zone revision dafcb997e390efa4423883dafd100c975c4095d6
dafcb997e390efa4423883dafd100c975c4095d6Mark AndrewsCopyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
499b34cea04a46823d003d4c0520c8b03e8513cbBrian WellingtonCopyright (C) 1999-2001 Internet Software Consortium.
816e576f77e2c46df3e3d97d65822aa8aded7c4bDavid LawrenceSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews $Id: zone,v 1.10 2004/03/05 05:04:47 marka Exp $
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews Zones are the unit of delegation in the DNS and may go from holding
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews RR's only at the zone top to holding the complete hierachy (private
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews roots zones). Zones have an associated database which is the
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews container for the RR sets that make up the zone.
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews Zone have certain properties associated with them.
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * master / slave / stub / hint / cache / forward
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * serial number
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * signed / unsigned
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * update periods (refresh / retry) (slave / stub)
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * last update time (slave / stub)
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * access restrictions
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * transfer restrictions (master / slave)
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * update restictions (master / slave)
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * expire period (slave / stub)
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * children => bottom
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * rrsets / data
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * transfer "in" in progress
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * transfers "out" in progress
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * "current" check in progress
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * our masters
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * primary master name (required to auto generate our masters)
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * master file name
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * database name
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * database type
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews * initially only master_file (BIND 4 & 8)
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews * expanded axfr + ixfr
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * transaction logs
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * notification lists
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * static additional sites (stealth servers)
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews * dynamically learned sites (soa queries)
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews Zones have two types of versions associated with them.
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews The image of the "current" zone when a AXFR out is in progress.
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews There may be several of these at once but they cease to need
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews to exist once the AXFR's on this version has completed. These
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews are maintained by the various database access methods.
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews These are virtual versions of the zone and are required to
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews support IXFR requests. While the entire contents of the old
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews version does not need to be kept, a change log needs to be
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews kept. An index into this log would be useful in speeding
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews up replies. These versions have an explict expiry date.
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews "How long are we going to keep them operationally?"
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews While there are expriry dates based on last update /
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews change time + expire. In practice holding the deltas
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews for a few refresh periods should be enough. If the network
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews and servers are up one is enough.
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews "How are we going to generate them from a master file?"
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews UPDATE should not be the only answer to this question.
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews We need a tool that takes the current zone & new zone.
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews Verifies the new zone, generates a delta and feeds this
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews at named. It could well be part of ndc but does not have
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews Zones need to have certain operations performed on them. The need to
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * updated (UPDATE / IXFR)
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * copied out in full (AXFR) or as partial deltas (IXFR)
ed12ab17de6d192fd46914be8dc55fb573470664Mark Andrews * generate a delta between two given versions.
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * signed / resigned
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews * maintenance
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews validate current soa
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews remove old deltas / consolidation
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews purge stale rrsets (cache)
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews * notification
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews responding to
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews While not strictly a nameserver function, bad delegation and bad
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews slave setups are continual and ongoing sources of problems in the
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews DNS. Periodic checks to ensure parent and child servers agree on
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews the list of nameservers and that slaves are tracking the changes
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews made in the master server's zone will allow problems in
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews configurations to be identified earlier providing for a more stable
044903fc42dc86880a11903ca91a466fb7a04af3Mark AndrewsCompatability:
044903fc42dc86880a11903ca91a466fb7a04af3Mark Andrews Zones are required to be configuration file compatable with
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews typedef enum {
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_zone_none = 0,
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_zone_master,
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_zone_slave,
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_zone_stub,
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_zone_hint,
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_zone_cache,
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_zone_forward
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews } dns_zonetypes_t;
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews typedef struct dns_ixfr dns_ixfr_t;
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews struct dns_ixfr {
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews unsigned int magic; /* IXFR */
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews isc_uint32_t serial;
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews time_t expire;
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews unsigned int offset;
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews ISC_LINK(dns_ixfr_t) link;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews struct dns_zone {
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews unsigned int magic; /* ZONE */
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_name_t name;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_rdataclass_t class;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_zonetypes_t type;
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_bt_t top;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews isc_uint32_t version;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews isc_uint32_t serial;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews isc_uint32_t refresh;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews isc_uint32_t retry;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews isc_uint32_t serial;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews char *masterfile;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_acl_t *access;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_acl_t *transfer;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_acl_t *acl;
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews dns_scl_t *scl; /* tsig based acl */
f7cf0e6785e4a7e5574328a7000a9e8926a9bc9cMark Andrews char *database;
dfa22b7b17b17e50ee72ca39e992713db1a62097Mark Andrews ISC_LIST(dns_ixfr_t) ixfr;
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_init(dns_zone_t *zone, dns_rdataclass_t class, isc_mem_t *mxtc);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_invalidate(dns_zone_t *zone);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_ixfr_init(dns_ixfr_t *ixfr, unsigned long serial, time_t expire);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_ixfr_invalidate(dns_ixfr_t *ixfr);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_axfrout(dns_zone_t *zone);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Initiate outgoing zone transfer.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_axfrin(dns_zone_t *zone, isc_sockaddr_t *addr);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Initiate transfer of the zone from the given server or the
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews masters masters listed in the zone structure.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_maintenance(dns_zone_t *zone);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Perform any maintenance operations required on the zone
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews * initiate up to date checks
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews * expire zones
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews * initiate ixfr version expire consolidation
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_locateprimary(dns_zone_t *zone);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Working from the root zone locate the primary master for the zone.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Used if masters are not given in named.conf.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_locateservers(dns_zone_t *zone);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Working from the root zone locate the servers for the zone.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Primary master moved to first in list if in NS set. Remove self
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Used if masters are not given in named.conf.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_notify(dns_zone_t *);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Queue notify messages.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_checkparents(dns_zone_t *);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews check that the parent nameservers NS lists for this zone agree with
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews the NS list this zone, check glue A records. Warn if not identical.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews This operation is performed on master zones.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_checkchildren(dns_zone_t *);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews check that the child zones NS lists agree with the NS lists in this
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence zone, check glue records. Warn if not identical.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_checkservers(dns_zone_t *);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews check that all the listed servers for the zone agree on NS list and
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews serial number. NOTE only errors which continue over several refresh
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews periods to be reported.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_dump(dns_zone_t *, FILE *fp);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Write the contents of the zone to the file associated with fp.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_validate(dns_zone_t *);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Validate the zone contents using DNSSEC.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_tordatalist(dns_zone_t *zone, dns_rdatalist_t *list)
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_addmaster(dns_zone_t *zone, isc_sockaddr_t *addr);
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence Add addr to the set of masters for the zone.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_clearmasters(dns_zone_t *zone);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Clear the master set.
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_setreadacl(dns_zone_t *, dns_acl_t *)
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_setxfracl(dns_zone_t *, dns_acl_t *)
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_addnotify(dns_zone_t *, isc_sockaddr_t *addr, isc_boolean_t perm);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_clearnotify(dns_zone_t *)
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_load(dns_zone_t *);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews dns_zone_consolidate(dns_zone_t *);
9ba8f087afc600a12076d52ea4ed1f006f3b46d8Mark Andrews Consolidate on disk copy of zone.