ns_g_server->session_keyname,
ns_g_server->sessionkey));
}
dns_view_setkeyring(view, ring);
ring = NULL; /* ownership transferred */
/*
* Configure the view's peer list.
*/
{
const cfg_obj_t *peers = NULL;
const cfg_listelt_t *element;
dns_peerlist_t *newpeers = NULL;
(void)ns_config_get(cfgmaps, "server", &peers);
CHECK(dns_peerlist_new(mctx, &newpeers));
for (element = cfg_list_first(peers);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *cpeer = cfg_listelt_value(element);
dns_peer_t *peer;
CHECK(configure_peer(cpeer, mctx, &peer));
dns_peerlist_addpeer(newpeers, peer);
dns_peer_detach(&peer);
}
dns_peerlist_detach(&view->peers);
view->peers = newpeers; /* Transfer ownership. */
}
/*
* Configure the views rrset-order.
*/
{
const cfg_obj_t *rrsetorder = NULL;
const cfg_listelt_t *element;
(void)ns_config_get(maps, "rrset-order", &rrsetorder);
CHECK(dns_order_create(mctx, &order));
for (element = cfg_list_first(rrsetorder);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *ent = cfg_listelt_value(element);
CHECK(configure_order(order, ent));
}
if (view->order != NULL)
dns_order_detach(&view->order);
dns_order_attach(order, &view->order);
dns_order_detach(&order);
}
/*
* Copy the aclenv object.
*/
dns_aclenv_copy(&view->aclenv, &ns_g_server->aclenv);
/*
* Configure the "match-clients" and "match-destinations" ACL.
*/
CHECK(configure_view_acl(vconfig, config, "match-clients", NULL, actx,
ns_g_mctx, &view->matchclients));
CHECK(configure_view_acl(vconfig, config, "match-destinations", NULL,
actx, ns_g_mctx, &view->matchdestinations));
/*
* Configure the "match-recursive-only" option.
*/
obj = NULL;
(void)ns_config_get(maps, "match-recursive-only", &obj);
if (obj != NULL && cfg_obj_asboolean(obj))
view->matchrecursiveonly = ISC_TRUE;
else
view->matchrecursiveonly = ISC_FALSE;
/*
* Configure other configurable data.
*/
obj = NULL;
result = ns_config_get(maps, "recursion", &obj);
INSIST(result == ISC_R_SUCCESS);
view->recursion = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "auth-nxdomain", &obj);
INSIST(result == ISC_R_SUCCESS);
view->auth_nxdomain = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "minimal-responses", &obj);
INSIST(result == ISC_R_SUCCESS);
view->minimalresponses = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "transfer-format", &obj);
INSIST(result == ISC_R_SUCCESS);
str = cfg_obj_asstring(obj);
if (strcasecmp(str, "many-answers") == 0)
view->transfer_format = dns_many_answers;
else if (strcasecmp(str, "one-answer") == 0)
view->transfer_format = dns_one_answer;
else
INSIST(0);
/*
* Set sources where additional data and CNAME/DNAME
* targets for authoritative answers may be found.
*/
obj = NULL;
result = ns_config_get(maps, "additional-from-auth", &obj);
INSIST(result == ISC_R_SUCCESS);
view->additionalfromauth = cfg_obj_asboolean(obj);
if (view->recursion && ! view->additionalfromauth) {
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
"'additional-from-auth no' is only supported "
"with 'recursion no'");
view->additionalfromauth = ISC_TRUE;
}
obj = NULL;
result = ns_config_get(maps, "additional-from-cache", &obj);
INSIST(result == ISC_R_SUCCESS);
view->additionalfromcache = cfg_obj_asboolean(obj);
if (view->recursion && ! view->additionalfromcache) {
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
"'additional-from-cache no' is only supported "
"with 'recursion no'");
view->additionalfromcache = ISC_TRUE;
}
/*
* Set "allow-query-cache", "allow-query-cache-on",
* "allow-recursion", and "allow-recursion-on" acls if
* configured in named.conf.
*/
CHECK(configure_view_acl(vconfig, config, "allow-query-cache", NULL,
actx, ns_g_mctx, &view->queryacl));
CHECK(configure_view_acl(vconfig, config, "allow-query-cache-on", NULL,
actx, ns_g_mctx, &view->queryonacl));
if (view->queryonacl == NULL)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-query-cache-on", NULL, actx,
ns_g_mctx, &view->queryonacl));
if (strcmp(view->name, "_bind") != 0) {
CHECK(configure_view_acl(vconfig, config, "allow-recursion",
NULL, actx, ns_g_mctx,
&view->recursionacl));
CHECK(configure_view_acl(vconfig, config, "allow-recursion-on",
NULL, actx, ns_g_mctx,
&view->recursiononacl));
}
/*
* "allow-query-cache" inherits from "allow-recursion" if set,
* otherwise from "allow-query" if set.
* "allow-recursion" inherits from "allow-query-cache" if set,
* otherwise from "allow-query" if set.
*/
if (view->queryacl == NULL && view->recursionacl != NULL)
dns_acl_attach(view->recursionacl, &view->queryacl);
if (view->queryacl == NULL && view->recursion)
CHECK(configure_view_acl(vconfig, config, "allow-query", NULL,
actx, ns_g_mctx, &view->queryacl));
if (view->recursion &&
view->recursionacl == NULL && view->queryacl != NULL)
dns_acl_attach(view->queryacl, &view->recursionacl);
/*
* Set default "allow-recursion", "allow-recursion-on" and
* "allow-query-cache" acls.
*/
if (view->recursionacl == NULL && view->recursion)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-recursion", NULL,
actx, ns_g_mctx,
&view->recursionacl));
if (view->recursiononacl == NULL && view->recursion)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-recursion-on", NULL,
actx, ns_g_mctx,
&view->recursiononacl));
if (view->queryacl == NULL) {
if (view->recursion)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-query-cache", NULL,
actx, ns_g_mctx,
&view->queryacl));
else {
if (view->queryacl != NULL)
dns_acl_detach(&view->queryacl);
CHECK(dns_acl_none(ns_g_mctx, &view->queryacl));
}
}
/*
* Filter setting on addresses in the answer section.
*/
CHECK(configure_view_acl(vconfig, config, "deny-answer-addresses",
"acl", actx, ns_g_mctx, &view->denyansweracl));
CHECK(configure_view_nametable(vconfig, config, "deny-answer-addresses",
"except-from", ns_g_mctx,
&view->answeracl_exclude));
/*
* Filter setting on names (CNAME/DNAME targets) in the answer section.
*/
CHECK(configure_view_nametable(vconfig, config, "deny-answer-aliases",
"name", ns_g_mctx,
&view->denyanswernames));
CHECK(configure_view_nametable(vconfig, config, "deny-answer-aliases",
"except-from", ns_g_mctx,
&view->answernames_exclude));
/*
* Configure sortlist, if set
*/
CHECK(configure_view_sortlist(vconfig, config, actx, ns_g_mctx,
&view->sortlist));
/*
* Configure default allow-transfer, allow-notify, allow-update
* and allow-update-forwarding ACLs, if set, so they can be
* inherited by zones.
*/
if (view->notifyacl == NULL)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-notify", NULL, actx,
ns_g_mctx, &view->notifyacl));
if (view->transferacl == NULL)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-transfer", NULL, actx,
ns_g_mctx, &view->transferacl));
if (view->updateacl == NULL)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-update", NULL, actx,
ns_g_mctx, &view->updateacl));
if (view->upfwdacl == NULL)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-update-forwarding", NULL, actx,
ns_g_mctx, &view->upfwdacl));
obj = NULL;
result = ns_config_get(maps, "request-ixfr", &obj);
INSIST(result == ISC_R_SUCCESS);
view->requestixfr = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "provide-ixfr", &obj);
INSIST(result == ISC_R_SUCCESS);
view->provideixfr = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "request-nsid", &obj);
INSIST(result == ISC_R_SUCCESS);
view->requestnsid = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(maps, "max-clients-per-query", &obj);
INSIST(result == ISC_R_SUCCESS);
max_clients_per_query = cfg_obj_asuint32(obj);
obj = NULL;
result = ns_config_get(maps, "clients-per-query", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_resolver_setclientsperquery(view->resolver,
cfg_obj_asuint32(obj),
max_clients_per_query);
#ifdef ALLOW_FILTER_AAAA_ON_V4
obj = NULL;
result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
INSIST(result == ISC_R_SUCCESS);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
view->v4_aaaa = dns_v4_aaaa_filter;
else
view->v4_aaaa = dns_v4_aaaa_ok;
} else {
const char *v4_aaaastr = cfg_obj_asstring(obj);
if (strcasecmp(v4_aaaastr, "break-dnssec") == 0)
view->v4_aaaa = dns_v4_aaaa_break_dnssec;
else
INSIST(0);
}
CHECK(configure_view_acl(vconfig, config, "filter-aaaa", NULL,
actx, ns_g_mctx, &view->v4_aaaa_acl));
#endif
obj = NULL;
result = ns_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS);
view->enablednssec = cfg_obj_asboolean(obj);
obj = NULL;
result = ns_config_get(optionmaps, "dnssec-lookaside", &obj);
if (result == ISC_R_SUCCESS) {
/* If set to "auto", use the version from the defaults */
const cfg_obj_t *dlvobj;
dlvobj = cfg_listelt_value(cfg_list_first(obj));
if (!strcmp(cfg_obj_asstring(cfg_tuple_get(dlvobj, "domain")),
"auto") &&
cfg_obj_isvoid(cfg_tuple_get(dlvobj, "trust-anchor"))) {
auto_dlv = ISC_TRUE;
obj = NULL;
result = cfg_map_get(ns_g_defaults,
"dnssec-lookaside", &obj);
}
}
if (result == ISC_R_SUCCESS) {
for (element = cfg_list_first(obj);
element != NULL;
element = cfg_list_next(element))
{
const char *str;
isc_buffer_t b;
dns_name_t *dlv;
obj = cfg_listelt_value(element);
#if 0
dns_fixedname_t fixed;
dns_name_t *name;
/*
* When we support multiple dnssec-lookaside
* entries this is how to find the domain to be
* checked. XXXMPA
*/
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
str = cfg_obj_asstring(cfg_tuple_get(obj,
"domain"));
isc_buffer_init(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname,
0, NULL));
#endif
str = cfg_obj_asstring(cfg_tuple_get(obj,
"trust-anchor"));
isc_buffer_init(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
dlv = dns_fixedname_name(&view->dlv_fixed);
CHECK(dns_name_fromtext(dlv, &b, dns_rootname,
DNS_NAME_DOWNCASE, NULL));
view->dlv = dns_fixedname_name(&view->dlv_fixed);
}
} else
view->dlv = NULL;
/*
* For now, there is only one kind of trusted keys, the
* "security roots".
*/
CHECK(configure_view_dnsseckeys(view, vconfig, config, bindkeys,
auto_dlv, mctx));
dns_resolver_resetmustbesecure(view->resolver);
obj = NULL;
result = ns_config_get(maps, "dnssec-must-be-secure", &obj);
if (result == ISC_R_SUCCESS)
CHECK(mustbesecure(obj, view->resolver));
obj = NULL;
result = ns_config_get(maps, "preferred-glue", &obj);
if (result == ISC_R_SUCCESS) {
str = cfg_obj_asstring(obj);
if (strcasecmp(str, "a") == 0)
view->preferred_glue = dns_rdatatype_a;
else if (strcasecmp(str, "aaaa") == 0)
view->preferred_glue = dns_rdatatype_aaaa;
else
view->preferred_glue = 0;
} else
view->preferred_glue = 0;
obj = NULL;
result = ns_config_get(maps, "root-delegation-only", &obj);
if (result == ISC_R_SUCCESS) {
dns_view_setrootdelonly(view, ISC_TRUE);
if (!cfg_obj_isvoid(obj)) {
dns_fixedname_t fixed;
dns_name_t *name;
isc_buffer_t b;
const char *str;
const cfg_obj_t *exclude;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (element = cfg_list_first(obj);
element != NULL;
element = cfg_list_next(element)) {
exclude = cfg_listelt_value(element);
str = cfg_obj_asstring(exclude);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname,
0, NULL));
CHECK(dns_view_excludedelegationonly(view,
name));
}
}
} else
dns_view_setrootdelonly(view, ISC_FALSE);
/*
* Setup automatic empty zones. If recursion is off then
* they are disabled by default.
*/
obj = NULL;
(void)ns_config_get(maps, "empty-zones-enable", &obj);
(void)ns_config_get(maps, "disable-empty-zone", &disablelist);
if (obj == NULL && disablelist == NULL &&
view->rdclass == dns_rdataclass_in) {
rfc1918 = ISC_FALSE;
empty_zones_enable = view->recursion;
} else if (view->rdclass == dns_rdataclass_in) {
rfc1918 = ISC_TRUE;
if (obj != NULL)
empty_zones_enable = cfg_obj_asboolean(obj);
else
empty_zones_enable = view->recursion;
} else {
rfc1918 = ISC_FALSE;
empty_zones_enable = ISC_FALSE;
}
if (empty_zones_enable) {
const char *empty;
int empty_zone = 0;
dns_fixedname_t fixed;
dns_name_t *name;
isc_buffer_t buffer;
const char *str;
char server[DNS_NAME_FORMATSIZE + 1];
char contact[DNS_NAME_FORMATSIZE + 1];
isc_boolean_t logit;
const char *empty_dbtype[4] =
{ "_builtin", "empty", NULL, NULL };
int empty_dbtypec = 4;
isc_boolean_t zonestats_on;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
obj = NULL;
result = ns_config_get(maps, "empty-server", &obj);
if (result == ISC_R_SUCCESS) {
str = cfg_obj_asstring(obj);
isc_buffer_init(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
NULL));
isc_buffer_init(&buffer, server, sizeof(server) - 1);
CHECK(dns_name_totext(name, ISC_FALSE, &buffer));
server[isc_buffer_usedlength(&buffer)] = 0;
empty_dbtype[2] = server;
} else
empty_dbtype[2] = "@";
obj = NULL;
result = ns_config_get(maps, "empty-contact", &obj);
if (result == ISC_R_SUCCESS) {
str = cfg_obj_asstring(obj);
isc_buffer_init(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
NULL));
isc_buffer_init(&buffer, contact, sizeof(contact) - 1);
CHECK(dns_name_totext(name, ISC_FALSE, &buffer));
contact[isc_buffer_usedlength(&buffer)] = 0;
empty_dbtype[3] = contact;
} else
empty_dbtype[3] = ".";
obj = NULL;
result = ns_config_get(maps, "zone-statistics", &obj);
INSIST(result == ISC_R_SUCCESS);
zonestats_on = cfg_obj_asboolean(obj);
logit = ISC_TRUE;
for (empty = empty_zones[empty_zone].zone;
empty != NULL;
empty = empty_zones[++empty_zone].zone)
{
dns_forwarders_t *forwarders = NULL;
dns_view_t *pview = NULL;
isc_buffer_init(&buffer, empty, strlen(empty));
isc_buffer_add(&buffer, strlen(empty));
/*
* Look for zone on drop list.
*/
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
NULL));
if (disablelist != NULL &&
on_disable_list(disablelist, name))
continue;
/*
* This zone already exists.
*/
(void)dns_view_findzone(view, name, &zone);
if (zone != NULL) {
CHECK(setquerystats(zone, mctx, zonestats_on));
dns_zone_detach(&zone);
continue;
}
/*
* If we would forward this name don't add a
* empty zone for it.
*/
result = dns_fwdtable_find(view->fwdtable, name,
&forwarders);
if (result == ISC_R_SUCCESS &&
forwarders->fwdpolicy == dns_fwdpolicy_only)
continue;
if (!rfc1918 && empty_zones[empty_zone].rfc1918) {
if (logit) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_WARNING,
"Warning%s%s: "
"'empty-zones-enable/"
"disable-empty-zone' "
"not set: disabling "
"RFC 1918 empty zones",
sep, viewname);
logit = ISC_FALSE;
}
continue;
}
/*
* See if we can re-use a existing zone.
*/
result = dns_viewlist_find(&ns_g_server->viewlist,
view->name, view->rdclass,
&pview);
if (result != ISC_R_NOTFOUND &&
result != ISC_R_SUCCESS)
goto cleanup;
if (pview != NULL) {
(void)dns_view_findzone(pview, name, &zone);
dns_view_detach(&pview);
if (zone != NULL)
check_dbtype(&zone, empty_dbtypec,
empty_dbtype, mctx);
if (zone != NULL) {
dns_zone_setview(zone, view);
CHECK(dns_view_addzone(view, zone));
CHECK(setquerystats(zone, mctx,
zonestats_on));
dns_zone_detach(&zone);
continue;
}
}
CHECK(dns_zone_create(&zone, mctx));
CHECK(dns_zone_setorigin(zone, name));
dns_zone_setview(zone, view);
CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
dns_zone_setclass(zone, view->rdclass);
dns_zone_settype(zone, dns_zone_master);
dns_zone_setstats(zone, ns_g_server->zonestats);
CHECK(dns_zone_setdbtype(zone, empty_dbtypec,
empty_dbtype));
if (view->queryacl != NULL)
dns_zone_setqueryacl(zone, view->queryacl);
if (view->queryonacl != NULL)
dns_zone_setqueryonacl(zone, view->queryonacl);
dns_zone_setdialup(zone, dns_dialuptype_no);
dns_zone_setnotifytype(zone, dns_notifytype_no);
dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS,
ISC_TRUE);
CHECK(setquerystats(zone, mctx, zonestats_on));
CHECK(dns_view_addzone(view, zone));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"automatic empty zone%s%s: %s",
sep, viewname, empty);
dns_zone_detach(&zone);
}
}
result = ISC_R_SUCCESS;
cleanup:
if (ring != NULL)
dns_tsigkeyring_destroy(&ring);
if (zone != NULL)
dns_zone_detach(&zone);
if (dispatch4 != NULL)
dns_dispatch_detach(&dispatch4);
if (dispatch6 != NULL)
dns_dispatch_detach(&dispatch6);
if (resstats != NULL)
isc_stats_detach(&resstats);
if (resquerystats != NULL)
dns_stats_detach(&resquerystats);
if (order != NULL)
dns_order_detach(&order);
if (cmctx != NULL)
isc_mem_detach(&cmctx);
if (cache != NULL)
dns_cache_detach(&cache);
return (result);
}
static isc_result_t
configure_hints(dns_view_t *view, const char *filename) {
isc_result_t result;
dns_db_t *db;
db = NULL;
result = dns_rootns_create(view->mctx, view->rdclass, filename, &db);
if (result == ISC_R_SUCCESS) {
dns_view_sethints(view, db);
dns_db_detach(&db);
}
return (result);
}
static isc_result_t
configure_alternates(const cfg_obj_t *config, dns_view_t *view,
const cfg_obj_t *alternates)
{
const cfg_obj_t *portobj;
const cfg_obj_t *addresses;
const cfg_listelt_t *element;
isc_result_t result = ISC_R_SUCCESS;
in_port_t port;
/*
* Determine which port to send requests to.
*/
if (ns_g_lwresdonly && ns_g_port != 0)
port = ns_g_port;
else
CHECKM(ns_config_getport(config, &port), "port");
if (alternates != NULL) {
portobj = cfg_tuple_get(alternates, "port");
if (cfg_obj_isuint32(portobj)) {
isc_uint32_t val = cfg_obj_asuint32(portobj);
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port '%u' out of range", val);
return (ISC_R_RANGE);
}
port = (in_port_t) val;
}
}
addresses = NULL;
if (alternates != NULL)
addresses = cfg_tuple_get(alternates, "addresses");
for (element = cfg_list_first(addresses);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *alternate = cfg_listelt_value(element);
isc_sockaddr_t sa;
if (!cfg_obj_issockaddr(alternate)) {
dns_fixedname_t fixed;
dns_name_t *name;
const char *str = cfg_obj_asstring(cfg_tuple_get(
alternate, "name"));
isc_buffer_t buffer;
in_port_t myport = port;
isc_buffer_init(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
NULL));
portobj = cfg_tuple_get(alternate, "port");
if (cfg_obj_isuint32(portobj)) {
isc_uint32_t val = cfg_obj_asuint32(portobj);
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx,
ISC_LOG_ERROR,
"port '%u' out of range",
val);
return (ISC_R_RANGE);
}
myport = (in_port_t) val;
}
CHECK(dns_resolver_addalternate(view->resolver, NULL,
name, myport));
continue;
}
sa = *cfg_obj_assockaddr(alternate);
if (isc_sockaddr_getport(&sa) == 0)
isc_sockaddr_setport(&sa, port);
CHECK(dns_resolver_addalternate(view->resolver, &sa,
NULL, 0));
}
cleanup:
return (result);
}
static isc_result_t
configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype)
{
const cfg_obj_t *portobj;
const cfg_obj_t *faddresses;
const cfg_listelt_t *element;
dns_fwdpolicy_t fwdpolicy = dns_fwdpolicy_none;
isc_sockaddrlist_t addresses;
isc_sockaddr_t *sa;
isc_result_t result;
in_port_t port;
ISC_LIST_INIT(addresses);
/*
* Determine which port to send forwarded requests to.
*/
if (ns_g_lwresdonly && ns_g_port != 0)
port = ns_g_port;
else
CHECKM(ns_config_getport(config, &port), "port");
if (forwarders != NULL) {
portobj = cfg_tuple_get(forwarders, "port");
if (cfg_obj_isuint32(portobj)) {
isc_uint32_t val = cfg_obj_asuint32(portobj);
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port '%u' out of range", val);
return (ISC_R_RANGE);
}
port = (in_port_t) val;
}
}
faddresses = NULL;
if (forwarders != NULL)
faddresses = cfg_tuple_get(forwarders, "addresses");
for (element = cfg_list_first(faddresses);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *forwarder = cfg_listelt_value(element);
sa = isc_mem_get(view->mctx, sizeof(isc_sockaddr_t));
if (sa == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
*sa = *cfg_obj_assockaddr(forwarder);
if (isc_sockaddr_getport(sa) == 0)
isc_sockaddr_setport(sa, port);
ISC_LINK_INIT(sa, link);
ISC_LIST_APPEND(addresses, sa, link);
}
if (ISC_LIST_EMPTY(addresses)) {
if (forwardtype != NULL)
cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
"no forwarders seen; disabling "
"forwarding");
fwdpolicy = dns_fwdpolicy_none;
} else {
if (forwardtype == NULL)
fwdpolicy = dns_fwdpolicy_first;
else {
const char *forwardstr = cfg_obj_asstring(forwardtype);
if (strcasecmp(forwardstr, "first") == 0)
fwdpolicy = dns_fwdpolicy_first;
else if (strcasecmp(forwardstr, "only") == 0)
fwdpolicy = dns_fwdpolicy_only;
else
INSIST(0);
}
}
result = dns_fwdtable_add(view->fwdtable, origin, &addresses,
fwdpolicy);
if (result != ISC_R_SUCCESS) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(origin, namebuf, sizeof(namebuf));
cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
"could not set up forwarding for domain '%s': %s",
namebuf, isc_result_totext(result));
goto cleanup;
}
result = ISC_R_SUCCESS;
cleanup:
while (!ISC_LIST_EMPTY(addresses)) {
sa = ISC_LIST_HEAD(addresses);
ISC_LIST_UNLINK(addresses, sa, link);
isc_mem_put(view->mctx, sa, sizeof(isc_sockaddr_t));
}
return (result);
}
/*
* Create a new view and add it to the list.
*
* If 'vconfig' is NULL, create the default view.
*
* The view created is attached to '*viewp'.
*/
static isc_result_t
create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
dns_view_t **viewp)
{
isc_result_t result;
const char *viewname;
dns_rdataclass_t viewclass;
dns_view_t *view = NULL;
if (vconfig != NULL) {
const cfg_obj_t *classobj = NULL;
viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
classobj = cfg_tuple_get(vconfig, "class");
result = ns_config_getclass(classobj, dns_rdataclass_in,
&viewclass);
} else {
viewname = "_default";
viewclass = dns_rdataclass_in;
}
result = dns_viewlist_find(viewlist, viewname, viewclass, &view);
if (result == ISC_R_SUCCESS)
return (ISC_R_EXISTS);
if (result != ISC_R_NOTFOUND)
return (result);
INSIST(view == NULL);
result = dns_view_create(ns_g_mctx, viewclass, viewname, &view);
if (result != ISC_R_SUCCESS)
return (result);
ISC_LIST_APPEND(*viewlist, view, link);
dns_view_attach(view, viewp);
return (ISC_R_SUCCESS);
}
/*
* Configure or reconfigure a zone.
*/
static isc_result_t
configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view,
cfg_aclconfctx_t *aclconf)
{
dns_view_t *pview = NULL; /* Production view */
dns_zone_t *zone = NULL; /* New or reused zone */
dns_zone_t *dupzone = NULL;
const cfg_obj_t *options = NULL;
const cfg_obj_t *zoptions = NULL;
const cfg_obj_t *typeobj = NULL;
const cfg_obj_t *forwarders = NULL;
const cfg_obj_t *forwardtype = NULL;
const cfg_obj_t *only = NULL;
isc_result_t result;
isc_result_t tresult;
isc_buffer_t buffer;
dns_fixedname_t fixorigin;
dns_name_t *origin;
const char *zname;
dns_rdataclass_t zclass;
const char *ztypestr;
options = NULL;
(void)cfg_map_get(config, "options", &options);
zoptions = cfg_tuple_get(zconfig, "options");
/*
* Get the zone origin as a dns_name_t.
*/
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
isc_buffer_init(&buffer, zname, strlen(zname));
isc_buffer_add(&buffer, strlen(zname));
dns_fixedname_init(&fixorigin);
CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin),
&buffer, dns_rootname, 0, NULL));
origin = dns_fixedname_name(&fixorigin);
CHECK(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
view->rdclass, &zclass));
if (zclass != view->rdclass) {
const char *vname = NULL;
if (vconfig != NULL)
vname = cfg_obj_asstring(cfg_tuple_get(vconfig,
"name"));
else
vname = "<default view>";
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"zone '%s': wrong class for view '%s'",
zname, vname);
result = ISC_R_FAILURE;
goto cleanup;
}
(void)cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL) {
cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
"zone '%s' 'type' not specified", zname);
return (ISC_R_FAILURE);
}
ztypestr = cfg_obj_asstring(typeobj);
/*
* "hints zones" aren't zones. If we've got one,
* configure it and return.
*/
if (strcasecmp(ztypestr, "hint") == 0) {
const cfg_obj_t *fileobj = NULL;
if (cfg_map_get(zoptions, "file", &fileobj) != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"zone '%s': 'file' not specified",
zname);
result = ISC_R_FAILURE;
goto cleanup;
}
if (dns_name_equal(origin, dns_rootname)) {
const char *hintsfile = cfg_obj_asstring(fileobj);
result = configure_hints(view, hintsfile);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_ERROR,
"could not configure root hints "
"from '%s': %s", hintsfile,
isc_result_totext(result));
goto cleanup;
}
/*
* Hint zones may also refer to delegation only points.
*/
only = NULL;
tresult = cfg_map_get(zoptions, "delegation-only",
&only);
if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only))
CHECK(dns_view_adddelegationonly(view, origin));
} else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"ignoring non-root hint zone '%s'",
zname);
result = ISC_R_SUCCESS;
}
/* Skip ordinary zone processing. */
goto cleanup;
}
/*
* "forward zones" aren't zones either. Translate this syntax into
* the appropriate selective forwarding configuration and return.
*/
if (strcasecmp(ztypestr, "forward") == 0) {
forwardtype = NULL;
forwarders = NULL;
(void)cfg_map_get(zoptions, "forward", &forwardtype);
(void)cfg_map_get(zoptions, "forwarders", &forwarders);
result = configure_forward(config, view, origin, forwarders,
forwardtype);
goto cleanup;
}
/*
* "delegation-only zones" aren't zones either.
*/
if (strcasecmp(ztypestr, "delegation-only") == 0) {
result = dns_view_adddelegationonly(view, origin);
goto cleanup;
}
/*
* Check for duplicates in the new zone table.
*/
result = dns_view_findzone(view, origin, &dupzone);
if (result == ISC_R_SUCCESS) {
/*
* We already have this zone!
*/
cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
"zone '%s' already exists", zname);
dns_zone_detach(&dupzone);
result = ISC_R_EXISTS;
goto cleanup;
}
INSIST(dupzone == NULL);
/*
* See if we can reuse an existing zone. This is
* only possible if all of these are true:
* - The zone's view exists
* - A zone with the right name exists in the view
* - The zone is compatible with the config
* options (e.g., an existing master zone cannot
* be reused if the options specify a slave zone)
*/
result = dns_viewlist_find(&ns_g_server->viewlist,
view->name, view->rdclass,
&pview);
if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
goto cleanup;
if (pview != NULL)
result = dns_view_findzone(pview, origin, &zone);
if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
goto cleanup;
if (zone != NULL && !ns_zone_reusable(zone, zconfig))
dns_zone_detach(&zone);
if (zone != NULL) {
/*
* We found a reusable zone. Make it use the
* new view.
*/
dns_zone_setview(zone, view);
if (view->acache != NULL)
dns_zone_setacache(zone, view->acache);
} else {
/*
* We cannot reuse an existing zone, we have
* to create a new one.
*/
CHECK(dns_zone_create(&zone, mctx));
CHECK(dns_zone_setorigin(zone, origin));
dns_zone_setview(zone, view);
if (view->acache != NULL)
dns_zone_setacache(zone, view->acache);
CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
dns_zone_setstats(zone, ns_g_server->zonestats);
}
/*
* If the zone contains a 'forwarders' statement, configure
* selective forwarding.
*/
forwarders = NULL;
if (cfg_map_get(zoptions, "forwarders", &forwarders) == ISC_R_SUCCESS)
{
forwardtype = NULL;
(void)cfg_map_get(zoptions, "forward", &forwardtype);
CHECK(configure_forward(config, view, origin, forwarders,
forwardtype));
}
/*
* Stub and forward zones may also refer to delegation only points.
*/
only = NULL;
if (cfg_map_get(zoptions, "delegation-only", &only) == ISC_R_SUCCESS)
{
if (cfg_obj_asboolean(only))
CHECK(dns_view_adddelegationonly(view, origin));
}
/*
* Configure the zone.
*/
CHECK(ns_zone_configure(config, vconfig, zconfig, aclconf, zone));
/*
* Add the zone to its view in the new view list.
*/
CHECK(dns_view_addzone(view, zone));
cleanup:
if (zone != NULL)
dns_zone_detach(&zone);
if (pview != NULL)
dns_view_detach(&pview);
return (result);
}
/*
* Configure built-in zone for storing managed-key data.
*/
#define KEYZONE "managed-keys.bind"
#define MKEYS ".mkeys"
static isc_result_t
add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_acl_t *none = NULL;
char filename[PATH_MAX];
char buffer[ISC_SHA256_DIGESTSTRINGLENGTH + sizeof(MKEYS)];
int n;
REQUIRE(view != NULL);
CHECK(dns_zone_create(&zone, mctx));
CHECK(dns_zone_setorigin(zone, dns_rootname));
isc_sha256_data((void *)view->name, strlen(view->name), buffer);
strcat(buffer, MKEYS);
n = snprintf(filename, sizeof(filename), "%s%s%s",
directory ? directory : "", directory ? "/" : "",
strcmp(view->name, "_default") == 0 ? KEYZONE : buffer);
if (n < 0 || (size_t)n >= sizeof(filename)) {
result = (n < 0) ? ISC_R_FAILURE : ISC_R_NOSPACE;
goto cleanup;
}
CHECK(dns_zone_setfile(zone, filename));
dns_zone_setview(zone, view);
dns_zone_settype(zone, dns_zone_key);
dns_zone_setclass(zone, view->rdclass);
CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
if (view->acache != NULL)
dns_zone_setacache(zone, view->acache);
CHECK(dns_acl_none(mctx, &none));
dns_zone_setqueryacl(zone, none);
dns_zone_setqueryonacl(zone, none);
dns_acl_detach(&none);
dns_zone_setdialup(zone, dns_dialuptype_no);
dns_zone_setnotifytype(zone, dns_notifytype_no);
dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, ISC_TRUE);
dns_zone_setjournalsize(zone, 0);
dns_zone_setstats(zone, ns_g_server->zonestats);
CHECK(setquerystats(zone, mctx, ISC_FALSE));
if (view->managed_keys != NULL)
dns_zone_detach(&view->managed_keys);
dns_zone_attach(zone, &view->managed_keys);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"set up managed keys zone for view %s, file '%s'",
view->name, filename);
cleanup:
if (zone != NULL)
dns_zone_detach(&zone);
if (none != NULL)
dns_acl_detach(&none);
return (result);
}
/*
* Configure a single server quota.
*/
static void
configure_server_quota(const cfg_obj_t **maps, const char *name,
isc_quota_t *quota)
{
const cfg_obj_t *obj = NULL;
isc_result_t result;
result = ns_config_get(maps, name, &obj);
INSIST(result == ISC_R_SUCCESS);
isc_quota_max(quota, cfg_obj_asuint32(obj));
}
/*
* This function is called as soon as the 'directory' statement has been
* parsed. This can be extended to support other options if necessary.
*/
static isc_result_t
directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
isc_result_t result;
const char *directory;
REQUIRE(strcasecmp("directory", clausename) == 0);
UNUSED(arg);
UNUSED(clausename);
/*
* Change directory.
*/
directory = cfg_obj_asstring(obj);
if (! isc_file_ischdiridempotent(directory))
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
"option 'directory' contains relative path '%s'",
directory);
result = isc_dir_chdir(directory);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
"change directory to '%s' failed: %s",
directory, isc_result_totext(result));
return (result);
}
return (ISC_R_SUCCESS);
}
static void
scan_interfaces(ns_server_t *server, isc_boolean_t verbose) {
isc_boolean_t match_mapped = server->aclenv.match_mapped;
ns_interfacemgr_scan(server->interfacemgr, verbose);
/*
* Update the "localhost" and "localnets" ACLs to match the
* current set of network interfaces.
*/
dns_aclenv_copy(&server->aclenv,
ns_interfacemgr_getaclenv(server->interfacemgr));
server->aclenv.match_mapped = match_mapped;
}
static isc_result_t
add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr,
isc_boolean_t wcardport_ok)
{
ns_listenelt_t *lelt = NULL;
dns_acl_t *src_acl = NULL;
isc_result_t result;
isc_sockaddr_t any_sa6;
isc_netaddr_t netaddr;
REQUIRE(isc_sockaddr_pf(addr) == AF_INET6);
isc_sockaddr_any6(&any_sa6);
if (!isc_sockaddr_equal(&any_sa6, addr) &&
(wcardport_ok || isc_sockaddr_getport(addr) != 0)) {
isc_netaddr_fromin6(&netaddr, &addr->type.sin6.sin6_addr);
result = dns_acl_create(mctx, 0, &src_acl);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_iptable_addprefix(src_acl->iptable,
&netaddr, 128, ISC_TRUE);
if (result != ISC_R_SUCCESS)
goto clean;
result = ns_listenelt_create(mctx, isc_sockaddr_getport(addr),
src_acl, &lelt);
if (result != ISC_R_SUCCESS)
goto clean;
ISC_LIST_APPEND(list->elts, lelt, link);
}
return (ISC_R_SUCCESS);
clean:
INSIST(lelt == NULL);
dns_acl_detach(&src_acl);
return (result);
}
/*
* Make a list of xxx-source addresses and call ns_interfacemgr_adjust()
* to update the listening interfaces accordingly.
* We currently only consider IPv6, because this only affects IPv6 wildcard
* sockets.
*/
static void
adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
isc_result_t result;
ns_listenlist_t *list = NULL;
dns_view_t *view;
dns_zone_t *zone, *next;
isc_sockaddr_t addr, *addrp;
result = ns_listenlist_create(mctx, &list);
if (result != ISC_R_SUCCESS)
return;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
dns_dispatch_t *dispatch6;
dispatch6 = dns_resolver_dispatchv6(view->resolver);
if (dispatch6 == NULL)
continue;
result = dns_dispatch_getlocaladdress(dispatch6, &addr);
if (result != ISC_R_SUCCESS)
goto fail;
/*
* We always add non-wildcard address regardless of whether
* the port is 'any' (the fourth arg is TRUE): if the port is
* specific, we need to add it since it may conflict with a
* listening interface; if it's zero, we'll dynamically open
* query ports, and some of them may override an existing
* wildcard IPv6 port.
*/
result = add_listenelt(mctx, list, &addr, ISC_TRUE);
if (result != ISC_R_SUCCESS)
goto fail;
}
zone = NULL;
for (result = dns_zone_first(server->zonemgr, &zone);
result == ISC_R_SUCCESS;
next = NULL, result = dns_zone_next(zone, &next), zone = next) {
dns_view_t *zoneview;
/*
* At this point the zone list may contain a stale zone
* just removed from the configuration. To see the validity,
* check if the corresponding view is in our current view list.
* There may also be old zones that are still in the process
* of shutting down and have detached from their old view
* (zoneview == NULL).
*/
zoneview = dns_zone_getview(zone);
if (zoneview == NULL)
continue;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL && view != zoneview;
view = ISC_LIST_NEXT(view, link))
;
if (view == NULL)
continue;
addrp = dns_zone_getnotifysrc6(zone);
result = add_listenelt(mctx, list, addrp, ISC_FALSE);
if (result != ISC_R_SUCCESS)
goto fail;
addrp = dns_zone_getxfrsource6(zone);
result = add_listenelt(mctx, list, addrp, ISC_FALSE);
if (result != ISC_R_SUCCESS)
goto fail;
}
ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE);
clean:
ns_listenlist_detach(&list);
return;
fail:
/*
* Even when we failed the procedure, most of other interfaces
* should work correctly. We therefore just warn it.
*/
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"could not adjust the listen-on list; "
"some interfaces may not work");
goto clean;
}
/*
* This event callback is invoked to do periodic network
* interface scanning.
*/
static void
interface_timer_tick(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
ns_server_t *server = (ns_server_t *) event->ev_arg;
INSIST(task == server->task);
UNUSED(task);
isc_event_free(&event);
/*
* XXX should scan interfaces unlocked and get exclusive access
* only to replace ACLs.
*/
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
scan_interfaces(server, ISC_FALSE);
isc_task_endexclusive(server->task);
}
static void
heartbeat_timer_tick(isc_task_t *task, isc_event_t *event) {
ns_server_t *server = (ns_server_t *) event->ev_arg;
dns_view_t *view;
UNUSED(task);
isc_event_free(&event);
view = ISC_LIST_HEAD(server->viewlist);
while (view != NULL) {
dns_view_dialup(view);
view = ISC_LIST_NEXT(view, link);
}
}
static void
pps_timer_tick(isc_task_t *task, isc_event_t *event) {
static unsigned int oldrequests = 0;
unsigned int requests = ns_client_requests;
UNUSED(task);
isc_event_free(&event);
/*
* Don't worry about wrapping as the overflow result will be right.
*/
dns_pps = (requests - oldrequests) / 1200;
oldrequests = requests;
}
/*
* Replace the current value of '*field', a dynamically allocated
* string or NULL, with a dynamically allocated copy of the
* null-terminated string pointed to by 'value', or NULL.
*/
static isc_result_t
setstring(ns_server_t *server, char **field, const char *value) {
char *copy;
if (value != NULL) {
copy = isc_mem_strdup(server->mctx, value);
if (copy == NULL)
return (ISC_R_NOMEMORY);
} else {
copy = NULL;
}
if (*field != NULL)
isc_mem_free(server->mctx, *field);
*field = copy;
return (ISC_R_SUCCESS);
}
/*
* Replace the current value of '*field', a dynamically allocated
* string or NULL, with another dynamically allocated string
* or NULL if whether 'obj' is a string or void value, respectively.
*/
static isc_result_t
setoptstring(ns_server_t *server, char **field, const cfg_obj_t *obj) {
if (cfg_obj_isvoid(obj))
return (setstring(server, field, NULL));
else
return (setstring(server, field, cfg_obj_asstring(obj)));
}
static void
set_limit(const cfg_obj_t **maps, const char *configname,
const char *description, isc_resource_t resourceid,
isc_resourcevalue_t defaultvalue)
{
const cfg_obj_t *obj = NULL;
const char *resource;
isc_resourcevalue_t value;
isc_result_t result;
if (ns_config_get(maps, configname, &obj) != ISC_R_SUCCESS)
return;
if (cfg_obj_isstring(obj)) {
resource = cfg_obj_asstring(obj);
if (strcasecmp(resource, "unlimited") == 0)
value = ISC_RESOURCE_UNLIMITED;
else {
INSIST(strcasecmp(resource, "default") == 0);
value = defaultvalue;
}
} else
value = cfg_obj_asuint64(obj);
result = isc_resource_setlimit(resourceid, value);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
result == ISC_R_SUCCESS ?
ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
"set maximum %s to %" ISC_PRINT_QUADFORMAT "u: %s",
description, value, isc_result_totext(result));
}
#define SETLIMIT(cfgvar, resource, description) \
set_limit(maps, cfgvar, description, isc_resource_ ## resource, \
ns_g_init ## resource)
static void
set_limits(const cfg_obj_t **maps) {
SETLIMIT("stacksize", stacksize, "stack size");
SETLIMIT("datasize", datasize, "data size");
SETLIMIT("coresize", coresize, "core size");
SETLIMIT("files", openfiles, "open files");
}
static void
portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports,
isc_boolean_t positive)
{
const cfg_listelt_t *element;
for (element = cfg_list_first(ports);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *obj = cfg_listelt_value(element);
if (cfg_obj_isuint32(obj)) {
in_port_t port = (in_port_t)cfg_obj_asuint32(obj);
if (positive)
isc_portset_add(portset, port);
else
isc_portset_remove(portset, port);
} else {
const cfg_obj_t *obj_loport, *obj_hiport;
in_port_t loport, hiport;
obj_loport = cfg_tuple_get(obj, "loport");
loport = (in_port_t)cfg_obj_asuint32(obj_loport);
obj_hiport = cfg_tuple_get(obj, "hiport");
hiport = (in_port_t)cfg_obj_asuint32(obj_hiport);
if (positive)
isc_portset_addrange(portset, loport, hiport);
else {
isc_portset_removerange(portset, loport,
hiport);
}
}
}
}
static isc_result_t
removed(dns_zone_t *zone, void *uap) {
const char *type;
if (dns_zone_getview(zone) != uap)
return (ISC_R_SUCCESS);
switch (dns_zone_gettype(zone)) {
case dns_zone_master:
type = "master";
break;
case dns_zone_slave:
type = "slave";
break;
case dns_zone_stub:
type = "stub";
break;
default:
type = "other";
break;
}
dns_zone_log(zone, ISC_LOG_INFO, "(%s) removed", type);
return (ISC_R_SUCCESS);
}
static void
cleanup_session_key(ns_server_t *server, isc_mem_t *mctx) {
if (server->session_keyfile != NULL) {
isc_file_remove(server->session_keyfile);
isc_mem_free(mctx, server->session_keyfile);
server->session_keyfile = NULL;
}
if (server->session_keyname != NULL) {
if (dns_name_dynamic(server->session_keyname))
dns_name_free(server->session_keyname, mctx);
isc_mem_put(mctx, server->session_keyname, sizeof(dns_name_t));
server->session_keyname = NULL;
}
if (server->sessionkey != NULL)
dns_tsigkey_detach(&server->sessionkey);
server->session_keyalg = DST_ALG_UNKNOWN;
server->session_keybits = 0;
}
static isc_result_t
generate_session_key(const char *filename, const char *keynamestr,
dns_name_t *keyname, const char *algstr,
dns_name_t *algname, unsigned int algtype,
isc_uint16_t bits, isc_mem_t *mctx,
dns_tsigkey_t **tsigkeyp)
{
isc_result_t result = ISC_R_SUCCESS;
dst_key_t *key = NULL;
isc_buffer_t key_txtbuffer;
isc_buffer_t key_rawbuffer;
char key_txtsecret[256];
char key_rawsecret[64];
isc_region_t key_rawregion;
isc_stdtime_t now;
dns_tsigkey_t *tsigkey = NULL;
FILE *fp = NULL;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"generating session key for dynamic DNS");
/* generate key */
result = dst_key_generate(keyname, algtype, bits, 1, 0,
DNS_KEYPROTO_ANY, dns_rdataclass_in,
mctx, &key);
if (result != ISC_R_SUCCESS)
return (result);
/*
* Dump the key to the buffer for later use. Should be done before
* we transfer the ownership of key to tsigkey.
*/
isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
CHECK(dst_key_tobuffer(key, &key_rawbuffer));
isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
CHECK(isc_base64_totext(&key_rawregion, -1, "", &key_txtbuffer));
/* Store the key in tsigkey. */
isc_stdtime_get(&now);
CHECK(dns_tsigkey_createfromkey(dst_key_name(key), algname, key,
ISC_FALSE, NULL, now, now, mctx, NULL,
&tsigkey));
key = NULL; /* ownership of key has been transferred */
/* Dump the key to the key file. */
fp = ns_os_openfile(filename, S_IRUSR|S_IWUSR, ISC_TRUE);
if (fp == NULL) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"could not create %s", filename);
result = ISC_R_NOPERM;
goto cleanup;
}
fprintf(fp, "key \"%s\" {\n"
"\talgorithm %s;\n"
"\tsecret \"%.*s\";\n};\n", keynamestr, algstr,
(int) isc_buffer_usedlength(&key_txtbuffer),
(char*) isc_buffer_base(&key_txtbuffer));
RUNTIME_CHECK(isc_stdio_flush(fp) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_stdio_close(fp) == ISC_R_SUCCESS);
*tsigkeyp = tsigkey;
return (ISC_R_SUCCESS);
cleanup:
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"failed to generate session key "
"for dynamic DNS: %s", isc_result_totext(result));
if (tsigkey != NULL)
dns_tsigkey_detach(&tsigkey);
if (key != NULL)
dst_key_free(&key);
return (result);
}
static isc_result_t
configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
isc_mem_t *mctx)
{
const char *keyfile, *keynamestr, *algstr;
unsigned int algtype;
dns_fixedname_t fname;
dns_name_t *keyname, *algname;
isc_buffer_t buffer;
isc_uint16_t bits;
const cfg_obj_t *obj;
isc_boolean_t need_deleteold = ISC_FALSE;
isc_boolean_t need_createnew = ISC_FALSE;
isc_result_t result;
obj = NULL;
result = ns_config_get(maps, "session-keyfile", &obj);
if (result == ISC_R_SUCCESS) {
if (cfg_obj_isvoid(obj))
keyfile = NULL; /* disable it */
else
keyfile = cfg_obj_asstring(obj);
} else
keyfile = ns_g_defaultsessionkeyfile;
obj = NULL;
result = ns_config_get(maps, "session-keyname", &obj);
INSIST(result == ISC_R_SUCCESS);
keynamestr = cfg_obj_asstring(obj);
dns_fixedname_init(&fname);
isc_buffer_init(&buffer, keynamestr, strlen(keynamestr));
isc_buffer_add(&buffer, strlen(keynamestr));
keyname = dns_fixedname_name(&fname);
result = dns_name_fromtext(keyname, &buffer, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
return (result);
obj = NULL;
result = ns_config_get(maps, "session-keyalg", &obj);
INSIST(result == ISC_R_SUCCESS);
algstr = cfg_obj_asstring(obj);
algname = NULL;
result = ns_config_getkeyalgorithm2(algstr, &algname, &algtype, &bits);
if (result != ISC_R_SUCCESS) {
const char *s = " (keeping current key)";
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR, "session-keyalg: "
"unsupported or unknown algorithm '%s'%s",
algstr,
server->session_keyfile != NULL ? s : "");
return (result);
}
/* See if we need to (re)generate a new key. */
if (keyfile == NULL) {
if (server->session_keyfile != NULL)
need_deleteold = ISC_TRUE;
} else if (server->session_keyfile == NULL)
need_createnew = ISC_TRUE;
else if (strcmp(keyfile, server->session_keyfile) != 0 ||
!dns_name_equal(server->session_keyname, keyname) ||
server->session_keyalg != algtype ||
server->session_keybits != bits) {
need_deleteold = ISC_TRUE;
need_createnew = ISC_TRUE;
}
if (need_deleteold) {
INSIST(server->session_keyfile != NULL);
INSIST(server->session_keyname != NULL);
INSIST(server->sessionkey != NULL);
cleanup_session_key(server, mctx);
}
if (need_createnew) {
INSIST(server->sessionkey == NULL);
INSIST(server->session_keyfile == NULL);
INSIST(server->session_keyname == NULL);
INSIST(server->session_keyalg == DST_ALG_UNKNOWN);
INSIST(server->session_keybits == 0);
server->session_keyname = isc_mem_get(mctx, sizeof(dns_name_t));
if (server->session_keyname == NULL)
goto cleanup;
dns_name_init(server->session_keyname, NULL);
CHECK(dns_name_dup(keyname, mctx, server->session_keyname));
server->session_keyfile = isc_mem_strdup(mctx, keyfile);
if (server->session_keyfile == NULL)
goto cleanup;
server->session_keyalg = algtype;
server->session_keybits = bits;
CHECK(generate_session_key(keyfile, keynamestr, keyname, algstr,
algname, algtype, bits, mctx,
&server->sessionkey));
}
return (result);
cleanup:
cleanup_session_key(server, mctx);
return (result);
}
static isc_result_t
load_configuration(const char *filename, ns_server_t *server,
isc_boolean_t first_time)
{
cfg_aclconfctx_t aclconfctx;
cfg_obj_t *config = NULL, *bindkeys = NULL;
cfg_parser_t *conf_parser = NULL, *bindkeys_parser = NULL;
const cfg_listelt_t *element;
const cfg_obj_t *builtin_views;
const cfg_obj_t *maps[3];
const cfg_obj_t *obj;
const cfg_obj_t *options;
const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports;
const cfg_obj_t *views;
dns_view_t *view = NULL;
dns_view_t *view_next;
dns_viewlist_t tmpviewlist;
dns_viewlist_t viewlist, builtin_viewlist;
in_port_t listen_port, udpport_low, udpport_high;
int i;
isc_interval_t interval;
isc_portset_t *v4portset = NULL;
isc_portset_t *v6portset = NULL;
isc_resourcevalue_t nfiles;
isc_result_t result;
isc_uint32_t heartbeat_interval;
isc_uint32_t interface_interval;
isc_uint32_t reserved;
isc_uint32_t udpsize;
ns_cachelist_t cachelist, tmpcachelist;
unsigned int maxsocks;
ns_cache_t *nsc;
cfg_aclconfctx_init(&aclconfctx);
ISC_LIST_INIT(viewlist);
ISC_LIST_INIT(builtin_viewlist);
ISC_LIST_INIT(cachelist);
/* Ensure exclusive access to configuration data. */
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Parse the global default pseudo-config file.
*/
if (first_time) {
CHECK(ns_config_parsedefaults(ns_g_parser, &ns_g_config));
RUNTIME_CHECK(cfg_map_get(ns_g_config, "options",
&ns_g_defaults) == ISC_R_SUCCESS);
}
/*
* Parse the configuration file using the new config code.
*/
result = ISC_R_FAILURE;
config = NULL;
/*
* Unless this is lwresd with the -C option, parse the config file.
*/
if (!(ns_g_lwresdonly && lwresd_g_useresolvconf)) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "loading configuration from '%s'",
filename);
CHECK(cfg_parser_create(ns_g_mctx, ns_g_lctx, &conf_parser));
cfg_parser_setcallback(conf_parser, directory_callback, NULL);
result = cfg_parse_file(conf_parser, filename,
&cfg_type_namedconf, &config);
}
/*
* If this is lwresd with the -C option, or lwresd with no -C or -c
* option where the above parsing failed, parse resolv.conf.
*/
if (ns_g_lwresdonly &&
(lwresd_g_useresolvconf ||
(!ns_g_conffileset && result == ISC_R_FILENOTFOUND)))
{
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "loading configuration from '%s'",
lwresd_g_resolvconffile);
if (conf_parser != NULL)
cfg_parser_destroy(&conf_parser);
CHECK(cfg_parser_create(ns_g_mctx, ns_g_lctx, &conf_parser));
result = ns_lwresd_parseeresolvconf(ns_g_mctx, conf_parser,
&config);
}
CHECK(result);
/*
* Check the validity of the configuration.
*/
CHECK(bind9_check_namedconf(config, ns_g_lctx, ns_g_mctx));
/*
* Fill in the maps array, used for resolving defaults.
*/
i = 0;
options = NULL;
result = cfg_map_get(config, "options", &options);
if (result == ISC_R_SUCCESS)
maps[i++] = options;
maps[i++] = ns_g_defaults;
maps[i++] = NULL;
/*
* If bind.keys exists, load it. If "dnssec-lookaside auto"
* is turned on, the keys found there will be used as default
* trust anchors.
*/
obj = NULL;
result = ns_config_get(maps, "bindkeys-file", &obj);
INSIST(result == ISC_R_SUCCESS);
CHECKM(setstring(server, &server->bindkeysfile,
cfg_obj_asstring(obj)), "strdup");
if (access(server->bindkeysfile, R_OK) == 0) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"reading built-in trusted "
"keys from file '%s'", server->bindkeysfile);
CHECK(cfg_parser_create(ns_g_mctx, ns_g_lctx,
&bindkeys_parser));
result = cfg_parse_file(bindkeys_parser, server->bindkeysfile,
&cfg_type_bindkeys, &bindkeys);
CHECK(result);
}
/*
* Set process limits, which (usually) needs to be done as root.
*/
set_limits(maps);
/*
* Check if max number of open sockets that the system allows is
* sufficiently large. Failing this condition is not necessarily fatal,
* but may cause subsequent runtime failures for a busy recursive
* server.
*/
result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks);
if (result != ISC_R_SUCCESS)
maxsocks = 0;
result = isc_resource_getcurlimit(isc_resource_openfiles, &nfiles);
if (result == ISC_R_SUCCESS && (isc_resourcevalue_t)maxsocks > nfiles) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"max open files (%" ISC_PRINT_QUADFORMAT "u)"
" is smaller than max sockets (%u)",
nfiles, maxsocks);
}
/*
* Set the number of socket reserved for TCP, stdio etc.
*/
obj = NULL;
result = ns_config_get(maps, "reserved-sockets", &obj);
INSIST(result == ISC_R_SUCCESS);
reserved = cfg_obj_asuint32(obj);
if (maxsocks != 0) {
if (maxsocks < 128U) /* Prevent underflow. */
reserved = 0;
else if (reserved > maxsocks - 128U) /* Minimum UDP space. */
reserved = maxsocks - 128;
}
/* Minimum TCP/stdio space. */
if (reserved < 128U)
reserved = 128;
if (reserved + 128U > maxsocks && maxsocks != 0) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"less than 128 UDP sockets available after "
"applying 'reserved-sockets' and 'maxsockets'");
}
isc__socketmgr_setreserved(ns_g_socketmgr, reserved);
/*
* Configure various server options.
*/
configure_server_quota(maps, "transfers-out", &server->xfroutquota);
configure_server_quota(maps, "tcp-clients", &server->tcpquota);
configure_server_quota(maps, "recursive-clients",
&server->recursionquota);
if (server->recursionquota.max > 1000)
isc_quota_soft(&server->recursionquota,
server->recursionquota.max - 100);
else
isc_quota_soft(&server->recursionquota, 0);
CHECK(configure_view_acl(NULL, config, "blackhole", NULL, &aclconfctx,
ns_g_mctx, &server->blackholeacl));
if (server->blackholeacl != NULL)
dns_dispatchmgr_setblackhole(ns_g_dispatchmgr,
server->blackholeacl);
obj = NULL;
result = ns_config_get(maps, "match-mapped-addresses", &obj);
INSIST(result == ISC_R_SUCCESS);
server->aclenv.match_mapped = cfg_obj_asboolean(obj);
CHECKM(ns_statschannels_configure(ns_g_server, config, &aclconfctx),
"configuring statistics server(s)");
/*
* Configure sets of UDP query source ports.
*/
CHECKM(isc_portset_create(ns_g_mctx, &v4portset),
"creating UDP port set");
CHECKM(isc_portset_create(ns_g_mctx, &v6portset),
"creating UDP port set");
usev4ports = NULL;
usev6ports = NULL;
avoidv4ports = NULL;
avoidv6ports = NULL;
(void)ns_config_get(maps, "use-v4-udp-ports", &usev4ports);
if (usev4ports != NULL)
portset_fromconf(v4portset, usev4ports, ISC_TRUE);
else {
CHECKM(isc_net_getudpportrange(AF_INET, &udpport_low,
&udpport_high),
"get the default UDP/IPv4 port range");
if (udpport_low == udpport_high)
isc_portset_add(v4portset, udpport_low);
else {
isc_portset_addrange(v4portset, udpport_low,
udpport_high);
}
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"using default UDP/IPv4 port range: [%d, %d]",
udpport_low, udpport_high);
}
(void)ns_config_get(maps, "avoid-v4-udp-ports", &avoidv4ports);
if (avoidv4ports != NULL)
portset_fromconf(v4portset, avoidv4ports, ISC_FALSE);
(void)ns_config_get(maps, "use-v6-udp-ports", &usev6ports);
if (usev6ports != NULL)
portset_fromconf(v6portset, usev6ports, ISC_TRUE);
else {
CHECKM(isc_net_getudpportrange(AF_INET6, &udpport_low,
&udpport_high),
"get the default UDP/IPv6 port range");
if (udpport_low == udpport_high)
isc_portset_add(v6portset, udpport_low);
else {
isc_portset_addrange(v6portset, udpport_low,
udpport_high);
}
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"using default UDP/IPv6 port range: [%d, %d]",
udpport_low, udpport_high);
}
(void)ns_config_get(maps, "avoid-v6-udp-ports", &avoidv6ports);
if (avoidv6ports != NULL)
portset_fromconf(v6portset, avoidv6ports, ISC_FALSE);
dns_dispatchmgr_setavailports(ns_g_dispatchmgr, v4portset, v6portset);
/*
* Set the EDNS UDP size when we don't match a view.
*/
obj = NULL;
result = ns_config_get(maps, "edns-udp-size", &obj);
INSIST(result == ISC_R_SUCCESS);
udpsize = cfg_obj_asuint32(obj);
if (udpsize < 512)
udpsize = 512;
if (udpsize > 4096)
udpsize = 4096;
ns_g_udpsize = (isc_uint16_t)udpsize;
/*
* Configure the zone manager.
*/
obj = NULL;
result = ns_config_get(maps, "transfers-in", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_zonemgr_settransfersin(server->zonemgr, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "transfers-per-ns", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_zonemgr_settransfersperns(server->zonemgr, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "serial-query-rate", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_zonemgr_setserialqueryrate(server->zonemgr, cfg_obj_asuint32(obj));
/*
* Determine which port to use for listening for incoming connections.
*/
if (ns_g_port != 0)
listen_port = ns_g_port;
else
CHECKM(ns_config_getport(config, &listen_port), "port");
/*
* Find the listen queue depth.
*/
obj = NULL;
result = ns_config_get(maps, "tcp-listen-queue", &obj);
INSIST(result == ISC_R_SUCCESS);
ns_g_listen = cfg_obj_asuint32(obj);
if (ns_g_listen < 3)
ns_g_listen = 3;
/*
* Configure the interface manager according to the "listen-on"
* statement.
*/
{
const cfg_obj_t *clistenon = NULL;
ns_listenlist_t *listenon = NULL;
clistenon = NULL;
/*
* Even though listen-on is present in the default
* configuration, we can't use it here, since it isn't
* used if we're in lwresd mode. This way is easier.
*/
if (options != NULL)
(void)cfg_map_get(options, "listen-on", &clistenon);
if (clistenon != NULL) {
result = ns_listenlist_fromconfig(clistenon,
config,
&aclconfctx,
ns_g_mctx,
&listenon);
} else if (!ns_g_lwresdonly) {
/*
* Not specified, use default.
*/
CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
ISC_TRUE, &listenon));
}
if (listenon != NULL) {
ns_interfacemgr_setlistenon4(server->interfacemgr,
listenon);
ns_listenlist_detach(&listenon);
}
}
/*
* Ditto for IPv6.
*/
{
const cfg_obj_t *clistenon = NULL;
ns_listenlist_t *listenon = NULL;
if (options != NULL)
(void)cfg_map_get(options, "listen-on-v6", &clistenon);
if (clistenon != NULL) {
result = ns_listenlist_fromconfig(clistenon,
config,
&aclconfctx,
ns_g_mctx,
&listenon);
} else if (!ns_g_lwresdonly) {
isc_boolean_t enable;
/*
* Not specified, use default.
*/
enable = ISC_TF(isc_net_probeipv4() != ISC_R_SUCCESS);
CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
enable, &listenon));
}
if (listenon != NULL) {
ns_interfacemgr_setlistenon6(server->interfacemgr,
listenon);
ns_listenlist_detach(&listenon);
}
}
/* Are we preserving config for adding zones dynamically? */
obj = NULL;
result = cfg_map_get(options, "new-zone-file", &obj);
if (obj && nzf_option == NULL) {
nzf_file = cfg_obj_asstring(obj);
if (nzf_file && *nzf_file) {
/* Remember this configuration */
nzf_option = config;
}
}
/*
* Rescan the interface list to pick up changes in the
* listen-on option. It's important that we do this before we try
* to configure the query source, since the dispatcher we use might
* be shared with an interface.
*/
scan_interfaces(server, ISC_TRUE);
/*
* Arrange for further interface scanning to occur periodically
* as specified by the "interface-interval" option.
*/
obj = NULL;
result = ns_config_get(maps, "interface-interval", &obj);
INSIST(result == ISC_R_SUCCESS);
interface_interval = cfg_obj_asuint32(obj) * 60;
if (interface_interval == 0) {
CHECK(isc_timer_reset(server->interface_timer,
isc_timertype_inactive,
NULL, NULL, ISC_TRUE));
} else if (server->interface_interval != interface_interval) {
isc_interval_set(&interval, interface_interval, 0);
CHECK(isc_timer_reset(server->interface_timer,
isc_timertype_ticker,
NULL, &interval, ISC_FALSE));
}
server->interface_interval = interface_interval;
/*
* Configure the dialup heartbeat timer.
*/
obj = NULL;
result = ns_config_get(maps, "heartbeat-interval", &obj);
INSIST(result == ISC_R_SUCCESS);
heartbeat_interval = cfg_obj_asuint32(obj) * 60;
if (heartbeat_interval == 0) {
CHECK(isc_timer_reset(server->heartbeat_timer,
isc_timertype_inactive,
NULL, NULL, ISC_TRUE));
} else if (server->heartbeat_interval != heartbeat_interval) {
isc_interval_set(&interval, heartbeat_interval, 0);
CHECK(isc_timer_reset(server->heartbeat_timer,
isc_timertype_ticker,
NULL, &interval, ISC_FALSE));
}
server->heartbeat_interval = heartbeat_interval;
isc_interval_set(&interval, 1200, 0);
CHECK(isc_timer_reset(server->pps_timer, isc_timertype_ticker, NULL,
&interval, ISC_FALSE));
/*
* Write the PID file.
*/
obj = NULL;
if (ns_config_get(maps, "pid-file", &obj) == ISC_R_SUCCESS)
if (cfg_obj_isvoid(obj))
ns_os_writepidfile(NULL, first_time);
else
ns_os_writepidfile(cfg_obj_asstring(obj), first_time);
else if (ns_g_lwresdonly)
ns_os_writepidfile(lwresd_g_defaultpidfile, first_time);
else
ns_os_writepidfile(ns_g_defaultpidfile, first_time);
/*
* Configure the server-wide session key. This must be done before
* configure views because zone configuration may need to know
* session-keyname.
*
* Failure of session key generation isn't fatal at this time; if it
* turns out that a session key is really needed but doesn't exist,
* we'll treat it as a fatal error then.
*/
(void)configure_session_key(maps, server, ns_g_mctx);
/*
* Configure and freeze all explicit views. Explicit
* views that have zones were already created at parsing
* time, but views with no zones must be created here.
*/
views = NULL;
(void)cfg_map_get(config, "view", &views);
for (element = cfg_list_first(views);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *vconfig = cfg_listelt_value(element);
view = NULL;
CHECK(create_view(vconfig, &viewlist, &view));
INSIST(view != NULL);
CHECK(configure_view(view, config, vconfig,
&cachelist, bindkeys,
ns_g_mctx, &aclconfctx, ISC_TRUE));
if (vconfig != NULL) {
/*
* Are we preserving config for dynamically added
* zones?
*/
const cfg_obj_t *voptions;
voptions = cfg_tuple_get(vconfig, "options");
obj = NULL;
result = cfg_map_get(voptions, "new-zone-file", &obj);
if (obj && nzf_option == NULL)
nzf_option = config;
}
dns_view_freeze(view);
dns_view_detach(&view);
}
/*
* Make sure we have a default view if and only if there
* were no explicit views.
*/
if (views == NULL) {
/*
* No explicit views; there ought to be a default view.
* There may already be one created as a side effect
* of zone statements, or we may have to create one.
* In either case, we need to configure and freeze it.
*/
CHECK(create_view(NULL, &viewlist, &view));
CHECK(configure_view(view, config, NULL,
&cachelist, bindkeys,
ns_g_mctx, &aclconfctx, ISC_TRUE));
dns_view_freeze(view);
dns_view_detach(&view);
}
/*
* Create (or recreate) the built-in views.
*/
builtin_views = NULL;
RUNTIME_CHECK(cfg_map_get(ns_g_config, "view",
&builtin_views) == ISC_R_SUCCESS);
for (element = cfg_list_first(builtin_views);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *vconfig = cfg_listelt_value(element);
CHECK(create_view(vconfig, &builtin_viewlist, &view));
CHECK(configure_view(view, config, vconfig,
&cachelist, bindkeys,
ns_g_mctx, &aclconfctx, ISC_FALSE));
dns_view_freeze(view);
dns_view_detach(&view);
view = NULL;
}
/* Now combine the two viewlists into one */
ISC_LIST_APPENDLIST(viewlist, builtin_viewlist, link);
/* Swap our new view list with the production one. */
tmpviewlist = server->viewlist;
server->viewlist = viewlist;
viewlist = tmpviewlist;
/* Make the view list available to each of the views */
view = ISC_LIST_HEAD(server->viewlist);
while (view != NULL) {
view->viewlist = &server->viewlist;
view = ISC_LIST_NEXT(view, link);
}
/* Swap our new cache list with the production one. */
tmpcachelist = server->cachelist;
server->cachelist = cachelist;
cachelist = tmpcachelist;
/* Load the TKEY information from the configuration. */
if (options != NULL) {
dns_tkeyctx_t *t = NULL;
CHECKM(ns_tkeyctx_fromconfig(options, ns_g_mctx, ns_g_entropy,
&t),
"configuring TKEY");
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
server->tkeyctx = t;
}
/*
* Bind the control port(s).
*/
CHECKM(ns_controls_configure(ns_g_server->controls, config,
&aclconfctx),
"binding control channel(s)");
/*
* Bind the lwresd port(s).
*/
CHECKM(ns_lwresd_configure(ns_g_mctx, config),
"binding lightweight resolver ports");
/*
* Open the source of entropy.
*/
if (first_time) {
obj = NULL;
result = ns_config_get(maps, "random-device", &obj);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"no source of entropy found");
} else {
const char *randomdev = cfg_obj_asstring(obj);
result = isc_entropy_createfilesource(ns_g_entropy,
randomdev);
if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_INFO,
"could not open entropy source "
"%s: %s",
randomdev,
isc_result_totext(result));
#ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) {
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_INFO,
"using pre-chroot entropy source "
"%s",
PATH_RANDOMDEV);
isc_entropy_detach(&ns_g_entropy);
isc_entropy_attach(ns_g_fallbackentropy,
&ns_g_entropy);
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
#endif
}
}
/*
* Relinquish root privileges.
*/
if (first_time)
ns_os_changeuser();
/*
* Check that the working directory is writable.
*/
if (access(".", W_OK) != 0) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"the working directory is not writable");
}
/*
* Configure the logging system.
*
* Do this after changing UID to make sure that any log
* files specified in named.conf get created by the
* unprivileged user, not root.
*/
if (ns_g_logstderr) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"ignoring config file logging "
"statement due to -g option");
} else {
const cfg_obj_t *logobj = NULL;
isc_logconfig_t *logc = NULL;
CHECKM(isc_logconfig_create(ns_g_lctx, &logc),
"creating new logging configuration");
logobj = NULL;
(void)cfg_map_get(config, "logging", &logobj);
if (logobj != NULL) {
CHECKM(ns_log_configure(logc, logobj),
"configuring logging");
} else {
CHECKM(ns_log_setdefaultchannels(logc),
"setting up default logging channels");
CHECKM(ns_log_setunmatchedcategory(logc),
"setting up default 'category unmatched'");
CHECKM(ns_log_setdefaultcategory(logc),
"setting up default 'category default'");
}
result = isc_logconfig_use(ns_g_lctx, logc);
if (result != ISC_R_SUCCESS) {
isc_logconfig_destroy(&logc);
CHECKM(result, "installing logging configuration");
}
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
"now using logging configuration from "
"config file");
}
/*
* Set the default value of the query logging flag depending
* whether a "queries" category has been defined. This is
* a disgusting hack, but we need to do this for BIND 8
* compatibility.
*/
if (first_time) {
const cfg_obj_t *logobj = NULL;
const cfg_obj_t *categories = NULL;
obj = NULL;
if (ns_config_get(maps, "querylog", &obj) == ISC_R_SUCCESS) {
server->log_queries = cfg_obj_asboolean(obj);
} else {
(void)cfg_map_get(config, "logging", &logobj);
if (logobj != NULL)
(void)cfg_map_get(logobj, "category",
&categories);
if (categories != NULL) {
const cfg_listelt_t *element;
for (element = cfg_list_first(categories);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *catobj;
const char *str;
obj = cfg_listelt_value(element);
catobj = cfg_tuple_get(obj, "name");
str = cfg_obj_asstring(catobj);
if (strcasecmp(str, "queries") == 0)
server->log_queries = ISC_TRUE;
}
}
}
}
obj = NULL;
if (options != NULL &&
cfg_map_get(options, "memstatistics", &obj) == ISC_R_SUCCESS)
ns_g_memstatistics = cfg_obj_asboolean(obj);
else
ns_g_memstatistics =
ISC_TF((isc_mem_debugging & ISC_MEM_DEBUGRECORD) != 0);
obj = NULL;
if (ns_config_get(maps, "memstatistics-file", &obj) == ISC_R_SUCCESS)
ns_main_setmemstats(cfg_obj_asstring(obj));
else if (ns_g_memstatistics)
ns_main_setmemstats("named.memstats");
else
ns_main_setmemstats(NULL);
obj = NULL;
result = ns_config_get(maps, "statistics-file", &obj);
INSIST(result == ISC_R_SUCCESS);
CHECKM(setstring(server, &server->statsfile, cfg_obj_asstring(obj)),
"strdup");
obj = NULL;
result = ns_config_get(maps, "dump-file", &obj);
INSIST(result == ISC_R_SUCCESS);
CHECKM(setstring(server, &server->dumpfile, cfg_obj_asstring(obj)),
"strdup");
obj = NULL;
result = ns_config_get(maps, "secroots-file", &obj);
INSIST(result == ISC_R_SUCCESS);
CHECKM(setstring(server, &server->secrootsfile, cfg_obj_asstring(obj)),
"strdup");
obj = NULL;
result = ns_config_get(maps, "recursing-file", &obj);
INSIST(result == ISC_R_SUCCESS);
CHECKM(setstring(server, &server->recfile, cfg_obj_asstring(obj)),
"strdup");
obj = NULL;
result = ns_config_get(maps, "version", &obj);
if (result == ISC_R_SUCCESS) {
CHECKM(setoptstring(server, &server->version, obj), "strdup");
server->version_set = ISC_TRUE;
} else {
server->version_set = ISC_FALSE;
}
obj = NULL;
result = ns_config_get(maps, "hostname", &obj);
if (result == ISC_R_SUCCESS) {
CHECKM(setoptstring(server, &server->hostname, obj), "strdup");
server->hostname_set = ISC_TRUE;
} else {
server->hostname_set = ISC_FALSE;
}
obj = NULL;
result = ns_config_get(maps, "server-id", &obj);
server->server_usehostname = ISC_FALSE;
if (result == ISC_R_SUCCESS && cfg_obj_isboolean(obj)) {
/* The parser translates "hostname" to ISC_TRUE */
server->server_usehostname = cfg_obj_asboolean(obj);
result = setstring(server, &server->server_id, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
} else if (result == ISC_R_SUCCESS) {
/* Found a quoted string */
CHECKM(setoptstring(server, &server->server_id, obj), "strdup");
} else {
result = setstring(server, &server->server_id, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
}
obj = NULL;
result = ns_config_get(maps, "flush-zones-on-shutdown", &obj);
if (result == ISC_R_SUCCESS) {
server->flushonshutdown = cfg_obj_asboolean(obj);
} else {
server->flushonshutdown = ISC_FALSE;
}
result = ISC_R_SUCCESS;
cleanup:
if (v4portset != NULL)
isc_portset_destroy(ns_g_mctx, &v4portset);
if (v6portset != NULL)
isc_portset_destroy(ns_g_mctx, &v6portset);
/* Preserve config, we'll need it when adding zones */
if (nzf_option != NULL) {
nzf_parser = conf_parser;
conf_parser = NULL;
nzf_config = config;
config = NULL;
memcpy(&nzf_actx, &aclconfctx, sizeof(cfg_aclconfctx_t));
} else {
cfg_aclconfctx_destroy(&aclconfctx);
}
if (conf_parser != NULL) {
if (config != NULL)
cfg_obj_destroy(conf_parser, &config);
cfg_parser_destroy(&conf_parser);
}
if (bindkeys_parser != NULL) {
if (bindkeys != NULL)
cfg_obj_destroy(bindkeys_parser, &bindkeys);
cfg_parser_destroy(&bindkeys_parser);
}
if (view != NULL)
dns_view_detach(&view);
/*
* This cleans up either the old production view list
* or our temporary list depending on whether they
* were swapped above or not.
*/
for (view = ISC_LIST_HEAD(viewlist);
view != NULL;
view = view_next) {
view_next = ISC_LIST_NEXT(view, link);
ISC_LIST_UNLINK(viewlist, view, link);
if (result == ISC_R_SUCCESS &&
strcmp(view->name, "_bind") != 0)
(void)dns_zt_apply(view->zonetable, ISC_FALSE,
removed, view);
dns_view_detach(&view);
}
/* Same cleanup for cache list. */
while ((nsc = ISC_LIST_HEAD(cachelist)) != NULL) {
ISC_LIST_UNLINK(cachelist, nsc, link);
dns_cache_detach(&nsc->cache);
isc_mem_put(server->mctx, nsc, sizeof(*nsc));
}
/*
* Adjust the listening interfaces in accordance with the source
* addresses specified in views and zones.
*/
if (isc_net_probeipv6() == ISC_R_SUCCESS)
adjust_interfaces(server, ns_g_mctx);
/* Relinquish exclusive access to configuration data. */
isc_task_endexclusive(server->task);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_DEBUG(1), "load_configuration: %s",
isc_result_totext(result));
return (result);
}
static isc_result_t
load_zones(ns_server_t *server, isc_boolean_t stop) {
isc_result_t result;
dns_view_t *view;
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Load zone data from disk.
*/
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
CHECK(dns_view_load(view, stop));
if (view->managed_keys != NULL)
CHECK(dns_zone_load(view->managed_keys));
}
/*
* Force zone maintenance. Do this after loading
* so that we know when we need to force AXFR of
* slave zones whose master files are missing.
*/
CHECK(dns_zonemgr_forcemaint(server->zonemgr));
cleanup:
isc_task_endexclusive(server->task);
return (result);
}
static isc_result_t
load_new_zones(ns_server_t *server, isc_boolean_t stop) {
isc_result_t result;
dns_view_t *view;
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Load zone data from disk.
*/
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
CHECK(dns_view_loadnew(view, stop));
}
/*
* Force zone maintenance. Do this after loading
* so that we know when we need to force AXFR of
* slave zones whose master files are missing.
*/
dns_zonemgr_resumexfrs(server->zonemgr);
cleanup:
isc_task_endexclusive(server->task);
return (result);
}
static void
run_server(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
ns_server_t *server = (ns_server_t *)event->ev_arg;
INSIST(task == server->task);
isc_event_free(&event);
CHECKFATAL(dns_dispatchmgr_create(ns_g_mctx, ns_g_entropy,
&ns_g_dispatchmgr),
"creating dispatch manager");
dns_dispatchmgr_setstats(ns_g_dispatchmgr, server->resolverstats);
CHECKFATAL(ns_interfacemgr_create(ns_g_mctx, ns_g_taskmgr,
ns_g_socketmgr, ns_g_dispatchmgr,
&server->interfacemgr),
"creating interface manager");
CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive,
NULL, NULL, server->task,
interface_timer_tick,
server, &server->interface_timer),
"creating interface timer");
CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive,
NULL, NULL, server->task,
heartbeat_timer_tick,
server, &server->heartbeat_timer),
"creating heartbeat timer");
CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive,
NULL, NULL, server->task, pps_timer_tick,
server, &server->pps_timer),
"creating pps timer");
CHECKFATAL(cfg_parser_create(ns_g_mctx, NULL, &ns_g_parser),
"creating default configuration parser");
if (ns_g_lwresdonly)
CHECKFATAL(load_configuration(lwresd_g_conffile, server,
ISC_TRUE),
"loading configuration");
else
CHECKFATAL(load_configuration(ns_g_conffile, server, ISC_TRUE),
"loading configuration");
isc_hash_init();
CHECKFATAL(load_zones(server, ISC_FALSE), "loading zones");
ns_os_started();
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_NOTICE, "running");
}
void
ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) {
REQUIRE(NS_SERVER_VALID(server));
server->flushonshutdown = flush;
}
static void
shutdown_server(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
dns_view_t *view, *view_next;
ns_server_t *server = (ns_server_t *)event->ev_arg;
isc_boolean_t flush = server->flushonshutdown;
ns_cache_t *nsc;
UNUSED(task);
INSIST(task == server->task);
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "shutting down%s",
flush ? ": flushing changes" : "");
ns_statschannels_shutdown(server);
ns_controls_shutdown(server->controls);
end_reserved_dispatches(server, ISC_TRUE);
cleanup_session_key(server, server->mctx);
cfg_obj_destroy(ns_g_parser, &ns_g_config);
cfg_parser_destroy(&ns_g_parser);
if (nzf_config) {
cfg_aclconfctx_destroy(&nzf_actx);
cfg_obj_destroy(nzf_parser, &nzf_config);
cfg_parser_destroy(&nzf_parser);
}
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = view_next) {
view_next = ISC_LIST_NEXT(view, link);
ISC_LIST_UNLINK(server->viewlist, view, link);
if (flush)
dns_view_flushanddetach(&view);
else
dns_view_detach(&view);
}
while ((nsc = ISC_LIST_HEAD(server->cachelist)) != NULL) {
ISC_LIST_UNLINK(server->cachelist, nsc, link);
dns_cache_detach(&nsc->cache);
isc_mem_put(server->mctx, nsc, sizeof(*nsc));
}
isc_timer_detach(&server->interface_timer);
isc_timer_detach(&server->heartbeat_timer);
isc_timer_detach(&server->pps_timer);
ns_interfacemgr_shutdown(server->interfacemgr);
ns_interfacemgr_detach(&server->interfacemgr);
dns_dispatchmgr_destroy(&ns_g_dispatchmgr);
dns_zonemgr_shutdown(server->zonemgr);
if (ns_g_sessionkey != NULL) {
dns_tsigkey_detach(&ns_g_sessionkey);
dns_name_free(&ns_g_sessionkeyname, server->mctx);
}
if (server->blackholeacl != NULL)
dns_acl_detach(&server->blackholeacl);
dns_db_detach(&server->in_roothints);
isc_task_endexclusive(server->task);
isc_task_detach(&server->task);
isc_event_free(&event);
}
void
ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
isc_result_t result;
ns_server_t *server = isc_mem_get(mctx, sizeof(*server));
if (server == NULL)
fatal("allocating server object", ISC_R_NOMEMORY);
server->mctx = mctx;
server->task = NULL;
/* Initialize configuration data with default values. */
result = isc_quota_init(&server->xfroutquota, 10);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = isc_quota_init(&server->tcpquota, 10);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = isc_quota_init(&server->recursionquota, 100);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = dns_aclenv_init(mctx, &server->aclenv);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/* Initialize server data structures. */
server->zonemgr = NULL;
server->interfacemgr = NULL;
ISC_LIST_INIT(server->viewlist);
server->in_roothints = NULL;
server->blackholeacl = NULL;
CHECKFATAL(dns_rootns_create(mctx, dns_rdataclass_in, NULL,
&server->in_roothints),
"setting up root hints");
CHECKFATAL(isc_mutex_init(&server->reload_event_lock),
"initializing reload event lock");
server->reload_event =
isc_event_allocate(ns_g_mctx, server,
NS_EVENT_RELOAD,
ns_server_reload,
server,
sizeof(isc_event_t));
CHECKFATAL(server->reload_event == NULL ?
ISC_R_NOMEMORY : ISC_R_SUCCESS,
"allocating reload event");
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
ns_g_engine, ISC_ENTROPY_GOODONLY),
"initializing DST");
server->tkeyctx = NULL;
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx),
"creating TKEY context");
/*
* Setup the server task, which is responsible for coordinating
* startup and shutdown of the server.
*/
CHECKFATAL(isc_task_create(ns_g_taskmgr, 0, &server->task),
"creating server task");
isc_task_setname(server->task, "server", server);
CHECKFATAL(isc_task_onshutdown(server->task, shutdown_server, server),
"isc_task_onshutdown");
CHECKFATAL(isc_app_onrun(ns_g_mctx, server->task, run_server, server),
"isc_app_onrun");
server->interface_timer = NULL;
server->heartbeat_timer = NULL;
server->pps_timer = NULL;
server->interface_interval = 0;
server->heartbeat_interval = 0;
CHECKFATAL(dns_zonemgr_create(ns_g_mctx, ns_g_taskmgr, ns_g_timermgr,
ns_g_socketmgr, &server->zonemgr),
"dns_zonemgr_create");
server->statsfile = isc_mem_strdup(server->mctx, "named.stats");
CHECKFATAL(server->statsfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
"isc_mem_strdup");
server->nsstats = NULL;
server->rcvquerystats = NULL;
server->opcodestats = NULL;
server->zonestats = NULL;
server->resolverstats = NULL;
server->sockstats = NULL;
CHECKFATAL(isc_stats_create(server->mctx, &server->sockstats,
isc_sockstatscounter_max),
"isc_stats_create");
isc_socketmgr_setstats(ns_g_socketmgr, server->sockstats);
server->bindkeysfile = isc_mem_strdup(server->mctx, "bind.keys");
CHECKFATAL(server->bindkeysfile == NULL ? ISC_R_NOMEMORY :
ISC_R_SUCCESS,
"isc_mem_strdup");
server->dumpfile = isc_mem_strdup(server->mctx, "named_dump.db");
CHECKFATAL(server->dumpfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
"isc_mem_strdup");
server->secrootsfile = isc_mem_strdup(server->mctx, "named.secroots");
CHECKFATAL(server->secrootsfile == NULL ? ISC_R_NOMEMORY :
ISC_R_SUCCESS,
"isc_mem_strdup");
server->recfile = isc_mem_strdup(server->mctx, "named.recursing");
CHECKFATAL(server->recfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
"isc_mem_strdup");
server->hostname_set = ISC_FALSE;
server->hostname = NULL;
server->version_set = ISC_FALSE;
server->version = NULL;
server->server_usehostname = ISC_FALSE;
server->server_id = NULL;
CHECKFATAL(isc_stats_create(ns_g_mctx, &server->nsstats,
dns_nsstatscounter_max),
"dns_stats_create (server)");
CHECKFATAL(dns_rdatatypestats_create(ns_g_mctx,
&server->rcvquerystats),
"dns_stats_create (rcvquery)");
CHECKFATAL(dns_opcodestats_create(ns_g_mctx, &server->opcodestats),
"dns_stats_create (opcode)");
CHECKFATAL(isc_stats_create(ns_g_mctx, &server->zonestats,
dns_zonestatscounter_max),
"dns_stats_create (zone)");
CHECKFATAL(isc_stats_create(ns_g_mctx, &server->resolverstats,
dns_resstatscounter_max),
"dns_stats_create (resolver)");
server->flushonshutdown = ISC_FALSE;
server->log_queries = ISC_FALSE;
server->controls = NULL;
CHECKFATAL(ns_controls_create(server, &server->controls),
"ns_controls_create");
server->dispatchgen = 0;
ISC_LIST_INIT(server->dispatches);
ISC_LIST_INIT(server->statschannels);
ISC_LIST_INIT(server->cachelist);
server->sessionkey = NULL;
server->session_keyfile = NULL;
server->session_keyname = NULL;
server->session_keyalg = DST_ALG_UNKNOWN;
server->session_keybits = 0;
server->magic = NS_SERVER_MAGIC;
*serverp = server;
}
void
ns_server_destroy(ns_server_t **serverp) {
ns_server_t *server = *serverp;
REQUIRE(NS_SERVER_VALID(server));
ns_controls_destroy(&server->controls);
isc_stats_detach(&server->nsstats);
dns_stats_detach(&server->rcvquerystats);
dns_stats_detach(&server->opcodestats);
isc_stats_detach(&server->zonestats);
isc_stats_detach(&server->resolverstats);
isc_stats_detach(&server->sockstats);
isc_mem_free(server->mctx, server->statsfile);
isc_mem_free(server->mctx, server->bindkeysfile);
isc_mem_free(server->mctx, server->dumpfile);
isc_mem_free(server->mctx, server->secrootsfile);
isc_mem_free(server->mctx, server->recfile);
if (server->version != NULL)
isc_mem_free(server->mctx, server->version);
if (server->hostname != NULL)
isc_mem_free(server->mctx, server->hostname);
if (server->server_id != NULL)
isc_mem_free(server->mctx, server->server_id);
dns_zonemgr_detach(&server->zonemgr);
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
dst_lib_destroy();
isc_event_free(&server->reload_event);
INSIST(ISC_LIST_EMPTY(server->viewlist));
INSIST(ISC_LIST_EMPTY(server->cachelist));
dns_aclenv_destroy(&server->aclenv);
isc_quota_destroy(&server->recursionquota);
isc_quota_destroy(&server->tcpquota);
isc_quota_destroy(&server->xfroutquota);
server->magic = 0;
isc_mem_put(server->mctx, server, sizeof(*server));
*serverp = NULL;
}
static void
fatal(const char *msg, isc_result_t result) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_CRITICAL, "%s: %s", msg,
isc_result_totext(result));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_CRITICAL, "exiting (due to fatal error)");
exit(1);
}
static void
start_reserved_dispatches(ns_server_t *server) {
REQUIRE(NS_SERVER_VALID(server));
server->dispatchgen++;
}
static void
end_reserved_dispatches(ns_server_t *server, isc_boolean_t all) {
ns_dispatch_t *dispatch, *nextdispatch;
REQUIRE(NS_SERVER_VALID(server));
for (dispatch = ISC_LIST_HEAD(server->dispatches);
dispatch != NULL;
dispatch = nextdispatch) {
nextdispatch = ISC_LIST_NEXT(dispatch, link);
if (!all && server->dispatchgen == dispatch-> dispatchgen)
continue;
ISC_LIST_UNLINK(server->dispatches, dispatch, link);
dns_dispatch_detach(&dispatch->dispatch);
isc_mem_put(server->mctx, dispatch, sizeof(*dispatch));
}
}
void
ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) {
ns_dispatch_t *dispatch;
in_port_t port;
char addrbuf[ISC_SOCKADDR_FORMATSIZE];
isc_result_t result;
unsigned int attrs, attrmask;
REQUIRE(NS_SERVER_VALID(server));
port = isc_sockaddr_getport(addr);
if (port == 0 || port >= 1024)
return;
for (dispatch = ISC_LIST_HEAD(server->dispatches);
dispatch != NULL;
dispatch = ISC_LIST_NEXT(dispatch, link)) {
if (isc_sockaddr_equal(&dispatch->addr, addr))
break;
}
if (dispatch != NULL) {
dispatch->dispatchgen = server->dispatchgen;
return;
}
dispatch = isc_mem_get(server->mctx, sizeof(*dispatch));
if (dispatch == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
dispatch->addr = *addr;
dispatch->dispatchgen = server->dispatchgen;
dispatch->dispatch = NULL;
attrs = 0;
attrs |= DNS_DISPATCHATTR_UDP;
switch (isc_sockaddr_pf(addr)) {
case AF_INET:
attrs |= DNS_DISPATCHATTR_IPV4;
break;
case AF_INET6:
attrs |= DNS_DISPATCHATTR_IPV6;
break;
default:
result = ISC_R_NOTIMPLEMENTED;
goto cleanup;
}
attrmask = 0;
attrmask |= DNS_DISPATCHATTR_UDP;
attrmask |= DNS_DISPATCHATTR_TCP;
attrmask |= DNS_DISPATCHATTR_IPV4;
attrmask |= DNS_DISPATCHATTR_IPV6;
result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
ns_g_taskmgr, &dispatch->addr, 4096,
1000, 32768, 16411, 16433,
attrs, attrmask, &dispatch->dispatch);
if (result != ISC_R_SUCCESS)
goto cleanup;
ISC_LIST_INITANDPREPEND(server->dispatches, dispatch, link);
return;
cleanup:
if (dispatch != NULL)
isc_mem_put(server->mctx, dispatch, sizeof(*dispatch));
isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"unable to create dispatch for reserved port %s: %s",
addrbuf, isc_result_totext(result));
}
static isc_result_t
loadconfig(ns_server_t *server) {
isc_result_t result;
start_reserved_dispatches(server);
result = load_configuration(ns_g_lwresdonly ?
lwresd_g_conffile : ns_g_conffile,
server, ISC_FALSE);
if (result == ISC_R_SUCCESS) {
end_reserved_dispatches(server, ISC_FALSE);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"reloading configuration succeeded");
} else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"reloading configuration failed: %s",
isc_result_totext(result));
}
return (result);
}
static isc_result_t
reload(ns_server_t *server) {
isc_result_t result;
CHECK(loadconfig(server));
result = load_zones(server, ISC_FALSE);
if (result == ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"reloading zones succeeded");
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"reloading zones failed: %s",
isc_result_totext(result));
cleanup:
return (result);
}
static void
reconfig(ns_server_t *server) {
isc_result_t result;
CHECK(loadconfig(server));
result = load_new_zones(server, ISC_FALSE);
if (result == ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"any newly configured zones are now loaded");
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"loading new zones failed: %s",
isc_result_totext(result));
cleanup: ;
}
/*
* Handle a reload event (from SIGHUP).
*/
static void
ns_server_reload(isc_task_t *task, isc_event_t *event) {
ns_server_t *server = (ns_server_t *)event->ev_arg;
INSIST(task = server->task);
UNUSED(task);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"received SIGHUP signal to reload zones");
(void)reload(server);
LOCK(&server->reload_event_lock);
INSIST(server->reload_event == NULL);
server->reload_event = event;
UNLOCK(&server->reload_event_lock);
}
void
ns_server_reloadwanted(ns_server_t *server) {
LOCK(&server->reload_event_lock);
if (server->reload_event != NULL)
isc_task_send(server->task, &server->reload_event);
UNLOCK(&server->reload_event_lock);
}
static char *
next_token(char **stringp, const char *delim) {
char *res;
do {
res = strsep(stringp, delim);
if (res == NULL)
break;
} while (*res == '\0');
return (res);
}
/*
* Find the zone specified in the control channel command 'args',
* if any. If a zone is specified, point '*zonep' at it, otherwise
* set '*zonep' to NULL.
*/
static isc_result_t
zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
const char **zonename)
{
char *input, *ptr;
const char *zonetxt;
char *classtxt;
const char *viewtxt = NULL;
dns_fixedname_t name;
isc_result_t result;
isc_buffer_t buf;
dns_view_t *view = NULL;
dns_rdataclass_t rdclass;
REQUIRE(zonep != NULL && *zonep == NULL);
input = args;
/* Skip the command name. */
ptr = next_token(&input, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Look for the zone name. */
zonetxt = next_token(&input, " \t");
if (zonetxt == NULL)
return (ISC_R_SUCCESS);
if (zonename)
*zonename = zonetxt;
/* Look for the optional class name. */
classtxt = next_token(&input, " \t");
if (classtxt != NULL) {
/* Look for the optional view name. */
viewtxt = next_token(&input, " \t");
}
isc_buffer_init(&buf, zonetxt, strlen(zonetxt));
isc_buffer_add(&buf, strlen(zonetxt));
dns_fixedname_init(&name);
result = dns_name_fromtext(dns_fixedname_name(&name),
&buf, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
goto fail1;
if (classtxt != NULL) {
isc_textregion_t r;
r.base = classtxt;
r.length = strlen(classtxt);
result = dns_rdataclass_fromtext(&rdclass, &r);
if (result != ISC_R_SUCCESS)
goto fail1;
} else
rdclass = dns_rdataclass_in;
if (viewtxt == NULL) {
result = dns_viewlist_findzone(&server->viewlist,
dns_fixedname_name(&name),
ISC_TF(classtxt == NULL),
rdclass, zonep);
} else {
result = dns_viewlist_find(&server->viewlist, viewtxt,
rdclass, &view);
if (result != ISC_R_SUCCESS)
goto fail1;
result = dns_zt_find(view->zonetable, dns_fixedname_name(&name),
0, NULL, zonep);
dns_view_detach(&view);
}
/* Partial match? */
if (result != ISC_R_SUCCESS && *zonep != NULL)
dns_zone_detach(zonep);
if (result == DNS_R_PARTIALMATCH)
result = ISC_R_NOTFOUND;
fail1:
return (result);
}
/*
* Act on a "retransfer" command from the command channel.
*/
isc_result_t
ns_server_retransfercommand(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
result = zone_from_args(server, args, &zone, NULL);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub)
dns_zone_forcereload(zone);
else
result = ISC_R_NOTFOUND;
dns_zone_detach(&zone);
return (result);
}
/*
* Act on a "reload" command from the command channel.
*/
isc_result_t
ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
const char *msg = NULL;
result = zone_from_args(server, args, &zone, NULL);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
result = reload(server);
if (result == ISC_R_SUCCESS)
msg = "server reload successful";
} else {
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub) {
dns_zone_refresh(zone);
dns_zone_detach(&zone);
msg = "zone refresh queued";
} else {
result = dns_zone_load(zone);
dns_zone_detach(&zone);
switch (result) {
case ISC_R_SUCCESS:
msg = "zone reload successful";
break;
case DNS_R_CONTINUE:
msg = "zone reload queued";
result = ISC_R_SUCCESS;
break;
case DNS_R_UPTODATE:
msg = "zone reload up-to-date";
result = ISC_R_SUCCESS;
break;
default:
/* failure message will be generated by rndc */
break;
}
}
}
if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
isc_buffer_putmem(text, (const unsigned char *)msg,
strlen(msg) + 1);
return (result);
}
/*
* Act on a "reconfig" command from the command channel.
*/
isc_result_t
ns_server_reconfigcommand(ns_server_t *server, char *args) {
UNUSED(args);
reconfig(server);
return (ISC_R_SUCCESS);
}
/*
* Act on a "notify" command from the command channel.
*/
isc_result_t
ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result;
dns_zone_t *zone = NULL;
const unsigned char msg[] = "zone notify queued";
result = zone_from_args(server, args, &zone, NULL);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
dns_zone_notify(zone);
dns_zone_detach(&zone);
if (sizeof(msg) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg, sizeof(msg));
return (ISC_R_SUCCESS);
}
/*
* Act on a "refresh" command from the command channel.
*/
isc_result_t
ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_result_t result;
dns_zone_t *zone = NULL;
const unsigned char msg1[] = "zone refresh queued";
const unsigned char msg2[] = "not a slave or stub zone";
dns_zonetype_t type;
result = zone_from_args(server, args, &zone, NULL);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub) {
dns_zone_refresh(zone);
dns_zone_detach(&zone);
if (sizeof(msg1) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg1, sizeof(msg1));
return (ISC_R_SUCCESS);
}
dns_zone_detach(&zone);
if (sizeof(msg2) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg2, sizeof(msg2));
return (ISC_R_FAILURE);
}
isc_result_t
ns_server_togglequerylog(ns_server_t *server) {
server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"query logging is now %s",
server->log_queries ? "on" : "off");
return (ISC_R_SUCCESS);
}
static isc_result_t
ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
cfg_aclconfctx_t *actx,
isc_mem_t *mctx, ns_listenlist_t **target)
{
isc_result_t result;
const cfg_listelt_t *element;
ns_listenlist_t *dlist = NULL;
REQUIRE(target != NULL && *target == NULL);
result = ns_listenlist_create(mctx, &dlist);
if (result != ISC_R_SUCCESS)
return (result);
for (element = cfg_list_first(listenlist);
element != NULL;
element = cfg_list_next(element))
{
ns_listenelt_t *delt = NULL;
const cfg_obj_t *listener = cfg_listelt_value(element);
result = ns_listenelt_fromconfig(listener, config, actx,
mctx, &delt);
if (result != ISC_R_SUCCESS)
goto cleanup;
ISC_LIST_APPEND(dlist->elts, delt, link);
}
*target = dlist;
return (ISC_R_SUCCESS);
cleanup:
ns_listenlist_detach(&dlist);
return (result);
}
/*
* Create a listen list from the corresponding configuration
* data structure.
*/
static isc_result_t
ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
cfg_aclconfctx_t *actx,
isc_mem_t *mctx, ns_listenelt_t **target)
{
isc_result_t result;
const cfg_obj_t *portobj;
in_port_t port;
ns_listenelt_t *delt = NULL;
REQUIRE(target != NULL && *target == NULL);
portobj = cfg_tuple_get(listener, "port");
if (!cfg_obj_isuint32(portobj)) {
if (ns_g_port != 0) {
port = ns_g_port;
} else {
result = ns_config_getport(config, &port);
if (result != ISC_R_SUCCESS)
return (result);
}
} else {
if (cfg_obj_asuint32(portobj) >= ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port value '%u' is out of range",
cfg_obj_asuint32(portobj));
return (ISC_R_RANGE);
}
port = (in_port_t)cfg_obj_asuint32(portobj);
}
result = ns_listenelt_create(mctx, port, NULL, &delt);
if (result != ISC_R_SUCCESS)
return (result);
result = cfg_acl_fromconfig(cfg_tuple_get(listener, "acl"),
config, ns_g_lctx, actx, mctx, 0,
&delt->acl);
if (result != ISC_R_SUCCESS) {
ns_listenelt_destroy(delt);
return (result);
}
*target = delt;
return (ISC_R_SUCCESS);
}
isc_result_t
ns_server_dumpstats(ns_server_t *server) {
isc_result_t result;
FILE *fp = NULL;
CHECKMF(isc_stdio_open(server->statsfile, "a", &fp),
"could not open statistics dump file", server->statsfile);
result = ns_stats_dump(server, fp);
CHECK(result);
cleanup:
if (fp != NULL)
(void)isc_stdio_close(fp);
if (result == ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumpstats complete");
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"dumpstats failed: %s",
dns_result_totext(result));
return (result);
}
static isc_result_t
add_zone_tolist(dns_zone_t *zone, void *uap) {
struct dumpcontext *dctx = uap;
struct zonelistentry *zle;
zle = isc_mem_get(dctx->mctx, sizeof *zle);
if (zle == NULL)
return (ISC_R_NOMEMORY);
zle->zone = NULL;
dns_zone_attach(zone, &zle->zone);
ISC_LINK_INIT(zle, link);
ISC_LIST_APPEND(ISC_LIST_TAIL(dctx->viewlist)->zonelist, zle, link);
return (ISC_R_SUCCESS);
}
static isc_result_t
add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) {
struct viewlistentry *vle;
isc_result_t result = ISC_R_SUCCESS;
/*
* Prevent duplicate views.
*/
for (vle = ISC_LIST_HEAD(dctx->viewlist);
vle != NULL;
vle = ISC_LIST_NEXT(vle, link))
if (vle->view == view)
return (ISC_R_SUCCESS);
vle = isc_mem_get(dctx->mctx, sizeof *vle);
if (vle == NULL)
return (ISC_R_NOMEMORY);
vle->view = NULL;
dns_view_attach(view, &vle->view);
ISC_LINK_INIT(vle, link);
ISC_LIST_INIT(vle->zonelist);
ISC_LIST_APPEND(dctx->viewlist, vle, link);
if (dctx->dumpzones)
result = dns_zt_apply(view->zonetable, ISC_TRUE,
add_zone_tolist, dctx);
return (result);
}
static void
dumpcontext_destroy(struct dumpcontext *dctx) {
struct viewlistentry *vle;
struct zonelistentry *zle;
vle = ISC_LIST_HEAD(dctx->viewlist);
while (vle != NULL) {
ISC_LIST_UNLINK(dctx->viewlist, vle, link);
zle = ISC_LIST_HEAD(vle->zonelist);
while (zle != NULL) {
ISC_LIST_UNLINK(vle->zonelist, zle, link);
dns_zone_detach(&zle->zone);
isc_mem_put(dctx->mctx, zle, sizeof *zle);
zle = ISC_LIST_HEAD(vle->zonelist);
}
dns_view_detach(&vle->view);
isc_mem_put(dctx->mctx, vle, sizeof *vle);
vle = ISC_LIST_HEAD(dctx->viewlist);
}
if (dctx->version != NULL)
dns_db_closeversion(dctx->db, &dctx->version, ISC_FALSE);
if (dctx->db != NULL)
dns_db_detach(&dctx->db);
if (dctx->cache != NULL)
dns_db_detach(&dctx->cache);
if (dctx->task != NULL)
isc_task_detach(&dctx->task);
if (dctx->fp != NULL)
(void)isc_stdio_close(dctx->fp);
if (dctx->mdctx != NULL)
dns_dumpctx_detach(&dctx->mdctx);
isc_mem_put(dctx->mctx, dctx, sizeof *dctx);
}
static void
dumpdone(void *arg, isc_result_t result) {
struct dumpcontext *dctx = arg;
char buf[1024+32];
const dns_master_style_t *style;
if (result != ISC_R_SUCCESS)
goto cleanup;
if (dctx->mdctx != NULL)
dns_dumpctx_detach(&dctx->mdctx);
if (dctx->view == NULL) {
dctx->view = ISC_LIST_HEAD(dctx->viewlist);
if (dctx->view == NULL)
goto done;
INSIST(dctx->zone == NULL);
} else
goto resume;
nextview:
fprintf(dctx->fp, ";\n; Start view %s\n;\n", dctx->view->view->name);
resume:
if (dctx->dumpcache && dns_view_iscacheshared(dctx->view->view)) {
fprintf(dctx->fp,
";\n; Cache of view '%s' is shared as '%s'\n",
dctx->view->view->name,
dns_cache_getname(dctx->view->view->cache));
} else if (dctx->zone == NULL && dctx->cache == NULL &&
dctx->dumpcache)
{
style = &dns_master_style_cache;
/* start cache dump */
if (dctx->view->view->cachedb != NULL)
dns_db_attach(dctx->view->view->cachedb, &dctx->cache);
if (dctx->cache != NULL) {
fprintf(dctx->fp,
";\n; Cache dump of view '%s' (cache %s)\n;\n",
dctx->view->view->name,
dns_cache_getname(dctx->view->view->cache));
result = dns_master_dumptostreaminc(dctx->mctx,
dctx->cache, NULL,
style, dctx->fp,
dctx->task,
dumpdone, dctx,
&dctx->mdctx);
if (result == DNS_R_CONTINUE)
return;
if (result == ISC_R_NOTIMPLEMENTED)
fprintf(dctx->fp, "; %s\n",
dns_result_totext(result));
else if (result != ISC_R_SUCCESS)
goto cleanup;
}
}
if (dctx->cache != NULL) {
dns_adb_dump(dctx->view->view->adb, dctx->fp);
dns_resolver_printbadcache(dctx->view->view->resolver,
dctx->fp);
dns_db_detach(&dctx->cache);
}
if (dctx->dumpzones) {
style = &dns_master_style_full;
nextzone:
if (dctx->version != NULL)
dns_db_closeversion(dctx->db, &dctx->version,
ISC_FALSE);
if (dctx->db != NULL)
dns_db_detach(&dctx->db);
if (dctx->zone == NULL)
dctx->zone = ISC_LIST_HEAD(dctx->view->zonelist);
else
dctx->zone = ISC_LIST_NEXT(dctx->zone, link);
if (dctx->zone != NULL) {
/* start zone dump */
dns_zone_name(dctx->zone->zone, buf, sizeof(buf));
fprintf(dctx->fp, ";\n; Zone dump of '%s'\n;\n", buf);
result = dns_zone_getdb(dctx->zone->zone, &dctx->db);
if (result != ISC_R_SUCCESS) {
fprintf(dctx->fp, "; %s\n",
dns_result_totext(result));
goto nextzone;
}
dns_db_currentversion(dctx->db, &dctx->version);
result = dns_master_dumptostreaminc(dctx->mctx,
dctx->db,
dctx->version,
style, dctx->fp,
dctx->task,
dumpdone, dctx,
&dctx->mdctx);
if (result == DNS_R_CONTINUE)
return;
if (result == ISC_R_NOTIMPLEMENTED) {
fprintf(dctx->fp, "; %s\n",
dns_result_totext(result));
result = ISC_R_SUCCESS;
goto nextzone;
}
if (result != ISC_R_SUCCESS)
goto cleanup;
}
}
if (dctx->view != NULL)
dctx->view = ISC_LIST_NEXT(dctx->view, link);
if (dctx->view != NULL)
goto nextview;
done:
fprintf(dctx->fp, "; Dump complete\n");
result = isc_stdio_flush(dctx->fp);
if (result == ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumpdb complete");
cleanup:
if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"dumpdb failed: %s", dns_result_totext(result));
dumpcontext_destroy(dctx);
}
isc_result_t
ns_server_dumpdb(ns_server_t *server, char *args) {
struct dumpcontext *dctx = NULL;
dns_view_t *view;
isc_result_t result;
char *ptr;
const char *sep;
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
dctx = isc_mem_get(server->mctx, sizeof(*dctx));
if (dctx == NULL)
return (ISC_R_NOMEMORY);
dctx->mctx = server->mctx;
dctx->dumpcache = ISC_TRUE;
dctx->dumpzones = ISC_FALSE;
dctx->fp = NULL;
ISC_LIST_INIT(dctx->viewlist);
dctx->view = NULL;
dctx->zone = NULL;
dctx->cache = NULL;
dctx->mdctx = NULL;
dctx->db = NULL;
dctx->cache = NULL;
dctx->task = NULL;
dctx->version = NULL;
isc_task_attach(server->task, &dctx->task);
CHECKMF(isc_stdio_open(server->dumpfile, "w", &dctx->fp),
"could not open dump file", server->dumpfile);
sep = (args == NULL) ? "" : ": ";
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumpdb started%s%s", sep, (args != NULL) ? args : "");
ptr = next_token(&args, " \t");
if (ptr != NULL && strcmp(ptr, "-all") == 0) {
dctx->dumpzones = ISC_TRUE;
dctx->dumpcache = ISC_TRUE;
ptr = next_token(&args, " \t");
} else if (ptr != NULL && strcmp(ptr, "-cache") == 0) {
dctx->dumpzones = ISC_FALSE;
dctx->dumpcache = ISC_TRUE;
ptr = next_token(&args, " \t");
} else if (ptr != NULL && strcmp(ptr, "-zones") == 0) {
dctx->dumpzones = ISC_TRUE;
dctx->dumpcache = ISC_FALSE;
ptr = next_token(&args, " \t");
}
nextview:
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (ptr != NULL && strcmp(view->name, ptr) != 0)
continue;
CHECK(add_view_tolist(dctx, view));
}
if (ptr != NULL) {
ptr = next_token(&args, " \t");
if (ptr != NULL)
goto nextview;
}
dumpdone(dctx, ISC_R_SUCCESS);
return (ISC_R_SUCCESS);
cleanup:
if (dctx != NULL)
dumpcontext_destroy(dctx);
return (result);
}
isc_result_t
ns_server_dumpsecroots(ns_server_t *server, char *args) {
dns_view_t *view;
dns_keytable_t *secroots = NULL;
isc_result_t result;
char *ptr;
FILE *fp = NULL;
isc_time_t now;
char tbuf[64];
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
ptr = next_token(&args, " \t");
CHECKMF(isc_stdio_open(server->secrootsfile, "w", &fp),
"could not open secroots dump file", server->secrootsfile);
TIME_NOW(&now);
isc_time_formattimestamp(&now, tbuf, sizeof(tbuf));
fprintf(fp, "%s\n", tbuf);
nextview:
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (ptr != NULL && strcmp(view->name, ptr) != 0)
continue;
if (secroots != NULL)
dns_keytable_detach(&secroots);
result = dns_view_getsecroots(view, &secroots);
if (result == ISC_R_NOTFOUND) {
result = ISC_R_SUCCESS;
continue;
}
fprintf(fp, "\n Start view %s\n\n", view->name);
CHECK(dns_keytable_dump(secroots, fp));
}
if (ptr != NULL) {
ptr = next_token(&args, " \t");
if (ptr != NULL)
goto nextview;
}
cleanup:
if (secroots != NULL)
dns_keytable_detach(&secroots);
if (fp != NULL)
(void)isc_stdio_close(fp);
if (result == ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumpsecroots complete");
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"dumpsecroots failed: %s",
dns_result_totext(result));
return (result);
}
isc_result_t
ns_server_dumprecursing(ns_server_t *server) {
FILE *fp = NULL;
isc_result_t result;
CHECKMF(isc_stdio_open(server->recfile, "w", &fp),
"could not open dump file", server->recfile);
fprintf(fp,";\n; Recursing Queries\n;\n");
ns_interfacemgr_dumprecursing(fp, server->interfacemgr);
fprintf(fp, "; Dump complete\n");
cleanup:
if (fp != NULL)
result = isc_stdio_close(fp);
if (result == ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumprecursing complete");
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"dumprecursing failed: %s",
dns_result_totext(result));
return (result);
}
isc_result_t
ns_server_setdebuglevel(ns_server_t *server, char *args) {
char *ptr;
char *levelstr;
char *endp;
long newlevel;
UNUSED(server);
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Look for the new level name. */
levelstr = next_token(&args, " \t");
if (levelstr == NULL) {
if (ns_g_debuglevel < 99)
ns_g_debuglevel++;
} else {
newlevel = strtol(levelstr, &endp, 10);
if (*endp != '\0' || newlevel < 0 || newlevel > 99)
return (ISC_R_RANGE);
ns_g_debuglevel = (unsigned int)newlevel;
}
isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"debug level is now %d", ns_g_debuglevel);
return (ISC_R_SUCCESS);
}
isc_result_t
ns_server_validation(ns_server_t *server, char *args) {
char *ptr, *viewname;
dns_view_t *view;
isc_boolean_t changed = ISC_FALSE;
isc_result_t result;
isc_boolean_t enable;
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Find out what we are to do. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
if (!strcasecmp(ptr, "on") || !strcasecmp(ptr, "yes") ||
!strcasecmp(ptr, "enable") || !strcasecmp(ptr, "true"))
enable = ISC_TRUE;
else if (!strcasecmp(ptr, "off") || !strcasecmp(ptr, "no") ||
!strcasecmp(ptr, "disable") || !strcasecmp(ptr, "false"))
enable = ISC_FALSE;
else
return (DNS_R_SYNTAX);
/* Look for the view name. */
viewname = next_token(&args, " \t");
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
continue;
result = dns_view_flushcache(view);
if (result != ISC_R_SUCCESS)
goto out;
view->enablevalidation = enable;
changed = ISC_TRUE;
}
if (changed)
result = ISC_R_SUCCESS;
else
result = ISC_R_FAILURE;
out:
isc_task_endexclusive(server->task);
return (result);
}
isc_result_t
ns_server_flushcache(ns_server_t *server, char *args) {
char *ptr, *viewname;
dns_view_t *view;
isc_boolean_t flushed;
isc_boolean_t found;
isc_result_t result;
ns_cache_t *nsc;
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Look for the view name. */
viewname = next_token(&args, " \t");
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
flushed = ISC_TRUE;
found = ISC_FALSE;
/*
* Flushing a cache is tricky when caches are shared by multiple views.
* We first identify which caches should be flushed in the local cache
* list, flush these caches, and then update other views that refer to
* the flushed cache DB.
*/
if (viewname != NULL) {
/*
* Mark caches that need to be flushed. This is an O(#view^2)
* operation in the very worst case, but should be normally
* much more lightweight because only a few (most typically just
* one) views will match.
*/
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (strcasecmp(viewname, view->name) != 0)
continue;
found = ISC_TRUE;
for (nsc = ISC_LIST_HEAD(server->cachelist);
nsc != NULL;
nsc = ISC_LIST_NEXT(nsc, link)) {
if (nsc->cache == view->cache)
break;
}
INSIST(nsc != NULL);
nsc->needflush = ISC_TRUE;
}
} else
found = ISC_TRUE;
/* Perform flush */
for (nsc = ISC_LIST_HEAD(server->cachelist);
nsc != NULL;
nsc = ISC_LIST_NEXT(nsc, link)) {
if (viewname != NULL && !nsc->needflush)
continue;
nsc->needflush = ISC_TRUE;
result = dns_view_flushcache2(nsc->primaryview, ISC_FALSE);
if (result != ISC_R_SUCCESS) {
flushed = ISC_FALSE;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"flushing cache in view '%s' failed: %s",
nsc->primaryview->name,
isc_result_totext(result));
}
}
/*
* Fix up views that share a flushed cache: let the views update the
* cache DB they're referring to. This could also be an expensive
* operation, but should typically be marginal: the inner loop is only
* necessary for views that share a cache, and if there are many such
* views the number of shared cache should normally be small.
* A worst case is that we have n views and n/2 caches, each shared by
* two views. Then this will be a O(n^2/4) operation.
*/
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (!dns_view_iscacheshared(view))
continue;
for (nsc = ISC_LIST_HEAD(server->cachelist);
nsc != NULL;
nsc = ISC_LIST_NEXT(nsc, link)) {
if (!nsc->needflush || nsc->cache != view->cache)
continue;
result = dns_view_flushcache2(view, ISC_TRUE);
if (result != ISC_R_SUCCESS) {
flushed = ISC_FALSE;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"fixing cache in view '%s' "
"failed: %s", view->name,
isc_result_totext(result));
}
}
}
/* Cleanup the cache list. */
for (nsc = ISC_LIST_HEAD(server->cachelist);
nsc != NULL;
nsc = ISC_LIST_NEXT(nsc, link)) {
nsc->needflush = ISC_FALSE;
}
if (flushed && found) {
if (viewname != NULL)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"flushing cache in view '%s' succeeded",
viewname);
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"flushing caches in all views succeeded");
result = ISC_R_SUCCESS;
} else {
if (!found) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"flushing cache in view '%s' failed: "
"view not found", viewname);
result = ISC_R_NOTFOUND;
} else
result = ISC_R_FAILURE;
}
isc_task_endexclusive(server->task);
return (result);
}
isc_result_t
ns_server_flushname(ns_server_t *server, char *args) {
char *ptr, *target, *viewname;
dns_view_t *view;
isc_boolean_t flushed;
isc_boolean_t found;
isc_result_t result;
isc_buffer_t b;
dns_fixedname_t fixed;
dns_name_t *name;
/* Skip the command name. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Find the domain name to flush. */
target = next_token(&args, " \t");
if (target == NULL)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_init(&b, target, strlen(target));
isc_buffer_add(&b, strlen(target));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
return (result);
/* Look for the view name. */
viewname = next_token(&args, " \t");
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
flushed = ISC_TRUE;
found = ISC_FALSE;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
continue;
found = ISC_TRUE;
/*
* It's a little inefficient to try flushing name for all views
* if some of the views share a single cache. But since the
* operation is lightweight we prefer simplicity here.
*/
result = dns_view_flushname(view, name);
if (result != ISC_R_SUCCESS) {
flushed = ISC_FALSE;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"flushing name '%s' in cache view '%s' "
"failed: %s", target, view->name,
isc_result_totext(result));
}
}
if (flushed && found) {
if (viewname != NULL)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"flushing name '%s' in cache view '%s' "
"succeeded", target, viewname);
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"flushing name '%s' in all cache views "
"succeeded", target);
result = ISC_R_SUCCESS;
} else {
if (!found)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"flushing name '%s' in cache view '%s' "
"failed: view not found", target,
viewname);
result = ISC_R_FAILURE;
}
isc_task_endexclusive(server->task);
return (result);
}
isc_result_t
ns_server_status(ns_server_t *server, isc_buffer_t *text) {
int zonecount, xferrunning, xferdeferred, soaqueries;
unsigned int n;
const char *ob = "", *cb = "", *alt = "";
if (ns_g_server->version_set) {
ob = " (";
cb = ")";
if (ns_g_server->version == NULL)
alt = "version.bind/txt/ch disabled";
else
alt = ns_g_server->version;
}
zonecount = dns_zonemgr_getcount(server->zonemgr, DNS_ZONESTATE_ANY);
xferrunning = dns_zonemgr_getcount(server->zonemgr,
DNS_ZONESTATE_XFERRUNNING);
xferdeferred = dns_zonemgr_getcount(server->zonemgr,
DNS_ZONESTATE_XFERDEFERRED);
soaqueries = dns_zonemgr_getcount(server->zonemgr,
DNS_ZONESTATE_SOAQUERY);
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"version: %s%s%s%s\n"
#ifdef ISC_PLATFORM_USETHREADS
"CPUs found: %u\n"
"worker threads: %u\n"
#endif
"number of zones: %u\n"
"debug level: %d\n"
"xfers running: %u\n"
"xfers deferred: %u\n"
"soa queries in progress: %u\n"
"query logging is %s\n"
"recursive clients: %d/%d/%d\n"
"tcp clients: %d/%d\n"
"server is up and running",
ns_g_version, ob, alt, cb,
#ifdef ISC_PLATFORM_USETHREADS
ns_g_cpus_detected, ns_g_cpus,
#endif
zonecount, ns_g_debuglevel, xferrunning, xferdeferred,
soaqueries, server->log_queries ? "ON" : "OFF",
server->recursionquota.used, server->recursionquota.soft,
server->recursionquota.max,
server->tcpquota.used, server->tcpquota.max);
if (n >= isc_buffer_availablelength(text))
return (ISC_R_NOSPACE);
isc_buffer_add(text, n);
return (ISC_R_SUCCESS);
}
static isc_result_t
delete_keynames(dns_tsig_keyring_t *ring, char *target,
unsigned int *foundkeys)
{
char namestr[DNS_NAME_FORMATSIZE];
isc_result_t result;
dns_rbtnodechain_t chain;
dns_name_t foundname;
dns_fixedname_t fixedorigin;
dns_name_t *origin;
dns_rbtnode_t *node;
dns_tsigkey_t *tkey;
dns_name_init(&foundname, NULL);
dns_fixedname_init(&fixedorigin);
origin = dns_fixedname_name(&fixedorigin);
again:
dns_rbtnodechain_init(&chain, ring->mctx);
result = dns_rbtnodechain_first(&chain, ring->keys, &foundname,
origin);
if (result == ISC_R_NOTFOUND) {
dns_rbtnodechain_invalidate(&chain);
return (ISC_R_SUCCESS);
}
if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
dns_rbtnodechain_invalidate(&chain);
return (result);
}
for (;;) {
node = NULL;
dns_rbtnodechain_current(&chain, &foundname, origin, &node);
tkey = node->data;
if (tkey != NULL) {
if (!tkey->generated)
goto nextkey;
dns_name_format(&tkey->name, namestr, sizeof(namestr));
if (strcmp(namestr, target) == 0) {
(*foundkeys)++;
dns_rbtnodechain_invalidate(&chain);
(void)dns_rbt_deletename(ring->keys,
&tkey->name,
ISC_FALSE);
goto again;
}
}
nextkey:
result = dns_rbtnodechain_next(&chain, &foundname, origin);
if (result == ISC_R_NOMORE)
break;
if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
dns_rbtnodechain_invalidate(&chain);
return (result);
}
}
return (ISC_R_SUCCESS);
}
isc_result_t
ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text) {
isc_result_t result;
unsigned int n;
dns_view_t *view;
unsigned int foundkeys = 0;
char *target;
char *viewname;
(void)next_token(&command, " \t"); /* skip command name */
target = next_token(&command, " \t");
if (target == NULL)
return (ISC_R_UNEXPECTEDEND);
viewname = next_token(&command, " \t");
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
if (viewname == NULL || strcmp(view->name, viewname) == 0) {
RWLOCK(&view->dynamickeys->lock, isc_rwlocktype_write);
result = delete_keynames(view->dynamickeys, target,
&foundkeys);
RWUNLOCK(&view->dynamickeys->lock,
isc_rwlocktype_write);
if (result != ISC_R_SUCCESS) {
isc_task_endexclusive(server->task);
return (result);
}
}
}
isc_task_endexclusive(server->task);
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"%d tsig keys deleted.\n", foundkeys);
if (n >= isc_buffer_availablelength(text))
return (ISC_R_NOSPACE);
isc_buffer_add(text, n);
return (ISC_R_SUCCESS);
}
static isc_result_t
list_keynames(dns_view_t *view, dns_tsig_keyring_t *ring, isc_buffer_t *text,
unsigned int *foundkeys)
{
char namestr[DNS_NAME_FORMATSIZE];
char creatorstr[DNS_NAME_FORMATSIZE];
isc_result_t result;
dns_rbtnodechain_t chain;
dns_name_t foundname;
dns_fixedname_t fixedorigin;
dns_name_t *origin;
dns_rbtnode_t *node;
dns_tsigkey_t *tkey;
unsigned int n;
const char *viewname;
if (view != NULL)
viewname = view->name;
else
viewname = "(global)";
dns_name_init(&foundname, NULL);
dns_fixedname_init(&fixedorigin);
origin = dns_fixedname_name(&fixedorigin);
dns_rbtnodechain_init(&chain, ring->mctx);
result = dns_rbtnodechain_first(&chain, ring->keys, &foundname,
origin);
if (result == ISC_R_NOTFOUND) {
dns_rbtnodechain_invalidate(&chain);
return (ISC_R_SUCCESS);
}
if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
dns_rbtnodechain_invalidate(&chain);
return (result);
}
for (;;) {
node = NULL;
dns_rbtnodechain_current(&chain, &foundname, origin, &node);
tkey = node->data;
if (tkey != NULL) {
(*foundkeys)++;
dns_name_format(&tkey->name, namestr, sizeof(namestr));
if (tkey->generated) {
dns_name_format(tkey->creator, creatorstr,
sizeof(creatorstr));
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"view \"%s\"; type \"dynamic\"; key \"%s\"; creator \"%s\";\n",
viewname, namestr, creatorstr);
} else {
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"view \"%s\"; type \"static\"; key \"%s\";\n",
viewname, namestr);
}
if (n >= isc_buffer_availablelength(text)) {
dns_rbtnodechain_invalidate(&chain);
return (ISC_R_NOSPACE);
}
isc_buffer_add(text, n);
}
result = dns_rbtnodechain_next(&chain, &foundname, origin);
if (result == ISC_R_NOMORE)
break;
if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
dns_rbtnodechain_invalidate(&chain);
return (result);
}
}
return (ISC_R_SUCCESS);
}
isc_result_t
ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) {
isc_result_t result;
unsigned int n;
dns_view_t *view;
unsigned int foundkeys = 0;
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
RWLOCK(&view->statickeys->lock, isc_rwlocktype_read);
result = list_keynames(view, view->statickeys, text,
&foundkeys);
RWUNLOCK(&view->statickeys->lock, isc_rwlocktype_read);
if (result != ISC_R_SUCCESS) {
isc_task_endexclusive(server->task);
return (result);
}
RWLOCK(&view->dynamickeys->lock, isc_rwlocktype_read);
result = list_keynames(view, view->dynamickeys, text,
&foundkeys);
RWUNLOCK(&view->dynamickeys->lock, isc_rwlocktype_read);
if (result != ISC_R_SUCCESS) {
isc_task_endexclusive(server->task);
return (result);
}
}
isc_task_endexclusive(server->task);
if (foundkeys == 0) {
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"no tsig keys found.\n");
if (n >= isc_buffer_availablelength(text))
return (ISC_R_NOSPACE);
isc_buffer_add(text, n);
}
return (ISC_R_SUCCESS);
}
/*
* Act on a "sign" command from the command channel.
*/
isc_result_t
ns_server_sign(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
isc_uint16_t keyopts;
result = zone_from_args(server, args, &zone, NULL);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND); /* XXX: or do all zones? */
type = dns_zone_gettype(zone);
if (type != dns_zone_master) {
dns_zone_detach(&zone);
return (DNS_R_NOTMASTER);
}
keyopts = dns_zone_getkeyopts(zone);
if ((keyopts & DNS_ZONEKEY_ALLOW) != 0)
dns_zone_rekey(zone);
else
result = ISC_R_NOPERM;
dns_zone_detach(&zone);
return (result);
}
/*
* Act on a "freeze" or "thaw" command from the command channel.
*/
isc_result_t
ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
isc_buffer_t *text)
{
isc_result_t result, tresult;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
char classstr[DNS_RDATACLASS_FORMATSIZE];
char zonename[DNS_NAME_FORMATSIZE];
dns_view_t *view;
char *journal;
const char *vname, *sep;
isc_boolean_t frozen;
const char *msg = NULL;
result = zone_from_args(server, args, &zone, NULL);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
tresult = ISC_R_SUCCESS;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
result = dns_view_freezezones(view, freeze);
if (result != ISC_R_SUCCESS &&
tresult == ISC_R_SUCCESS)
tresult = result;
}
isc_task_endexclusive(server->task);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"%s all zones: %s",
freeze ? "freezing" : "thawing",
isc_result_totext(tresult));
return (tresult);
}
type = dns_zone_gettype(zone);
if (type != dns_zone_master) {
dns_zone_detach(&zone);
return (DNS_R_NOTMASTER);
}
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
frozen = dns_zone_getupdatedisabled(zone);
if (freeze) {
if (frozen) {
msg = "WARNING: The zone was already frozen.\n"
"Someone else may be editing it or "
"it may still be re-loading.";
result = DNS_R_FROZEN;
}
if (result == ISC_R_SUCCESS) {
result = dns_zone_flush(zone);
if (result != ISC_R_SUCCESS)
msg = "Flushing the zone updates to "
"disk failed.";
}
if (result == ISC_R_SUCCESS) {
journal = dns_zone_getjournal(zone);
if (journal != NULL)
(void)isc_file_remove(journal);
}
if (result == ISC_R_SUCCESS)
dns_zone_setupdatedisabled(zone, freeze);
} else {
if (frozen) {
result = dns_zone_loadandthaw(zone);
switch (result) {
case ISC_R_SUCCESS:
case DNS_R_UPTODATE:
msg = "The zone reload and thaw was "
"successful.";
result = ISC_R_SUCCESS;
break;
case DNS_R_CONTINUE:
msg = "A zone reload and thaw was started.\n"
"Check the logs to see the result.";
result = ISC_R_SUCCESS;
break;
}
}
}
isc_task_endexclusive(server->task);
if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
isc_buffer_putmem(text, (const unsigned char *)msg,
strlen(msg) + 1);
view = dns_zone_getview(zone);
if (strcmp(view->name, "_default") == 0 ||
strcmp(view->name, "_bind") == 0)
{
vname = "";
sep = "";
} else {
vname = view->name;
sep = " ";
}
dns_rdataclass_format(dns_zone_getclass(zone), classstr,
sizeof(classstr));
dns_name_format(dns_zone_getorigin(zone),
zonename, sizeof(zonename));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"%s zone '%s/%s'%s%s: %s",
freeze ? "freezing" : "thawing",
zonename, classstr, sep, vname,
isc_result_totext(result));
dns_zone_detach(&zone);
return (result);
}
#ifdef HAVE_LIBSCF
/*
* This function adds a message for rndc to echo if named
* is managed by smf and is also running chroot.
*/
isc_result_t
ns_smf_add_message(isc_buffer_t *text) {
unsigned int n;
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"use svcadm(1M) to manage named");
if (n >= isc_buffer_availablelength(text))
return (ISC_R_NOSPACE);
isc_buffer_add(text, n);
return (ISC_R_SUCCESS);
}
#endif /* HAVE_LIBSCF */
/*
* Act on an "addzone" command from the command channel.
*/
isc_result_t
ns_server_add_zone(ns_server_t *server, char *args) {
isc_result_t result;
isc_buffer_t argbuf;
size_t arglen, len;
cfg_parser_t *parser = NULL;
cfg_obj_t *config = NULL;
const cfg_obj_t *vconfig = NULL;
const cfg_obj_t *views = NULL;
const cfg_listelt_t *element;
const cfg_obj_t *parms = NULL;
const cfg_obj_t *obj = NULL;
const char *zonename;
const char *classname = NULL;
const char *argp;
const char *viewname = NULL;
dns_rdataclass_t rdclass;
dns_view_t *view = 0;
isc_buffer_t buf, *nbuf = NULL;
dns_name_t dnsname;
const char *filename = 0;
const char *filepart = NULL;
char fnamebuf[512];
struct stat sb;
dns_zone_t *zone = NULL;
FILE *fp = NULL;
/* Are we accepting new zones? */
if (nzf_option == NULL)
return (ISC_R_FAILURE);
/* Try to parse the argument string */
arglen = strlen(args);
isc_buffer_init(&argbuf, args, arglen);
isc_buffer_add(&argbuf, strlen(args));
CHECK(cfg_parser_create(server->mctx, ns_g_lctx, &parser));
CHECK(cfg_parse_buffer(parser, &argbuf, &cfg_type_addzoneconf,
&config));
CHECK(cfg_map_get(config, "addzone", &parms));
zonename = cfg_obj_asstring(cfg_tuple_get(parms, "name"));
isc_buffer_init(&buf, zonename, strlen(zonename));
isc_buffer_add(&buf, strlen(zonename));
dns_name_init(&dnsname, NULL);
isc_buffer_allocate(server->mctx, &nbuf, 256);
dns_name_setbuffer(&dnsname, nbuf);
CHECK(dns_name_fromtext(&dnsname, &buf, dns_rootname, ISC_FALSE, NULL));
/*
* If new-zone-file indicates a directory rather than a file,
* then "filepart" is the filename in the directory in which to
* write the zone configuration text.
*/
obj = cfg_tuple_get(parms, "filepart");
if (obj && cfg_obj_isstring(obj))
filepart = cfg_obj_asstring(obj);
if (filepart != NULL && *filepart != '\0') {
/* No hidden fles or full paths */
if (*filepart == '.' ||
#ifdef WIN32
*filepart == '\\' ||
#endif
*filepart == '/')
{
result = ISC_R_INVALIDFILE;
goto cleanup;
}
/* No crawling up the directory tree */
if (strstr(filepart, "..") != NULL) {
result = ISC_R_INVALIDFILE;
goto cleanup;
}
}
/* Make sense of optional class argument */
obj = cfg_tuple_get(parms, "class");
CHECK(ns_config_getclass(obj, dns_rdataclass_in, &rdclass));
if (rdclass != dns_rdataclass_in && obj)
classname = cfg_obj_asstring(obj);
/* Make sense of optional view argument */
obj = cfg_tuple_get(parms, "view");
if (obj && cfg_obj_isstring(obj))
viewname = cfg_obj_asstring(obj);
if (viewname == NULL || *viewname == '\0')
viewname = "_default";
CHECK(dns_viewlist_find(&server->viewlist, viewname, rdclass, &view));
/* Zone shouldn't already exist */
result = dns_zt_find(view->zonetable, &dnsname, 0, NULL, &zone);
if (result == ISC_R_SUCCESS) {
result = ISC_R_EXISTS;
goto cleanup;
} else if (result == DNS_R_PARTIALMATCH) {
/* Create our sub-zone anyway */
dns_zone_detach(&zone);
zone = NULL;
}
else if (result != ISC_R_NOTFOUND)
goto cleanup;
/* Find configuration for this view */
(void)cfg_map_get(nzf_config, "view", &views);
for (element = cfg_list_first(views);
element != NULL;
element = cfg_list_next(element))
{
const char *vname;
vconfig = cfg_listelt_value(element);
vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
if (vname && !strcasecmp(vname, viewname)) {
/* What is save file for this view? */
if (vconfig != NULL) {
const cfg_obj_t *voptions;
voptions = cfg_tuple_get(vconfig, "options");
if (voptions) {
obj = NULL;
result = cfg_map_get(voptions,
"new-zone-file",
&obj);
if (result == ISC_R_SUCCESS)
filename =
cfg_obj_asstring(obj);
}
}
break;
}
vconfig = NULL;
}
/* Can we add and remove zones in this view? */
if (filename == NULL || *filename == '\0')
filename = nzf_file;
if (filename == NULL || *filename == '\0') {
/* No adding zones in this view */
result = ISC_R_FAILURE;
goto cleanup;
}
/* Possibly contruct a full path */
if (filepart != NULL && *filepart != '\0') {
snprintf(fnamebuf, 512, "%s/%s", filename, filepart);
filename = fnamebuf;
}
/* Path must be an existing file */
if (stat(filename, &sb) < 0) {
result = ISC_R_FILENOTFOUND;
goto cleanup;
}
if (!S_ISREG(sb.st_mode)) {
result = ISC_R_FILENOTFOUND;
goto cleanup;
}
/* Mark zone unfrozen so that zone can be added. */
dns_view_thaw(view);
result = configure_zone(nzf_option, parms, vconfig,
server->mctx, view, &nzf_actx);
dns_view_freeze(view);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
/* Is it there yet? */
CHECK(dns_zt_find(view->zonetable, &dnsname, 0, NULL, &zone));
/*
* Load the zone from the master file. If this fails, we'll
* need to undo the configuration we've done already.
*/
result = dns_zone_loadnew(zone);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"addzone failed; reverting.");
/* If the zone loaded partially, unload it */
dns_db_t *dbp = NULL;
if (dns_zone_getdb(zone, &dbp) == ISC_R_SUCCESS) {
dns_db_detach(&dbp);
dns_zone_unload(zone);
}
/* Remove the zone from the zone table */
dns_zt_unmount(view->zonetable, zone);
goto cleanup;
}
/* Write zone configuration out to our save file */
CHECK(isc_stdio_open(filename, "a", &fp));
/* Emit just the zone name from args */
CHECK(isc_stdio_write("zone ", 5, 1, fp, &len));
CHECK(isc_stdio_write(zonename, strlen(zonename), 1, fp, &len));
CHECK(isc_stdio_write(" ", 1, 1, fp, &len));
/* Classname, if not default */
if (classname != NULL && *classname != '\0') {
CHECK(isc_stdio_write(classname, strlen(classname), 1, fp,
&len));
CHECK(isc_stdio_write(" ", 1, 1, fp, &len));
}
/* Find beginning of option block from args */
for (argp = args; *argp; argp++, arglen--) {
if (*argp == '{') { /* Assume matching '}' */
/* Add that to our file */
CHECK(isc_stdio_write(argp, arglen, 1, fp, &len));
/* Make sure we end with a LF */
if (argp[arglen-1] != '\n') {
CHECK(isc_stdio_write("\n", 1, 1, fp, &len));
}
break;
}
}
CHECK(isc_stdio_close(fp));
fp = NULL;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"zone %s added to view %s via addzone",
zonename, viewname);
result = ISC_R_SUCCESS;
cleanup:
if (fp != NULL)
isc_stdio_close(fp);
if (parser != NULL) {
if (config != NULL)
cfg_obj_destroy(parser, &config);
cfg_parser_destroy(&parser);
}
if (zone != NULL)
dns_zone_detach(&zone);
if (view != NULL)
dns_view_detach(&view);
if (nbuf != NULL)
isc_buffer_free(&nbuf);
return (result);
}
/*
* Pull an optional quoted filepart out of an arglist, shuffling memory
* so we can hand it off to zone_from_args() later
*/
static char *
extract_optional_qstring(char **args) {
char *p = *args;
char *str, *d;
char quote;
/* Skip past the command name */
while (isspace((unsigned char)*p))
p++;
while (*p && !isspace((unsigned char)*p))
p++;
/* Look for an open quote */
while (isspace((unsigned char)*p))
p++;
if (*p != '\'' && *p != '"')
return (NULL);
/* Move that string to the front of the buf */
quote = *p++;
str = d = *args;
while (*p && *p != quote)
*d++ = *p++;
if (!*p)
return (NULL); /* No matching close quote */
/* End that string */
*d++ = 0;
*args = d;
/* A bogus command name to placate zone_from_args() */
*d++ = 'X';
/* Cover over any remainder with spaces */
while (d <= p)
*d++ = ' ';
return (str);
}
/*
* Act on a "delzone" command from the command channel.
*/
isc_result_t
ns_server_del_zone(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_view_t *view = NULL;
const cfg_obj_t *views = NULL;
const cfg_obj_t *obj = NULL;
const cfg_obj_t *vconfig = NULL;
dns_db_t *dbp = NULL;
const char *filename = NULL;
char *filepart = NULL;
char fnamebuf[512];
char *tmpname = NULL;
const cfg_listelt_t *element;
char buf[1024];
const char *zonename = NULL;
size_t znamelen = 0;
FILE *ifp = NULL, *ofp = NULL;
/* Only accept removes if we're accepting adds */
if (nzf_option == NULL)
return (ISC_R_FAILURE);
/* Possibly a filename in quotes */
filepart = extract_optional_qstring(&args);
if (filepart != NULL && *filepart != '\0') {
/* No hidden fles or full paths */
if (*filepart == '.' ||
#ifdef WIN32
*filepart == '\\' ||
#endif
*filepart == '/')
{
result = ISC_R_INVALIDFILE;
goto cleanup;
}
/* No crawling up the directory tree */
if (strstr(filepart, "..") != NULL) {
result = ISC_R_INVALIDFILE;
goto cleanup;
}
}
/* Make sense of rest of params */
CHECK(zone_from_args(server, args, &zone, &zonename));
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
result = ISC_R_UNEXPECTEDEND;
goto cleanup;
}
if (zonename != NULL && *zonename != '\0')
znamelen = strlen(zonename);
/* Dig out configuration for this zone */
view = dns_zone_getview(zone);
(void)cfg_map_get(nzf_config, "view", &views);
for (element = cfg_list_first(views);
element != NULL;
element = cfg_list_next(element))
{
const char *vname;
vconfig = cfg_listelt_value(element);
vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
if (vname != NULL && !strcasecmp(vname, view->name)) {
/* What is save file for this view? */
if (vconfig != NULL) {
const cfg_obj_t *voptions;
voptions = cfg_tuple_get(vconfig, "options");
if (voptions != NULL) {
obj = NULL;
result = cfg_map_get(voptions,
"new-zone-file",
&obj);
if (result == ISC_R_SUCCESS)
filename =
cfg_obj_asstring(obj);
}
}
break;
}
vconfig = NULL;
}
/* Can we add and remove zones in this view? */
if (filename == NULL || *filename == '\0')
filename = nzf_file;
if (filename == NULL || *filename == '\0') {
/* No adding zones in this view */
result = ISC_R_FAILURE;
goto cleanup;
}
/* Possibly contruct a full path */
if (filepart != NULL && *filepart != '\0') {
snprintf(fnamebuf, 512, "%s/%s", filename, filepart);
filename = fnamebuf;
}
/* Rewrite zone list */
result = isc_stdio_open(filename, "r", &ifp);
if (ifp != NULL && result == ISC_R_SUCCESS) {
char *found = NULL, *p;
size_t n;
/* Create a temporary file */
CHECK(isc_string_printf(buf, 1023, "%s.%d", filename,
getpid()));
if (!(tmpname = isc_mem_strdup(server->mctx, buf))) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
CHECK(isc_stdio_open(tmpname, "w", &ofp));
/* Look for the entry for that zone */
while (fgets(buf, 1024, ifp)) {
/* A 'zone' line */
if (strncasecmp(buf, "zone", 4)) {
fputs(buf, ofp);
continue;
}
p = buf+4;
/* Locate a name */
while (*p &&
((*p == '"') || isspace((unsigned char)*p)))
p++;
/* Is that the zone we're looking for */
if (strncasecmp(p, zonename, znamelen)) {
fputs(buf, ofp);
continue;
}
/* And nothing else? */
p += znamelen;
if (isspace((unsigned char)*p) ||
*p == '"' || *p == '{') {
/* This must be the entry */
found = p;
break;
}
/* Spit it out, keep looking */
fputs(buf, ofp);
}
/* Skip over an option block (matching # of braces) */
if (found) {
int obrace = 0, cbrace = 0;
while (1) {
while (*p) {
if (*p == '{') obrace++;
if (*p == '}') cbrace++;
p++;
}
if (obrace && (obrace == cbrace))
break;
if (!fgets(buf, 1024, ifp))
break;
p = buf;
}
}
/* Just spool the remainder of the file out */
while ((n = fread(buf, 1, 1024, ifp)) > 0)
fwrite(buf, 1, n, ofp);
/* Move temporary into place */
CHECK(isc_file_rename(tmpname, filename));
}
/* Stop answering for this zone */
if (dns_zone_getdb(zone, &dbp) == ISC_R_SUCCESS) {
dns_db_detach(&dbp);
dns_zone_unload(zone);
}
CHECK(dns_zt_unmount(view->zonetable, zone));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"zone %s removed via delzone", zonename);
result = ISC_R_SUCCESS;
cleanup:
if (ifp != NULL)
isc_stdio_close(ifp);
if (ofp != NULL) {
isc_stdio_close(ofp);
isc_file_remove(tmpname);
}
if (tmpname != NULL)
isc_mem_free(server->mctx, tmpname);
if (zone != NULL)
dns_zone_detach(&zone);
return (result);
}