fccc836ebfeb8e278b528b59304f451c369baf37Tinderbox User * Copyright (C) 1999-2018 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
6028d1ce0380d0ba7f6c6ecd1ad20b31ddd1becbDavid Lawrence#include <isc/string.h> /* Required for HP/UX (and others?) */
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunt/* ACLs associated with zone */
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunttypedef enum {
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson * Convenience function for configuring a single zone ACL.
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrewsconfigure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson void (*setzacl)(dns_zone_t *, dns_acl_t *),
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunt const cfg_obj_t *maps[5] = {NULL, NULL, NULL, NULL, NULL};
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunt /* First check to see if ACL is defined within the zone */
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunt /* Failing that, see if there's a default ACL already in the view */
5a17fe2916ce37793c12b243ab08c16095a59cf7Evan Hunt /* Check for default ACLs that haven't been parsed yet */
cfd262045c23cadb8415f0111f56995258f17361Evan Hunt const cfg_obj_t *options = cfg_tuple_get(vconfig, "options");
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington (void)cfg_map_get(config, "options", &options);
ad5bc22a819190839bdcc4d102d023782dc23660Mark Andrews result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, actx,
11156f82bab19b2e7f5d4df6184ae0c99518442fAutomatic Updater /* Set the view default now */
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington * Parse the zone update-policy statement.
351b62535d4c4f89883bfdba025999dd32490266Evan Huntconfigure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
77b8f88f144928eddcca144c348d6ef53e7d5c43Evan Hunt const char *zname)
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington (void)cfg_map_get(zconfig, "update-policy", &updatepolicy);
3e12c54de2238dc90bae06a2e083e4976120bad5Automatic Updater strcmp("local", cfg_obj_asstring(updatepolicy)) == 0) {
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = dns_ssutable_create(mctx, &table);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington for (element = cfg_list_first(updatepolicy);
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews const cfg_obj_t *stmt = cfg_listelt_value(element);
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews const cfg_obj_t *mode = cfg_tuple_get(stmt, "mode");
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews const cfg_obj_t *identity = cfg_tuple_get(stmt, "identity");
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews const cfg_obj_t *matchtype = cfg_tuple_get(stmt, "matchtype");
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews const cfg_obj_t *dname = cfg_tuple_get(stmt, "name");
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews const cfg_obj_t *typelist = cfg_tuple_get(stmt, "types");
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews dns_ssumatchtype_t mtype = DNS_SSUMATCHTYPE_NAME;
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington unsigned int i, n;
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = dns_name_fromtext(dns_fixedname_name(&fident), &b,
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington cfg_obj_log(identity, ns_g_lctx, ISC_LOG_ERROR,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt "error copying origin: %s",
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt result = dns_name_fromtext(dns_fixedname_name(&fname),
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington types = isc_mem_get(mctx, n * sizeof(dns_rdatatype_t));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = dns_rdatatype_fromtext(&types[i++], &r);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington cfg_obj_log(identity, ns_g_lctx, ISC_LOG_ERROR,
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = dns_ssutable_addrule(table, grant,
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington isc_mem_put(mctx, types, n * sizeof(dns_rdatatype_t));
08f860f800d32007a0c9bf456f6c35fbb2ecbc81Evan Hunt * If "update-policy local;" and a session key exists,
08f860f800d32007a0c9bf456f6c35fbb2ecbc81Evan Hunt * then use the default policy, which is equivalent to:
08f860f800d32007a0c9bf456f6c35fbb2ecbc81Evan Hunt * update-policy { grant <session-keyname> zonesub any; };
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt "failed to enable auto DDNS policy "
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt "for zone %s: session key not found",
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * This is the TTL used for internally generated RRsets for static-stub zones.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * The value doesn't matter because the mapping is static, but needs to be
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * defined for the sake of implementation.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * Configure an apex NS with glues for a static-stub zone.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * For example, for the zone named "example.com", the following RRs will be
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * added to the zone DB:
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * example.com. A 192.0.2.1
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * example.com. AAAA 2001:db8::1
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉configure_staticstub_serveraddrs(const cfg_obj_t *zconfig, dns_zone_t *zone,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 isc_mem_t *mctx = dns_zone_getmctx(zone);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 const cfg_obj_t *address = cfg_listelt_value(element);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "port is not configurable for "
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "static stub server-addresses");
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "scoped address is not allowed "
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "for static stub "
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "server-addresses");
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdata = isc_mem_get(mctx, sizeof(*rdata) + region.length);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 region.base = (unsigned char *)(rdata + 1);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_rdata_fromregion(rdata, dns_zone_getclass(zone),
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * If no address is specified (unlikely in this context, but possible),
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * there's nothing to do anymore.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 if (ISC_LIST_EMPTY(rdatalist_a->rdata) &&
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 /* Add to the list an apex NS with the ns name being the origin name */
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_name_toregion(dns_zone_getorigin(zone), &sregion);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdata = isc_mem_get(mctx, sizeof(*rdata) + sregion.length);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * Already allocated data will be freed in the caller, so
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * we can simply return here.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 region.base = (unsigned char *)(rdata + 1);
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt memmove(region.base, sregion.base, region.length);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_rdata_fromregion(rdata, dns_zone_getclass(zone),
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 ISC_LIST_APPEND(rdatalist_ns->rdata, rdata, link);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * Configure an apex NS with an out-of-zone NS names for a static-stub zone.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * For example, for the zone named "example.com", something like the following
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * RRs will be added to the zone DB:
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * example.com. NS ns.example.net.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉configure_staticstub_servernames(const cfg_obj_t *zconfig, dns_zone_t *zone,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_rdatalist_t *rdatalist, const char *zname)
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 isc_mem_t *mctx = dns_zone_getmctx(zone);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 nsname = dns_fixedname_name(&fixed_name);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = dns_name_fromtext(nsname, &b, dns_rootname, 0, NULL);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "server-name '%s' is not a valid "
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 if (dns_name_issubdomain(nsname, dns_zone_getorigin(zone))) {
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "server-name '%s' must not be a "
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "subdomain of zone name '%s'",
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdata = isc_mem_get(mctx, sizeof(*rdata) + sregion.length);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 region.base = (unsigned char *)(rdata + 1);
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt memmove(region.base, sregion.base, region.length);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_rdata_fromregion(rdata, dns_zone_getclass(zone),
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * Configure static-stub zone.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 isc_mem_t *mctx = dns_zone_getmctx(zone);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_rdatalist_t rdatalist_ns, rdatalist_a, rdatalist_aaaa;
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 &rdatalist_ns, &rdatalist_a, &rdatalist_aaaa, NULL
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 /* Create the DB beforehand */
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 RETERR(dns_db_create(mctx, dbtype, dns_zone_getorigin(zone),
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_dbtype_stub, dns_zone_getclass(zone),
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdatalist_ns.rdclass = dns_zone_getclass(zone);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdatalist_ns.ttl = STATICSTUB_SERVER_TTL;
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdatalist_a.rdclass = dns_zone_getclass(zone);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdatalist_aaaa.rdclass = dns_zone_getclass(zone);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdatalist_aaaa.type = dns_rdatatype_aaaa;
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 rdatalist_aaaa.ttl = STATICSTUB_SERVER_TTL;
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 /* Prepare zone RRs from the configuration */
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = cfg_map_get(zconfig, "server-addresses", &obj);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = configure_staticstub_serveraddrs(obj, zone,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = cfg_map_get(zconfig, "server-names", &obj);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = configure_staticstub_servernames(obj, zone,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * Sanity check: there should be at least one NS RR at the zone apex
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * to trigger delegation.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 if (ISC_LIST_EMPTY(rdatalist_ns.rdata)) {
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 "No NS record is configured for a "
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * Now add NS and glue A/AAAA RRsets to the zone DB.
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * First open a new version for the add operation and get a pointer
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * to the apex node (all RRs are of the apex name).
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = dns_db_newversion(db, &dbversion);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_name_clone(dns_zone_getorigin(zone), &apexname);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = dns_db_findnode(db, &apexname, ISC_FALSE, &apexnode);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 /* Add NS RRset */
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_ns, &rdataset)
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = dns_db_addrdataset(db, apexnode, dbversion, 0, &rdataset,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 /* Add glue A RRset, if any */
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 if (!ISC_LIST_EMPTY(rdatalist_a.rdata)) {
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_a, &rdataset)
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = dns_db_addrdataset(db, apexnode, dbversion, 0,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 /* Add glue AAAA RRset, if any */
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 if (!ISC_LIST_EMPTY(rdatalist_aaaa.rdata)) {
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_aaaa,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 result = dns_db_addrdataset(db, apexnode, dbversion, 0,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 dns_db_closeversion(db, &dbversion, ISC_TRUE);
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 for (i = 0; rdatalists[i] != NULL; i++) {
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 while ((rdata = ISC_LIST_HEAD(rdatalists[i]->rdata)) != NULL) {
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 ISC_LIST_UNLINK(rdatalists[i]->rdata, rdata, link);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington * Convert a config file zone type into a server zone type.
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson * Helper function for strtoargv(). Pardon the gratuitous recursion.
d5e72d5dba7b77ae0036c53578bcabcf3af1f4b7Andreas Gustafssonstrtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp,
d5e72d5dba7b77ae0036c53578bcabcf3af1f4b7Andreas Gustafsson char ***argvp, unsigned int n)
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson /* Discard leading whitespace. */
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson if (*s == '\0') {
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson /* We have reached the end of the string. */
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson *argvp = isc_mem_get(mctx, n * sizeof(char *));
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson while (*p != ' ' && *p != '\t' && *p != '\0')
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson if (*p != '\0')
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson result = strtoargvsub(mctx, p, argcp, argvp, n + 1);
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson * Tokenize the string "s" into whitespace-separated words,
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson * return the number of words in '*argcp' and an array
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson * of pointers to the words in '*argvp'. The caller
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson * must free the array using isc_mem_put(). The string
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson * is modified in-place.
d5e72d5dba7b77ae0036c53578bcabcf3af1f4b7Andreas Gustafssonstrtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) {
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson return (strtoargvsub(mctx, s, argcp, argvp, 0));
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrewschecknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrewsns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
0015ab097438e041197b19b9de2ba48f6bfd1c6cDavid Lawrence dns_notifytype_t notifytype = dns_notifytype_yes;
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson isc_mem_t *mctx = dns_zone_getmctx(zone);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews isc_boolean_t check = ISC_FALSE, fail = ISC_FALSE;
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews isc_boolean_t warn = ISC_FALSE, ignore = ISC_FALSE;
ec3b216506b715f10e0b653afc20068ce8c5aa79Evan Hunt const dns_master_style_t *masterstyle = &dns_master_style_default;
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_t *mayberaw = (raw != NULL) ? raw : zone;
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington zoptions = cfg_tuple_get(zconfig, "options");
7829fad4093f2c1985b1efb7cea00287ff015d2bckb nodefault[i] = maps[i] = cfg_tuple_get(vconfig, "options");
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington (void)cfg_map_get(config, "options", &options);
de9833be77ef92c17b35c02d138a0ad8df34dd91Mark Andrews RETERR(ns_config_getclass(cfg_tuple_get(vconfig, "class"),
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson * Configure values common to all zone types.
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
de9833be77ef92c17b35c02d138a0ad8df34dd91Mark Andrews RETERR(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = cfg_map_get(zoptions, "database", &obj);
4e1d3e67cdc76609bad5f0310ac48de10b442b9fMark Andrews cpval = isc_mem_strdup(mctx, cfg_obj_asstring(obj));
2b8bed6681d1541474f022586cbe728dfce36880Evan Hunt "zone '%s': both 'database' and 'dlz' "
4e1d3e67cdc76609bad5f0310ac48de10b442b9fMark Andrews result = strtoargv(mctx, cpval, &dbargc, &dbargv);
4e1d3e67cdc76609bad5f0310ac48de10b442b9fMark Andrews if (result != ISC_R_SUCCESS && cpval != default_dbtype) {
8249eee42adc8c9c06c6ff9aaecc7437e259c687Mark Andrews * ANSI C is strange here. There is no logical reason why (char **)
8249eee42adc8c9c06c6ff9aaecc7437e259c687Mark Andrews * cannot be promoted automatically to (const char * const *) by the
8249eee42adc8c9c06c6ff9aaecc7437e259c687Mark Andrews * compiler w/o generating a warning.
4e1d3e67cdc76609bad5f0310ac48de10b442b9fMark Andrews result = dns_zone_setdbtype(zone, dbargc, (const char * const *)dbargv);
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson isc_mem_put(mctx, dbargv, dbargc * sizeof(*dbargv));
2b8bed6681d1541474f022586cbe728dfce36880Evan Hunt if (cpval != default_dbtype && cpval != dlz_dbtype)
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = cfg_map_get(zoptions, "file", &obj);
86dcc4005887f91d23d970d4574a8f6afa7e28d2Evan Hunt * Unless we're using some alternative database, a master zone
86dcc4005887f91d23d970d4574a8f6afa7e28d2Evan Hunt * will be needing a master file.
c75523bcb30c2b8426ee7cb226d9b429c337325bMark Andrews if (ztype == dns_zone_master && cpval == default_dbtype &&
c75523bcb30c2b8426ee7cb226d9b429c337325bMark Andrews isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
c75523bcb30c2b8426ee7cb226d9b429c337325bMark Andrews "zone '%s': 'file' not specified",
ec3b216506b715f10e0b653afc20068ce8c5aa79Evan Hunt result = ns_config_get(maps, "masterfile-format", &obj);
4e1d3e67cdc76609bad5f0310ac48de10b442b9fMark Andrews const char *masterformatstr = cfg_obj_asstring(obj);
a903095bf4512dae561c7f6fc7854a51bebf334aMark Andrews else if (strcasecmp(masterformatstr, "raw") == 0)
ec3b216506b715f10e0b653afc20068ce8c5aa79Evan Hunt result = ns_config_get(maps, "masterfile-style", &obj);
ec3b216506b715f10e0b653afc20068ce8c5aa79Evan Hunt const char *masterstylestr = cfg_obj_asstring(obj);
ec3b216506b715f10e0b653afc20068ce8c5aa79Evan Hunt "zone '%s': 'masterfile-style' "
ec3b216506b715f10e0b653afc20068ce8c5aa79Evan Hunt "can only be used with "
ec3b216506b715f10e0b653afc20068ce8c5aa79Evan Hunt else if (strcasecmp(masterstylestr, "relative") == 0)
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt result = ns_config_get(maps, "max-zone-ttl", &obj);
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt if (result == ISC_R_SUCCESS && masterformat == dns_masterformat_map) {
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt "zone '%s': 'max-zone-ttl' is not compatible "
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews result = ns_config_get(maps, "max-records", &obj);
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews dns_zone_setmaxrecords(mayberaw, cfg_obj_asuint32(obj));
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews size_t signedlen = strlen(filename) + sizeof(SIGNED);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews (void)snprintf(signedname, signedlen, "%s" SIGNED, filename);
207f0a15bb486d8dc27cf5ff963fac6068ee2972Mark Andrews result = cfg_map_get(zoptions, "journal", &obj);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews RETERR(dns_zone_setjournal(mayberaw, cfg_obj_asstring(obj)));
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews * Notify messages are processed by the raw zone if it exists.
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington RETERR(configure_zone_acl(zconfig, vconfig, config,
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson * XXXAG This probably does not make sense for stubs.
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington RETERR(configure_zone_acl(zconfig, vconfig, config,
222d38735f97f771054e223b03f84c5858252332Evan Hunt RETERR(configure_zone_acl(zconfig, vconfig, config,
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "dialup", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington else if (strcasecmp(dialupstr, "notify-passive") == 0)
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington else if (strcasecmp(dialupstr, "refresh") == 0)
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington else if (strcasecmp(dialupstr, "passive") == 0)
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "zone-statistics", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
d9059b0c38bd630c367d81424d72b1308cd74b04Tatuya JINMEI 神明達哉 RETERR(isc_stats_create(mctx, &zoneqrystats,
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson * Configure master functionality. This applies
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson * to primary masters (type "master") and slaves
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson * acting as masters (type "slave"), but not to stubs.
0e507dbb816575e6220fe309e8ada68897ffcdbeMark Andrews if (ztype != dns_zone_stub && ztype != dns_zone_staticstub &&
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "notify", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington if (strcasecmp(notifystr, "explicit") == 0)
3b1fce680f1dbe9467cd3b0ab3138ea52d5a976fMark Andrews else if (strcasecmp(notifystr, "master-only") == 0)
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setnotifytype(raw, dns_notifytype_no);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "also-notify", &obj);
ac21f918f23ce95fd5be807428ee9e2c42319878Evan Hunt RETERR(ns_config_getipandkeylist(config, obj, mctx,
7a00d69909ace5dc11bcff9c1e07c311f92a7f8eWitold Krecicki result = dns_zone_setalsonotifydscpkeys(zone,
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson RETERR(dns_zone_setalsonotify(zone, NULL, 0));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "notify-source", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
1f1d36a87b65186d9f89aac7f456ab1fd2a39ef6Andreas Gustafsson RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));
62700b67eb8abb7d13f9c3c1bc4b60a1477d35d8Mark Andrews ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "notify-source-v6", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
1f1d36a87b65186d9f89aac7f456ab1fd2a39ef6Andreas Gustafsson RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));
62700b67eb8abb7d13f9c3c1bc4b60a1477d35d8Mark Andrews ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
ca84283333d22c64abfbcb87872dd5e6d9172c5aMark Andrews result = ns_config_get(maps, "notify-to-soa", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
ca84283333d22c64abfbcb87872dd5e6d9172c5aMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA,
3aca8e5bf3740bbcc3bb13dde242d7cc369abb27Mark Andrews dns_zone_setisself(zone, ns_client_isself, NULL);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington RETERR(configure_zone_acl(zconfig, vconfig, config,
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "max-transfer-time-out", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
17dba29ba5db791976e505114baee53a1dde88aaBrian Wellington dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "max-transfer-idle-out", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
17dba29ba5db791976e505114baee53a1dde88aaBrian Wellington dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);
0e507dbb816575e6220fe309e8ada68897ffcdbeMark Andrews result = ns_config_get(maps, "max-journal-size", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
687b7ef9989c9ab9040f4ccb5f1816b96fa4e43fAndreas Gustafsson INSIST(strcasecmp(str, "unlimited") == 0);
687b7ef9989c9ab9040f4ccb5f1816b96fa4e43fAndreas Gustafsson "'max-journal-size "
76d9120dd696209fa1186ea289ea01cd4677782fAndreas Gustafsson "is too large",
687b7ef9989c9ab9040f4ccb5f1816b96fa4e43fAndreas Gustafsson dns_zone_setjournalsize(zone, journal_size);
8cccaeaee13993c49009d3915806c1d0bd03743bAndreas Gustafsson result = ns_config_get(maps, "ixfr-from-differences", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
2d96b63d311a5252c8583eb30a56b1fc58172419Mark Andrews else if (!strcasecmp(cfg_obj_asstring(obj), "master") &&
2d96b63d311a5252c8583eb30a56b1fc58172419Mark Andrews else if (!strcasecmp(cfg_obj_asstring(obj), "slave") &&
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(raw, DNS_ZONEOPT_IXFRFROMDIFFS,
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
43b9737b11f4f14b2d378746d0cd5561b1dc24a0Mark Andrews result = ns_config_get(maps, "request-expire", &obj);
43b9737b11f4f14b2d378746d0cd5561b1dc24a0Mark Andrews dns_zone_setrequestexpire(zone, cfg_obj_asboolean(obj));
fad5116b3d68e825d29f87a1d3cb41409f42e8f5Scott Mann result = ns_config_get(maps, "request-ixfr", &obj);
fad5116b3d68e825d29f87a1d3cb41409f42e8f5Scott Mann dns_zone_setrequestixfr(zone, cfg_obj_asboolean(obj));
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMES,
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMESFAIL,
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES,
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL,
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES,
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL,
48f929d315bafeeffe0a37082ab4c9661a928c39Mark Andrews result = ns_config_get(maps, "notify-delay", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
48f929d315bafeeffe0a37082ab4c9661a928c39Mark Andrews dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj));
2c15fcdeac4c2402258867fbac24d7475ef98259Mark Andrews result = ns_config_get(maps, "check-sibling", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
2f012d936b5ccdf6520c96a4de23721dc58a2221Automatic Updater dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
26bb3b7a67b833f0a18072567de036226890ca1aMark Andrews result = ns_config_get(maps, "check-spf", &obj);
26bb3b7a67b833f0a18072567de036226890ca1aMark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
26bb3b7a67b833f0a18072567de036226890ca1aMark Andrews if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
26bb3b7a67b833f0a18072567de036226890ca1aMark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
26bb3b7a67b833f0a18072567de036226890ca1aMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSPF, check);
a1bc94109313bf4ebb6e6ff655d71d45582d2e43Mark Andrews result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
a1bc94109313bf4ebb6e6ff655d71d45582d2e43Mark Andrews dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews result = ns_config_get(maps, "nsec3-test-zone", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE,
0e507dbb816575e6220fe309e8ada68897ffcdbeMark Andrews dns_zone_setnotifytype(zone, dns_notifytype_no);
0e507dbb816575e6220fe309e8ada68897ffcdbeMark Andrews result = ns_config_get(maps, "max-journal-size", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
0e507dbb816575e6220fe309e8ada68897ffcdbeMark Andrews "'max-journal-size "
0e507dbb816575e6220fe309e8ada68897ffcdbeMark Andrews "is too large",
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson * Configure update-related options. These apply to
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson * primary masters only.
80dd46d7aab16c42a8c1acf6156c95406a9f20a4Mark Andrews RETERR(configure_zone_acl(zconfig, vconfig, config,
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson if (updateacl != NULL && dns_acl_isinsecure(updateacl))
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
f1e3dd087b7ce34382df8354efddaae79caa11b7Mark Andrews "zone '%s' allows unsigned updates "
f1e3dd087b7ce34382df8354efddaae79caa11b7Mark Andrews "from remote hosts, which is insecure",
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews RETERR(configure_zone_ssutable(zoptions, mayberaw, zname));
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews isc_boolean_t allow = ISC_FALSE, maint = ISC_FALSE;
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "sig-validity-interval", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews dns_zone_setsigvalidityinterval(zone, seconds);
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews dns_zone_setsigresigninginterval(zone, seconds);
a5c077e40c784cf9e25c95a1ab94db2faab04ae9Brian Wellington result = ns_config_get(maps, "key-directory", &obj);
a5c077e40c784cf9e25c95a1ab94db2faab04ae9Brian Wellington RETERR(dns_zone_setkeydirectory(zone, filename));
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews result = ns_config_get(maps, "sig-signing-signatures", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews dns_zone_setsignatures(zone, cfg_obj_asuint32(obj));
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews result = ns_config_get(maps, "sig-signing-nodes", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews dns_zone_setnodes(zone, cfg_obj_asuint32(obj));
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews result = ns_config_get(maps, "sig-signing-type", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews dns_zone_setprivatetype(zone, cfg_obj_asuint32(obj));
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews result = ns_config_get(maps, "update-check-ksk", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,
8e4f3f1cbceef520ba889270c993de0ac376a2a7Evan Hunt result = ns_config_get(maps, "dnssec-dnskey-kskonly", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
3727725bb7d63605b68a644060857013d563b67fEvan Hunt dns_zone_setoption(zone, DNS_ZONEOPT_DNSKEYKSKONLY,
39f2d1a96a7c7494b1db0ea0f45e063a6a5ef9bbEvan Hunt result = ns_config_get(maps, "dnssec-loadkeys-interval", &obj);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews result = cfg_map_get(zoptions, "auto-dnssec", &obj);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint);
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews RETERR(configure_zone_acl(zconfig, vconfig, config,
3f42cf2f3e4dc7e740b4609ba7d7430292348f2bMark Andrews * Primary master functionality.
508f61f8d699c46f962b682f388e54b446a7194dMark Andrews result = ns_config_get(maps, "check-wildcard", &obj);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKWILDCARD, check);
c9611b45736af157e2993c6ef852e55e8e24ca83Evan Hunt * With map files, the default is ignore duplicate
7829fad4093f2c1985b1efb7cea00287ff015d2bckb * records. With other master formats, the default is
7829fad4093f2c1985b1efb7cea00287ff015d2bckb * taken from the global configuration.
7829fad4093f2c1985b1efb7cea00287ff015d2bckb result = ns_config_get(maps, "check-dup-records", &obj);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKDUPRR, check);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKDUPRRFAIL, fail);
c5223c9cb7c22620d5ee6611228673e95b48a270Mark Andrews result = ns_config_get(maps, "check-mx", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
c5223c9cb7c22620d5ee6611228673e95b48a270Mark Andrews if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
c5223c9cb7c22620d5ee6611228673e95b48a270Mark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
c5223c9cb7c22620d5ee6611228673e95b48a270Mark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKMX, check);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKMXFAIL, fail);
c9611b45736af157e2993c6ef852e55e8e24ca83Evan Hunt * With map files, the default is *not* to check
7829fad4093f2c1985b1efb7cea00287ff015d2bckb * integrity. With other master formats, the default is
7829fad4093f2c1985b1efb7cea00287ff015d2bckb * taken from the global configuration.
7829fad4093f2c1985b1efb7cea00287ff015d2bckb dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKINTEGRITY,
7829fad4093f2c1985b1efb7cea00287ff015d2bckb dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKINTEGRITY,
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews result = ns_config_get(maps, "check-mx-cname", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_WARNMXCNAME, warn);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews result = ns_config_get(maps, "check-srv-cname", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
dc6da18ccbb808d21f123cc6bda399b44ad11445Mark Andrews } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_WARNSRVCNAME, warn);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_IGNORESRVCNAME,
8e4f3f1cbceef520ba889270c993de0ac376a2a7Evan Hunt result = ns_config_get(maps, "dnssec-secure-to-insecure", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_SECURETOINSECURE,
bfe32d08c51a606744bd0d6ea518eb95084d2eefEvan Hunt result = cfg_map_get(zoptions, "dnssec-update-mode", &obj);
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews result = ns_config_get(maps, "serial-update-method", &obj);
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews if (strcasecmp(cfg_obj_asstring(obj), "unixtime") == 0)
7318bbc26262a66a0d740ceefed769961ef7e476Evan Hunt else if (strcasecmp(cfg_obj_asstring(obj), "date") == 0)
1adb2e87a20a480e640385609c9652dac04c7dffAndreas Gustafsson * Configure slave functionality.
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington RETERR(ns_config_getipandkeylist(config, obj, mctx,
7a00d69909ace5dc11bcff9c1e07c311f92a7f8eWitold Krecicki result = dns_zone_setmasterswithkeys(mayberaw,
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews result = dns_zone_setmasters(mayberaw, NULL, 0);
87f4715d6c0a22f3449eb3291c91aa45ba86c955Mark Andrews result = ns_config_get(maps, "multi-master", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_MULTIMASTER, multi);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "max-transfer-time-in", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setmaxxfrin(mayberaw, cfg_obj_asuint32(obj) * 60);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "max-transfer-idle-in", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setidlein(mayberaw, cfg_obj_asuint32(obj) * 60);
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "max-refresh-time", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setmaxrefreshtime(mayberaw, cfg_obj_asuint32(obj));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "min-refresh-time", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setminrefreshtime(mayberaw, cfg_obj_asuint32(obj));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "max-retry-time", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setmaxretrytime(mayberaw, cfg_obj_asuint32(obj));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = ns_config_get(maps, "min-retry-time", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setminretrytime(mayberaw, cfg_obj_asuint32(obj));
bb60abb44549428414cd55a022f2b8cc4488f7adAndreas Gustafsson result = ns_config_get(maps, "transfer-source", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt RETERR(dns_zone_setxfrsource4dscp(mayberaw, dscp));
62700b67eb8abb7d13f9c3c1bc4b60a1477d35d8Mark Andrews ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
bb60abb44549428414cd55a022f2b8cc4488f7adAndreas Gustafsson result = ns_config_get(maps, "transfer-source-v6", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt RETERR(dns_zone_setxfrsource6dscp(mayberaw, dscp));
62700b67eb8abb7d13f9c3c1bc4b60a1477d35d8Mark Andrews ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
b500de3be9ba5318da157364bf9fbbda5f88f203Mark Andrews result = ns_config_get(maps, "alt-transfer-source", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt RETERR(dns_zone_setaltxfrsource4dscp(mayberaw, dscp));
476386968b1f287a695f73c48862e961011af99bMark Andrews result = ns_config_get(maps, "alt-transfer-source-v6", &obj);
0874abad14e3e9ecfc3dc1a1a2b9969f2f027724Mark Andrews INSIST(result == ISC_R_SUCCESS && obj != NULL);
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt RETERR(dns_zone_setaltxfrsource6dscp(mayberaw, dscp));
476386968b1f287a695f73c48862e961011af99bMark Andrews (void)ns_config_get(maps, "use-alt-transfer-source", &obj);
476386968b1f287a695f73c48862e961011af99bMark Andrews * Default off when views are in use otherwise
ce28ea0f2f8a6fbbafb8944dbe86cd0b98689b84Tatuya JINMEI 神明達哉 * on for BIND 8 compatibility.
476386968b1f287a695f73c48862e961011af99bMark Andrews if (view != NULL && strcmp(view->name, "_default") == 0)
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_USEALTXFRSRC, alt);
a45a6ea2b03448751d7c44931e8ac7666e7cc2ceMark Andrews (void)ns_config_get(maps, "try-tcp-refresh", &obj);
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews dns_zone_setoption(mayberaw, DNS_ZONEOPT_TRYTCPREFRESH,
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 RETERR(configure_staticstub(zoptions, zone, zname,
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt * Set up a DLZ zone as writeable
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Huntns_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone,
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt result = dns_sdlz_setdb(dlzdatabase, rdclass, name, &db);
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrewsns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington zoptions = cfg_tuple_get(zconfig, "options");
743bbdc18f839499862e4fb28ec32f607b1632dcTatuya JINMEI 神明達哉 * We always reconfigure a static-stub zone for simplicity, assuming
0ccd663a8377dd5accc5121f5938a81a98ed8960Automatic Updater * the amount of data to be loaded is small.
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt if (zonetype_fromconfig(zoptions) == dns_zone_staticstub) {
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt "not reusable: staticstub");
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt /* If there's a raw zone, use that for filename and type comparison */
02286522fbc6db783b5f0b4318289db0cefbfbcbMark Andrews (void)cfg_map_get(zoptions, "inline-signing", &obj);
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt if ((obj == NULL || !cfg_obj_asboolean(obj)) && has_raw) {
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt "not reusable: old zone was inline-signing");
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt } else if ((obj != NULL && cfg_obj_asboolean(obj)) && !has_raw) {
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt "not reusable: old zone was not inline-signing");
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt "not reusable: type mismatch");
c54dadd85337e9a8417103317a899dfba2a847d1Evan Hunt "not reusable: filename mismatch");